Search found 40 matches

by wealllbe20
Wed Apr 24, 2013 6:13 pm
Forum: Tools/Software
Topic: MCShield
Replies: 9
Views: 15423

Re: MCShield

seems like the @="@SYS:DoesNotExist" registry entry would suffice unless you expect your file specified in the autorun file to actually run.

I believe there is also a way to make desktop.ini run a file automatically as well...
by wealllbe20
Fri May 11, 2012 2:54 pm
Forum: Malware
Topic: Trojan-PSW.Win32.Agent.acrw
Replies: 2
Views: 2966

Re: Trojan-PSW.Win32.Agent.acrw

Sorry Ep that is all I have.
by wealllbe20
Fri May 11, 2012 1:55 pm
Forum: Malware
Topic: Trojan-PSW.Win32.Agent.acrw
Replies: 2
Views: 2966

Trojan-PSW.Win32.Agent.acrw

Keylogger according to TE with a very different type of dll injection. I usually do High-level anaylsis on files. This one I am unable to. Very different type of dll injection. Able to inject itself inside ANY ARK tool I run. Upon removal I get a winlogon 21A bsod. Upon replacement get a checksum mi...
by wealllbe20
Wed Feb 29, 2012 10:33 pm
Forum: Tools/Software
Topic: Trusteer Rapport is really secure?
Replies: 12
Views: 20275

Re: Trusteer Rapport is really secure?

Looks, as though he unloaded a portion of the software while it was still running inside the browser..

The software looks as though it never detected being partially unloaded and seemed to still function as normal..
Also has no protection against such an attack.


Well, that's my guess anyway.
by wealllbe20
Thu Jan 05, 2012 4:30 pm
Forum: User-Mode Development
Topic: Prevent untrusted memory read/dump
Replies: 5
Views: 6085

Prevent untrusted memory read/dump

I was wondering if anybody has any example code in the userland of course on how to prevent a process or thread from reading the memory of another thread or process.

Any ideas?
by wealllbe20
Tue Jul 12, 2011 1:56 pm
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 22673

Re: Popureb rootkit

Quads wrote:One thing after cleaning the MBR, removing files and registry entries I found in XP at least the Start Menu customize Browser setting doesn't want to go back to Firefox or Chome to be the selected pinned browser.
Even after setting firefox or chrome as the default browser?
by wealllbe20
Tue Jun 28, 2011 10:14 pm
Forum: Malware
Topic: Popureb rootkit
Replies: 24
Views: 22673

Re: Popureb rootkit

rootkit is crap! it had trouble loading mbr code, finally did. detected as unknown bootcode in esage bootkit remover. restarted machine did not fix mbr code. system restart=no ran dos version of tesdisk off of bootable cd ran fix mbr portion of testdisk. system restart=yes always says windows finish...
by wealllbe20
Tue May 10, 2011 7:09 pm
Forum: Malware
Topic: Virus hides all files/folders on system.
Replies: 10
Views: 12560

Re: Virus hides all files/folders on system.

*Update* "Not A Virus" but malware also has potential to remove all user start menu shortcuts (*.lnk) As well as changing many registry entries I fixed 90% by running dial-a-fix The only one it did not fix was: Hive: HKEY_CURRENT_USER Key: Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced...
by wealllbe20
Fri Feb 11, 2011 4:29 pm
Forum: Tools/Software
Topic: Fireball for ThreatFire
Replies: 4
Views: 16145

Re: Fireball for ThreatFire

I Wish their were more antimalware reviews like this 1.

:D

can you image something like this being in pcworld.

All they ever really talk about is how good the detection rate is with old malware samples.
by wealllbe20
Fri Feb 11, 2011 4:22 pm
Forum: General Discussion
Topic: Long File Paths
Replies: 6
Views: 6518

Re: Long File Paths

hmmm..

I have seen this never really thought about it always did a subst z: c:\"enter the long file path here"

and scanned z:

wonder if this simple trick could help developers....