Protection from RAT's as well as UAE DM team (People attacking server and members)

[KevinBlackburn]

You're wrong in the fact that you accuse my post of being incorrect. Most RAT's don't have a process you can end and hook on to already running windows processes and services like svhost.exe. The average user probably won't even be able to locate the main executable as when the infected file is run it usually infects the windows process then when that windows process is run (on startup) so is the virus.

All RATs and viruses are different so it is difficult to speak generally.

The fact that I am even arguing this right now is crazy. 1. All fucking programs have a process, so hence, they can be ended. Second, they dont "hook" onto another service, you will just see a extra svhost.exe in your processes. And third the exe is very easy to find as you open file location of the unknown process as well as using wireshark, please stop posting false info on the thread.

[Benjamin_Williams]

The fact that I am even arguing this right now is crazy. 1. All fucking programs have a process, so hence, they can be ended. Second, they dont "hook" onto another service, you will just see a extra svhost.exe in your processes. And third the exe is very easy to find as you open file location of the unknown process as well as using wireshark, please stop posting false info on the thread.

It's called an injection. There is no false info. I don't know why you're so determined to say this info is false, I suspect you have other motives.

I'll just agree to disagree with you because clearly we both have a different idea of how things work.

[KevinBlackburn]

It's called an injection. There is no false info. I don't know why you're so determined to say this info is false, I suspect you have other motives.

I'll just agree to disagree with you because clearly we both have a different idea of how things work.

Becasue it is wrong, all programs have processes, you are giving out false info to SARP... Also injection doesnt stop the program from having a process unless it has access to ring0, which no rat does at the moment.

[Benjamin_Williams]

Becasue it is wrong, all programs have processes, you are giving out false info to SARP... Also injection doesnt stop the program from having a process unless it has access to ring0, which no rat does at the moment.

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .

Bootkits

A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the "Evil Maid Attack", in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded. For example, the "Stoned Bootkit" subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.
The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path.

Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/201...-and-dkom.html

[KevinBlackburn]

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .



Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/201...-and-dkom.html

Clearly you have no idea what you're talking about. I said ring0. ring0 = rootkit, there is not rat right now that has ring0, case closed.

[byt3]

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .



Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/201...-and-dkom.html

What you're talking about is not a bootkit or rootkit, believe me. I know there's injection out there, but it all has to come from something. If you restart your computer, the injection is gone and so is the virus, right? wrong. There will always be an executable file to inject into another process and most viruses out there don't make too much of an effort to literally inject the ACTUAL VIRUS into another process, although I've seen what I call "backups" injected into processes.