Results 1 to 8 of 8

Thread: Possible to Block Processes

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Location
    Selkirk Manitoba, Canada
    Posts
    18

    Default Possible to Block Processes

    It's simple, Rakion is one of my favorite games, however their updater always reinstalls BTDNA, which is a horrid program, I am almost certain it does something malicious in the background (considering when its running my internet activity is through the roof). Is there a way I can block this process, add it to the black list of processes with teatimer? Or prevent it from being able to install at all? I don't want to do my trick of making a program of the same name in the same folder that is always running, just has no lines of code :P (great for stopping viruses :P)

  2. #2
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    I'm not a Rakion user, but I'll try to explain it the best I can (give you a resolution if possible).

    By BTDNA, I'm assuming you are referring to the P2P program "BitTorrent" or it's 'DNA' feature which supposedly "speeds" up downloads (which in my opinion is false). Can you manually select which updates to choose from the game, or is it automatic (like downloads all the updates)? It sounds a bit shifty like Apple.

    I'm not sure if you can prevent it from installing it all with TeaTimer, but you can stop it from starting up or adding toolbars and such. A good HIP program might do the job of stopping it from installing it at all (with going through some dozen of prompts). If you are using Comodo Pro Firewall it will do the job with Defense +.

    You can always kill the BitTorrent process.
    -
    So what happens when you uninstall BTDNA? It still comes back with the Updater?

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Location
    Selkirk Manitoba, Canada
    Posts
    18

    Default

    Yeah it comes back with the next update, otherwise I kill it then uninstall it, teatimer usually stops it from getting added to startup. Teamtimer has a blacklisted processes thing, tis why I wonder if that can be configured to blacklist btdna.

    Rakion does not require this to run... it actually runs smoother without it (prolly cause btdna isn' in the background broadcasting random garbage over the internet)

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    SlimySlayer:

    See if the following thread helps:

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Location
    Selkirk Manitoba, Canada
    Posts
    18

    Default

    ah, I'm on 1.6, I made this file

    Code:
    // info: Trevor's blocks
    
    :: BTDNA
    File:"Description","iexplore.exe","filesize>=1"
    AutoRunByFilename:"*\BTDNA.exe","","filesize>=1"
    File:"Internet Explorer web browser","<$PROGRAMFILES>\Internet Explorer\iexplore.exe","filesize>=1"

    Two attempts at IE in there, neither seemed to do anything, didn't block IE anyways, and doesn't show in blocked processes list in teatimer, unless I did this wrong?

    Code:
    C:\Program Files\Spybot - Search & Destroy\Trevor.sbi

  6. #6
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    (moved this thread into the OpenSBI section for discussions on SBI issues )

    The first attempt fails because of the missing path. See the documentation of File (Wiki). The OpenSBI editor will help you by showing problems if you press F1 as well

    You need to restart TeaTimer so that it'll recognize new/changed files.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

  7. #7
    Junior Member
    Join Date
    Jul 2006
    Location
    Selkirk Manitoba, Canada
    Posts
    18

    Default

    I unchecked it in Spybot, waited then rechecked it, thats not good enough restart?

  8. #8
    Junior Member
    Join Date
    Nov 2014
    Posts
    2

    Default

    I just sent the files to the email adress you mentioned. Before I made my detection rules I installed the samples twice in a virtual machine. Both times the ID was the same but I am quite sure that it will change soon. Is there a way to use wildcards for directories? Or is there another way how I could detect this stuff without using the static name? Additionally I am not sure if I used the startmenu rules in a correct syntax (Is it correctly to use the filerange on that way?)

    I am looking forward to hear from you

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •