A different BOCLEAN question

Discussion in 'other anti-trojan software' started by jon_fl, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. jon_fl
    Offline

    jon_fl Registered Member

    I downloaded Gibson's LeakTest to test BOCLEAN. After the file was deleted, WinPatrol alerted me that two start up programs have been detected. The startup locations listed in WP are; WININI run section and the other in WININI load section. Should this action be allowed or denied? What does it mean? If I didn't have WP, you would see it in MSCONFIG startup group. :doubt:

    If someone is running WP, can you try it and see what I'm talking about?
    Last edited: Feb 22, 2005
  2. Infinity
    Offline

    Infinity Registered Member

    afaik leaktests are for testing firewalls...I wonder why you wanted to test boclean with it...the fact that winpatrol alerted you regarding two extra startup items...could be that the leaktest will add two extra startup items but I doubt that, adding startup entries has nothing to do with leaktests.

    winpatrol alerted but you didn't had winpatrolo_Oo_O

    please explain.

    thanx
  3. blabhead
    Offline

    blabhead Registered Member

    thats true but the GRC leaktest is also good for testing on anti-trojans.
    i used it to test Trojanhunter gaurd.
  4. jon_fl
    Offline

    jon_fl Registered Member

    After I deleted the LT file with BOCLEAN, WP alerted me to new start up items. If I denied the startup item, it kept alerting me after each time I deleted LT with BOCLEAN. The startup files will also show up in MSCONFIG.
  5. jon_fl
    Offline

    jon_fl Registered Member

    Nevermind, Kevin explained it to me.
  6. Paul Wilders
    Offline

    Paul Wilders Administrator

    For the benefit of all reading this thread: would you mind posting this explanation? ;)

    regards,

    paul
  7. jon_fl
    Offline

    jon_fl Registered Member

    320 views and 2 replies were a bit disappointing. Here is Kevin's reply, none the less:

    Greetings ... it only noticed TWO? When BOClean nails a nasty, it goes through ALL of the possible startups, removes all "deadwood" and installs absolute blanks for about 36 categories to ensure that all nastiness has been removed and can't be replaced. In addition to five entries in WIN.INI, we also go after SYSTEM.INI, a bunch of BAT files and the registry. As to whether or not WinPatrol should or shouldn't, for Leaktest - doesn't matter. However, in the event of a REAL trojan, DO NOT let that proggie interfere with BOClean or infections will spread. :(
  8. kareldjag
    Offline

    kareldjag Registered Member

    Hi,

    ***If anyone wants many answers to his question or problem, he should be as accurate as possible: we're not supposed to be in his mind or in his computer. ;)

    And the most important: no need to open a dictionary to add those words in any post: Please, Thanks... ;)

    ***The grc leaktest is a basic tool to demostrate how some trojans can bypass firewalls in order to communicate with their client.
    It's a firewall test tool.

    There is more interesting and not dangerous tools to test AT:

    ***TrojanSimulator (with a real start up entry):
    http://www.trojanhunter.com/trojansimulator/

    ***Zapass (try to inject an implant on the AT.exe for instance):
    http://www.whirlywiryweb.com/article.asp?id=/trojanimplant

    But the best method to test an AT is to have a real collection of trojans (decoded or not).
    But it's not a newbies' game.

    Regards
  9. jon_fl
    Offline

    jon_fl Registered Member

    I thought it was a clear question. It was what accurately happened. Maybe nobody ever noticed this before. Many people have BOCLEAN. Many people have WP. It has been recommended here that LT simulated a Trojan and was a way to check if BOCLEAN was working. If anything, it would have been useful to try it, or any tests you mentioned, to check if these items were being placed in the start menu and what sigificance it had if if it were a real trojan and not a test.

    I sent back Kevin's reply that he emailed me.

    Not sure about the dictionary comment.

    At least I'm getting responses now. ;)
  10. Infinity
    Offline

    Infinity Registered Member

    OK, this is my personal opinion about leaktests and antitrojans.
    if antitrojans are detecting stuff designed for testing firewalls then I begin to wonder...that particular leaktest has nothing to do with an antitrojan test.

    soon they let boclean detect cookies and spam as well ;).

    pfff, ok those two other links kareldjag presented are better for testing an antitrojan but not the grc leaktest afaik.

    Inf.
  11. jon_fl
    Offline

    jon_fl Registered Member

    I agree that there are better tests. My point was the startup items. I was just trying to get an explanation of why that was happening. Kevin was so kind to respond to my email about it. I thought somebody in the forum would have been able to explain it in the meantime. :)
  12. Infinity
    Offline

    Infinity Registered Member

    no prbs...:)
Thread Status:
Not open for further replies.