A forum for reverse engineering, OS internals and malware analysis 

eType Manager / Browser Manager / bProtector Adware

Forum for analysis and discussion about malware.

Re: eType Manager / Browser Manager / bProtector Adware

 #16920  by EP_X0FF
 Fri Nov 30, 2012 6:56 am
thisisu wrote:
EP_X0FF wrote:
thisisu wrote:How do I stop the hooking :lol:
http://www.kernelmode.info/forum/viewto ... 741#p16741
Thanks I did try these steps, all successfully except the very last one (delete .DLL)

Regarding cacls I got: "Successfully processed %path of dll%", rebooted. Nulled APPINIT_DLLs - OK, reset perms using cacls again - OK. But then the .DLL still failed to delete. And this is all after both eType Manager and IBUpdaterService services were stopped and deleted. Processes killed.
Then you did something wrong. The same scenario works here.

Re: eType Manager / Browser Manager / bProtector Adware

 #17162  by thisisu
 Thu Dec 13, 2012 9:21 pm
Another one is: Sidekick Manager
http://windowsvc.com/bbs/board.php?bo_t ... r_id=37457

I'm wanting to add full protection versus this type of adware in my program and would like you guys opinion. It definitely requires at least one reboot to remove IAT hooks set in place as previously mentioned by others in thread.

Do you think I should set a routine to perform if:
Bad service related to infection is detected as running
or
Bad DLL is loaded in modules but service is not running.

I'm thinking bad DLL is better but would like your opinions on which way is safest/best. :)

Thanks!
 Return to “Malware”