Comments on: A malware with my name

By: Daniel Pistelli

Daniel Pistelli — Sat, 15 Sep 2012 13:50:56 +0000

Sure, just ask me what you are interested to know. 🙂

By: Zarko

Zarko — Fri, 14 Sep 2012 14:47:57 +0000

Daniel can you tell me some personal information about you if you can, it interest me 🙂 ?

By: lol

lol — Tue, 14 Feb 2012 22:30:57 +0000

Don’t come here with your MS false positives, this guy is cool.

If you’re using MS essentials, then you’re using malware.

NO ONE NEEDS an Anti-virus/anti-malware, at least anyone who is a REAL IT specialist.

For scriptkiddies: IF you are coding in .net find a GOOD commercial/self-made obfuscator, there gui hack solved.

Set the registry permission on the ‘run’/runonce key to read only( for everyone)

If you do this in the services key it will require a restart (drivers/services). <–this isn't advisible since some programs require you install drivers, but it's good protection for existing services, and to prevent malware.

On the Windows NT key (winlogon/userinit), only allow the system access to read and write, and set your username and other accounts to read only.

By: Daniel Pistelli

Daniel Pistelli — Fri, 07 Oct 2011 21:56:32 +0000

In reply to dougal holloway.

There’s no way to stop something like this I’m afraid 🙂
However, it really didn’t create much of a problem, few people complained to me.
I don’t think that many really think as you said that a real malware writer would sign with his own name its creature.

By: dougal holloway

dougal holloway — Wed, 05 Oct 2011 03:09:22 +0000

hi guys,, couldnt help but notice we all saw the same name attached to this cank malware,, however this was quite a good 1 and took me about 4 hours to remove it froma customers pc, regardless of google info,, however, my trustee mbam got the better of it thru safe mode, but just wanted to clarify, that its blatantly obvious that daniel pistelli wouldnt put his name to sucj a stupid malware,, ( if u created a virus eg, conficker, would u REALLY put ur name to it??? ) I DONT THINK SO,, !!,, however,, top marks for whoever DID create this,, as,, to be honest,, im a pc engineer, and it STILL took me 4 hours to rid its infection,, so well done,, thats 4 hours of my life i aint getting back, and round a complete strangers house no less,, ,, unlucky daniel that ppl are slating u for this malware,, id look into that if i was u,, see if there was a way u can stop that,,

By: Daniel Pistelli

Daniel Pistelli — Mon, 25 Jul 2011 20:01:13 +0000

Hello POPTARTCAT,
thanks, I know sandboxie. 🙂
On x64 the safety sandboxie provides is limited (so be careful), but anyway I would never run any kind of malware on my system, even if sandboxed. Better to use a virtual machine.

By: POPTARTCAT

POPTARTCAT — Mon, 25 Jul 2011 18:07:10 +0000

Hey Daniel,

It might already be a bit late to tell you;but anyway, you can safely run the malware version of your software in a program called “Sandboxie”. I think it’s just a fun thing to be able to do; running malware without infecting your computer. It’s just a thought, but if you haven’t seen your program’s doppelganger as-of-yet, I strongly believe it will help you.

By: lol

lol — Thu, 06 Jan 2011 21:36:00 +0000

haw haw he “hacked” the gui lol….

your software is beautiful.

no matter….

By: Xylitol

Xylitol — Tue, 07 Dec 2010 11:45:33 +0000

Hello Daniel,
that not about your great article
but just for says, someone have ripped one of your software called “Driver List”
by a guys called Martik.
You can see the rip on his blog here: http://martik-scorp.blogspot.com/2010/12/show-me-loaded-drivers.html
renamed the title etc and says he have coded it, in reallity he have just hacked your GUI with a ressource editor…

regards
__
/Xylitol

By: Daniel Pistelli

Daniel Pistelli — Wed, 06 Oct 2010 10:41:29 +0000

Well, look in the registry in the run and the location can be easily spot the task manager (or task explorer). Just look for a 3-letter named process like “klb.exe”. It uses random letters. Kill it, remove the file, remove the entry in the registry (Run) and that should be it.
I haven’t executed it, but it’s not very difficult.