Administrator
I'm gonna watch it and find out what dll's it's using and what those dll's are doing, and so on and so forth, treat them like the government treats "potential terrorist" associations... 3rd and 4th removed associations will be subject to scrutiny.... I might discover a new spyware
Administratatouille
As I am sure you already knew the best tools for the job, I recommend these two at least: ProcessExplorer and ServiWin.
Administrator
I got one of those, and a couple more that go into detail of what file is accessing what other file on the drive, plus another decompiler to get down to the nitty gritty of what the associated files do..Originally Posted by TurcoLoco
Some of them are pretty complicated, it's hard to tell what is normal GUI code but some of the codec's for videos and some of the dlls have very abnormal file creation, and registry track erasing strings that are intermingling with the network stack and mspaint.
I noticed that one of the codec dll's is polling and placing data skimmed from user.dat and classes, "registry files" into an mspaint type tool brush action. I'm having a hard time locating the "log" file created but it looks like it makes a gif, then puts it in a memory address/buffer location, without saving it to the drive.
Looks like the the network stack, and the network card are programmed to poll this buffer/address area for data to use for "packet padding" so that it can have a propper sized packet...
An easy but time consuming way to get data from the registry onto the network without permission from the firewall or the router..
Administratatouille
Yeah, time consuming but since it seems to be all automated it still is effective but still a very odd process of things that i have never heard or seen of!
You sure seem to be a magnet for some conspiracy type stuff cauz??
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote