|
CRC
Checking
This new CRC checking will allow you to validate files that
are in your startup folder.
Some hackers will use existing startup files as their Trojan
startup method. This is done by "Binding" the
Trojan to an existing startup program. While it is true
that Hacker Eliminator can both detect the Trojan after
it starts, the task is still left up to you to find out
how the Trojan keeps starting itself after each reboot.
If
the Trojan was "bound" (attached) to Systray.exe
and you were not aware of this, each time you restart your
computer systray.exe will run which will load the Trojan.
You can look at the Hacker Eliminator startup window all
day and just scratch your head. As you look at the list
of startup programs, they all seem to be valid system files.
Since the hacker bound the Trojan to a system startup file,
the Trojan loads with each reboot.
Add
Startup Files
When using Hacker Eliminator, you can click on the "Add
Startup Programs" button in the CRC menu. When you
click on the button, all of your startup programs will be
added to your CRC list. When you click on the "Save
CRC Values" button all of the file statistics will
be saved. If you ever experience any problems, simply click
on the "Check CRC Values" button. If any of the
files have been tampered with Hacker Eliminator will alert
you. This new detection method will always catch Trojan
bindings.
Add
Modules - (Hooking Of Modules)
Hackers have now become aware of new startup methods. One
of the most common is to register their Trojan file and
then hook into Exploror.exe through a registry key. When
this is done and explorer loads, it will load the Trojan
module.
All programs load and use modules. This means that an attack
can be launched by replacing an existing program module.
This type of attack can also get by some software firewalls.
This is because you trust the program to your firewall.
When the trusted program loads, it loads the Trojan module
which is now being run by a trusted program.
Good examples of programs that can use this method would
be programs that load DLL files for Internet ads. The module
or program is already trusted, and is connecting to web
pages on port 80 all day without an alert. The module is
replaced by a Trojan DLL and is started without any warning
next time the program is launched or the computer is rebooted.
Hacker
Eliminator has added the registry key for the explorer hook
and a button "Add Modules" to the CRC menu. When
the button is clicked, Hacker Eliminator will add ALL of
the modules that are loaded on your computer at the time
you click the button. Any time after this you can check
the values to see if any of your modules have been altered
or changed in any way.
Add File / Remove
This option will allow you to add a single file to the CRC
checker. Once the file has been added to the list, it will
be checked along with your other system files.
To remove any file or all files from the list, click on
the file and then the "Remove File" button.
To remove all files from the list, click on the Remove All
button.
Display Only Modified Files
When this option is checked, Hacker Eliminator will only
display files that have been modified.
You can view a list of modules for any running program from
the Process
Monitor window.
|
