Boxanite

Member
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Boxanite

  • Rank
    New Member
  1. Thank you very much for the help. I ran those commands and the service seems to be completely gone.
  2. 1. Yeah, I figured it wouldn't be possible for the driver to load (assuming it is even still installed) without the service. However, for my own personal peace of mind, I'd love to fully remove any/all files associated with HackShield. 2. I didn't use any software to find the hidden service. Doing a little research showed me that HackShield installed a hidden service with that name, so all I did was go to the appropriate registry entry and confirmed its existence after uninstalling the game. While it is possible removing the game uninstalled the driver, I have my doubts. Even when the game was running, I was still unable to locate the driver in the specified directory, which is why I believe the driver always remains hidden and could still be installed. 3. This is the following BlitzBlank script I attempted to use: DisableDriver: C:\Windows\System32\Drivers\XEagle64.sys DeleteRegKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XEagle64 The above script just returned error codes and loaded into Windows. I then verified that the service was still installed, so this is when I attempted to manually remove it. My main concern now is two-fold: 1) I fear the driver may still be installed, which is undesirable to me. Even if it is dormant, I'd rather not keep a useless driver that I morally disagree with on my machine. 2) Considering that HackShield is clearly trying to hide and protect itself from tampering, I can't be sure what else this junk has installed in order to ensure its own integrity on my machine. This is the primary reason why I reached out to Emsisoft, so maybe a little more research could be done and the true behavior of this application could be identified. At the very least this could be considered a PUP to most users, especially since the game installation never asked to install it and the EULA of the game says nothing at all about a third-party monitoring tool. While I might be a little paranoid, I don't see how this practice is any different from other shady companies that manage to be placed into the signature database as potentially unwanted software. When you visit the developers website (http://hackshield.ahnlab.com/hs/site/en/TheService/management.do) you can see that they offer some sort of monitoring service with their HackShield Pro product. While they may only be monitoring game servers and such, I am a little worried this "monitoring service" extends directly to each installed copy of HackShield so they can isolate and block "zero-day exploits" within games. Such monitoring services, especially ones located in other countries with more relaxed privacy laws (South Korea), kind of scares me. Thank you very much for taking the time to respond to my post, Elise. I appreciate your help.
  3. I recently installed a free-to-play game called ArcheAge, which was published by a legitimate game developer that has been trusted for some time (Trion Worlds). Well, the Korean developers (XLGames) included an anti-cheat mechanism called HackShield. There was absolutely no indication that this third-party software would be installed during the installation process. Once I realized that this anti-cheat mechanism installed itself as a system driver and was potentially being monitored by a company that I don't fully trust, I opted to uninstall the game. Well, even after you uninstall the game, HackShield remains on the system. I contacted Trion support and was given access to their tier 3 team. I asked them if these were the only files I needed to remove to fully uninstall HackShield and they were unsure. Trion said they would try contacting the developers of HackShield and ask them what files it leaves behind so I could get rid of it. Well, they have yet to contact me back and are largely just ignoring the issue. So, I was left to solve the issue on my own. So far I have found the following service and driver left behind: Hidden Service: HKLM -> System -> CurrentControlSet -> Services - > XEagle64 Driver: Windows\System32\Drivers\XEagle64.sys BlitzBlank was unable to remove the files after a few attempts. However, I was able to successfully delete the hidden service within the registry, but I was never able to locate the system driver the service was referencing. Could Emsisoft possibly look into this and shed some more light on the issue? I'd love to know how to completely uninstall HackShield. I am afraid it may have left behind more files that I was unable to find. I look forward to hearing back from you all.