THE HAL AREA

Discussion in 'malware problems & news' started by SystemJunkie, Jan 17, 2007.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Unknown SSDT entries within the hal area, may be the result of a security app.

    http://i3.tinypic.com/2rho5z8.png


    Normally the table only goes until 283 as far as I remember.

    GMer shows it this way:

    SSDT 800D7000 SSDT[284]
    SSDT 800D7000 SSDT[285]
    SSDT 800D7000 SSDT[286]
    SSDT C00D7040 SSDT[287]
    SSDT C554B150 SSDT[288]
    SSDT 800DB44B SSDT[289]
    SSDT 800E3021 SSDT[290]
    SSDT 80280000 SSDT[291]
    SSDT 800E3200 SSDT[292]
    SSDT 80265E00 SSDT[293]
    SSDT 800D7000 SSDT[294]
    SSDT 800D7000 SSDT[295]
    SSDT 800D7000 SSDT[296]
     
  2. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    Probably Kaspersky added them when owned your SSDT.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    If you wanna crash HAL, install a driver in runlevel 1, that'll show it.
    Restart desktop and HAL will pop with an error: cannot initialize HAL.
    Mrk
     
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Make an example.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    sudo telinit 1
    cd drivers
    sudo sh driver_example.run > will warn about installation in runlevel 1
    sudo /etc/init.d/xdm start

    X Server will come with HAL error not initializing - no HAL.

    Mrk
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Maybe.
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    HAL AREA PART 2 This something is beyond process list, beyond sdt, beyond hal.. if this is no false positive then this may a bad thing but probably it is a fp from ice sword.

    http://i18.tinypic.com/49i9h8k.png
     
    Last edited: Jan 24, 2007
  8. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    I would like to say you that you found bug in IceSword.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    hehe, I think so.. maybe IceSword detect itself.. beside EP_X0FF your tool icie is cruel to icesword is there any other possibility to stop the frozen icesword except rebooting?
     
  10. EP_X0FF

    EP_X0FF Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    233
    hehe, no
     
Thread Status:
Not open for further replies.