Sign in to follow this  
Followers 0
sagarun

Admin-Magic-(spy detection) and removal

30 posts in this topic

One of the easiest ways to do this is to just see what services are running, because it's most likely running as a service. Go to the control panel and make sure that service is not running, if it is, close it. If you do not have administrative rights, try seeing if the registry is allowed. If so, here:

hxxp://seclists.org/bugtraq/2006/May/0492.html

This will get you SYSTEM privs. i believe by using a trick with the screen saver. You won't even have to login for this one.

Once you have the service name, you can stop it, or even create a batch file to automatically net stop it on the start up.

heh, i wrote a quick script for that...and like it says there, you can get comspec to pop up when you hit shift 5 times (basically instead of sticky-keys popping up, cmd does), also included in the script:

UndergroundSystems

<http://www.undergroundsystems.org/forums/showthread.php?t=4194>

Edited by Poetic-Justice
0

Share this post


Link to post
Share on other sites
#1 Overall, it is not your property to mess with!

#2 As a student, I am sure you signed all the paperwork, and that will bind you to thier rules and rugulations, and makes you the person that will get in trouble for breaking any rules set by the IT people on that campus!

#3 Are you really doing anything in that lab that is so against the rules, that you need to make it so the admin cannot watch? If you are, well then your screwed! Why not get a copy of the said program, set it up at your house, and work against it that way, If so finding anything that can or will work against it, bring a presentation to the Network or IT people, and show how it CAN be done in the lab, and maybe show or help them fix it so the system is secure!

Why risk your future in attempting this on thier computers, when you cando it on your own and even legally on your own network at home?

#1 Firstly they don't have rules,They have not informed us before!!!!

#2 Yeah its their network and their college,But all they have to do is inform us prior like

"Dude we will watch all your activities so Don't do personal things in the lab!!!"

They watch all of us secretly,even many innocent people out here don't know some one is looking behind them.

0

Share this post


Link to post
Share on other sites
dont they check out the software before hand, and if you find out the antivirus the school uses and reports it, even better because it would delete on the next update, thanks you have given me an idea

yeah,i too believe reporting it to a anti virus is a better way!!!!

Are you guys seriously suggesting reporting the Admin Magic program to AV vendors as malware? You do realize that actual people create the virus definitions, right? It's not just an automated process that happens when you report a file to them. If that were the case, things like WINWORD.EXE and IEXPLORE.EXE would have gotten spanked a long, long time ago. But if you try it and they write back, do share what they said. Might be good for some lulz. :)

Out of all the options presented, I'd say that the LiveCD option is probably the most likely to work out. Sure, it's possible to lock down an ethernet connection and disable booting from CD, that kind of thing would only get in the way of the IT staff and would not likely present a real barrier on a shared/community workstation. And while the sysadmin hat I wear makes me raise an eyebrow at the thought of circumventing IT policy, that's probably the least destructive way you could go about it (as long as you don't do something silly, like trash the local computer's filesystem). Find one of those distros that uses a LiveCD in conjunction with a USB drive to save your prefs, and you'd probably be good to go.

Also extra prestige, as the others in the lab look at the strange GUI and observe in silent awe and reverence, wondering what sort of super-human tech wizard you really are. Women will swoon, and venture capitalists will appear and begin throwing money at you.

No really.

It could happen.

Many spyware companies have added this software as a security risk,so why don't the anti-virus companies?

just Google "repsvc.exe" They say it as 70% dangerous.

0

Share this post


Link to post
Share on other sites

"if you cant beat them, join them..."

Become with the admins, help out at lunch times, come to after school things there. If the admins like you, and they think your a nice person, they'll probrably just not watch you... They won't suspect you if they're your friend.

Look what happened to cyb3r-dan. He got caught, but didnt get into much trouble caus the admin was a good friend.

Who ever made up the phrase "if you cant beat them, join them...", obviously made it up for a reason lol

the link is too http://www.binrev.com/forums/index.php?showtopic=36912 if it doesnt show

Edited by Poetic-Justice
0

Share this post


Link to post
Share on other sites
"if you cant beat them, join them..."

Become with the admins, help out at lunch times, come to after school things there. If the admins like you, and they think your a nice person, they'll probrably just not watch you... They won't suspect you if they're your friend.

Look what happened to cyb3r-dan. He got caught, but didnt get into much trouble caus the admin was a good friend.

Who ever made up the phrase "if you cant beat them, join them...", obviously made it up for a reason lol

the link is too http://www.binrev.com/forums/index.php?showtopic=36912 if it doesnt show

Yeah,its true....

Joining them is a better idea!

Thanks

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0