| HDD GURU FORUMS http://forum.hddguru.com/ |
|
| Is HDD Scan a Spyware or a Trojan?? http://forum.hddguru.com/viewtopic.php?f=7&t=8022 |
Page 1 of 1 |
| Author: | noob123 [ November 12th, 2007, 13:16 ] |
| Post subject: | Is HDD Scan a Spyware or a Trojan?? |
Hallo, sorry for the question but i have tested the "HDDSCan V2.08" an when i start the Program, it connecting to my DNS Server via UDP (why?). When i start the Program with sysinternals tools (Filemon / Regmon) i see that the Program looks at the Norton Internet Security (2007) Program Directories, Files and Services Entries in the Registry from Windows XP SP2. Is this normal?? When i start the Program on a Computer with XP SP2 and Kaspersky there is nothing like this behavior. It makes no connection via UDP (Kaspersky don't ask me) an it dosn't seek any Registry Entries from Kaspersky? |
|
| Author: | noob123 [ November 13th, 2007, 4:05 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
That means that the Software from the HDDGuru-Site is an Trojan?! |
|
| Author: | noob123 [ November 13th, 2007, 14:08 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
Yes, but why makes an HDD Tool a UDP Connection and scans for Security Suites? I have send this file to Kaspersky, F-Secure and Microsoft and look out for an answer. Also i ask an German Website to check their Toolset "PC Repair Set" especially HDDScan in this toolset. Is this not the forum from the programmer of this tool?? Can he don't declare why his tool make this things! |
|
| Author: | noob123 [ November 13th, 2007, 19:32 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
Here are some lines from the Regmon Log: OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCR71.dll NOT FOUND OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASOEHOOK.DLL NOT FOUND OpenKey HKLM\Software\Symantec\InstalledApps SUCCESS Access: 0x20019 QueryValue HKLM\Software\Symantec\InstalledApps\Common Client SUCCESS "C:\Programme\Gemeinsame Dateien\Symantec Shared\" QueryValue HKLM\Software\Symantec\InstalledApps\Common Client SUCCESS "C:\Programme\Gemeinsame Dateien\Symantec Shared\" CloseKey HKLM\Software\Symantec\InstalledApps SUCCESS OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCP71.dll NOT FOUND OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccL40.dll NOT FOUND OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSCTF.dll NOT FOUND A external Programm can start over this entries when you declare it as debugger in the "Image File Execution Options" Section. |
|
| Author: | noob123 [ November 13th, 2007, 19:59 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
And for what it makes Crypt access CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS C2 16 43 A1 50 B6 42 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS or some access to the entries from Norton Internet Securty at start and shutdown from the programm: 963 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Access: 0x20019 964 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Name: SRTSP 965 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS Access: 0x20019 966 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\FLAGS SUCCESS 0x0 967 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\ALTITUDE SUCCESS "329000" 968 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS 969 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES NO MORE ENTRIES 970 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS 971 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Access: 0x20019 972 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Name: eeCtrl 973 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS Access: 0x20019 974 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\FLAGS SUCCESS 0x0 975 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\ALTITUDE SUCCESS "329010" 976 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS 977 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES NO MORE ENTRIES 978 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS 979 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Access: 0x20019 980 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Name: SPBBCDrv 981 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS Access: 0x20019 982 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\FLAGS SUCCESS 0x0 983 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\ALTITUDE SUCCESS "365100" 984 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS 985 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES NO MORE ENTRIES 986 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS 987 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Access: 0x20019 988 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS Name: SRTSP 989 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS Access: 0x20019 990 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\FLAGS SUCCESS 0x0 991 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP\ALTITUDE SUCCESS "329000" 992 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES\SRTSP SUCCESS 993 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES NO MORE ENTRIES 994 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SRTSP\INSTANCES SUCCESS 995 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Access: 0x20019 996 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS Name: eeCtrl 997 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS Access: 0x20019 998 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\FLAGS SUCCESS 0x0 999 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl\ALTITUDE SUCCESS "329010" 1000 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES\eeCtrl SUCCESS 1001 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES NO MORE ENTRIES 1002 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\eeCtrl\INSTANCES SUCCESS 1003 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Access: 0x20019 1004 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS Name: SPBBCDrv 1005 11:28:46 HDDScan.exe:1872 OpenKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS Access: 0x20019 1006 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\FLAGS SUCCESS 0x0 1007 11:28:46 HDDScan.exe:1872 QueryValue HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv\ALTITUDE SUCCESS "365100" 1008 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES\SPBBCDrv SUCCESS 1009 11:28:46 HDDScan.exe:1872 EnumerateKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES NO MORE ENTRIES 1010 11:28:46 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\SPBBCDrv\INSTANCES SUCCESS 1011 11:28:49 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 SUCCESS 1012 11:28:49 HDDScan.exe:1872 CloseKey HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 SUCCESS 1013 11:28:49 HDDScan.exe:1872 CloseKey HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters SUCCESS |
|
| Author: | Doomer [ November 16th, 2007, 11:14 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
Common guys there is not a trojan The reason why it is trying to reach DNS server is e-mail component (I used Indy 9 component for Delphi) As you know HDDscan could send e-mails with results and this is why I used Indy component Probably that network activity is Indy component initializing |
|
| Author: | noob123 [ November 16th, 2007, 11:57 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
Hello Doomer, this says Kaspersky also : // Hello, yes it's clean. It has functions for send mail and it uses with -mail key in command line. Best regards, Sxxxxx Dyyyyy Virus analyst, Kaspersky Lab. e-mail: newvirus@kaspersky.com http://www.kaspersky.com/ // Apology for this suspicion, but I am surprised over the Registry looks for the Symantec entries. For the winsock entries i have a similar behavior with a Programm in Delphi with Indy Components when it's opens a connection. But why the program doesn't open the connection only on request? O.K., therefore again apology for this suspicion. |
|
| Author: | Doomer [ November 16th, 2007, 14:20 ] |
| Post subject: | Re: Is HDD Scan a Spyware or a Trojan?? |
noob123 wrote: But why the program doesn't open the connection only on request? It supposed to I think it's just component start up init not opening connection to send e-mails |
|
| Page 1 of 1 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|