1. Forum
  2. Usenet
  3. ALT.COMP.OS.WINDOWS-10

  • Best hex way to emasculate an executable updater?

    From mike@21:1/5 to All on Tue Feb 7 20:43:44 2023
    Have you ever had an updater that kept coming back?

    I installed memoryhogs hoping it would help me identify a cpu/io hog. https://www.ghacks.net/2017/01/23/memory-hogs/ http://michaels-tech-notes.info/software-database/ https://www.michaels-tech-notes.info/app/download/3888974/MemoryHogs.exe

    The memory hogs program works ok but insists on installing its own updater.
    I deleted the updater. It came back.
    I deleted it again. It came back again.

    Thinking I'd be "clever", I deleted it and created an empty text file
    of the same name "MemoryHogsUpdater.exe" but it came back on top of it.

    What's an easy way to slightly destroy the updater by injecting hex?
    Would just hex editing work or is there a more clever way?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?TWlnaHR54pyFIFdhbm5hYmXin@21:1/5 to mike on Tue Feb 7 10:25:35 2023
    mike wrote on 2/7/2023 10:13 AM:
    Have you ever had an updater that kept coming back?

    I installed memoryhogs hoping it would help me identify a cpu/io hog. https://www.ghacks.net/2017/01/23/memory-hogs/ http://michaels-tech-notes.info/software-database/ https://www.michaels-tech-notes.info/app/download/3888974/MemoryHogs.exe

    The memory hogs program works ok but insists on installing its own
    updater.
    I deleted the updater. It came back.
    I deleted it again. It came back again.

    Thinking I'd be "clever", I deleted it and created an empty text file
    of the same name "MemoryHogsUpdater.exe" but it came back on top of it.

    What's an easy way to slightly destroy the updater by injecting hex?
    Would just hex editing work or is there a more clever way?

    Use a firewall to block internet access to any process you want to deny internet access. Most people who use "cracked" software know to block
    internet access to their "cracked" software.

    I use "Tinywall", but there is a learning curve.

    https://tinywall.pados.hu/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From mike@21:1/5 to All on Tue Feb 7 21:31:28 2023
    On 07-02-2023 16:25 <@.> wrote:

    Use a firewall to block internet access to any process you want to deny

    I use the default Windows firewall but it did not pop up any warning.
    I think I can bring up the Windows firewall using the control+i buttons.
    But then how do I know which domain to block in Windows firewall?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burns@21:1/5 to mike on Tue Feb 7 16:04:04 2023
    mike wrote:

    Thinking I'd be "clever", I deleted it and created an empty text file
    of the same name "MemoryHogsUpdater.exe" but it came back

    create a folder called "MemoryHogsUpdater.exe" ?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From =?UTF-8?B?TWlnaHR54pyFIFdhbm5hYmXin@21:1/5 to mike on Tue Feb 7 11:24:19 2023
    mike wrote on 2/7/2023 11:01 AM:
    On 07-02-2023 16:25 <@.> wrote:

    Use a firewall to block internet access to any process you want to deny

    I use the default Windows firewall but it did not pop up any warning.
    I think I can bring up the Windows firewall using the control+i buttons.
    But then how do I know which domain to block in Windows firewall?

    I gave up trying to figure out how to use Windows firewall.

    The Tinywall is actually a user interface for Windows firewall. That's
    why the program size is so small. Tinywall lets you specify all the restrictions and it will change the settings in Windows firewall for you.

    The file size of Tinywall is only 868 kb.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)