Hacker Defender

Discussion in 'news, general information and FAQs' started by Pieter_Arntz, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    From SWI newsletter (http://www.spywareinfoforum.com/newsletter/archives/0604/8.php)

    Last month, I warned about a nasty new parasite that had been discovered. This parasite hides itself from Windows, is nearly impossible to detect and nearly impossible to remove.

    It turns out our new parasite is protected by an open source NT rootkit called Hacker Defender. Hacker Defender installs a device driver which hooks the Windows API. It allows it to hide a directory with a particular name while allowing files to exist there, hide open ports from a port scanner while allowing connections to and from that port, hide processes in memory from process managers along with other cute tricks. Anything protected by Hacker Defender is a real pain to find and remove.

    There is a possible method for removing this thing easily. This information is from a member of our message board who prefers to remain nameless. No guarantees that this will work.

    It's also worth mentioning that if the computer in question boots more than one operating system and your other OS has access to that hard drive, then you can simply boot to the other OS and delete the directory and files with no interference.

    Thanks ChrisRLG for bringing it to my attention
Thread Status:
Not open for further replies.