Thread: Spyware alert
View Single Post
  #4 (permalink)  
Old 30th August, 2002, 09:32 AM
Aedan Aedan is offline
Chief Systems Administrator
Join Date: September 2001
Location: Europe
Posts: 13,075

Re: Spyware alert

Originally posted by WyrmMaster
Basically whenever it is running it tries to load fraps.dll into any program that has internet access (opera, flashget, trillian, ect). Luckily i have sygate set to tell me if any program loads an new dll, so i can deny it access
If you find that an application is attempting to do code injection into other running processes, then I'd cease running it, full stop. Why? Any program that does code injection into other processes will only be doing it for malicious purposes, and can seriously screw up the other processes. It could be doing the same to the kernel OS as well. Either that or Sygate is getting confused.

Have done DLL injection into running processes in the past. Much more fun injecting DLLs into the W2K security system, or Win32 subsystem. Win32 subsystem is fun, as it's what all windows programs use to do everything. It's nice being able to subvert an entire machine, including it's security system.

Any views, thoughts and opinions are entirely my own. They don't necessarily represent those of my employer (BlackBerry).
Reply With Quote