RegRun detects Hacker Defender

Discussion in 'other anti-trojan software' started by Chris12923, Oct 25, 2005.

Thread Status:
Not open for further replies.
  1. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Dmitry has informed me that RegRun has two easy ways to detect Hacker Defender 1.0. Not sure if it detects Brilliant or Gold the same way though.

    From Dmitry:

    "I know 2 ways to detect Hacker Defender even if it hides from
    UnHackMe:
    1) Trojan Analyser.
    Run Trojan Analyser to trace all processes.
    Run RegRun or something to generate registry activity.
    You can see that the Trojan Analyser adds additional rows for each
    accessed key.
    You can see the HackerDefender service name, driver name, legacy name.
    Look at the screenshot.
    2) BootLog XP (for XP only).
    It detects HackerDefender as well because it works on early study of
    Windows boot up process and HD could not hide their process and
    service from operation system."

    The other screen is below.

    Thanks,

    Chris
     

    Attached Files:

  2. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Other screen.

    Thanks,

    Chris
     

    Attached Files:

  3. Hi Chris

    From what I hear, the only thing you can do if infected by a rootkit is reformat.
    Why? well the rootkits messes with Sys files and stability.
    Is this a way to detect a rootkit and clean it without problems?
    Even Microsoft suggests REFORMAT.

    2
     
  4. It seems like even the frequent members here shy away from these rootkit posts

    Isn't that a bit funny?

    Even those that come here with their proof of concept like johanna don't even post as johanna after putting a half rate rootkit dector program on the internet.
     
  5. trillion

    trillion Guest

    But the important thing is being able to tell if you have a rootkit in the first place. How would you know to reformat if you don't know whether you have a rootkit or not to begin with? So programs like Unhackme a RegRun are very useful programs indeed, even if they can't remove all rootkits.
     
  6. controler

    controler Guest

    In a way I agree. You detect it and then reformat. LOL
    Why ? it is very simple. The damage was done.

    read my lips ok? PROACTIVE!!!!!!!!

    grrrrrrrrrrrrrrrrrrrrrrrrr
     
  7. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Yes proactive is a better approach. But for those people that make errors in their decisions using software like PG and RegDefend it is always nice to have some backup to see if you have become infected. When you say the damage is done. This is true to a point but if you didn't ever detect the root their can be way more damage to come. So it is nice to have a second opinion.

    Thanks,

    Chris
     
  8. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O

    actually its because you can never be 100%sure that you cleaned all of it. there always could be something hidden. a format/reinstall is the only safe way to remove a rootkit.

    like you detect a rootkit, be it hxdef. ok unhackme can remove it, you can attemp to clean it using other rootkit detector/tools etc
    how can you be sure after you have been so badly compromised that there was no other backdoor installed?
     
Thread Status:
Not open for further replies.