Results 1 to 10 of 10

Thread: vsdatant.sys True Vector Driver Hooked

  1. #1
    uhd Guest

    Default vsdatant.sys True Vector Driver Hooked

    Hi

    Everything seemd to be ok with my firewall until I downloaded a little freeware program called RootKit Hook Analyser 2.00.

    It shows that vsdatant.sys is hooked (somebody modifies input and output of this process) as well as SSI.SYS of my spysweeper.

    I would like to know whether it is Zone Alarm itself that hooks the procedure.

    Regards Uli Dinklage

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.0

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: vsdatant.sys True Vector Driver Hooked

    Both of these drivers are okay.

    Oldsod
    Best regards.
    oldsod

  3. #3
    flyyourway Guest

    Default Re: Vsdatant.sys True Vector Driver Hooked

    Vsdatant.sys and other sys files, used by ZoneAlarm
    can be considered
    ROOT KIT like. These and numerous others install root kits in order to hook system calls for their own purposes. When is a root kit NOT a root kit? When it's branded. They Hook to control activity and to stand tall and guard your machine.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Vsdatant.sys True Vector Driver Hooked

    Hi FlyYourWay

    Thanks for explaining the difference between the two. Nice to have your wise and experienced advice and guidance.

    Take care and nice to see you at the forum.

    Oldsod
    Best regards.
    oldsod

  5. #5
    flyyourway Guest

    Default Re: Vsdatant.sys True Vector Driver Hooked

    Hi Mr.Richard
    Glad to be back and a bit more active within the forum,time has gotten the best of me lately.Glad to have seen your advancement within the forum to a GURU.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Vsdatant.sys True Vector Driver Hooked

    FlyYourWay

    Your absence has been noticed and you are missed. Nice that you have some free time to spend here. Thanks for the compliment about the name promotion. Please take care and I hope all is well.

    Oldsod
    Best regards.
    oldsod

  7. #7

    Default Re: Vsdatant.sys True Vector Driver Hooked

    <blockquote><hr>Oldsod wrote:
    FlyYourWay

    Your absence has been noticed and you are missed. Nice that you have some free time to spend here. Thanks for the compliment about the name promotion. Please take care and I hope all is well.

    Oldsod
    <hr></blockquote>



    I second that

  8. #8
    uhd Guest

    Default Re: Vsdatant.sys True Vector Driver Hooked

    Thanks

    I got the hang of it now. I just interpreted the output of my rootkit hook detector wrong.
    vsdatant.sys is the process that hooks the other processes. I just hope that it cannot
    be hooked or modified itself in an easy way.

    Uli

  9. #9
    flyyourway Guest

    Default Re: Vsdatant.sys True Vector Driver Hooked

    Anything on an unstable OS can be hooked,never rely totally on the security applications you run,they are there to help you prevent catastrophe and infection,but many do have design flaws because the OS they sit upon has many more flaws.But ZoneAlarm is a decent firewall and it does it's job so relying on it becomes easier and easier.

  10. #10
    uhd Guest

    Default Re: Vsdatant.sys True Vector Driver Hooked

    I totally agree with you except in one point.
    Zone Alarm is not a decent firewall it is the best.
    I tested Norton and McAffee and they were not worth the money I spent on them.
    On a clients computer I installed Zone Alarm on top of Norton.
    When Norton wanted to do a live update I accepted it as a trusted program.
    Then I looked in the Zone Alarm log and saw that the Norton LUS did not really go to the Symantec site.
    Downloads had been carried out from from other sites among them the clients website.
    That was the death sentence for my Norton Internet Security suite.

    I test the behviour of firewalls in the following way. I make an internet connetion through my broadband and
    another connection on a second computer through dialup. Then I probe the Broadband side from the dialup
    side with pings on and other software. Zone Alarm is really nice, because it keeps ALL ports in complete
    stealth mode. It is good that it does not probe back to find out who pinged. It would reveal that there
    is something behind my IP address. I prefer to be totally invisible because I find it unlikely that I am
    attacked from the hackers site. If I would hack I would always hack through somebody elses computer with a
    relay.

    Thats it on this matter - Thanks for all your peoples advice

    Uli

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •