• Welcome to Valhalla Legends Archive.
 

Help please, I think I'm trojanned!

Started by brew, April 18, 2007, 07:03 PM

Previous topic - Next topic

Barabajagal

I use the following method for my media player's self-update system. It renames itself from LLMP.exe to LLMP.old. It then downloads the new LLMP.exe to the same location. It runs the new EXE and closes itself. The new copy deletes the old one now that it's no longer running. Doesn't the same ability apply to any program you can make?

Skywing

Only if the user account with which you are doing that operation from has write access to the file/directory.

If you placed your program in a location under, say, %ProgramFiles% (with the default ACL) and attempted the process running it as a limited user, it will fail.

* Note: If you are using filesystem virtualization for Vista, the virtualization minifilter may make a shadow copy under your %userprofile% tree, with redirection in place to make it appear as the operation succeeded, despite the fact that the original in %ProgramFiles% is unchanged.  If you accessed the program from a different user account, it would see the original in %ProgramFiles% and not the "modified" one.

Joe[x86]

@Newby, Warrior: Quit trying to be asses. Simple as that.

EDIT -
BreW, if you upload it I'll take a swing at reverse engineering it and seeing what's up.
Quote from: brew on April 25, 2007, 07:33 PM
that made me feel like a total idiot. this entire thing was useless.

brew

I deleted it. (lost interest) But thanks anyways.
<3 Zorm
Quote[01:08:05 AM] <@Zorm> haha, me get pussy? don't kid yourself quik
Scio te esse, sed quid sumne? :P

|