How to protect system32 ?

Discussion in 'privacy problems' started by southcat, Jan 13, 2005.

Thread Status:
Not open for further replies.
  1. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Hello everybody. :)

    Since spyware always like to hide itself into c:\winnt\system32, how do we prevent it ? Lock the folder?? Do you have any idea to deny spyware go into the folder c:\winnt\system32\ and prevent it modify the files ".dll" inside "system32" ?


    Thank you.
     
    Last edited: Jan 13, 2005
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    The best option is to protect your system, use a different browser to internet explorer, and dont use software you dont know, or that hasn't been recommended by a trustworthy source.

    you should at least have these running on your system and up to date:

    Anti virus
    Firewall
    Anti Spyware

    Make sure your windows has all the updates. Mozilla Firefox an Opera are two free browsers that work well.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Process Guard 3 – Locks down and protects all your programs at the lowest level in Windows and prevents dll injections.
    http://www.diamondcs.com.au/

    You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    This is what works really well for me, very simple to use and maintain.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    The easiest way to make sure something can't be added to the system32 directory is actually to just run under a limited user account, then something would actually need to gain admin privledges to make any changes there.

    Other than that you can also try Prevx, which will protect all of the Windows directories, regardless of privledges. There is a free and an inexpensive paid version available.
     
  5. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Thanks all of you for your advise. :)

    Below is realtime scanner in my system

    Browser : Maxthon 1.1(Block Ad, Lock Homepage, ...)
    1) Zone Alarm Pro 5.5
    2) SAV 9.0
    3) Process Guard 3.1 (Free)
    4) Ad-Watch
    5) WinPatrol 8.1

    Latest Add
    6) Prevx Home
    7) Ewido

    I am using above software to block trojan/malware/virus to intrude my system.

    Someday, however, i met a problem. A program xp??.exe(Sorry, i forgot its full name) tried to execute and it was blocked by Process Guard. I was shocked when the process guard popup alert. I search my system and found it hide inside "c:\winnt\system32", After i delete it the problem was solved.

    Although it cannot harm my system, but i was afraid, so i add ewido and prevx to protect my system and also interest in gain access control to "\system32\"

    Thank you.
     
  6. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    System32 is one of the folder often infected by malwares.
    But it's all the system that we have to protect.

    That's why a full version of PG is more interesting.
    Why?just have a look at this paper:

    http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html

    And if you really want to monitor Sytem32:

    ***Filechecker(from Javacool on this forum),

    ***Filewatch: http://www.foundstone.com/resources/proddesc/filewatch.htm

    ***Sentinel : http://www.runtimeware.com/?page=p_sentinel2

    Regards
     
  7. southcat

    southcat Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    212
    Hello. :cool:
    I tried some files monitor software already, those program monitor files only, cannot detect if anything save itself into a folder.

    However, thanks for your advise.

    Best regard
     
Loading...
Thread Status:
Not open for further replies.