A common way for malware to fuck up your computer, is to inject itself into already running processes, which can make the removal pretty annoying if it injects itself in a process like winlogon, which logs you off if you shut it down.
So, how would i prevent a DLL from injecting into a process?
Process guard? would that work? =/
Preventing DLL injection?
Preventing DLL injection?
Last edited by ayu on 07 May 2008, 03:36, edited 1 time in total.
hmm ok...
For some reason i believe that DLL injection hasn't been discovered as a real threat yet, or is simply not taken seriously enough.
Because i have been (from time to time) looking for a way to either stop it or "eject" DLL's from processes, but everything seems to fail.
I know that AVG anti virus has a "force removal" function that can remove DLL files even if they are injected, i dunno how that works though, might mail them and see if i can squeeze out some info about it.
Dunno why it should be so hard to do =/ Process explorer can remove handles (or wtf it's called) from processes, but doesn't seem to be able to remove DLL's even if you can search for them in the processes.
Microsoft also has a handle tool to remove handles from processes, this tool also seems to be ineffective against DLL's.
For some reason i believe that DLL injection hasn't been discovered as a real threat yet, or is simply not taken seriously enough.
Because i have been (from time to time) looking for a way to either stop it or "eject" DLL's from processes, but everything seems to fail.
I know that AVG anti virus has a "force removal" function that can remove DLL files even if they are injected, i dunno how that works though, might mail them and see if i can squeeze out some info about it.
Dunno why it should be so hard to do =/ Process explorer can remove handles (or wtf it's called) from processes, but doesn't seem to be able to remove DLL's even if you can search for them in the processes.
Microsoft also has a handle tool to remove handles from processes, this tool also seems to be ineffective against DLL's.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 18
- Location: In your eye floaters.
- Contact:
IceSword is able to unload DLLs:
http://www.antirootkit.com/software/IceSword.htm
be cautious with that tool, you can cause severe system damage with it..
http://www.antirootkit.com/software/IceSword.htm
be cautious with that tool, you can cause severe system damage with it..
cats and dogs
I do prefer dogs, but I am never really home much for that. Cats can be good 'alarm' animals, they can hear well and signal if someone is around the property just as well as a dog.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.