SecurityXploded Blog

New SpyDLLRemover to Remove DLL from System Process

The newer version of SpyDLLRemover v3.2 now support removal malicious DLL from system processes on Vista/Win7 platforms. Starting with Vista, Windows has introduced the session separation feature which prevents processes in one session interacting with process in another session.

Normally all system processes including services live in session 0. All user session starts with session 1. So even though any process is running as administrator it cannot create remote thread, hence cannot inject/free DLL from system processes because of the session separation concept.

SpyDLLRemover uses advanced DLL removal technique to remove spy DLL from remote process. However due to this session restriction it was not able to remove DLL from system processes. Often spywares hide themselves in the system processes so as to be evade suspicion of user. In that context such a limitation was in fact boon for those spywares.

But stars have changed in the sky. The new version of SpyDLLRemover now comes with a support to remove DLL from any system process across session boundaries thus breaking all those restrictions imposed by Vista/Win7.

Now even if malware is hiding its DLL in the system process such as Lsass.exe or Winlogon.exe, it cannot escape from SpyDLLRemover any more…!

.

Leave a Reply