View Full Version : RegRun detects Hacker Defender
Chris12923
October 25th, 2005, 02:47 PM
Dmitry has informed me that RegRun has two easy ways to detect Hacker Defender 1.0. Not sure if it detects Brilliant or Gold the same way though.
From Dmitry:
"I know 2 ways to detect Hacker Defender even if it hides from
UnHackMe:
1) Trojan Analyser.
Run Trojan Analyser to trace all processes.
Run RegRun or something to generate registry activity.
You can see that the Trojan Analyser adds additional rows for each
accessed key.
You can see the HackerDefender service name, driver name, legacy name.
Look at the screenshot.
2) BootLog XP (for XP only).
It detects HackerDefender as well because it works on early study of
Windows boot up process and HD could not hide their process and
service from operation system."
The other screen is below.
Thanks,
Chris
Chris12923
October 25th, 2005, 02:47 PM
Other screen.
Thanks,
Chris
devilsadvocate2
October 25th, 2005, 07:12 PM
Hi Chris
From what I hear, the only thing you can do if infected by a rootkit is reformat.
Why? well the rootkits messes with Sys files and stability.
Is this a way to detect a rootkit and clean it without problems?
Even Microsoft suggests REFORMAT.
2
devilsadvocate2
October 25th, 2005, 07:34 PM
It seems like even the frequent members here shy away from these rootkit posts
Isn't that a bit funny?
Even those that come here with their proof of concept like johanna don't even post as johanna after putting a half rate rootkit dector program on the internet.
trillion
October 26th, 2005, 12:26 AM
{QUOTE-> Hi Chris
From what I hear, the only thing you can do if infected by a rootkit is reformat.
Why? well the rootkits messes with Sys files and stability.
Is this a way to detect a rootkit and clean it without problems?
Even Microsoft suggests REFORMAT.
2 <-QUOTE}
But the important thing is being able to tell if you have a rootkit in the first place. How would you know to reformat if you don't know whether you have a rootkit or not to begin with? So programs like Unhackme a RegRun are very useful programs indeed, even if they can't remove all rootkits.
controler
October 27th, 2005, 07:11 PM
In a way I agree. You detect it and then reformat. LOL
Why ? it is very simple. The damage was done.
read my lips ok? PROACTIVE!!!!!!!!
grrrrrrrrrrrrrrrrrrrrrrrrr
Chris12923
October 27th, 2005, 10:19 PM
Yes proactive is a better approach. But for those people that make errors in their decisions using software like PG and RegDefend it is always nice to have some backup to see if you have become infected. When you say the damage is done. This is true to a point but if you didn't ever detect the root their can be way more damage to come. So it is nice to have a second opinion.
Thanks,
Chris
illukka
October 28th, 2005, 04:26 AM
{QUOTE-> In a way I agree. You detect it and then reformat. LOL
Why ? it is very simple. The damage was done.
read my lips ok? PROACTIVE!!!!!!!!
grrrrrrrrrrrrrrrrrrrrrrrrr <-QUOTE}
actually its because you can never be 100%sure that you cleaned all of it. there always could be something hidden. a format/reinstall is the only safe way to remove a rootkit.
like you detect a rootkit, be it hxdef. ok unhackme can remove it, you can attemp to clean it using other rootkit detector/tools etc
how can you be sure after you have been so badly compromised that there was no other backdoor installed?
vBulletin® Copyright ©2000-2010, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2010, Wilders Security Forums