Process Hacker Discussion Forum

 
gsom9000
New User
Posts: 1
Joined: 16 Jan 2019 21:19
OS: Win 10 pro

Protect Process Hacker against viruses (window title + process name)

16 Jan 2019 21:33

Hi. Some viruses just disable or suspend PH when you try to run it on infected PC. I was helping ppl with virus removal and for the last 3 months almost every malware/virus/miner tried to stop PH process, even if i tried to rename executable file. I have read some forums where the viruses code is posted and looks like most of them are trying to check process name and window title when you try to run any .exe. To counter this, Dr.Web CureIt and Kaspersky VRT have the protection - every time you download them from official sites - you get unique .exe name, etc.
Please consider to add a feature to download latest PH with random .exe name, that launches random window title and show up as randomly named process in the Task Manager. This will definitely help to use Process Hacker when it is really needed. And thank you for that awesome software.
 
User avatar
dmex
Admin
Posts: 1695
Joined: 17 Jan 2011 05:43

Re: Protect Process Hacker against viruses (window title + process name)

09 Feb 2020 05:04

gsom9000 wrote: 16 Jan 2019 21:33
Hi. Some viruses just disable or suspend PH when you try to run it on infected PC. I was helping ppl with virus removal and for the last 3 months almost every malware/virus/miner tried to stop PH process, even if i tried to rename executable file.
I regularly get emails about these issues and have been updating the nightly builds with features to make these attacks harder and more obvious.

These days it's not just malware but even "legitimate" software (Antivirus and especially online Games) using identical methods as malware to target Process Hacker. I'm starting to think the employees at those companies are the same people authoring the malware and using their position to further their employment by 'taking down' their own malware and then using company resources to attack software like Process Hacker.
gsom9000 wrote: 16 Jan 2019 21:33
Please consider to add a feature to download latest PH with random .exe name
You can already rename processhacker.exe with a random filename.
gsom9000 wrote: 16 Jan 2019 21:33
launches random window title
You can set the "EnableWindowText" setting to 0 for disabling the window title and also change the "MainWindowClassName" setting to a different window class.
gsom9000 wrote: 16 Jan 2019 21:33
show up as randomly named process in the Task Manager.
It'll show up as a different process after you rename the executable and disable the window title.

These features and others are included in the nightly builds:
https://wj32.org/processhacker/nightly.php