@ balamm..noob ya self..a failures a failure...
if it was a real trojan then just about everyone was fucked...lol
Bring your self over to the virus thread and lets see what else you got please..id like ya opinion on it..cough cough
@ balamm..noob ya self..a failures a failure...
if it was a real trojan then just about everyone was fucked...lol
Bring your self over to the virus thread and lets see what else you got please..id like ya opinion on it..cough cough
Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>
Trojans don't ask you to click buttons so they can take a screen shot while connected to a trusted zone and send it back to a trusted site. No they don't! [/b]
Your right they dont. Whats your point?
Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>
Just because it said "next" doesn't mean it's not an "OK" button.
You failed the test, not your firewall. [/b]
eh?
edit: Ah I see. You think that the only way a trojan could achieve this is by getting the user to click buttons? No my friend. The loading and unloading of DLL's happens without user interaction all the time.
right...Originally posted by balamm
Hijacked? Hijacked what?
Hijacked your brains![]()
The DLL hijacked a trusted application and the vast majority of firewalls dont notice regardless of their configuration. Do you even know what a DLL is??
No I dont have it enabled. But thats got nothing to do with this at all. Whos the NOOB now?
I bet every one of you also has NetBIOS over TCP/IP installed too. "file and printer sharing". This isn't for "filesharing" with peer to peer programs, this is for allowing others access to your files and printer with no program and very little authorization needed. WISE UP.
<!--QuoteBegin-balamm@
If you can't figure out how to disable this crap, then at least check your firewall settings for it. [/quote]
I disabled it and my firewall still failed the test. Whats your point?
<!--QuoteBegin-balamm
Or stay stupid and run off and look for some other software to make up for the damage caused by your abuse of illegal substances [/quote]
I see your wit is matched only by your logic![]()
btw I'm a 2nd year computer science student with a lot of experience in network programming. Nothing you've said is even related to this topic of DLL hijacking. It is you who needs to be educated not us![]()
I hate know it alls ...lol
@Balamm...whoever said it was a trojan?
Have a look at the name on the thread...lol
Basically this tests your firewalls outgoing connections, and i know your firewall failed..that mustve been a blow to the old ego :helpsmile:
Please research a little more before misinforming people..you dont know it all so dont pretend to..
noob? u the only noob here mate... B)
I failed, maybe thats because I dont have a firewall. Comeone someone hack me, and get pass my NAT![]()
XP's firewall? Worse than uselesswhat about xp's?
It only blocks incoming packets not outgoing.![]()
![]()
![]()
Apparently they're going to release a new implementation of it in service pack 2, but I recommend you stick to one that isnt vulnerable to this DLL hijacking attack.
I recommend Zone Alarm, but make sure you follow the instruction in this thread and enable component control.
That component control makes or breaks Zone Alarm...
Good post on how to get around it with Z/A leftism
heres some comments from elsewhere that give you a REAL explanation of whats going on, not just some halfwits pathetic excuse for why his/her firewall failed.
Quote1
The browser is not the only way pcAudit tries to get out to the internet. My understanding is that it scans all the active processes in your computer, trying to find one which has the ability to connect to the internet. This could be your instant msg, your antivirus live update, your webcam, etc.
Then pcAudit piggybacks on the component to sneak out of your computer.
Sygate Personal Pro 5.5.2513: FAILED
Sygate has intercepted some outbound attempts that I answered "Block". However at the end pcAudit could connect to its home, probably through a component that I previously enabled access to the Internet. I've made several tests, shutting down some more resident programs. Each time Sygate fails. It would be ironical if pcAudit could use Sygate itself to get to the Internet.
ZoneAlarmPro 4.5.538: PASSED
ZAP asked permission at every outbound attempt. Some of them I don't even know that could connect to the Internet like CTHelper (SB Live), LVCom Server (Logitech Webcam). I told ZAP to block all of them. At the end, pcAudit is stuck.
Quote2
In my understanding this is a test to simulate a hacker attack into your system, so instead of pursuing for another firewall for the 100th time I just installed this app: CODE
http://maxcomputing.narod.ru/ssme.html?lang=en
and enable the "Watch App Activity" in it. It catches the dll injection that pcaudit tries to do in your browser. If you try to run pcaudit it will crach and leave a log file. You wonīt see the pcaudit screen saying that your firewall passed, but as its simulates a hackers attack, the fact that it canīt even run, I think is even better.
And in the pestpatrol website says that it catches pcaudit, but since I donīt have it I donīt know if this information is correct.
End Quote 2
It failed because I allowed it to fail.![]()
If you're stupid enough to accept this "package" and run it, then don't blame it on your firewall.
@leftism, It might not be too late to ask for a partial refund. 2 years and still haven't picked up any common sense.... that's a real problem.
According to your logic, every element and every script on a page should be blocked by the firewall... untill you ok it.![]()
So I sat and watched this program for some time to test your theory that it could do something on it's own, that a .dll would magically take the initiative.
Nope, nothing.
I had to physically press a button, several in fact, allowing it to do what it was coded to do.
At which point it did what I had allowed it to do. These are the .DLL's it called -
The new DLLs have been loaded:
C:\WINNT\system32\caboview.dll
C:\WINNT\system32\ws2help.dll
C:\WINNT\system32\ws2_32.dll
C:\WINNT\system32\wsock32.dll
C:\Program Files\TechSmith\SnagIt 7\msvcr71.dll
C:\WINNT\system32\umdmxfrm.dll
C:\WINNT\system32\serwvdrv.dll
C:\WINNT\system32\msvcrt.dll
C:\WINNT\system32\ADVAPI32.DLL
C:\WINNT\system32\GDI32.DLL
C:\WINNT\system32\USER32.DLL
C:\WINNT\system32\KERNEL32.DLL
Then, at the continue prompt,
The new DLLs have been loaded:
C:\WINNT\system32\mvbscript.dll
C:\WINNT\system32\msrating.dll
And if you don't want these things communicating next time you're stupid enough to press that button, here's where you configure that.
All the software you need is right in front of you and you just can't see it. All you gotta do is use a bit of logic and common sense to figure it out.
It's easier to make excuses though isn't it.![]()
youve just proven to the whole board that your the only one thats making excuses..![]()
what a dickhead B)
you dont get the part that its simulating an outgoing attack,from maybe running a key gen to installing some dodgy software...
ever since ive seen you on this board balaam youve got an excuse for everything..
Youve proven to the board without a doubt your a nothing...![]()
Bookmarks