none
How to "Force" folders/subfolders to exclusion equal to an anti rootkit? RRS feed

  • Question

  • Hello,


    So, someone know how do this, or have some open source project to reference?

    Thank you very much.

    Friday, August 25, 2017 8:24 PM

Answers

  • That depends on what approach the malware is using to stop a delete.  You are going to have to do research, any of the "its simple it just needs ..." approaches will do more damage than good, and will not work for a lot of malware.   This is why the anti malware companies keep working so hard, every time they find a way to block something, the hackers find a new way to do it.

    You won't get any real data on the forums, most of the techniques are proprietary.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 25, 2017 9:34 PM

All replies

  • What are you asking for here?  If it is how to do a shell extension to add "Force Delete" to a menu see https://msdn.microsoft.com/en-us/library/windows/desktop/cc144067(v=vs.85).aspx  Or are you asking how to do the force delete, that is harder and depends on what set of conditions you are trying to address.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 25, 2017 9:25 PM
  • What are you asking for here?  If it is how to do a shell extension to add "Force Delete" to a menu see https://msdn.microsoft.com/en-us/library/windows/desktop/cc144067(v=vs.85).aspx  Or are you asking how to do the force delete, that is harder and depends on what set of conditions you are trying to address.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    @Don Burn,

    i'm asking: how to do the force delete.

    Friday, August 25, 2017 9:29 PM
  • That depends on what approach the malware is using to stop a delete.  You are going to have to do research, any of the "its simple it just needs ..." approaches will do more damage than good, and will not work for a lot of malware.   This is why the anti malware companies keep working so hard, every time they find a way to block something, the hackers find a new way to do it.

    You won't get any real data on the forums, most of the techniques are proprietary.


    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Friday, August 25, 2017 9:34 PM