Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

boot.dll is still treated as a trojan
osillo
#1 Posted : Saturday, November 3, 2018 1:31:21 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 50

Thanks: 27 times
Was thanked: 4 time(s) in 4 post(s)
Please fix this. I am in a bussiness trip and in my work laptop I cannot disable the antivirus or make exceptions. This has been an issue for a long time now.
BotLord1991
#2 Posted : Sunday, November 4, 2018 3:13:49 PM(UTC)
Rank: Newbie

Groups: Registered
Posts: 7

Mine did the same, but the bot was still able to run fine from what I could see. If not, you should use EBCD or Kon-Boot that way you can get into the admin account and alter the config of your antivirus client. If your system administrator isn't a complete dick, he will probably not only not care about it, but will give you a pat on the back for figuring that out. I would let him know ASAP though, so when he needs to make get back, he isn't alarmed due to a changed or missing password for the admin account(EBCD can do this). Kon-Boot is far less invasive, and no one would know you used it in the first place
osillo
#3 Posted : Monday, November 5, 2018 7:36:03 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 50

Thanks: 27 times
Was thanked: 4 time(s) in 4 post(s)
BotLord1991;57798 wrote:
Mine did the same, but the bot was still able to run fine from what I could see. If not, you should use EBCD or Kon-Boot that way you can get into the admin account and alter the config of your antivirus client. If your system administrator isn't a complete dick, he will probably not only not care about it, but will give you a pat on the back for figuring that out. I would let him know ASAP though, so when he needs to make get back, he isn't alarmed due to a changed or missing password for the admin account(EBCD can do this). Kon-Boot is far less invasive, and no one would know you used it in the first place


That's a big no-no for me, I could be fired for even atempting to do any hacks like that. I work for a pretty big multinational company, so my 'system administrator' is a whole security team.

For now my workaround is restore boot.dll from quarantine and launch the bot before the antivirus detects it again and deletes it. After launching the bot succesfully the boot.dll file is not needed for the bot to work properly.
Ynnoz
#4 Posted : Monday, November 5, 2018 9:08:44 PM(UTC)

Rank: Advanced Member

Groups: Registered
Posts: 125

Thanks: 3 times
Was thanked: 14 time(s) in 13 post(s)
osillo;57793 wrote:
Please fix this. I am in a bussiness trip and in my work laptop I cannot disable the antivirus or make exceptions. This has been an issue for a long time now.


I fully understand your problem but I guess this cannot be fixed easily. First, the antivirus should stop this behaviour because injections are not safe. If an exception could be made by HearthRanger itself, it would also be possible that somebody else could misuse this and infects your system (and others). The best way is still to make an exception yourself in your own antivirus program. However, I understand that it is not the solution you are looking for.

(And even it can be fixed by Joy, it is only temporary. With the next update of your virus scanner, the problem may arise again. As it should be :))
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by YAF | YAF © 2003-2011, Yet Another Forum.NET
This page was generated in 0.067 seconds.