Most viruses override windows executables so they cant be detected
by just browsing the proccesses on the taskmanager.
Example wuauclt.exe (Windows Update)
What method is used to do this? How can i do this?
RE: Trying To Override Basic Windows Executables
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 24-03-10 17:55
After reading what Moshbat posted (Thank you for your reply) trying to hide the proccess may irritate antivirus sences which is not good. On the other
hand, naming the executable like "Windows Update Manager" may give
to my program a more innocent form. Can you name other windows based
Posts: 960 Location: in front of a computer (duh) Joined: 05.04.07 Rank: Mad User
Posted on 25-03-10 12:58
If I recall, there's an old issue of hakin9 that covered this topic showing how it can be done. I can't remember the issue number, but if I recall correctly it also has tutorials on WiFi cracking and RFI/LFI, I think it must've been over a year old now.
Posts: 33 Location: Brasil Joined: 31.03.10 Rank: God
Posted on 01-07-10 03:24
It is much worse than that! If the virus only override windows executables would be great!
For example, you look at windows update and disables this shit [is much more constructive track updates and download only what you need is, we learned a lot about new vulnerabilities]
Worse is when they are loaded as services SVCHOST! It is loaded with privileges of the system ... And with the taskmanager you never know about anything!
The only way to know about what is happening on the machine is using:
1 - CMD.exe
2 - Type Tasklist / SVC
He'll show you all the services that are being loaded on SVCHOST!
It is also very good for refining the system configuration!
Still I'll write some articles about windows! :ninja:
GAT/GP/GCS/GSS/GE/GH/J d- s++:++ a C++++ ULS*+++ P+ L++ K---
w---(++++) M- PS+++ PE-(--) Y++ PGP t R !tv b++++ h-- r+++ z+++++
"This Government, Industry and Government Scientists will be responsible for more deaths (of civilians) in peace time than all the terrorist organizations ever."
-Dr. Barrie Trower - former MI5, Microwave Weapons Expert stopthecrime.net/