Hidden Roots
Author
OK sorry for the bad title but how would you go about finding what application created a certain file...
Let's say a certain program named thisisnotspyware.dll creates a file called thisisnotapopupfile.exe. I, the victim, finds this file called thisisnotapopupfile.exe, and decides to get rid of it. Next day, it comes back. So I reason that there must be some kind of overlord creating these .exe's. How would I find that file (thisisnotspyware.dll) if all I see are its creations?
Thanks for any replies.
BTW, I have SpybotSD, AdAware, Spy Sweeper, u name it, but it cant seem to fix this problem. I've even injected code into the popupfile.exe executable (mov ax, 4c00h int 21h, in hex of course) right after the 256-bit header, but alas, that 1!@#%(!#& overlord simply replaced my modified file.
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?
Quote:Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?
This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.
Go to PandaSoftware and do the free online scan. (Click the 'free online virus scan' message in the top right corner) This scan will pick up multiple objects that your normal scan will miss. Also, the scan programs on your computer can be tricked but this, being not on your computer, won't be.
If it picks up anything, save the logfile and post the log along with your symptoms at the SpywareInfo forums. They will help you solve your problems through a step be step proccess custom made to fit your problems.
If it picks up anything, save the logfile and post the log along with your symptoms at the SpywareInfo forums. They will help you solve your problems through a step be step proccess custom made to fit your problems.
Quote:Original post by Run_The_ShadowsQuote:Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?
This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.
I disagree. A series of logfiles will pull up anything, whether hidden or not, that runs on your computer. You just have to know how to identify and remove the threats from amongst your legit files. The good folk and SWI will walk you through it.
Quote:Original post by Servant of the LordQuote:Original post by Run_The_ShadowsQuote:Original post by Telastyn
If done properly, you don't. Your system is compromised, meaning anything on it, including login and filesystem functions are now suspect, and trivially changed to ignore the file in question. External tools [booting off cd, putting drive in with another install] might help, but how do you know you got all of the infection?
This man is correct. Once you've found yourself to be the victim of any sort of infection, the only completely safe thing to do is to completely remove and reinstall Windows. Even if you opt to use things like Rootkit Revealer or Adaware, there's no complete guarantee that your system is not compromised.
I disagree. A series of logfiles will pull up anything, whether hidden or not, that runs on your computer. You just have to know how to identify and remove the threats from amongst your legit files. The good folk and SWI will walk you through it.
disagree all you want. they're still right. it's impossible to guarantee that everything is back to normal.
Quote:Original post by geekalert
OK sorry for the bad title but how would you go about finding what application created a certain file...
Let's say a certain program named thisisnotspyware.dll creates a file called thisisnotapopupfile.exe. I, the victim, finds this file called thisisnotapopupfile.exe, and decides to get rid of it. Next day, it comes back. So I reason that there must be some kind of overlord creating these .exe's. How would I find that file (thisisnotspyware.dll) if all I see are its creations?
Thanks for any replies.
BTW, I have SpybotSD, AdAware, Spy Sweeper, u name it, but it cant seem to fix this problem. I've even injected code into the popupfile.exe executable (mov ax, 4c00h int 21h, in hex of course) right after the 256-bit header, but alas, that 1!@#%(!#& overlord simply replaced my modified file.
did you run them in safe mode? if you already have i'd suggest properly reformatting, etc.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement