LebGeeks

samer

Admin

Re: malware :S - help

just too much user unfriendly for most ppl.

It's a geek forum, remember? :)

Padre

Member

Re: malware :S - help

lol, if u read carefully, it says "with respect to your work". i didn't insult it i said it was messy and pretty damn inefficient and slow
i was testing it on my sand box and i didn't really like the ammount of work it generates vis-a-vis to what ir does. as for 30 min, API will take less and it wont flag ur prog as a virii.

echo call wscript.echo("OUTLAWS-trojan Cleaner 2007, by Red_phoenix2k@hotmail.com, NO WARRANTY on usage") > %windir%\temp\msg.vbs
%windir%\temp\msg.vbs
del /f %windir%\temp\msg.vbs

echo call wscript.echo("Plz CLOSE all background applications, press OK and then WAIT for the finished message") > %windir%\temp\msg.vbs
%windir%\temp\msg.vbs
del /f %windir%\temp\msg.vbs

you see its nice to learn ...MessageBoxA("...."); would have been much shorter.
anyway, as i said before, nice effort :)

oh and btw, welcome :)

Last edited by Padre (June 6 2007)

red phoenix

Banned

Re: malware :S - help

it's cool we cleared that out of the way :)
Thks guys for the really WARM welcome, lol

btw, i think the companies are starting to catch on, look what i found

http://www.sophos.com/security/analyses/w32outlawa.html

hehe, i wish i could type MessageBoxA("....") in a simple batch file, but i can't
personally, i'll leave visual studio for more sexy stuff hehe

talking about apis, i think i need to start a new thread about game programming , the last one prematurely died if u ask me

yalla, see u there

Last edited by red phoenix (June 7 2007)

mir

Member

Re: malware :S - help

well.. about the warm welcome.. sorry not my fault

by the way post something in the forum lobby
some more about urself
so u can have a real warm welcome

thanks for the link

my sister is studying graphic design
i am gonna learn from her couple of stuff  and hopefully will post some

red phoenix

Banned

Re: malware :S - help

as an addendum, i just dealt with a computer that my cleaner didn't fix

it had Windows XP HOME EDITION

it didn't work on it because the cleaner uses the console command 'taskkill' to deal with the loaded processes and apparently HOME EDITION doesn't have the executable file pre installed... that should explain the mystery of those pcs that are still infected after the cleaner ran on them :(

i think i should add the taskkill.exe to the unpacker, that way the cleaner will become REALLY messy on the inside, but hopefully more SUCCESSFUL on the outside hehe

i'll do that tomorrow and post a new link, it shouldn't be a bother

Last edited by red phoenix (June 7 2007)

red phoenix

Banned

Re: malware :S - help

just updated the cleaner.

here is the newer version

http://rapidshare.com/files/35904200/Ou … r.exe.html

red phoenix

Banned

Re: malware :S - help

UPDATE:

hi again, this is a c# version of the cleaner, a wrote it a while back but i never had the chance to test it.
so guys( and girls), if u get the opportunity, plz tell me if it works.

http://rapidshare.com/files/38284381/Ou … t.exe.html

note: this application requires the dotnet 2.0 framework

mir

Member

Re: malware :S - help

well i think this malware is detectable now by some anti virii
like active virus shield (the AOL Version of Kaspersky ) [last time i checked with it ]
but it doesn't reverse the action taken in the registry

ya red phoenix.. thanks for posting the update
if i know someone is infected i will tell him the link

how do u test ur code
ur using vmware to keep the malware or a dedicated pc for malware ?

red phoenix

Banned

Re: malware :S - help

dedicated pc, but i don't have the trojan to test it anymore ;(