Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 12
Guests Online: 12
Members Online: 0

Registered Members: 82800
Newest Member: santana1744
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-10 17:35
Most viruses override windows executables so they cant be detected
by just browsing the proccesses on the taskmanager.
Example wuauclt.exe (Windows Update)
What method is used to do this? How can i do this?


Author

RE: Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-10 17:55
After reading what Moshbat posted (Thank you for your reply) trying to hide the proccess may irritate antivirus sences Pfft which is not good. On the other
hand, naming the executable like "Windows Update Manager" may give
to my program a more innocent form. Can you name other windows based
executables names?


Author

RE: Trying To Override Basic Windows Executables


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-03-10 04:42
Check out rootkit.com




Edited by on 25-03-10 04:43
Author

RE: Trying To Override Basic Windows Executables

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 25-03-10 12:58
If I recall, there's an old issue of hakin9 that covered this topic showing how it can be done. I can't remember the issue number, but if I recall correctly it also has tutorials on WiFi cracking and RFI/LFI, I think it must've been over a year old now.

ah, here's the issue: http://hakin9.org. . .he-windows


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 25-03-10 13:05
catinthecpu@hotmail.com
Author

RE: Worse!

RootsBabilonia
Member



Posts: 32
Location: Brasil
Joined: 31.03.10
Rank:
God
Posted on 01-07-10 03:24
It is much worse than that! If the virus only override windows executables would be great!
For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilitiesWink]
Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system ... And with the taskmanager you never know about anything! Shock
The only way to know about what is happening on the machine is using:
------------------------
1 - CMD.exe
2 - Type Tasklist / SVC
-----------------------
He'll show you all the services that are being loaded on SVCHOST!
It is also very good for refining the system configuration!

Still I'll write some articles about windows! :ninja:

RootsBabilonia


GAT/GP/GCS/GSS/GE/GH/J d- s++:++ a C++++ ULS*+++ P+ L++ K---
w---(++++) M- PS+++ PE-(--) Y++ PGP t R !tv b++++ h-- r+++ z+++++



Every person takes the limits of their own field of vision for the limits of the world.
---Arthur Schopenhauer

You can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time.
--Abraham Lincoln



.. ... http://www.freedocumentaries.org/