Figure 1. Tlist.exe can now see the Hacker Defender 1.00 hidden process.

 

 

 

 

 

Figure 2. eTrust Antivirus can now see Hacker Defender 0.84 hidden files, although it appears to be unprepared to detect and remove Hacker Defender files while it is active.

 

 

   

 

Figure 3. Reg query can now see Hacker Defender 0.73 hidden Registry key under the HKLM Services key. (Hacker Defender 0.84 and above have an additional hidden key for the driver.)

 

 

 

Figure 4. The dir command and Task Manager can now see Hacker Defender 0.51 hidden files and processes, respectively.

 

 

 

Figure 5. Strider GhostBuster detecting hidden files and processes of a Hacker Defender variant captured from the wild.

 

 

 

Figure 6. GhostBuster detecting another Hacker Defender variant "aalpha" from the wild, with hidden files test.sys, aalpha.exe, and aalpha.ini (the last two also have a hidden file attribute).