Spyware alert

[WyrmMaster]

I THINK i have found spyware in fraps, the FPS display program. Basically whenever it is running it tries to load fraps.dll into any program that has internet access (opera, flashget, trillian, ect). Luckily i have sygate set to tell me if any program loads an new dll, so i can deny it access. But this is something to be aware of. Just because the program does not ask for permission to access does not mean its not phoning home. I also never let any windows components (kernal, services and controlls app, ect) access the internet. Personally i think sygate is the best software firewall you can get, and i recommend it to all.

[robbie]

I think most of use here use ad-ware. I like it.
Rob

[WyrmMaster]

I use ad-aware too, but it doesnt catch this one. The thing is ad-aware works on a database, so if somethings not in the data base then it doesnt get caught.

[Aedan]

Quote:

Originally posted by WyrmMaster
Basically whenever it is running it tries to load fraps.dll into any program that has internet access (opera, flashget, trillian, ect). Luckily i have sygate set to tell me if any program loads an new dll, so i can deny it access

If you find that an application is attempting to do code injection into other running processes, then I'd cease running it, full stop. Why? Any program that does code injection into other processes will only be doing it for malicious purposes, and can seriously screw up the other processes. It could be doing the same to the kernel OS as well. Either that or Sygate is getting confused.

Have done DLL injection into running processes in the past. Much more fun injecting DLLs into the W2K security system, or Win32 subsystem. Win32 subsystem is fun, as it's what all windows programs use to do everything. It's nice being able to subvert an entire machine, including it's security system.

AidanII

[Pinky]

Zonealarm catches run.dll doing that all the time, and seems to catch these spyware buggers dead in their tracks, sygate has been improved i guess, but I used it a year ago and found it to be buggy and slow.

[cloasters]

I wish I had that much faith in ZA. Its latest interface clouds WTH it's really doing. Perhaps "makes it more difficult to set up" is more accurate. Ad-Aware is great, yet its Achilles heel is that it needs to be updated. A process that Ad-Aware makes difficult. It's uninstall the old version and install the new version, at least for this dummy.

To the rescue! You might give spybotsd10.niaswiss.zip a try. It's in AOA files, it's a powerful SpyWare finder that needs to be used with care.

[WyrmMaster]

Im not sure now if its something to worry about. Kingslayer from overclockers.com said it may be that it needs to load that DLL for fps monitoring purposes, and it loads it into all running programs, not just the ones that it can monitor. I dont know if it is or not.