Gpcode trojan versus HIPS

Discussion in 'other anti-malware software' started by aigle, Apr 26, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Going to test this against ProcessGuard & Zemana, soon.

    Thanks to aigle for the baddie ;)
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    let us know man:thumb:
     
  3. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Shouldn't KIS still protect files if they are in the My Documents directory (User files\My documents2 rule)?
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Testing gpcode Trojan against ProcessGuard & Zemana

    Disabled Avira & Prevx & enabled ShadowDefender

    DC'd gpcode.exe

    1.gif

    Due to

    2.gif

    Unticked that & DC'd gpcode.exe again & allowed this

    3.gif

    Not a peep out of Zemana though ? Let's not forget that Z is NOT meant to be a full blown HIPS product, the extra protection it does give along with it's Excellent KL duties is a bonus. And i have personally had it blocking other nasties etc in previous tests.

    Process Explorer showed LOTS of Crypto activity as gpcode was busy doing it's dirty deeds :eek: After a few minutes i had seen enough, and unexpectedly i was able to kill gpcode.exe via Task Manager. Rebooting and thanks to SD everything was back to normal :)

    So ProcessGuard on it's own was enough to stop this nasty dead on arrival :thumb:
     
  5. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    That proves only that default-deny works against this piece of malware. Well, default-deny works against basically every piece of malware. And every non-whitelisted process for that matter, even if it's not malware. That's the whole idea of it - not starting any process unless it has been explicitly allowed. There is no need to test anti-executable software against threats in my opinion. It would be like testing HIPS applications but double-clicking the .exe file and not allowing it to run at all. There is no point.
     
  6. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    Yes, it prompts for folders that are in the HIPS ruleset.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.