People to research spyware/write definitions for an open-source anti-spyware program

**itportal** · Sep 7th, 2005, 03:47 PM

Hello,

We need some people to research spyware for our open-source app. It's called AntiXtra and you can find more info about it at http://www.antixtra.com/.

No programming skills are needed. However the people should understand windows registry, files/folders, running processes and their modules, ActiveX.

There are 2 types of research - over the internet or examining the spyware parasite. The first one is easy - find information about a known spyware parasite and convert this info into definition files. The second method consist of installing spyware programs and monitoring their behavior. Then writing definition files about them.

If you are interested, post here or contact me via an ICQ to 248647897.

**packetVB** · Sep 7th, 2005, 06:46 PM

I applaud your efforts.
However, by the information you have on your web site, it looks like your wanting to create a program that will scan for spyware and remove it.
Scanning for spyware by using definitions is pointless if the spyware itself is modifying files and processes so that it cant be seen (ive seen alot of them). The user would run your program in windows and fail to find the spyware because it is hidden.
A better option would to stop the spyware from installing in the first place.
I am doing something like that. Well it is actually complete and just needs a install and uninstall routine for the driver. Though it doesnt scan the starting executable using definitions.
Maybe I could join you guys and we can add that functionality to your project.
What Programming language are you writing it in?

packetvb

**itportal** · Sep 7th, 2005, 11:46 PM

We were planning such (and lots more) features. We are now about to release the first beta and such features are not planned for this version.

We are writing in VB.NET, but if you are coding in a .NET language there will be no problem linking the project and your functionality...

Using definition files is not that pointless. We are now making it catch older parasites. The new ones that hide themselves very good will be an aim for the next releases.

**vitoto** · Jan 12th, 2006, 10:20 AM

Hi, i coding in Vb.Net and code anticheat Program.

Using WMI, FileWatcher, File MD5 and CRC32, etc.

What happend you portal ?

This Account Has Been Suspended
Please contact the billing/support department as soon as possible.

What criterias are you using when programs Attack you Process in Memory ?

**itportal** · Jan 12th, 2006, 11:28 AM

Hello,

We have some problems with our hosting provider. Site will be up in the next few days.

Project is now paused. We will probably switch to C++. Everything will be rewritten.

**vitoto** · Jan 12th, 2006, 11:58 AM

O, so you think in dll .Net then that working in all .net proyects.

How you detect attacks in process ?
Check AntiHook 2.5 the infoprocess.

Any idea ?
[email protected]

**mayurvb** · Jan 31st, 2006, 08:10 AM

Hi, can anybody explain me how to use md5 to identify a spyware?
I know how to get the md5 for a file.
Now, there must be thousands of md5. How to comapare just 1 single md5 with these thousands of know spyware md5?

Thread: People to research spyware/write definitions for an open-source anti-spyware program

Thread Tools

Display

People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Re: People to research spyware/write definitions for an open-source anti-spyware program

Posting Permissions