Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Kuranin Anti-Ransomware

  • Please log in to reply
2 replies to this topic

#1 AntiRansomware


  • Members
  • 9 posts
  • Local time:10:09 PM

Posted 31 October 2017 - 12:48 PM

Kuranin Anti-Ransomware is a free addition to the basic anti-virus protection that will allow you to secure your files and personal data from Trojan programs of extortionists of the Ransomware class.
Main functions
Kuranin Anti-Ransomware includes three areas of protection:
1) Signature checking of files (more than 7,000,000 virus entries in the database)
2) The heuristic analyzer of behavior of working programs
3) Protection against network attacks and hacker intrusions (for example, WannaCry)
The application has a simple intuitive interface, the ability to create preventive restore points and the entire file system on a schedule, a pleasant soundtrack (if necessary, you can disable), as well as game mode without notifications.
The main purpose of Kuranin Anti-Ransomware is protection from Trojan encryption programs. In the process of working, the application components do not load the processor, working unnoticed by the user. The antivirus utility perfectly copes with such malicious programs as WannaCry, Ransom.Jigsaw and BadRabbit.
Official website: https://www.kuranin.org/
Example of blocking BadRabbit by behavioral protection:

BC AdBot (Login to Remove)


#2 AntiRansomware

  • Topic Starter

  • Members
  • 9 posts
  • Local time:10:09 PM

Posted 02 November 2017 - 05:02 AM

Today I released a new version of Kuranin Anti-Ransomware, where the following bugs were fixed:

1) Fixed the problem of working in English-speaking operating systems (now when you start Windows, the program is launched first without any problems)
2) Updated antivirus signatures for November 1 state
3) The program self-protection error has been fixed (currently unauthorized unloading of working processes is impossible)
4) Fixed the issue of "crash" utility when Trojan programs are detected, encryptors.
5) Reduced CPU load during operation

Here is the principle of work:
After the first start, the anti-virus database is unpacked, which can cause a load. It takes about 2-5 minutes, depending on the configuration of the computer. In the future, the database will download and add records from the server. During unpacking, on-demand scanning will not be available.

Kuranin Anti-Ransomware checks files for signatures, but I recommend scanning particularly suspicious objects through the control center. In the process of running the analysis of the behavior of running applications in real time, resulting in the detection of suspicious activity, which can be expressed in the implementation of direct access to the disk, changing the user's files. In this case, the potential threat is blocked, the changes are rolled back, and the user is presented with a corresponding message.

There is also a function to create system restore points on a scheduled basis. By default, it is disabled, as this may require additional space on the hard disk. But I recommend that you use it, because it's not just recovery points, but smart ones, that is, the whole configuration of the computer is kept, starting from the file system most often affected by viruses, and ending with system settings and Windows registry entries.

The program fights especially well with standard cryptographic programs that do not affect the MBR partition, however, as mentioned earlier, you can enable the creation of recovery points on a schedule.

The anti-virus utility already has a firewall, so there is no need for the Windows firewall. In addition, the antivirus requires access to the network for updating, so that certain conflicts may arise. However, you can enable the firewall from Microsoft manually, in the future it will not be turned off.

UAC disconnects due to the fact that the utility requires administrative rights to run the utility, and it is inconvenient to allow the program to run at every startup, despite the fact that the components have a digital signature ... An inexperienced user can answer "no", so the Kuranin AR simply can not perform their functions.

Currently I checked my software Ransomware Jigsaw, Kangoroo, as well as Exploit-CVE-2012-0158 and a fairly common encryptor from Vazonez (XOR / TEA methods).

The application was designed in a minimalist style, in the main window you can perform the basic configuration and view the report, perform a scan, and restore objects from the quarantine (if any).

The package includes a mini utility Registry Cleaner to clean the registry from residual infection.


The program disables the standard Windows firewall because it already has network security components. But you can also use other firewalls and antivirus software by adding KAR to the list of exceptions. This is necessary because in the case of limitations the application simply can not perform its work correctly, or it will not be able to update. UAC is disabled due to inconvenience, but you can turn it on and it will not be turned off any more.

As for detection, these are false positives. Every day there are new versions, the components and files of the utility are completely changed, so I do not have the opportunity to notify the anti-virus labs daily, because the answer comes only after 2-3 days ...

Here are screenshots of letters confirming that the utility does not contain any malicious code:

The program takes up a lot of space because it contains a large number of anti-virus entries. Every day, a large number of signatures are added using malware archives - VirusShare, VirusSign, Malcode Database, VXvault, and so on.

By the way, today, according to numerous requests, the possibility of automatic updating of all modules of the program has been added, so I highly recommend that you delete the old version and install a new one. After you reinstall the application, it will be updated automatically (not only the anti-virus databases!).

Also, a section "About the program" was added, indicating the version and information about the publisher.



#3 AntiRansomware

  • Topic Starter

  • Members
  • 9 posts
  • Local time:10:09 PM

Posted 04 November 2017 - 01:54 PM

[Small Update]

1) The update module is rewritten, now when the processes are loaded the anti-virus utility is loaded correctly
2) Fixed a problem with the ActiveX component (buttons with the appearance of Windows XP)
3) Updated the component to clean the registry OS, now select or cancel all items by right-clicking on the list
4) Accelerated scanning on demand, reduced CPU load (now the core takes up no more than 7-8% of resources)

I would like to draw your attention to the fact that you must download the distribution kit from the official website, because it's the newest one! On other resources, the installer may be out of date.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users