NoBot is a portable malware scanner for Windows
NoBot is a portable spyware and malware scanner for the Windows operating system that focuses on detecting bots, spyware, and other types of malware.
I like portable security applications as I run them regularly on Windows machines as second opinion scanners. Fact is, no antivirus solution is perfect, and some may even introduce issues of their own on user systems.
A second opinion scanner may find threats that the resident security solution did not detect. It may, on the other hand, introduce issues of its own.
You may find the following reviews useful as well:
- CrowdInspect: second-opinion malware scanner with Virustotal integration
- Dr.Web CureIt! 8 on-demand virus scanner released
- ESET Online Scanner review
- Run Trend Micro’s Anti-Threat Toolkit as a second opinion scanner
NoBot
NoBot is a portable software program that you can run from any location. The security program is offered as a free and a premium version. The free version is somewhat limited in regards to scan options and some other functions.
It supports the following features that the free version does not support:
- Full scan and custom scan are not supported.
- Scan for module injection.
- Scan System Startup tasks.
- Scan Windows Directories.
- Check Windows Security settings.
The interface is identical in both versions. The interface is tab-driven, and it is here that you select the various available options.
Scan is probably the most important one as it allows you run scans for threats on the system. The program supports three different scan types:
- Threat Scan to search common directories like the User folder for viruses, malware, and spyware.
- Custom Scan to scan user-selected locations.
- Full Scan to run a scan of all directories and files of the system.
Free users can run threat scans only; the two other scan options are reserved for premium customers. This limits the usefulness of the free version somewhat, but it is still okay if you use the program as a second opinion scanner.
The program does not reveal the folders that are included in the threat scan. It does scan the Registry, the User folder, and the program files folder at the very least (since it displayed hits in the scan results). NoBot scans (some?) files on VirusTotal which may explain why scans take longer than regular antivirus quick scans.
The threat scan takes a couple of minutes to complete which is not overly impressive considering that NoBot scans a low number of Registry keys and files only. The scan took 5:16 minutes on a fast SSD-powered system and scanned a total of 170 files and 67 Registry keys.
The program lists hits as they happen in the interface. You may need to change the size of the program window to display full Registry or file paths without scrolling on the screen.
NoBot does not act on its own after the scan which is good. It is up to you to go through the list of potential threats one by one for verification.
Buttons to clean the selected items or to run another scan are provided. A right-click reveals additional options as you can use the context menu that opens to add items to the list of exceptions and to open the file location on the local system. The latter works only for files and not Registry keys despite the fact that it is displayed for Registry key right-clicks as well. It would be nice if the developers would add an option to jump directly to the Registry key as well.
The type column provides the only indication why a file or Registry key is listed as a threat by NoBot. These reveal little to the user, however.
You can make some modifications on the Settings tab. Two of those handle the submission to VirusTotal. You can disable the submission entirely or disable the automatic submission only. Other options let you disable the scanning of the Registry, and the detecting of suspicious file paths.
The two remaining tabs, Quarantine and Exceptions, give you options to manage the quarantine and list of ignored files or keys.
Closing Words
NoBot needs a bit of work. The developers need to add information to the company website that explains the program's functionality in detail. It would also be useful if they'd mark the premium-only scan options as such and provide more explanation about discovered threats.
The developers note that their program uses heuristics to detect threats. While that may improve the chance of detecting unknown threats, it usually does increase the number of false positives as well.
Now You: Do you use second-opinion scanners?
ran a threat scan works as fine
will definitely keep it in mind
just downloaded and ran a quick scan (I like that there is no install). scan was kinda slow with virus total anlysis enabled but I’m assuming that’s because it has to upload the files? with virus total anlysis checked off the scan runs much quicker. overall nice utility I can see using it from time to time.
Ran a threat scan. Didn’t find anything. Nice program and I like that I can just throw it on my USB and use it on the go. Thanks for the share
@ A. the FP have been lowered to 3.
FALSE POSITIVES is a political wing that undermines the enemy with Ad-Hoc misleading accusations.
By FALSELY POSITIVELY tagging someone’s code, AV enterprises do a double hurt to the IT Community:
a) They use their authority to warn the customers about non-existent threats.
b) They do a favour to malware creators, enabling the FALSE POSITIVE Charade.
NoBot is marked as malware 5 times at VirusTotal: https://www.virustotal.com/#/url/4734d35ffdedf76ce6b1edd1b13950b6099e20c4d5cd761ad072b9ff125c9235/detection
This is the URL. If you scan the actual file, you get 0 hits: https://www.virustotal.com/#/file/9407b98927151f5c63baf9f478071ff00d44129828c35f9c72b92a9660584587/detection
NoBot first started out on HF as an easy way to remove common RAT’s and Keyloggers. It just now started getting some more updates. If something is marked wrong it’s likely a false positive.
As seen here. https://i.imgur.com/jBOO7DQ.png
Their website seems to be blocked on my AV.
“Bitdefender has blocked this page
This website was blocked to prevent a malware from reaching your device. Malware can cause your device to slow down or it can steal your private information.”
Bitdefender is usually not one to flag competitive sites, so I’m definitely staying away until this has been resolved.
Is it possible that meminfo really has a trojan miner in its exe?
https://i.imgur.com/lc5K9d4.png
Does anybody have any info on this?
I doubt it. Did you check it on Virustotal as well?
According to Virustotal meminfo.exe is clean.
But I’m still curious why NoBot marks it as a trojan miner.
False positive. That is why I haven’t used Virus scanners in years other than Microsoft’s built in one. Most of them will block you from using software like “Nirlauncher” and “GPG4Win”. “NoBot” is likely another false positive.
It also flags my clock.exe … a program which I wrote :-o
Does it flag your clock.exe as a trojan miner or as something else?
Malwarebytes didn’t flag Nobot as a harmful site, but I’m surprised they don’t have an SSL-enabled site. Also, I couldn’t find any links on the home page to indicate who they are so I’ll give that one a miss I think.
I’ve used Microsoft’s portable scanner from time to time, but that’s about all.
I use the portable offerings of IObit whenever I am away from the main computer that I use
Bitdefender blocks hhtp://nobotsecurity.com as Harmful Website
F-Secure blocks http://nobotsecurity.com as Harmful Website…