MultiDrive – free backup, clone & wipe disk utility from Atola Technology

Main » Forums home » Software and hardware tools

All times are UTC - 5 hours [ DST ]

Switch to mobile style


Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 
  Print view Previous topic | Next topic 
Author Message
noob123
 Post subject: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 12th, 2007, 13:16 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
Hallo, sorry for the question but i have tested the "HDDSCan V2.08" an when i start the Program, it connecting to my DNS Server via UDP (why?). When i start the Program with sysinternals tools (Filemon / Regmon) i see that the Program looks at the Norton Internet Security (2007) Program Directories, Files and Services Entries in the Registry from Windows XP SP2. Is this normal??

When i start the Program on a Computer with XP SP2 and Kaspersky there is nothing like this behavior. It makes no connection via UDP (Kaspersky don't ask me) an it dosn't seek any Registry Entries from Kaspersky?
Top
 Profile  
 
noob123
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 13th, 2007, 4:05 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
That means that the Software from the HDDGuru-Site is an Trojan?!
Top
 Profile  
 
noob123
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 13th, 2007, 14:08 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
Yes, but why makes an HDD Tool a UDP Connection and scans for Security Suites? I have send this file to Kaspersky, F-Secure and Microsoft and look out for an answer. Also i ask an German Website to check their Toolset "PC Repair Set" especially HDDScan in this toolset.
Is this not the forum from the programmer of this tool?? Can he don't declare why his tool make this things!
Top
 Profile  
 
noob123
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 13th, 2007, 19:32 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
Here are some lines from the Regmon Log:

OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCR71.dll NOT FOUND
OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASOEHOOK.DLL NOT FOUND
OpenKey HKLM\Software\Symantec\InstalledApps SUCCESS Access: 0x20019
QueryValue HKLM\Software\Symantec\InstalledApps\Common Client SUCCESS "C:\Programme\Gemeinsame Dateien\Symantec Shared\"
QueryValue HKLM\Software\Symantec\InstalledApps\Common Client SUCCESS "C:\Programme\Gemeinsame Dateien\Symantec Shared\"
CloseKey HKLM\Software\Symantec\InstalledApps SUCCESS
OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCP71.dll NOT FOUND
OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccL40.dll NOT FOUND
OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll NOT FOUND

A external Programm can start over this entries when you declare it as debugger in the
"Image File Execution Options" Section.
Top
 Profile  
 
noob123
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 13th, 2007, 19:59 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
And for what it makes Crypt access

CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS C2 16 43 A1 50 B6 42
CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS

or some access to the entries from Norton Internet Securty at start and shutdown from the programm:

963 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Access: 0x20019
964 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Name: SRTSP
965 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS Access: 0x20019
966 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\FLAGS SUCCESS 0x0
967 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\ALTITUDE SUCCESS "329000"
968 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS
969 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES NO MORE ENTRIES
970 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS
971 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Access: 0x20019
972 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Name: eeCtrl
973 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS Access: 0x20019
974 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\FLAGS SUCCESS 0x0
975 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\ALTITUDE SUCCESS "329010"
976 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS
977 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES NO MORE ENTRIES
978 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS
979 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Access: 0x20019
980 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Name: SPBBCDrv
981 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS Access: 0x20019
982 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\FLAGS SUCCESS 0x0
983 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\ALTITUDE SUCCESS "365100"
984 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS
985 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES NO MORE ENTRIES
986 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS
987 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Access: 0x20019
988 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Name: SRTSP
989 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS Access: 0x20019
990 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\FLAGS SUCCESS 0x0
991 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\ALTITUDE SUCCESS "329000"
992 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS
993 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES NO MORE ENTRIES
994 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS
995 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Access: 0x20019
996 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Name: eeCtrl
997 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS Access: 0x20019
998 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\FLAGS SUCCESS 0x0
999 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\ALTITUDE SUCCESS "329010"
1000 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS
1001 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES NO MORE ENTRIES
1002 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS
1003 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Access: 0x20019
1004 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Name: SPBBCDrv
1005 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS Access: 0x20019
1006 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\FLAGS SUCCESS 0x0
1007 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\ALTITUDE SUCCESS "365100"
1008 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS
1009 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES NO MORE ENTRIES
1010 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS
1011 11:28:49 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 SUCCESS
1012 11:28:49 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 SUCCESS
1013 11:28:49 HDDScan.exe:1872 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters SUCCESS
Top
 Profile  
 
Doomer
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 16th, 2007, 11:14 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3577
Location: Chicago
Common guys there is not a trojan
The reason why it is trying to reach DNS server is e-mail component (I used Indy 9 component for Delphi)
As you know HDDscan could send e-mails with results and this is why I used Indy component
Probably that network activity is Indy component initializing

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.
Top
 Profile  
 
noob123
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 16th, 2007, 11:57 
Offline

Joined: November 12th, 2007, 13:03
Posts: 6
Hello Doomer, this says Kaspersky also :
//
Hello, yes it's clean. It has functions for send mail and it uses with -mail key in command line.
Best regards, Sxxxxx Dyyyyy
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
//
Apology for this suspicion, but I am surprised over the Registry looks for the Symantec entries.
For the winsock entries i have a similar behavior with a Programm in Delphi with Indy Components when it's opens a connection.
But why the program doesn't open the connection only on request?

O.K., therefore again apology for this suspicion.
Top
 Profile  
 
Doomer
 Post subject: Re: Is HDD Scan a Spyware or a Trojan??
PostPosted: November 16th, 2007, 14:20 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3577
Location: Chicago
noob123 wrote:
But why the program doesn't open the connection only on request?

It supposed to
I think it's just component start up init not opening connection to send e-mails

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 

Main » Forums home » Software and hardware tools

All times are UTC - 5 hours [ DST ]

Who is online

Users browsing this forum: No registered users and 9 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Switch to mobile style
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group