NSA Trapdoor Access Built into Windows Drivers ADVAPI.DLL

Thread: Microsoft -NSA - One in the same?


More info , This is real folks.

I pretty much knew someone was since windows xp....my old man always believed the government trying to sue MS back in the 80s-90s was a smoke screen to make people think they were "enemies".

Beware what you type and do is always a good policy.

No, reverse engineers can easily analyze the DLL with a disassembler.

Shill warning alert.

I know they know, they know I know.

you're essentially restating what he stated. but both of you have the specifics wrong: you can't decompile to a specific language, you can't analyze easily by disassembly, but you can disassemble and profile it.

The facts:

The key itself could never have been a backdoor in the strong sense (meaning, its presence alone wouldn't have granted access to the NSA). At best, it would have facilitated the installation of a backdoor. The smoking gun would have been such an installed backdoor (in the form of a cryptographic service provider), but one was never found.

Microsoft gave an explanation for the key. Unfortunately, that explanation can't be confirmed or denied. The saga ended in a question mark, not an exclamation mark.

How do you know there is no NSA backdoors in windows you shill?

part of any military's strategy is to try to project a force greater than it has

No, you can decompile to a specific language, but it wouldn't have necessarily been a good decompilation (and certainly wouldn't have been a reproduction of the original source code). The symbol table wasn't stripped from the DLL in question, and that would've helped a bit.

Where he's wrong is saying that a C/C++ decompiler is the ONLY way to see what the DLL does. This is false by the presence of disassemblers.

Also, BOTH my "reverse engineers can easily analyze" and your "you can't analyze easily by disassembly" depend on the interpretation of 'easily', obviously. What an amateur considers extremely difficult a pro could consider easy.

The only thing i will paste on facebook this year.

where the NSA security crack?

im guessing some obscure version of linux will do it.

Haha oh no the "NSAKEY"....

psssht as I type to my friends on facebook what my plans are for today....

well dang, so glad you brought this up.

yesterday, was chilling here on the glp, had probably posted already...off and on for a couple of hours already, noticed a Norton on screen notification that some dll file was "safe" and i was thinking whaa? i didn't even leave this page, much less "download" something.

and it had an unlikely name, something like peachy sunshine (dot) dll...

i'd look for it but those notices don't persist, and i shrugged it off to an onscreen exploit, as if someone hid a button and i moused over it.

any idea, anyone?

I was messing with an office computer that uses Advast. It popped up showing a new feature which allows users to remote control other people's computers.

Seriously, does anyone really think there is an OS that does not have backdoors? These OS's nowadays our over a gigabyte in size, so they have at a minimum of 100's millions of bytes of code. It would be nothing to slip in a few backdoors in that mess and no one would ever find it.

Also think about these security updates that happen every week. It would be nothing to have one of them open up a backdoor. It does not even have to be the OS. Advast is free as well as a lot of other programs. We all should remember to old axiom of being beware of someone giving free gifts. Why do they give these programs away ? Who is paying them to make these free programs like Facebook, ubuntu, Advast, youtube, twitter, etc ...

It is clear to me they give these programs away because they really want to dominate the market (who can compete with free) and after they achieve this, they can control you because you have no alternatives.

They control you by spying on you because knowledge is power.

My question is: Can this be undone?? NSA are scumballs!!!

Really.

ADVAPI.dll is on none of my systems, Win XP Pro, Win XP Media, Win XP home, Win 7 (64 bit)home ultimate, Win Vista home running on various AMD and Intel processor commercial and hand built machines.

Now, after my clever researching I can report to the thread that I am now of the opinion that the article may, repeat may be correct given that A. Many authors list it as part of a virus and B. Many authors list it as a needed package.

So the scenerio I see is this. Article is written "ADVAPI.dll is NSA spyware!!!!!!!!!!!!!!!!!!!!!!!!".

The reader then looks and son of a bitch, it's there. So they delete it or unregister it all without knowing that a previous security update killed the NSA trap door. Opps, now Windows is throwing errors like crazy and the reader re-enables it, thus re-activating the trap door.

Either way, this stinks like a fresh cat turd.


advapi.exe is added as a result of the NETDEVIL.12 (NetDevil 1.2) VIRUS. This process is a security risk and should be removed from your system. If found on your system make sure that you have downloaded the latest update for your antivirus application.
Non-system processes like advapi.exe originate from software you installed on your system. Since most applications store data in your system's registry, it is likely that your registry has suffered fragmentation and accumulated invalid entries which can affect your PC's performance. It is recommended that you.

[link to www.processlibrary.com]

advapi3.dll is a malware-associated dynamic link library (dll). Legitimate dll files contain a set of executable functions that can be used by Windows applications. Malware-associated dlls contain malicious code that causes damage to your PC.

[link to www.exterminate-it.com]

ADVAPI32.dll

ADVAPI32.dll is part of Microsoft® Windows® Operating System and developed by Microsoft Corporation according to the ADVAPI32.dll version information.

ADVAPI32.dll's description is "Advanced Windows 32 Base API"

ADVAPI32.dll is digitally signed by Microsoft Windows Component Publisher.

ADVAPI32.dll is usually located in the 'C:\WINDOWS\system32\' folder.

None of the anti-virus scanners at VirusTotal reports anything malicious about ADVAPI32.dll.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

[link to www.freefixer.com]

My laptop is always "updating" automatically. It really doesn't tell me what the hell for.

If anyone finds a way to undo this NSA shit please let us all know. I am not that computer savvy.

The NSA has had code in the Linux kernel for years.

[link to en.m.wikipedia.org]

I think the NSA quickly learned that it didn't need to plant a backdoor. Windows itself is the backdoor.

It's now called advapi32.dll

remember to have 'show protected files' & 'hidden files' option checked in folder options etc

Don't have ADVAPI.DLL on my windows 7. Anyone else know where to find it so I can delete it?

It's now called 'advapi32.dll'

and really... do not delete anything in the Windows folder or your PC will go bang.

Don't worry about it... unless you have blueprints, industrial inside info, political info, or blackmailable material...

Your are right. It is not the only way. But it is a possible way to get some idea of the actual code.

Hey it finally got pinned!

[link to www.mail-archive.com]

Funny how programmers were talking about removing it back in 1999! The NSA backdoor was discovered long before Snowden leaked information.

I love America....long live our overlords

I want to remove it anyway. They have no right to spy on me.