+ Reply to Thread
Results 1 to 7 of 7

Thread: Malware doubts

  1. May 26th, 2004 08:35 PM #1
    therenegade
    therenegade is offline
    Senior Member therenegade therenegade therenegade therenegade therenegade therenegade therenegade therenegade therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400

    Malware doubts

    How do programs cause an AV/firewall/system processes to shut down or get disabled?
    Reply With Quote Reply With Quote
  2. May 26th, 2004 08:37 PM #2
    Info Tech Geek
    Info Tech Geek is offline
    Senior Member Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek Info Tech Geek's Avatar
    Join Date
    Jan 2003
    Location
    Vernon, CT
    Posts
    828
    as long as you know the process that is running, you could easily write a script to stop the process.
    Reply With Quote Reply With Quote
  3. May 26th, 2004 08:37 PM #3
    Cybr1d
    Cybr1d is offline
    HeadShot Master N1nja Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d has a reputation beyond repute Cybr1d's Avatar
    Join Date
    Jul 2003
    Posts
    1,835
    viruses/worms have it built in their code to disable them. If the AV is not updated to catch that particular worm/virus, and the virus infects the computer, it will disable it.
    [gloworange]
    VISIT MY PHOTOS     [/gloworange]
    Reply With Quote Reply With Quote
  4. May 26th, 2004 08:37 PM #4
    AngelicKnight
    AngelicKnight is offline
    AO Autobot AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight has a reputation beyond repute AngelicKnight's Avatar
    Join Date
    Aug 2003
    Posts
    2,368
    Hmm...I don't know, but I'm going to guess. Modifications to the Windows registry perhaps?
    The forums are back!
    www.jameswebsite.net
    Reply With Quote Reply With Quote
  5. May 26th, 2004 08:48 PM #5
    therenegade
    therenegade is offline
    Senior Member therenegade therenegade therenegade therenegade therenegade therenegade therenegade therenegade therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    So a virus would be dependent on the OS version as well as the versions of the other programs like AV's or firewalls?umm and if it were,wouldnt it take a LOT of code just to disable certain features?
    Reply With Quote Reply With Quote
  6. May 26th, 2004 08:51 PM #6
    nihil
    nihil is offline
    Super Moderator: GMT Zone nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil has a reputation beyond repute nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,096
    Mainly by knowing what the process is called and just shutting it down. Most don't use rocket science

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?
    Reply With Quote Reply With Quote
  7. May 26th, 2004 09:09 PM #7
    cacosapo
    cacosapo is offline
    Senior Member cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute cacosapo has a reputation beyond repute
    Join Date
    Apr 2004
    Posts
    1,130
    some virus ARE version dependent. Or even language dependent (works on Russian Windows, but not on English version).
    About shutdown services (windows or unix) is quite easy as nihil stated. All of them has standard name. I.E. you can find all NIS process and kill them. Or even delete them. Even on Unix you can kill those process (is special with you got malware while logged as an admin)
    To spread evil, they dont want to infect ALL systems, just 1% will cause a big problem
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides