Blocking DreampackPL?

[Deamor3]

While i was talking to a friend the other day, the topic of DreampackPL came up. I'm not sure if you all are familiar with this software, or even if you have talked about it, but my question is, has any of the known anti-spyware/virus programs other than McAfee been able to block the software from being used? I have seen the program in action, and it is very, very resourceful. It can bypass any user login screens, and can crack any passwords that are there. It attaches itself to the sfcfiles.dll, and allows pretty much anything to be bypassed security wise. I personally use linux, so i'm not affected, but a lot of others still use Windows. Any suggestions?

[MrLinus]

Deamor3, I moved this post from the old thread you had put it on. It seems more appropriate to have it on it's own discussion.

[ArPaNET]

This is a very "cute" program, and very easily rendered useless. The program has three options in which to use it. All of the options do the same thing, which is replace the sfcfiles.dll file

(The file sfcfiles.dll, is required by windows and is used to verify the integrity of files that are required for the system to operate. If it finds that critical system files are missing or damaged, it will attempt to automatically fix them. You should leave this file, as it may improve the reliability of your system.)

with a "patched" version of the file. Now every option requires physical access to the box your attacking, which means that the very obvious single way to fix this "exploit" is to deny access to your bios and make your hdd what you boot from first...

Since I am bored I'll run through each option and how to disable its use.

Option 1. "Install" to install this program you will have to replace a file in system32, which means you need admin rights. So dont give any users admin rights =)

Option 2. "Create CD" which is making a livecd that replaces the file from your original microsoft install disk. This means you have to have an original install disk. Just deny access to bios, and make your cd drive boot after your hdd.

Option 3. "Extract" this means it gives you the file and leaves it up to you to replace it with the original... this just spells trouble! again you have to have admin rights to do this, so dont allow users admin rights!

You don't have to have a spyware/virus tool, windows will stop this program for you =)

This program only works on Microsoft Windows 2000/XP operating systems (from what it says, I personally would never use this program.) I would not recommend using this, replacing system files is always a scary thing. If you intend on using it on your system to see if it works or whatever, just do yourself a favor and backup your system.

There is a reason this program has a disclaimer on its website saying "THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
YOU USE THIS SOFTWARE ONLY FOR OWN RISK."

Good Luck. hope this helps

[Deamor3]

True, true, but i have used it myself. It is very user friendly...

It is also true that people could use a bios password, but how many people other than someone who actually knows their way arround a computer would even think to put a bios password on a computer. It backs up the original sfcfiles.dll, but you're right, it can screw up your computer if you don't know what you're doing = P. Luckly enough i will never have to worry about this because of linux. It has no windows base except the fact that it's off the same original kernel. I'm just saying, very few people even think to put a bios password on their systems.

The issue with having to find a copy of Windows XP is not an issue either, most people have a copy lying around their computer desk somewhere, i have 3 copies myself. You only need the XP installation CD to get a base image, the program uses the CD and creates an ISO that is burned to another. Booting from it makes things so you don't need the admin pass at all.

I cracked the public schools network in under 10 minutes with it, and caught the administration password in the process. It's more dangerous than people take it to be.

[ArPaNET]

The issue with having to find a copy of Windows XP is not an issue either, most people have a copy lying around their computer desk somewhere, i have 3 copies myself.

Why? that is unusual, anyone else have copies of install disc just laying around their computer? I realize that getting one and making the livecd would not be very hard but that too would be foiled by a bios password; to a certain extent!

It came to my attention that there are a long list of default passwords for bios to use (sorta like backdoor passwords) I have a list of around 30 passwords for award bios, and around 60 for phoenix bios... If the attacker really wanted to get into your system, they could even just open the case and pull out the bios battery to reset your bios!

It is a nifty little program, but nothing that hasn't been seen before...