Sat Jul 31, 10 20:55 -05
at WTF Command Central
Log In
 
 
Register New User
Recent Articles
"Why is Google Search so bad now?" posted on 5/20/2010 8:57:02 PM in category [BBQ]
"Insidious trojans" posted on 3/21/2010 4:17:21 AM in category [BBQ]
"Mr. Trolololo is shamed by the Commies!" posted on 3/13/2010 7:51:57 PM in category [LOL]
"Never before seen episode of Star Trek!" posted on 3/9/2010 4:34:09 PM in category [LOL]
"Hitler is sick of Lost" posted on 2/23/2010 1:49:10 AM in category [LOL]

Insidious trojans 

21 Mar 2010 4:17 AM Submitted By: LeeSr

OK, I've had to deal with numerous trojan infections on my sons' machines over the years, ad a few on my Mom's machine, as well (usually thanks to my youngest being a bit overzealous about installing downloaded programs). It's always a pain, and I'm always reminded, when I begin the long task of recovering from these infected computers, of the severe lack of effective tools when it comes to dealing with the problem.

Perhaps the biggest problem is that the evil people designing malware are just too smart, but it amazes me how spotty the anti-malware/trojan tools really are.

Hijackthis is always lauded for being such a great tool, yet all too often, checking "fix" to disable a startup item results in no action whatsoever. Most antivirus and anti-malware apps have also become victim of the "cry wolf" syndrome, insisting that many legit programs are some sort of virus-infected apps, because they may be keygens or patchers (yeah, yeah, piracy is bad, whatever, my antivirus program shouldn't be giving me inaccurate information, at any rate.). Worse, many of the apps never do a damn thing when a trojan "tweaks" policies or registry entries to disable programs.

On a recent recovery operation, MalwareBytes came through in spades (after I had manually cleaned out the trojan executables), discovering some confounding registry entries that were causing many critical apps to fail, including my antivirus app!! Made aware of this incredibly dangerous registry entry, I've decided to create my own tool, HeatSeeker, to ferret out applications that perform suspicious hooks into the system and give those of us with some bit of knowledge, a more powerful tool in rooting out infections.

I'm currently working on it, so that's all I'll say for now, but expect a post here in a few weeks. My idea is simply to suppliment the existing tools, with an app you run in Safe Mode/Administrator to find anything suspicious, and present the user with a list, and REAL INFORMATION that will allow them to make a semi-informed decision. I expect to delve deep into the internal functions of Windows to figure out what apps might be dangerous, remove those files and registry entries, and give you a fighting chance to recover your system without having to re-install Windows. Files marked as  hidden, or with permissions tweaked to prevent their access will no longer be a problem.

In short, I'm sick of getting punked by the scum that write these apps, and I'm fighting back.

How will this tool be used? As I stated above, you'll run this in SAFE MODE, and after it provides a list of potential villians, you'll "fix" those villians and then run your normal suite of antivirus/malware tools to clean out the rest of it. Ideally, I'd also like to add in lspfix functionality (for trojans that hook into your network stack) and even the ability to read registry hives directly (so you can run this from a "bootable windows" disc)

66 view(s)   Tags: trojans, virus, malware, recovery, fix, taskmgr, policies, image file execution options  
There are no comments posted for this article
Please log in to make comments
 
©2008 WTFLOLOMGBBQ.com