• Welcome to Valhalla Legends Archive.
 

Hostile Scripting?

Started by eXShadow, May 02, 2004, 08:42 AM

Previous topic - Next topic
Print
|
Go Down Pages 1 2
User actions

iago

#15
May 03, 2004, 07:19 PM
Quote from: Myndfyre on May 03, 2004, 06:30 PM
Quote from: effect on May 03, 2004, 06:26 PM
Quote from: iago on May 03, 2004, 07:09 AM
But lots of programs access the registry fine, though.  Where exactly are you making the change?  In your own key, or in a system key?

After i posted that comment i stopped and thought that aswell , how do scanners define "valid" registry entries and "malicious" registry entries , does it work by comparing if the value of the key that is trying to get inserted is malicious in some way?

No, IIRC, any Script object that attempts to access a Registry object through WSH is flagges as potentially malicious.

So can't he do that without it?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

MyndFyre

#16
May 04, 2004, 03:24 AM
Quote from: iago on May 03, 2004, 07:19 PM
Quote from: Myndfyre on May 03, 2004, 06:30 PM
Quote from: effect on May 03, 2004, 06:26 PM
Quote from: iago on May 03, 2004, 07:09 AM
But lots of programs access the registry fine, though.  Where exactly are you making the change?  In your own key, or in a system key?

After i posted that comment i stopped and thought that aswell , how do scanners define "valid" registry entries and "malicious" registry entries , does it work by comparing if the value of the key that is trying to get inserted is malicious in some way?

No, IIRC, any Script object that attempts to access a Registry object through WSH is flagges as potentially malicious.

So can't he do that without it?

You could probably create a COM component or provide a function in the script host (I'm not sure how VBA works, but the VSA "Visual Studio for Applications" spec for .NET *claims* to let you provide your own objects as globals to the script) that would do the same thing -- but as compiled code it would be trusted.  I imagine WSH registry functions are hooked by the virus software.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Networks

#17
May 04, 2004, 08:53 AM
Quote from: iago on May 02, 2004, 11:03 PM
Tell him to delete McAfee and get a real scanner :/

Negative, Mcafee is awsome. Updates by itself and removed a trojan I had in 5 minutes of scanning. Probably the best I've seen when you get trojanned.

Mcafee > Norton

MyndFyre

#18
May 04, 2004, 11:19 AM Last Edit: May 04, 2004, 11:20 AM by Myndfyre
Quote from: Networks on May 04, 2004, 08:53 AM
Quote from: iago on May 02, 2004, 11:03 PM
Tell him to delete McAfee and get a real scanner :/

Negative, Mcafee is awsome. Updates by itself and removed a trojan I had in 5 minutes of scanning. Probably the best I've seen when you get trojanned.

Mcafee > Norton

Yeah -- if you like your computer to become insanely unstable and slow.

Norton > McAfee.  :P

[edit] I formed this opinion after using Norton Internet Security 2003, then McAfee Internet Security 2003.  MIS caused my computer to crash many a time.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

iago

#19
May 04, 2004, 11:27 AM
Quote from: Networks on May 04, 2004, 08:53 AM
Quote from: iago on May 02, 2004, 11:03 PM
Tell him to delete McAfee and get a real scanner :/

Negative, Mcafee is awsome. Updates by itself and removed a trojan I had in 5 minutes of scanning. Probably the best I've seen when you get trojanned.

Mcafee > Norton

So you got a trojan while using Mcafee, and you still think it's good?  I'm confused, isn't it supposed to PREVENT viruses?
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Dyndrilliac

#20
May 04, 2004, 01:54 PM
Quote from: Myndfyre on May 04, 2004, 11:19 AM
Quote from: Networks on May 04, 2004, 08:53 AM
Quote from: iago on May 02, 2004, 11:03 PM
Tell him to delete McAfee and get a real scanner :/

Negative, Mcafee is awsome. Updates by itself and removed a trojan I had in 5 minutes of scanning. Probably the best I've seen when you get trojanned.

Mcafee > Norton

Yeah -- if you like your computer to become insanely unstable and slow.

Norton > McAfee.  :P

[edit] I formed this opinion after using Norton Internet Security 2003, then McAfee Internet Security 2003.  MIS caused my computer to crash many a time.

I have to agree. I tried using Mcaffee AV in place of Norton for a while but it didn't work out well at all.... I don't know what was wrong but when I installed Mcaffee(Legit Version) on my Windows XP Pro machine the bootup time went from ~40 seconds to 10 minutes O.o". Insane how badly my computer performed while running Mcaffee.  I tried several more installs and different bootup methods and even removing items from my startup registry(the Run key), yet my final solution was to simple uninstall and take it back to the store.
Quote from: Edsger W. DijkstraIt is practically impossible to teach good programming to students that have had a prior exposure to BASIC; as potential programmers they are mentally mutilated beyond hope of regeneration.
Print
|
Go Up Pages 1 2
User actions