A different BOCLEAN question

I downloaded Gibson's LeakTest to test BOCLEAN. After the file was deleted, WinPatrol alerted me that two start up programs have been detected. The startup locations listed in WP are; WININI run section and the other in WININI load section. Should this action be allowed or denied? What does it mean? If I didn't have WP, you would see it in MSCONFIG startup group.

If someone is running WP, can you try it and see what I'm talking about?

 

afaik leaktests are for testing firewalls...I wonder why you wanted to test boclean with it...the fact that winpatrol alerted you regarding two extra startup items...could be that the leaktest will add two extra startup items but I doubt that, adding startup entries has nothing to do with leaktests.

winpatrol alerted but you didn't had winpatrol

please explain.

thanx

 

thats true but the GRC leaktest is also good for testing on anti-trojans.
i used it to test Trojanhunter gaurd.

 

After I deleted the LT file with BOCLEAN, WP alerted me to new start up items. If I denied the startup item, it kept alerting me after each time I deleted LT with BOCLEAN. The startup files will also show up in MSCONFIG.

 

Nevermind, Kevin explained it to me.

 

320 views and 2 replies were a bit disappointing. Here is Kevin's reply, none the less:

Greetings ... it only noticed TWO? When BOClean nails a nasty, it goes through ALL of the possible startups, removes all "deadwood" and installs absolute blanks for about 36 categories to ensure that all nastiness has been removed and can't be replaced. In addition to five entries in WIN.INI, we also go after SYSTEM.INI, a bunch of BAT files and the registry. As to whether or not WinPatrol should or shouldn't, for Leaktest - doesn't matter. However, in the event of a REAL trojan, DO NOT let that proggie interfere with BOClean or infections will spread.

 

Hi,

***If anyone wants many answers to his question or problem, he should be as accurate as possible: we're not supposed to be in his mind or in his computer.

And the most important: no need to open a dictionary to add those words in any post: Please, Thanks...

***The grc leaktest is a basic tool to demostrate how some trojans can bypass firewalls in order to communicate with their client.
It's a firewall test tool.

There is more interesting and not dangerous tools to test AT:

***TrojanSimulator (with a real start up entry):
http://www.trojanhunter.com/trojansimulator/

***Zapass (try to inject an implant on the AT.exe for instance):
http://www.whirlywiryweb.com/article.asp?id=/trojanimplant

But the best method to test an AT is to have a real collection of trojans (decoded or not).
But it's not a newbies' game.

Regards

 

I thought it was a clear question. It was what accurately happened. Maybe nobody ever noticed this before. Many people have BOCLEAN. Many people have WP. It has been recommended here that LT simulated a Trojan and was a way to check if BOCLEAN was working. If anything, it would have been useful to try it, or any tests you mentioned, to check if these items were being placed in the start menu and what sigificance it had if if it were a real trojan and not a test.

I sent back Kevin's reply that he emailed me.

Not sure about the dictionary comment.

At least I'm getting responses now.

 

OK, this is my personal opinion about leaktests and antitrojans.
if antitrojans are detecting stuff designed for testing firewalls then I begin to wonder...that particular leaktest has nothing to do with an antitrojan test.

soon they let boclean detect cookies and spam as well .

pfff, ok those two other links kareldjag presented are better for testing an antitrojan but not the grc leaktest afaik.

Inf.

 

I agree that there are better tests. My point was the startup items. I was just trying to get an explanation of why that was happening. Kevin was so kind to respond to my email about it. I thought somebody in the forum would have been able to explain it in the meantime.

 

no prbs...