|
|
#1
February 22nd, 2005, 12:10 PM
|
|||
|
|||
A different BOCLEAN question
I downloaded Gibson's LeakTest to test BOCLEAN. After the file was deleted, WinPatrol alerted me that two start up programs have been detected. The startup locations listed in WP are; WININI run section and the other in WININI load section. Should this action be allowed or denied? What does it mean? If I didn't have WP, you would see it in MSCONFIG startup group.
 If someone is running WP, can you try it and see what I'm talking about? Last edited by jon_fl : February 22nd, 2005 at 12:19 PM. |
|
#2
February 22nd, 2005, 01:44 PM
|
|||
|
|||
Re: A different BOCLEAN question
afaik leaktests are for testing firewalls...I wonder why you wanted to test boclean with it...the fact that winpatrol alerted you regarding two extra startup items...could be that the leaktest will add two extra startup items but I doubt that, adding startup entries has nothing to do with leaktests.
winpatrol alerted but you didn't had winpatrol  please explain. thanx
__________________
... hmmmm .. so you're a signature reader ...
|
|
#3
February 22nd, 2005, 02:24 PM
|
|||
|
|||
|
Re: A different BOCLEAN question
Quote:
i used it to test Trojanhunter gaurd. |
|
#4
February 22nd, 2005, 03:47 PM
|
|||
|
|||
|
Re: A different BOCLEAN question
After I deleted the LT file with BOCLEAN, WP alerted me to new start up items. If I denied the startup item, it kept alerting me after each time I deleted LT with BOCLEAN. The startup files will also show up in MSCONFIG.
|
|
#6
February 23rd, 2005, 06:26 PM
|
||||
|
||||
|
Re: A different BOCLEAN question
Quote:
For the benefit of all reading this thread: would you mind posting this explanation?  regards, paul |
|
#7
February 24th, 2005, 01:46 PM
|
|||
|
|||
|
Re: A different BOCLEAN question
320 views and 2 replies were a bit disappointing. Here is Kevin's reply, none the less:
Greetings ... it only noticed TWO? When BOClean nails a nasty, it goes through ALL of the possible startups, removes all "deadwood" and installs absolute blanks for about 36 categories to ensure that all nastiness has been removed and can't be replaced. In addition to five entries in WIN.INI, we also go after SYSTEM.INI, a bunch of BAT files and the registry. As to whether or not WinPatrol should or shouldn't, for Leaktest - doesn't matter. However, in the event of a REAL trojan, DO NOT let that proggie interfere with BOClean or infections will spread.  |
|
#8
February 24th, 2005, 03:27 PM
|
||||
|
||||
|
Re: A different BOCLEAN question
Hi,
***If anyone wants many answers to his question or problem, he should be as accurate as possible: we're not supposed to be in his mind or in his computer. And the most important: no need to open a dictionary to add those words in any post: Please, Thanks... ***The grc leaktest is a basic tool to demostrate how some trojans can bypass firewalls in order to communicate with their client. It's a firewall test tool. There is more interesting and not dangerous tools to test AT: ***TrojanSimulator (with a real start up entry): http://www.trojanhunter.com/trojansimulator/ ***Zapass (try to inject an implant on the AT.exe for instance): http://www.whirlywiryweb.com/article...Ftrojanimplant But the best method to test an AT is to have a real collection of trojans (decoded or not). But it's not a newbies' game. Regards
__________________
Independent vision of Security (Security? Yeah But Well: http://www.ouaismaisbon.ch/ ) Fight child crime: http://www.circamp.eu/ http://www.virtualglobaltaskforce.com/ |
|
#9
February 24th, 2005, 04:07 PM
|
|||
|
|||
|
Re: A different BOCLEAN question
I thought it was a clear question. It was what accurately happened. Maybe nobody ever noticed this before. Many people have BOCLEAN. Many people have WP. It has been recommended here that LT simulated a Trojan and was a way to check if BOCLEAN was working. If anything, it would have been useful to try it, or any tests you mentioned, to check if these items were being placed in the start menu and what sigificance it had if if it were a real trojan and not a test.
I sent back Kevin's reply that he emailed me. Not sure about the dictionary comment. At least I'm getting responses now. |
|
#10
February 25th, 2005, 07:17 AM
|
|||
|
|||
|
Re: A different BOCLEAN question
OK, this is my personal opinion about leaktests and antitrojans.
if antitrojans are detecting stuff designed for testing firewalls then I begin to wonder...that particular leaktest has nothing to do with an antitrojan test. soon they let boclean detect cookies and spam as well .pfff, ok those two other links kareldjag presented are better for testing an antitrojan but not the grc leaktest afaik. Inf.
__________________
... hmmmm .. so you're a signature reader ...
|
|
#11
February 25th, 2005, 09:19 AM
|
|||
|
|||
|
Re: A different BOCLEAN question
I agree that there are better tests. My point was the startup items. I was just trying to get an explanation of why that was happening. Kevin was so kind to respond to my email about it. I thought somebody in the forum would have been able to explain it in the meantime.
 |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
