[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Voyeur Cams | Click for more| Home]

How can you find a trojan that hasn't been discovered by

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
Voyeur Cams

Thread replies: 11
Thread images: 1

How can you find a trojan that hasn't been discovered by anti-virus software?
>>
Heuristic behavior analysis.
>>
A Trojan is a program which attaches itself and runs concurrently with another, legitimate program. So look at some of the things you have recently installed
>>
>>51566520
I believe someone locally installed it.

Is it normal for path of windows processes to start with \??\c:
>>
Anti-viruses are worthless

A keylogger I wrote in fucking gamemaker nearly a decade ago as a teen doesn't get caught by anti-viruses:
https://www.virustotal.com/en/file/3cac65f0eefac2b4147ad23cd58d2c08cab94d3fa1c63938cad59be7d93a992c/analysis/1448681754/

The program copies itself to C:\Windows\System32, adds itself to startup, logs every keystroke, connects to a remote server. anti-virus software can't detect that, how can I expect it to detect a real trojan by a real virus programmer?
>>
>>51567202
But VirusTotal doesn't RUN the malicious code. Just has all those AVs examine the file to see if it matches any of their known fingerprints. Since your bug was never out in the wild, it won't be in any.

AVs that use heuristics (aka "I don't know what this is but it's watching keystrokes and sending data out, so I don't like it") would catch it.
>>
>>51567319
That heuristic would claim virus to any online video game.
>>
>>51567555
so you whitelist games,
excellent security is cumbersome which is why few people have good security
>>
>>51567596
>>51567555
Good Heuristics is a little smarter than that. It watches for stuff running from weird directories, stuff that is trying to not show it's presence etc and usually creating a score.

eset.com/int/support/sysinspector/

to see what I mean, try running this, or at least looking at the pictures. Threats are scored based on a few criteria, and scoring is different for files, running processes and TCP connections.
>>
>>51567596
This. If you care about security, run something like TinyWall and only allow explicitly whitelisted applications to access the internet.
>>
>>51566377
Network behavior and analysis by a third party firewall.
The most complex kind of virus are the ones that target specific people from goverments.
They install in an uknown way (they leave no traces) and work on a private encrypted space with root privileges, like a rootkit that resides only on ram, doesn't have files on them.
Thread posts: 11
Thread images: 1


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.