Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: Block PCAudit

  1. #1
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    Block PCAudit

    ssm:

    http://kormushkin.narod.ru/ssm.zip

    http://maxcomputing.narod.ru/ssme.html?lang

    AP:

    http://www.abtrusion.com/Downloads/

    Those two programs should do it. With SSM, when you've installed it, you get the S icon in the system tray. Right click it and check "WATCH APP ACTIVITY", "Filter Windows Captions" and "Monitor Registry"

    As soon as I tried to run pcaudit, a popup came up and blocked it from running in the first place. After blocking it, I tried to run it again, and it won't even open or anything. I give SSM two thumbs up!

    It blocks the executable on the run level, rather than filtering the content.. It showed a window where the pcaudit executable was trying to use windows explorer.exe to do its misdeeds.

  2. #2
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    Thanks, SSM is a nice find.
    Linux Mint Debian Edition

  3. #3
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    yes, great find BB;.

  4. #4
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    Might want to add this to the Eggs spyware thread.

  5. #5
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I installed - http://www.abtrusion.com/Downloads/ - rebooted into blue screen. Can't even boot into safe mode without BS. I am restoring with True Image

  6. #6
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    i installed both programs and they rock!!!!

    Pcaudit crashes now and i bet it's pissed at not being able to inject itself..

    Seen it trying different dll's hehe

    bad bad bad


    Big Booger for prez!!!!!!


    What happened Lynchknot?

    ------------------------------------------------------------



  7. #7
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Abtrusion takes hella long time to install.. I actually cancelled the installation cause it was going to take 4 hours.. It scans all programs and files on the PC before installing..

  8. #8
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    what happend? My PC does not like it and once again, I lost a bunch of work that was on my desktop - I'm very angry.

  9. #9
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    i installed it and it took like 20 minutes
    very cool program and locks your files so they cannot be tampred with

    i did have a bad problem trying to install bt848.sys drivers.

    i was in the process of rebooting and abtrusion detector kicked in and asked something about the file and that if i said no or canceled that the file will not work

    well i went to try to allow the file to update but it asked for admin pass and domain crap info

    didn't know what it was and couldnt find a way to unlock the file
    upon reboot the capture drivers did not work so i uninstalled abtrusion and i could no longer get into xp as the boot would freeze.

    safe mode worked but still could not get into computer after disabling everything on startup

    went to last safe config and pc booted

    got the video capture drivers installed and i am going to use this program again

    very loyal to blocking every change

    but i will install it on a fresh install.

    incase i am already compromised

    egghead
    ------------------------------------------------------------



  10. #10
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I'll have to settle for SS and spybot's SD resident tea timer (which does a pretty good job at indicating changes within the resgistry system changes.

  11. #11
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536

  12. #12
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Process guard is not free and the free version only guards one process, so it's relatively worthless.

  13. #13
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    Glad this subject was posted. It got me to take a thorough look at my security. Ever sense aquiring satellite internet, I have not used a firewall. That was at the recommendation of direcway. Their proxy was used instead. It was very effective in the early days and I had no reason to believe that it was no longer doing the job.

    Over the last 24 hours I started monitoring probes to my computer and find that a firewall is, once again, required.
    Linux Mint Debian Edition

  14. #14
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    May be free for some people but not for me.

  15. #15
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    From Outpost forum-

    SSM does complement Outpost and other firewalls well - but it does do a very different job (intercepting calls between applications and monitoring the registry) so adding its functions to Outpost would be a major undertaking (and would end up with something like Tiny Personal Firewall). However SSM can be bypassed (since it runs in user mode rather than kernel mode) so you would really need a kernel-mode application (like Process Guard) before being able to claim complete immunity from malware (and even PG can be compromised with a rootkit).

    Just blocking the PCAudit .exe file from running with SSM is hardly a valid test though - in reality you would not necessarily know if an application was a trojan in advance or not. You should try letting it run and then seeing if SSM picks up on its attempts to inject a DLL into other applications - this sort of behaviour is what should be suspicious (although some software like mouse drivers do use DLL injection to allow them to add functions to all running programs).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •