Newbie here! Now, deep freeze is a great program but inorder to really know how great it is, it needs to withstanda all kinds of exploits on it. I don't know exactly how it works but here is my theory.
I think deep freeze latches itself to the system as a necessary process(that's why it can't be killed conventionally) and then monitors what happens to the computer so that it can roll back on the next reboot.
The file that I think it uses is Persi0.sys located in c:\ or the equivalent root. Except for changing the attributes, I cant find another way to manipuate this file because deep freeze is attached to it and therefore being used in a processes.
I think if there is a way to detach it from all process(like closing all handles on a drive b4 doing chkdsk), it can be modified and deep freeze can be crippled if not disabled.
I urge u guyz to take this as a challenge and share the knowledge(especially of how exactly it works?)
Deep Freeze
-
visser
- Fame ! Where are the chicks?!
- Posts: 472
- Joined: 03 Apr 2007, 16:00
- 17
- Location: online
- Contact:
googler has all sorts of challanges:
http://www.governmentsecurity.org/forum ... wtopic=123
also if you know the file what about getting a live cd and seeing if you can find that file through the live cd since deepfreeze wouldnt have a chance to run by doing that
http://www.governmentsecurity.org/forum ... wtopic=123
also if you know the file what about getting a live cd and seeing if you can find that file through the live cd since deepfreeze wouldnt have a chance to run by doing that
ERD is now MDaRT
Microsoft wants $1,199 for the tools now.
� Allows complete disk sanitizing/data removal with Disk Wipe utility
� Includes the Locksmith utility to reset lost Administrator passwords
� Includes FileRestore so that you can quickly find and recover deleted files
AND MORE!
/rapidshare.com/////MDRT_ERD5.0_upped_by_PHORUM.WS_krew_00.rar --note:50mb
Time up link removed, left searchable keyword..DNR
Microsoft wants $1,199 for the tools now.
� Allows complete disk sanitizing/data removal with Disk Wipe utility
� Includes the Locksmith utility to reset lost Administrator passwords
� Includes FileRestore so that you can quickly find and recover deleted files
AND MORE!
/rapidshare.com/////MDRT_ERD5.0_upped_by_PHORUM.WS_krew_00.rar --note:50mb
Time up link removed, left searchable keyword..DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
crazywizard
- forum buddy
- Posts: 12
- Joined: 27 Jun 2008, 16:00
- 15
You don't understand the problem. If you delete the file (Persi0.sys), and then boot the comp to win again, the file will be recreated. I have even uninstalled deepfreeze and on reboot, it waz back gain with all the changes undone. I think the way here is to find a way of crippling it while it's running then maybe it will be unable to run later. Anybody have a theory on how it works, especially low level interaction with the system?
it might be resident in your MBR, try Fdisk/MBR. Not all bootloader viruses can be removed with Fdisk/mbr, but you might examine it for obvious links to programs as the MBR is coded for direct links to the file it needs to run.
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.