Jump to content
  • Advertisement
Sign in to follow this  
geekalert

Hidden Roots

This topic is 4417 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

OK sorry for the bad title but how would you go about finding what application created a certain file... Let's say a certain program named thisisnotspyware.dll creates a file called thisisnotapopupfile.exe. I, the victim, finds this file called thisisnotapopupfile.exe, and decides to get rid of it. Next day, it comes back. So I reason that there must be some kind of overlord creating these .exe's. How would I find that file (thisisnotspyware.dll) if all I see are its creations? Thanks for any replies. BTW, I have SpybotSD, AdAware, Spy Sweeper, u name it, but it cant seem to fix this problem. I've even injected code into the popupfile.exe executable (mov ax, 4c00h int 21h, in hex of course) right after the 256-bit header, but alas, that 1!@#%(!#& overlord simply replaced my modified file.

Share this post


Link to post
Share on other sites
Advertisement
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?

Share this post


Link to post
Share on other sites
Quote:
Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?


This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.

Share this post


Link to post
Share on other sites
Go to PandaSoftware and do the free online scan. (Click the 'free online virus scan' message in the top right corner) This scan will pick up multiple objects that your normal scan will miss. Also, the scan programs on your computer can be tricked but this, being not on your computer, won't be.

If it picks up anything, save the logfile and post the log along with your symptoms at the SpywareInfo forums. They will help you solve your problems through a step be step proccess custom made to fit your problems.

Share this post


Link to post
Share on other sites
Quote:
Original post by Run_The_Shadows
Quote:
Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?


This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.


I disagree. A series of logfiles will pull up anything, whether hidden or not, that runs on your computer. You just have to know how to identify and remove the threats from amongst your legit files. The good folk and SWI will walk you through it.

Share this post


Link to post
Share on other sites
Quote:
Original post by Servant of the Lord
Quote:
Original post by Run_The_Shadows
Quote:
Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?


This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.


I disagree. A series of logfiles will pull up anything, whether hidden or not, that runs on your computer. You just have to know how to identify and remove the threats from amongst your legit files. The good folk and SWI will walk you through it.


disagree all you want. they're still right. it's impossible to guarantee that everything is back to normal.

Share this post


Link to post
Share on other sites
Quote:
Original post by geekalert
OK sorry for the bad title but how would you go about finding what application created a certain file...

Let's say a certain program named thisisnotspyware.dll creates a file called thisisnotapopupfile.exe. I, the victim, finds this file called thisisnotapopupfile.exe, and decides to get rid of it. Next day, it comes back. So I reason that there must be some kind of overlord creating these .exe's. How would I find that file (thisisnotspyware.dll) if all I see are its creations?

Thanks for any replies.

BTW, I have SpybotSD, AdAware, Spy Sweeper, u name it, but it cant seem to fix this problem. I've even injected code into the popupfile.exe executable (mov ax, 4c00h int 21h, in hex of course) right after the 256-bit header, but alas, that 1!@#%(!#& overlord simply replaced my modified file.


did you run them in safe mode? if you already have i'd suggest properly reformatting, etc.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

Participate in the game development conversation and more when you create an account on GameDev.net!

Sign me up!