ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

WinPatrol Plus or AnVir Task Manager?

<< < (2/6) > >>

rgdot:
Even the name of the application is missing? That can't be good, for your system (more than  WinPatrol actually)

wraith808:
Now, I know the program name can be either extracted from the application or from the system.
-barney (January 18, 2013, 10:34 AM)
--- End quote ---

Incorrect.  Depending on how it's starting, those can be obfuscated.  It's one of the ways that malicious programs keep themselves out of the running objects table and out of task manager.

barney:
Even the name of the application is missing? That can't be good, for your system (more than  WinPatrol actually)
-rgdot (January 18, 2013, 10:41 AM)
--- End quote ---
Now, I know the program name can be either extracted from the application or from the system.
-barney (January 18, 2013, 10:34 AM)
--- End quote ---

Incorrect.  Depending on how it's starting, those can be obfuscated.  It's one of the ways that malicious programs keep themselves out of the running objects table and out of task manager.
-wraith808 (January 18, 2013, 10:42 AM)
--- End quote ---

Well, yes and no.  A developer can create such obfuscation, but why bother when there's no rationale for it?  While it's entirely possible I'm loading four (4) malware elements, I'm a bit doubtful.

I do know that one (1) of the startup dialogs was for MyInfo - because I took it out of autostart.  Every time I start it manually, I get that same dialog.  I don't think its name is concealed, since the firewall recognized it immediately.  Yeah, I know, the firewall could be using a different algorithm, and there have been references to MyInfo being not well coded, but still ...

mwb1100:
Have you let BillP (WinPatrol's author) know about the problem?  I have the impression that he's pretty responsive to feedback.

wraith808:
Well, yes and no.  A developer can create such obfuscation, but why bother when there's no rationale for it?  While it's entirely possible I'm loading four (4) malware elements, I'm a bit doubtful.
-barney (January 18, 2013, 11:06 AM)
--- End quote ---

You don't even have to intentionally do it.  You can have your process started by rundll32 or svchost and not sign it, and then, though you can see something appear in the ROT, you don't have any idea of what it was.  Of course, none of these might be the reason- it's just that the question of it's as simple as extracting it from the process name or such information is not the be all to everything that runs.  I guess in the end, mwb said it best:

Have you let BillP (WinPatrol's author) know about the problem?  I have the impression that he's pretty responsive to feedback.
-mwb1100 (January 18, 2013, 12:03 PM)
--- End quote ---

Because only he'd know how he was doing it and could only fix it if it was reported.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version