Whenus - Pronounced We Nus

Discussion in 'other anti-malware software' started by BrendanK., Mar 16, 2009.

Thread Status:
Not open for further replies.
  1. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    I found another new program called WhenTrust by Whenus. It is a so called HIPS however, I do not see how it is a HIPS. It apparently prevents intrusions, but not in the way of a normal HIPS.

    Check it out:
    http://www.wehnus.com/technology.pl
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Vista has this by default. It is more a hardening option for XP and lower. I am unsure whteher it still works with XP SP3 though.

    Regards Kees
     
  3. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Oh ok cool. Thanks Kees :)
     
  4. Arup

    Arup Guest

    Isn't this some sort of software DEP already there via your CPU in XP and Vista. Linux has had this for a while as well.
     
  5. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    ATTENTION, please.

    DANGER: WehnTrust v1.2, Updated Aug 11, 2008 - is DANGEROUS for you!

    After download and Restart of Windows:

    IE Tools/Options: no works ( window :Restrictions...).

    IE/ Windows Update: no works.

    I look on RootRepeal/Stealth Objects: Found 750 stealth objects! ( Hidden Module: ... .dll). Another scan with RootRepeal after 1 minute: 774 stealth objects! Another scan: 828 stealth objects!!!

    Indispensable & essential RootRepeal antirootkit!

    My another Indispensable Antirootkit Tool (K. D.)/Processes: 'A:System'. Virtual Size: 1908 KB! State: INVISIBLE.
    My all processes beginned by: A:C:/ ... !

    Now : IE unbootable! (thanks, DEP! ).

    In Safe Mode: I deleted all folders of WehnTrust, with HijackThis and in Program Files; I deleted 'WehnTrust Monitor Service' in the Services; in Prefetch: WEHNSERV.EXE and WEHNTRUST.EXE and others ...

    Restart of Windows.

    IE start and disappears!

    Restore of Windows with my Restore Point ...

    OK., but one folder is renamed: RandCache , for RandCache(2) !!!

    Tiny Watcher: REMOVE RandCache(2) (104060 KB!). Excellent Tiny Watcher, INDISPENSABLE. But 'General warning' (was ist das?)- no possibility of remove in Tiny ...

    Now: RootRepeal: 0 stealth objects. K. D. : no 'A:System'.

    Now, I want to restart of Windows, but first I want to send this Post ...:argh:

    PROROOTECT:thumb:
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    hi and thanks for this info:thumb: let us know the results please
     
  7. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Yes, WehnTrust v1.2 is EVIL!

    ... but now I'm clean! The results: all OK.! :thumb:RootRepeal/Stealth Objects: Found 0 stealth objects! And :thumb:K. D. - nothing wrong!:argh:

    Still some small souvenirs from Event Viewer today:

    14:33 - start of WehnTrust Monitor Service

    14:42 - Error (Source: baserand; General Information: Process iexplore.exe; SEH Overwrite Information:
    Frame handler: 0x792CEE18
    Frame next: 0x3A35F96C
    Short jump detected: No (... what is this?...)

    15:05 - Warning: Windows cannot unload your classes registry file - it is in use by other applications or services [ or services ...:argh: ]

    15:27 - Windows has downloaded the registry when it received a notification that no application or service using the profile.

    15:29 - start in Safe Mode ...

    16:39 - Restore ...

    I'm very clean.:argh: :argh: :argh: Thanks for HijackThis, RootRepeal, K. Detective, Tiny Watcher !!!

    Your Horror Series Tonight are finished.

    Rest In Peace, Yours PROROOTECT:thumb:
     
  8. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello all,

    What was that?
    Perhaps the original Page WehnTrust was tainted by evil?
    Or perhaps this page is original bomb?
    And what was the nasty, how to call? A rootkit? A trojan? Something else?
    And how to understand the error to 14:42 in Event Viewer, and others?

    Your comments are welcome, thank you!:thumb:

    PS.'Which nasty do you want to kill today?' ...:argh:
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    thanks man for your life saving info;) :thumb: :)
     
  10. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
  11. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    So wait, this program is malware? I'm so lost now o_O
     
  12. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    No, Wehnus is not malware.
     
  13. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Ok cool :thumb:
     
  14. rodgerdodger

    rodgerdodger Registered Member

    Joined:
    Mar 20, 2009
    Posts:
    2
    @PROROOTECT

    I submitted WehnTrust to Virus Total, and it came up clean with a score of 0/39.

    On the other hand, your indispensable program "KD" came up with a bad score of 15/39. Apparently, 15 MAJOR AV engines said that it may contain a Trojan/PWS. Additionally, ThreatExpert did not have very good reviews in regard to this program either.

    You can read up on your indispensable program here:

    ~Link to VT results removed per Policy.~

    and here:

    http://www.threatexpert.com/report.aspx?md5=24d1e2a73a679ad3377c82f801c63b4e
     
    Last edited by a moderator: Mar 20, 2009
  15. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi rodgerdodger Posts: 1,

    Thank you very much for your reply very relevant.

    I'm well on my previous reflected position.

    Too bad that Virus Total does not clean up the RandCache from WehnTrust.

    I have a very good - the BEST antivirus software, called AVIRA AntiVir 9; never problems, never false positives.

    I also carry some very good antirootkits - with K. D. in BEST position. I love K. D. ! It is the story of love, NOTHING I can do ...

    Thank you for your efforts anyway,

    Yours PROROOTECT:thumb:
     
  16. rodgerdodger

    rodgerdodger Registered Member

    Joined:
    Mar 20, 2009
    Posts:
    2
    @PROROOTECT

    And what is your opinion of ThreatExpert's analysis?
     
  17. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi rodgerdodger Posts: 2,

    K. D. : Files MD5 & SHA-1.

    SSymantec: Spyware?

    McAfee: PWS?

    Ikarus: Trojan?

    Kaspersky: UPX?


    OK, OK ...:thumb:
     
  18. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Well, seriously:the suggestions concerning the misconduct of K.D. were of course without real foundation and unprofessional. The Truth is this one:

    The GOOD: K.D. by GamingMasteR is not the same as the NASTY: OnlineGames trojan & stealer.

    There is what happened:

    1. AV Company mark K.D. as OnlineGames trojan (& stealer); this is FALSE POSITIVE because other trojan has similar signature of K.D.,

    2. Other Companies marked K.D. as OnlineGames trojan & stealer imitating the 1st AV Company:D :argh: :D ; pitiful experts, stupid AVs!:p - But not all: false positive numbers was greatly decreased as most top AVs ...

    PS. I don't OnlineGames files on my Windows. None.
    I have NOTHING bad in Registry.
    I'm 100 % clean. In my system32\drivers, I have KeDetective121.sys (152 Kb). And I'm very proud of.

    Many many Thanks for his developer.

    And this again: To defend against buffer overflow attacks, use COMODO Memory Firewall: http://www.memoryfirewall.comodo.com/ Very LIGHT, SAFE & CLEAN: I tried & approved.

    Yours nasty PROROOTECT:thumb:
    """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" :thumb:
    'WHICH NASTY DO YOU WANT TO KILL TODAY?':thumb:
     
Thread Status:
Not open for further replies.