DLL Detection is not saving DLL signatures?

Discussion in 'LnS English Forum' started by Pete99, Apr 25, 2006.

Thread Status:
Not open for further replies.
  1. Pete99

    Pete99 Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    47
    Location:
    U.S.
    It seems that "DLL Detection" is not saving DLL signatures:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Soft4Ever\looknstop\Applis]

    "DLL0"="C:\\SYS\\AUTOMATE\\AMENGINE.DLL"
    "DLL1"="C:\\WINDOWS\\SYSTEM32\\WINHTTP.DLL"
    "DLL2"="C:\\WINDOWS\\SYSTEM32\\NETSRV32.DLL"
    "DLL3"="C:\\COMM\\SIMPLITE-MSN\\PLUGINS\\WINSOCKHOOKDLL.DLL"
    "DLL4"="C:\\SYS\\CYGWIN\\BIN\\CYGNEON-25.DLL"
    "DLL5"="C:\\DISK\\BEYOND COMPARE\\SFFTPLIB.DLL"

    "DLLSignature0"=dword:00000000
    "DLLSignature1"=dword:00000000
    "DLLSignature2"=dword:00000000
    "DLLSignature3"=dword:00000000
    "DLLSignature4"=dword:00000000
    "DLLSignature5"=dword:00000000

    To me, this means that LnS won't alert me if malware changes a DLL.
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, there is no signature for DLL.
    This is because, a malware would be anyway detected if it tries to use a DLL that has been changed.

    Frederic
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.