Advanced Process Manipulation

#1 DiamondCS APM: Advanced Process Manipulation (Freeware - NT,2K,XP)

DiamondCS APM is an advanced process/module viewer and manipulation utility that allows unique control over target processes by becoming a part of them.
Unlike conventional process viewers, DiamondCS APM doesn't control processes by remotely sending them instructions. Instead, APM safely attaches a part of itself to the target process,essentially becoming a part of that process. Once 'inside', APM is free to perform actions on behalf of the target process. For example, if it calls the ExitProcess API call, the target
process terminates.Because of this 'insider' nature, APM is able to do some remarkable things that aren't otherwise possible. For example, it can determine the commandline of any process by making it call the
GetCommandLine API function. It can use FreeLibrary and LoadLibrary to unload and load DLLs into the process (allowing you to make plugins for virtually any program!). It can even determine which ports the target process is using! APM has even been used here in our lab to disinfect an explorer.exe-infecting rootkit-style trojan from a test machine, making it an excellent anti-trojan tool.

Homepage:http://www.diamondcs.com.au/index.php?page=apm

Download APM (110kb):http://www.diamondcs.com.au/downloads/apm.exe

Gruß
Ajax

#2 versagt leider bei guten RATs ;-)
nur bedingt empfehlenswert, da geschickte Malware ihre DLLs so programmieren, dass man sie nicht einfach so durch ein solches Programm abschalten kann ;-)

Leider ist das der Stand der Dinge.

#3 Die brandneue Version von TrojanHunter soll gut mit injizierenden Trojanern zurecht kommen (sprich, die injizierten dll's werden 'sauber' entfernt.)
Schon mal ausprobiert, MEGAFREAK?
__________
"Scheinsicherheit" - wie leicht lassen sich Viren- und Trojanerscanner austricksen?

#4 Ich kenne nur die Demo version mit veralteten Signaturen von Trojanhunter, wäre schonmal interessant zu sehen, was die Vollversion so alles kann.