DLL Detection is not saving DLL signatures?

Discussion in 'LnS English Forum' started by Pete99, Apr 25, 2006.

Thread Status:
Not open for further replies.
  1. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    It seems that "DLL Detection" is not saving DLL signatures:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Soft4Ever\looknstop\Applis]

    "DLL0"="C:\\SYS\\AUTOMATE\\AMENGINE.DLL"
    "DLL1"="C:\\WINDOWS\\SYSTEM32\\WINHTTP.DLL"
    "DLL2"="C:\\WINDOWS\\SYSTEM32\\NETSRV32.DLL"
    "DLL3"="C:\\COMM\\SIMPLITE-MSN\\PLUGINS\\WINSOCKHOOKDLL.DLL"
    "DLL4"="C:\\SYS\\CYGWIN\\BIN\\CYGNEON-25.DLL"
    "DLL5"="C:\\DISK\\BEYOND COMPARE\\SFFTPLIB.DLL"

    "DLLSignature0"=dword:00000000
    "DLLSignature1"=dword:00000000
    "DLLSignature2"=dword:00000000
    "DLLSignature3"=dword:00000000
    "DLLSignature4"=dword:00000000
    "DLLSignature5"=dword:00000000

    To me, this means that LnS won't alert me if malware changes a DLL.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, there is no signature for DLL.
    This is because, a malware would be anyway detected if it tries to use a DLL that has been changed.

    Frederic
     
Thread Status:
Not open for further replies.