A different BOCLEAN question

Discussion in 'other anti-trojan software' started by jon_fl, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I downloaded Gibson's LeakTest to test BOCLEAN. After the file was deleted, WinPatrol alerted me that two start up programs have been detected. The startup locations listed in WP are; WININI run section and the other in WININI load section. Should this action be allowed or denied? What does it mean? If I didn't have WP, you would see it in MSCONFIG startup group. :doubt:

    If someone is running WP, can you try it and see what I'm talking about?
     
    Last edited: Feb 22, 2005
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    afaik leaktests are for testing firewalls...I wonder why you wanted to test boclean with it...the fact that winpatrol alerted you regarding two extra startup items...could be that the leaktest will add two extra startup items but I doubt that, adding startup entries has nothing to do with leaktests.

    winpatrol alerted but you didn't had winpatrolo_Oo_O

    please explain.

    thanx
     
  3. blabhead

    blabhead Registered Member

    Joined:
    May 18, 2004
    Posts:
    54
    Location:
    Massachusetts,U.S.A.
    thats true but the GRC leaktest is also good for testing on anti-trojans.
    i used it to test Trojanhunter gaurd.
     
  4. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    After I deleted the LT file with BOCLEAN, WP alerted me to new start up items. If I denied the startup item, it kept alerting me after each time I deleted LT with BOCLEAN. The startup files will also show up in MSCONFIG.
     
  5. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    Nevermind, Kevin explained it to me.
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    For the benefit of all reading this thread: would you mind posting this explanation? ;)

    regards,

    paul
     
  7. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    320 views and 2 replies were a bit disappointing. Here is Kevin's reply, none the less:

    Greetings ... it only noticed TWO? When BOClean nails a nasty, it goes through ALL of the possible startups, removes all "deadwood" and installs absolute blanks for about 36 categories to ensure that all nastiness has been removed and can't be replaced. In addition to five entries in WIN.INI, we also go after SYSTEM.INI, a bunch of BAT files and the registry. As to whether or not WinPatrol should or shouldn't, for Leaktest - doesn't matter. However, in the event of a REAL trojan, DO NOT let that proggie interfere with BOClean or infections will spread. :(
     
  8. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    ***If anyone wants many answers to his question or problem, he should be as accurate as possible: we're not supposed to be in his mind or in his computer. ;)

    And the most important: no need to open a dictionary to add those words in any post: Please, Thanks... ;)

    ***The grc leaktest is a basic tool to demostrate how some trojans can bypass firewalls in order to communicate with their client.
    It's a firewall test tool.

    There is more interesting and not dangerous tools to test AT:

    ***TrojanSimulator (with a real start up entry):
    http://www.trojanhunter.com/trojansimulator/

    ***Zapass (try to inject an implant on the AT.exe for instance):
    http://www.whirlywiryweb.com/article.asp?id=/trojanimplant

    But the best method to test an AT is to have a real collection of trojans (decoded or not).
    But it's not a newbies' game.

    Regards
     
  9. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I thought it was a clear question. It was what accurately happened. Maybe nobody ever noticed this before. Many people have BOCLEAN. Many people have WP. It has been recommended here that LT simulated a Trojan and was a way to check if BOCLEAN was working. If anything, it would have been useful to try it, or any tests you mentioned, to check if these items were being placed in the start menu and what sigificance it had if if it were a real trojan and not a test.

    I sent back Kevin's reply that he emailed me.

    Not sure about the dictionary comment.

    At least I'm getting responses now. ;)
     
  10. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    OK, this is my personal opinion about leaktests and antitrojans.
    if antitrojans are detecting stuff designed for testing firewalls then I begin to wonder...that particular leaktest has nothing to do with an antitrojan test.

    soon they let boclean detect cookies and spam as well ;).

    pfff, ok those two other links kareldjag presented are better for testing an antitrojan but not the grc leaktest afaik.

    Inf.
     
  11. jon_fl

    jon_fl Registered Member

    Joined:
    Sep 4, 2004
    Posts:
    242
    I agree that there are better tests. My point was the startup items. I was just trying to get an explanation of why that was happening. Kevin was so kind to respond to my email about it. I thought somebody in the forum would have been able to explain it in the meantime. :)
     
  12. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    no prbs...:)
     
Thread Status:
Not open for further replies.