Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Did Process Guard stop the Sony rootkit?
Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Critical IE security flaw: executes code »
« Tracking PC's Over the Internet  

Wayne DCS
Premium
join:2001-12-07
Australia

Re: Did Process Guard stop the Sony rootkit?

 
Click for full size
Yes! ProcessGuard easily stops it - at many levels, and has had this capability for well over a year.

If you want to allow the rootkit to install you actually have to tell ProcessGuard to allow the execution of several different programs and also the installation of a couple of drivers (you'd probably be suspicious of what is installing by this stage ) in order for the installation to complete and the rootkit to install. If you simply say No to any of these you'll disrupt the installation process and the rootkit driver won't install.

We'll add some more comprehensive info about this to the ProcessGuard website soon, but I'll attach a couple of screenshots.

The first screenshot is what you see when you first put the CD in your machine, when autorun is enabled. Autorun.exe is launched, and ProcessGuard asks you if you want to allow it.

At this stage you could simply click No, and ProcessGuard would block it from running and that's that - the installation process has been blocked, so even at that early stage it's easy to block it. However for this demo we'll say Yes to everything, to essentially allow the full installation so that we can monitor everything that happens.

The second image shows one of the popup balloon windows youll see when a program attempts to install a driver.

The third image is a composite of two images that were taken after allowing everything to install - you can see that the installation is quite vigorous, and we had to say Yes (Permit execution/installation) a lot of times.

If you do permit everything to install then you will have installed the rootkit. The fourth image shows some of these files.

permalink · 2005-11-22 03:37:39 · Print · Reply to this
Forums » Up and Running » Security » SecurityCritical IE security flaw: executes code »
« Tracking PC's Over the Internet  

Wednesday, 09-Dec 01:17:21 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [193] Sprint Sued For Distracted Driving Death
· [81] 3G Network Test Says AT&T Is Tops
· [72] Mediacom Unveils 105 Mbps Pricing
· [62] Sprint Poised For A Turnaround?
· [50] The Future Of Wi-Fi Is Bright
· [49] WPA Cracker: Test WPA-PSK Networks In 20 Minutes
· [47] Site Leaks Yahoo, Verizon Fed Data Share Pricing
· [44] Microwaving Your Innards Is Not 'Extreme'
· [39] Verizon LTE: 5-12 Mbps Downstream
· [20] AT&T Releases Network Reporting iPhone App
Most people now reading
· Man Downloads Child Porn "Accidentally," Faces 20 Years [Security]
· Comcast refused to install 400' feet. [Comcast HSI]
· [How to] Install Asterisk on an Asus WL-520GU router [VOIP Tech Chat]
· Windows 7 boot manager editing questions [Microsoft Help]
· World of Warcraft Client Patch 3.3.0 (12-08-2009) [World of Warcraft]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Maximizing Rogue DPS for 3.1 [World of Warcraft]
· [ PVP] Arena Season 8 [World of Warcraft]
· Using DIR-615 C1/3.01 with Trendnet TEW-652BRP in N Mode [D-Link]
· Tomato/MLPPP v3 alpha 6 released! [TekSavvy]