RE: Rootkit For Spyware? Hide your adware from all Adware removers and Anti-viruses

["Todd Towles" <toddtowles () brookshires com>]

We all know it doesn't take a lot to hide from the normal everyday user
on the internet. I believe that is what they meant by "hide from
everything". Of course it isn't completely hidden. But normal users are
not sniffing packets from a computer on a isolated network to find
things.

We live in a different world than the normal person, that is what I tell
my non-computer friends anyways. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of GuidoZ
Sent: Thursday, September 23, 2004 11:54 AM
To: Matt
Cc: Will Image; full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Rootkit For Spyware? Hide your adware
from all Adware removers and Anti-viruses

> It is quite possible to hide processes, reg keys and files, and is 
> often done by various malware.

Aye. I didn't word my statements correctly. (Was tired... =P ) You are
very much correct.

I guess I was trying to speak along the lines of AV detection and
forensics. I've yet to find a rootkit, spyware, or malware that is
COMPLETLY hidden, in every aspect, from the user. There is always a way
to find it. Granted, they can bypass the "usual means" (regedit,
taskmanager, etc) in Windows, however there are specialized tools
(process viewers for example) that show hidden processes. What I meant
to express is they seem to claim being able to hide from everything.
(Even if an AV solution detected the very program they use as an
installer.) That, I doubt.


To save someone else from saying this, I'll reply to my own comment. =)

> I've yet to find a rootkit, spyware, or malware that is COMPLETLY 
> hidden, in every aspect, from the user.

Well, DUH. How could you find it if it was COMPLETELY hidden? ;)
Clarification: The user and a sysadmin that has a clue are two very
different people.)

--
Peace. ~G


On Thu, 23 Sep 2004 14:38:34 +1000, Matt <matt () systemlinux net> wrote:
> GuidoZ wrote:
> > Interesting indeed. Although, I imagine this was a spam email, and I

> > never believe (nor buy) anything from spam. I wondr how credible 
> > this really is. If there was such a way to do what they claim, don't

> > you think it would have been big news?  >One would think you 
> > wouldn't first hear about it through spam.
> It is quite possible to hide processes, reg keys and files, and is 
> often done by various malware.
>
> > Also - nice website they have. http://www.randexsoft.com Simply
says:
> > Access Forbidden -- Go away.
> >
> > I love a company who is customer friendly.
> >
> > --
> > Peace. ~G
> >
> >
> > On Wed, 22 Sep 2004 20:10:28 -0700 (PDT), Will Image 
> > <xillwillx () yahoo com> wrote:
> >
> > > I recieved this in my inbox today:
> > > how long do you think this company will last?
> > >
> > >
> > > > Date: Wed, 22 Sep 2004 19:02:44 -0400
> > > > From: Jacques Tremblay <jacques.tremblay () gmail com>
> > > > To: xillwillx () yahoo com
> > > > Subject: Hide your adware from all Adware removers and Anti-viruses
> > > >
> > > > To: Business development manager
> > > >
> > > > Subject: Hide your adware from all Adware removers and  
> > > > Anti-viruses
> > > >
> > > >
> > > >
> > > > Hi,
> > > >       Adware removers are gaining in popularity and they cause a 
> > > > big revenue threat to adware based businesses, as we see our 
> > > > software installations get desinstalled after a period of time that

> > > > is shorter and shorter, we see our revenues get smaller and 
> > > > smaller.
> > > >
> > > >       Why would an honest adware based business lose revenue just 
> > > > because some adware remover has identifyed it as being something to

> > > > remove ?
> > > >
> > > >       We beleive we have the right to hide from these adware 
> > > > removers as long as we provide a way for the user to uninstall and 
> > > > that he agrees that the software will be uninstalled only with the 
> > > > provided uninstaller.
> > > >
> > > >       It is in that spirit that we created the solution to the 
> > > > problem :
> > > >
> > > >
> > > > AdProtector 1.2
> > > >
> > > >
> > > >       We have developed software capable of hiding your software 
> > > > from all adware removers and anti-viruses on a Windows 
> > > > NT/2000/2003/XP machine.
> > > >
> > > >       Basically we have filtered the windows kernel so that we 
> > > > could mofify the behavior of the system itself. So now we can hide 
> > > > anything we want from windows.
> > > >
> > > >                           It can :   - Hide Registry Keys
> > > >                                      - Hide Files
> > > >                                              - Hide Processes
> > > >
> > > >       By hiding these 3 key elements from windows, your 
> > > > application won't ever be detected by any adware removers.
> > > >
> > > >       Interesting ?
> > > >
> > > >       For more information or to resquest a Demo :
> > > >  email :
> > > > hexa () randexsoft com
> > > >
> > > > Business is moving fast, keep ahead of the competition!
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
Peace. ~G

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html