Author Topic: "Real-time Infiltration Detection" in WinPatrol Plus  (Read 2100 times)

0 Members and 1 Guest are viewing this topic.

Offline fileless1

  • Newbie
  • *
  • Posts: 1
    • View Profile
"Real-time Infiltration Detection" in WinPatrol Plus
« on: January 09, 2015, 10:46:03 AM »
Does the WinPatrol Plus “Real-time Infiltration Detection” feature detect the malicious creation of an Autostart registry entry that contains javascript instead of file references; i.e., fileless persistent malware such as certain versions of Poweliks and Phase Bot?

I welcome responses containing factually supported answers of the question asked. 

 *  *  *  * 
Poweliks information selected sources (links still correct at the time of this posting) --
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/ 



Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20759
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: "Real-time Infiltration Detection" in WinPatrol Plus
« Reply #1 on: January 09, 2015, 12:45:44 PM »
Hi, fileless1.  Welcome to LandzDown Forum.

If you haven't seen it, information regarding the "Real-time Infiltration Detection" feature in WinPatrol PLUS is available here:  http://www.winpatrol.com/rid.html  All of the startup files listed are either .exe or .dll files.  I do not know if WinPatrol PLUS has been tested against an encoded autostart registry key.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Rednose

  • Full Member
  • ***
  • Posts: 52
    • View Profile
Re: "Real-time Infiltration Detection" in WinPatrol Plus
« Reply #2 on: January 11, 2015, 12:36:07 AM »
Interesting :)

Maybe we can get some input from Bret, or ( forgive me, as I am a longtime user ) Bill here ?

Greetz, Red.