Hard_Configurator - Windows Hardening Configurator

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,093
@Andy Ful -- question without going into details at this point, assume a user ran H_C from admin acct several months ago, also assume some time later same user in sua forgot he ran H_C and installed SWH as run as admin, then assume user recently logged into admin acct to install a new security app, and opened H_C and saw that it appeared that H_C had hardened the system, so before installing new security app, user used H_C tools | restore windows default, rebooted, then installed new app. all running well after this new installation. then user logged in sua and realized he had run SWH in the past.
Question: when in admin acct and re-setting H_C to windows default, would that have also reset to windows default and actions that SWH would have previously done?? :unsure: Assume all assumptions are true, duh... :oops: (longer story how this happened but not really relevant imo :ROFLMAO:)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
@Andy Ful -- question without going into details at this point, assume a user ran H_C from admin acct several months ago, also assume some time later same user in sua forgot he ran H_C and installed SWH as run as admin, then assume user recently logged into admin acct to install a new security app, and opened H_C and saw that it appeared that H_C had hardened the system, so before installing new security app, user used H_C tools | restore windows default, rebooted, then installed new app. all running well after this new installation.

After that both SWH and H_C are uninstalled.

then user logged in sua and realized he had run SWH in the past.
Question: when in admin acct and re-setting H_C to windows default, would that have also reset to windows default and actions that SWH would have previously done??
Yes. :)
 

ErzCrz

Level 21
Verified
Top Poster
Well-known
Aug 19, 2019
1,063
ALERT: When I visited hard-configurator[.]com just now in Firefox 113, the site tried to install a fake search add-on from get[.]thesafersearch[.]com, which I dutifully added to my grayware blocklist.
Blocked by my uBlock Origin in Firefox and Tracker Blocked in Edge.
1684795392275.png
1684795498118.png

Anyway, we know that site hasn't been updated or active/managed for some time now but worth advising the owner.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,197

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
The old Hard_Configurator website: is now discontinued and not supported by the author.


But correct, it does re-direct. Did not notice any automated malicious installs, but 100% for sure random spam/scam. Recommended to submit to your AV vendor. With the latest stable Firefox, it automatic blocks the https url. That's a good sign. Btw, @Andy Ful can hopefully answer best about his previous site.

Thanks for the confirmation posts. (y):coffee:
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
This domain was bought by @askalan (previous MT member) several years ago to support the Hard_Configurator project. But it expired about one year ago, and now someone else is trying to reuse it for malicious purposes.
Thanks for reporting this issue. About a year ago, I added the info that this domain is discontinued and not supported by me. But, it is time to add the info that this domain is reused by malicious actors. (y)
 

gonza

Level 2
Sep 10, 2019
61
Sadly, is a common practice: there are people who buy domains and then try to sell them to make a profit.

In this case is Nanci Nette, and it seems that she is known to do this. This is a Reddit from 7 years ago:

And here are some domain dispute cases against her: Nanci Nette: Domain Name Dispute Cases Filled Against Nanci Nette | DNDisputes.com

You can open a dispute and since you also have a tool/software with that name, you will probably win.

Btw, hardconfigurator.com is available:
1684844915759.png
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
I contacted with DNDisputes via their contact web page:

The domain hard-configurator.com is currently used in malvertising when someone wants to get information about the Hard_Configurator application developed by me.

The dev. website of Hard_Configurator:

Can you do something to prevent abusing this domain?

I am waiting for the response.
 

South Park

Level 9
Verified
Well-known
Jun 23, 2018
434
NextDNS with OISD.nl does block redirect when visiting hardconfigurator.com, web extensions are not the best mechanism to block bad URL's

View attachment 275591

Seems somebody has his website hacked or could not resist a good offer
I have both the uBO Badware filters and AdGuard DNS (which I think uses OISD), so I'm really surprised that I got served a malvertising page. I even checked to make sure I hadn't set anything in Trusted Sites.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
Google shows this domain as the second most popular one when searching for Hard_Configurator:

1684878457395.png

*******************************************************************************************************************
*******************************************************************************************************************

Bing is more resistant to such tricks and the abused domain hard-configurator.com can be seen as the 20 entry on the search list.

1684878780659.png
 

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
568
uBO blocked it when I attempted to navigate to the malvertising page...

hard_configurator-Fake.png

EDIT

even if I attempt to proceed to the page, it doesn't connect because I block remote port http (80) ipv4 with the firewall.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top