WinTasks Pro ... Windows Explorer is a trojan

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

WinTasks Pro ... Windows Explorer is a trojan - yeah right!

<< < (2/4) > >>

Carol Haynes:
I don't think SFC would react on an explorer.exe that doesn't overwrite the original... you could drop it in system32\drivers to make it appear legit.
--- End quote ---

I thought SFC maintained some sort of hash check on the installed version of EXPLORER.EXE and the one in use in memory. To spoof explorer wouldn't it have to load into memory and replace the standard version? I thought this sort of live spoof checking was introduced in Windows XP (or possible Win 2k) so that files are rolled back to standard versions automatically if they are tampered with?

f0dder:
Yeah, but it only checks files on disk, and it checks based on file path, not only file name (that would be a disaster anyway - I can think of many legit products with a component called "explorer.exe").

But dropping files in the windows folder should of course be prohibited... but that comes down to user vs. administrator accounts, and Microsoft blew all chances of fixing that properly.

franky158:
Has anyone tried the new tools on www.processlibrary.com - http://www.processlibrary.com/processscan and http://www.processlibrary.com/quicklink/? Have these replaced WinTasks - does anyone know? They're both free and really useful. 8)

Carol Haynes:
UniBlue (formerly LIUtilities) have numerous 'packages' that are actually bundles of utilities. Processlibrary is part of some of these apps (including WinTasks). When you click on a process in WinTasks Pro (not sure about standard) it looks up the process in processlibrary (which is actually included and updated as part of the package) and displays the details within the main screen - you can expand it and view it in a larger screen and it has links to the website.

As far as I can see the website (and the info in the database) are designed to get you to download other products. Quickly skipping through a number of common processes on my computer I get very similar messages to the one I posted at the start of this thread namely (to paraphrase) "essential do not stop this process ... registered as a trojan delete it". Seems particularly to apply to MS process but not exclusively.

Maybe I should report this behaviour to MS since they proudly display the Gold Partner label on their website since they effectively seem to be arguing that almost any essential MS process in Windows is registered as a trojan.

Note they don't say 'potential target for trojans and other malware' - which would be a more reasonable approach - they actually advocate removal of core windows functions like Explorer!! Anyone using this library that isn't tech savvy is going to have a hard time understanding what is required of them - and that it is actually impossible if you want your computer to function.

LIGHT GOES ONAh! What they are actually saying is WinTasks as a security app recommends the removal of Windows from your system - that makes sense!

This one is even more classic:

So far all the MS processes I have looked at are labelled in similar ways ... some (like this one) even more severely than explorer.exe.

f0dder:
Carol, if you can be bothered to do so, I think you should report them to Microsoft... I'm tired of companies with fishy strategies.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version