.LNK file crash etc test

Discussion in 'other security issues & news' started by CloneRanger, Jun 15, 2011.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    Harmless test ;)

    *

    *

    First off Avira wanted to block the DL etc, so i disabled it whilst testing. Tried it, after allowing,

    pg.gif pg2.gif

    Nothing bad happened ! & that's after i undid the .Lnk protection in HMP, Plus i don't have ANY updates from MS on this XP/SP2 comp either.

    What did happen, which surprised me, & initially i thought it might be due to the test, but it wasn't, was that when i disabled/enabled the HMP fix my Complete desktop dissapeared for a few seconds :eek: When it returned several of my Apps icons in the taskbar had dissapeared, including Avira'a ! They returned though within about five seconds, & Process Explorer showed avguard.exe still active during this Event. Wierd, but "maybe" that's how the HMP works ?

    Wonder if this test "might" work on your comp ?
     
    Last edited by a moderator: Jun 15, 2011
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,726
    Interesting that something like this still works. Thanks for the share.

    Avast reported it as well, so I had to disable it. For some strange reason, I can only open file location on it. Maybe it's SRP or something else on my system.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,447
    Location:
    USA
    It's a shame process Guard's development wasn't continued! I've seen it stop a lot of malware that many current products have failed to stop. I still have a license for the full version.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,112
    Location:
    Saudi Arabia/ Pakistan
    I don,t know of any malware stopped by PG and Not by more modern HIPS like OA, CFP, etc. Infact it,s a miscoception.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Can you list some of the malware and some of the many products?

    thanks,

    -rich
     
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    When your desktop disappeared and if there is any opened folder, the latter would disappear as well because EXPLORER.exe just had crashed. Then EXPLORER.exe would restart in a snap, and those icons on your taskbar which disappeared would reappear. So, it's not HMP. The test had just crashed your Explorer.

    I did the test, when I executed the shortcut icon or rightclick on that icon to select for e.g "properties" after which copy-paste it to another folder then opening that folder, explorer.exe would crashed.

    It's harmless but very annoying once I did the above and I'm trying to open the folder, Explorer would crash. Luckily I was able to delete the file without Explorer crashing.
     
    Last edited: Jun 18, 2011
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    @ trismegistos

    I appreciate you posting about this, Thanks :thumb:

    I guess as it happened so quickly to me i was unable to monitor it properly !
     
  8. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    Why didn't it do anything on my system? when i executed it all my control panel items got displayed, copied n pasted in another folder, same behavior no crashes... am i missing something here?
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    Yeah, a crash :D

    Don't know why you escaped, but if you find out let us know :thumb:
     
  10. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    lol... i've posted over at the page.. hopefully the author will reply and maybe i can find out why.
     
  11. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    Ya as soon as I clicked to DL the file my firewall BEEPED and warned me of a suspicious file... (My firewall has smart filtering enabled and because I CLICKED THE LINK TO DL,it allowed it (However,I could have added that to the blocked events and then if i clicked that link nothing would happen))

    All the file did when i ran it was open Control panel..
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    Good man :thumb:

    Really ! Wonder why ?
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.