Jump to content

AntiVirus programs use rootkits for trial periods?


BlackScarletLove

Recommended Posts

BlackScarletLove

I thought antivirus programs identify your IP to determine your trial period expiry etc. But I heard that they actually plant a rootkit in your system that keeps track of it all.

Is there a way I can use RootKit Revealer or something similar to that, to find and remove the rootkit so I can theoretically have no end to my trial period?

Link to comment
Share on other sites


  • Replies 3
  • Views 955
  • Created
  • Last Reply

Even if this is all true and let's say you succeed, you will probably kill the app also. Security programs usually have a self-defense component that takes care the app is not changed in ANY way by outside intervention (this was created with protection from viruses that try 2 shut down the app in mind, but it will also work if you change the files of the AV). Also, security stuff is best left untouched, you wouldn't introduce flaws or some erratic behavior on your last guard, won't you???

Anyway, feel free 2 try. Even if u do not succeed u will surely learn useful stuff in the process ;)

Link to comment
Share on other sites


BlackScarletLove

I did a scan but I do not understand its results. I am looking for a kit an AV might have placed to keep track of trial software.

I've included a shot of it.

post-12503-1204782128_thumb.png

post-12503-1204782128_thumb.png

Link to comment
Share on other sites


Before posting, please note that RKR 1.71 now scans the HKLM\Security security hive. As a consequence it finds keys with trailing nulls such as

HKLM\Security\Policy\Secrets\SAC*

HKLM\Security\Policy\Secrets\SAI*

This is normal behaviour and need not be cause for alarm.

- Sysinternals Forums

the "kl1" stuff seems to be from some Kaspersky product - I got them too - so maybe this is what you search?

Mozilla, Opera caches are ok to be there too.

Nothing to worry in your scan in my humble and non-specialistic opinion.

MOST IMPORTANT: Google first, ask second! ALWAYS!

Edit: And yeah... C:\WINDOWS\system32\drivers\kl1.sys - Kaspersky Unified Driver. I have the feeling that if u mess with the file Kaspersky won't even start (as you might know, the program knows which files are its and protects them from mods and any other stuff). But I am directly interested if you accomplish something, so fel free to post and let me know if you broke Kaspersky's self-protection... good luck

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...