dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1740
share rss forum feed


sweetnoob

@optonline.net

Daz bootloader

i have a feeling this popular win bypass can be a major botnet.

The application itself injects a SLIC (System Licensed Internal Code) into your system before Windows boots; this is what fools Windows into thinking it's genuine.

can someone explain how that works in the first place? what is the application doing? what is it modifying exactly.



norwegian
Premium
join:2005-02-15
Outback

1 edit

Same question was asked here - very similar question too.
»Daz Loader

Read this on HAL:
»en.wikipedia.org/wiki/Hardware_abstraction

Understand HAL instead of API. Once you start to read a little it may help you google certain questions you have.

As the loader manufacturer has a forum, you may want to ask them, as there are certain protocols the forum and moderators here may question?
»forums.mydigitallife.info/forums···s-Loader



therube

join:2004-11-11
Randallstown, MD

> Same question was asked here

Same OP, you think ?
(The mod's should be able to determine at the least if they were using the same IP to post.)



Lagz
Premium
join:2000-09-03
The Rock
reply to sweetnoob

said by sweetnoob :

i have a feeling this popular win bypass can be a major botnet.

Put a firewall between the machine that is running this and the internet and check outbound connections.
--
When somebody tells you nothing is impossible, ask him to dribble a football.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

1 recommendation

said by Lagz:

said by sweetnoob :

i have a feeling this popular win bypass can be a major botnet.

Put a firewall between the machine that is running this and the internet and check outbound connections.



Or run a packet sniffer.

Anything that can hook into the hardware at that level could certainly be used to hijack computers into a botnet. It's comparable to the TDL-rootkit protected malware that made the rounds last year, some of which used custom boot sectors. One of the final things I do before returning a machine that was rooted, if the owner didn't want to format, is 'play with it' for a day or so on my [hardware-firewalled] home network while I sniff packets. Machines that look clean aren't always as clean as they look.


ashrc4
Premium
join:2009-02-06
australia
reply to sweetnoob

said by sweetnoob :

i have a feeling this popular win bypass can be a major botnet.

»Possible for malware to covertly hide on harddrive sector

I'm guessing that you have been attempting a clean install of a pirated OS and repeatedly finding it infected.

said by sweetnoob :

can someone explain how that works in the first place? what is the application doing? what is it modifying exactly.

Because i what i assume......NO!
--
Paradigm Shift beta test pilot. "Dying to defend one's small piece of suburb...Give me something global...STAT!


ashrc4
Premium
join:2009-02-06
australia
reply to sweetnoob

If you had an OEM original and it got infected you really need the original key and possible the correct install CD/DVD.
The shop where you bought it from could provide that.
Failing all this i would recommend you instal a free copy of one of many Linux CD's/DVD's.
I'm sure it's against BBR policy to advise any further.
--
Paradigm Shift beta test pilot. "Dying to defend one's small piece of suburb...Give me something global...STAT!