Most viruses override windows executables so they cant be detected
by just browsing the proccesses on the taskmanager.
Example wuauclt.exe (Windows Update)
What method is used to do this? How can i do this?
RE: Trying To Override Basic Windows Executables
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 24-03-10 17:55
After reading what Moshbat posted (Thank you for your reply) trying to hide the proccess may irritate antivirus sences which is not good. On the other
hand, naming the executable like "Windows Update Manager" may give
to my program a more innocent form. Can you name other windows based
Posts: 960 Location: in front of a computer (duh) Joined: 05.04.07 Rank: Mad User
Posted on 25-03-10 12:58
If I recall, there's an old issue of hakin9 that covered this topic showing how it can be done. I can't remember the issue number, but if I recall correctly it also has tutorials on WiFi cracking and RFI/LFI, I think it must've been over a year old now.
Posts: 32 Location: Brasil Joined: 31.03.10 Rank: God
Posted on 01-07-10 03:24
It is much worse than that! If the virus only override windows executables would be great!
For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilities]
Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system ... And with the taskmanager you never know about anything!
The only way to know about what is happening on the machine is using:
1 - CMD.exe
2 - Type Tasklist / SVC
He'll show you all the services that are being loaded on SVCHOST!
It is also very good for refining the system configuration!
Still I'll write some articles about windows! :ninja:
GAT/GP/GCS/GSS/GE/GH/J d- s++:++ a C++++ ULS*+++ P+ L++ K---
w---(++++) M- PS+++ PE-(--) Y++ PGP t R !tv b++++ h-- r+++ z+++++
Every person takes the limits of their own field of vision for the limits of the world.
You can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.