.LNK file crash etc test

Discussion in 'other security issues & news' started by CloneRanger, Jun 15, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Harmless test ;)

    *

    *

    First off Avira wanted to block the DL etc, so i disabled it whilst testing. Tried it, after allowing,

    pg.gif pg2.gif

    Nothing bad happened ! & that's after i undid the .Lnk protection in HMP, Plus i don't have ANY updates from MS on this XP/SP2 comp either.

    What did happen, which surprised me, & initially i thought it might be due to the test, but it wasn't, was that when i disabled/enabled the HMP fix my Complete desktop dissapeared for a few seconds :eek: When it returned several of my Apps icons in the taskbar had dissapeared, including Avira'a ! They returned though within about five seconds, & Process Explorer showed avguard.exe still active during this Event. Wierd, but "maybe" that's how the HMP works ?

    Wonder if this test "might" work on your comp ?
     
    Last edited by a moderator: Jun 15, 2011
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Interesting that something like this still works. Thanks for the share.

    Avast reported it as well, so I had to disable it. For some strange reason, I can only open file location on it. Maybe it's SRP or something else on my system.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    It's a shame process Guard's development wasn't continued! I've seen it stop a lot of malware that many current products have failed to stop. I still have a license for the full version.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I don,t know of any malware stopped by PG and Not by more modern HIPS like OA, CFP, etc. Infact it,s a miscoception.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Can you list some of the malware and some of the many products?

    thanks,

    -rich
     
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    When your desktop disappeared and if there is any opened folder, the latter would disappear as well because EXPLORER.exe just had crashed. Then EXPLORER.exe would restart in a snap, and those icons on your taskbar which disappeared would reappear. So, it's not HMP. The test had just crashed your Explorer.

    I did the test, when I executed the shortcut icon or rightclick on that icon to select for e.g "properties" after which copy-paste it to another folder then opening that folder, explorer.exe would crashed.

    It's harmless but very annoying once I did the above and I'm trying to open the folder, Explorer would crash. Luckily I was able to delete the file without Explorer crashing.
     
    Last edited: Jun 18, 2011
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ trismegistos

    I appreciate you posting about this, Thanks :thumb:

    I guess as it happened so quickly to me i was unable to monitor it properly !
     
  8. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    124
    Why didn't it do anything on my system? when i executed it all my control panel items got displayed, copied n pasted in another folder, same behavior no crashes... am i missing something here?
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Yeah, a crash :D

    Don't know why you escaped, but if you find out let us know :thumb:
     
  10. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    124
    lol... i've posted over at the page.. hopefully the author will reply and maybe i can find out why.
     
  11. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Ya as soon as I clicked to DL the file my firewall BEEPED and warned me of a suspicious file... (My firewall has smart filtering enabled and because I CLICKED THE LINK TO DL,it allowed it (However,I could have added that to the blocked events and then if i clicked that link nothing would happen))

    All the file did when i ran it was open Control panel..
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Good man :thumb:

    Really ! Wonder why ?
     
Loading...
Thread Status:
Not open for further replies.