THE HAL AREA

Discussion in 'malware problems & news' started by SystemJunkie, Jan 17, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Unknown SSDT entries within the hal area, may be the result of a security app.

    http://i3.tinypic.com/2rho5z8.png


    Normally the table only goes until 283 as far as I remember.

    GMer shows it this way:

    SSDT 800D7000 SSDT[284]
    SSDT 800D7000 SSDT[285]
    SSDT 800D7000 SSDT[286]
    SSDT C00D7040 SSDT[287]
    SSDT C554B150 SSDT[288]
    SSDT 800DB44B SSDT[289]
    SSDT 800E3021 SSDT[290]
    SSDT 80280000 SSDT[291]
    SSDT 800E3200 SSDT[292]
    SSDT 80265E00 SSDT[293]
    SSDT 800D7000 SSDT[294]
    SSDT 800D7000 SSDT[295]
    SSDT 800D7000 SSDT[296]
     
  2. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Probably Kaspersky added them when owned your SSDT.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,253
    Hello,
    If you wanna crash HAL, install a driver in runlevel 1, that'll show it.
    Restart desktop and HAL will pop with an error: cannot initialize HAL.
    Mrk
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Make an example.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,253
    Hello,

    sudo telinit 1
    cd drivers
    sudo sh driver_example.run > will warn about installation in runlevel 1
    sudo /etc/init.d/xdm start

    X Server will come with HAL error not initializing - no HAL.

    Mrk
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Maybe.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    HAL AREA PART 2 This something is beyond process list, beyond sdt, beyond hal.. if this is no false positive then this may a bad thing but probably it is a fp from ice sword.

    http://i18.tinypic.com/49i9h8k.png
     
    Last edited: Jan 24, 2007
  8. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    I would like to say you that you found bug in IceSword.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    hehe, I think so.. maybe IceSword detect itself.. beside EP_X0FF your tool icie is cruel to icesword is there any other possibility to stop the frozen icesword except rebooting?
     
  10. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    hehe, no
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.