21 February 2008

Azureus 3.0.4.3 Beta 34

0 comments
Azureus Vuze 3.0.4.3 B34 Changelog:

FEATURE: Core | Added µTorrent PEX support [amc1]
FEATURE: Core | Azureus probes trackers for UDP-capabilities on first scrape/announce now and uses udp instead of http where available [The 8472]
FEATURE: Core | Added option to enforce IP bindings even when the specified interfaces are not available (useful when Azureus should not use certain network interfaces) [The 8472]
FEATURE: UI | Added option for "Open Containing Folder" menu action - which may integrate better with non-standard file browsers [amc1]
FEATURE: UI | Added option for "Show Torrent Menu" -- Users can now decide to see the Torrent menu in the menubar or not [knguyen]
FEATURE: UIv3 | New menu configuration for Vuze and Vuze Advanced UI's [knguyen]
FEATURE: UI | Fast Renaming (not moving) in the Files tab (click on name column) and Open Torrent (click on dest. name column) dialog [The 8472]
FEATURE: UI | Completed downloaders column [The 8472]

CHANGE: Core | Further memory footprint reductions; for additional tweaks see http://www.azureuswiki.com/index.php/Reduce_memory_usage [The 8472]
CHANGE: Core | Reimplemented LT extension protocol code [amc1]
CHANGE: Core | DND/Compact (aka Delete) priority now deletes all files that do not share pieces with normal/high priority files [The 8472]
CHANGE: Core | Queuing rules now don't start any further torrents if the global up/download speed limits are reached [The 8472]
- makes "don't count torrent ..." minimum speed rules more useful to dynamically regulate the queue lengths
- recovers faster from chain reactions in case of connection loss
CHANGE: Core | Made the crypto handshake a bit less predictable [The 8472]
CHANGE: Core | Added support for IPv6 compact announces (client) and udp-multiscrapes (client+server) [The 8472]
CHANGE: Plug | Added support for plugins which implement mainline DHT [amc1]

BUGFIX: Core | Request limiting/Priorities no longer pinch off LAN peers if seperate LAN speeds are enabled [The 8472]
BUGFIX: UI | Shells no longer use the low-res frog icon, the normal main window icon is now used instead [amc1]
BUGFIX: UI | Limiting comments in General View to 5k characters under WinXP to avoid crashes due to faulty comctl32.dll [The 8472]
BUGFIX: UI | Setting speed parameters manually now disables autospeed [The 8472]

To use, rename the downloaded AzureusXxxx-Bxx.jar file to Azureus2.jar to replace your old jar in the Azureus program dir: ChangeTheAzureusTwoJarFile
Azureus v2 vs. v3 (Vuze) FAQ
Changelog
Commitlog
Snapshot RSS Feed
Beta Site: http://azureus.sourceforge.net/index_CVS.php


Download:
Azureus3043-B34.jar - 21 Feb 2008 07:07:37 AM [10307576 bytes]
Azureus3043-B34.jar.torrent

SUPERAntiSpyware Professional v4.0.0.1130

0 comments
SUPERAntiSpyware is the most thorough scanner on the market. Our Multi-Dimensional Scanning and Process Interrogation Technology will detect spyware that other products miss! SUPERAntiSpyware will remove ALL the Spyware, NOT just the easy ones!

Quick, Complete and Custom Scanning of Hard Drives, Removable Drives, Memory, Registry, Individual Folders and More! Includes Trusting Items and Excluding Folders for complete customization of scanning!

Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.

Light on System Resources and won't slow down your computer like many other anti-spyware products. Won't conflict with your existing anti-spyware or anti-virus solution!

Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System!

Real-Time Blocking of threats! Prevent potentially harmful software from installing or re-installing!*

Multi-Dimensional Scanning detects existing threats as well as threats of the future by analyzing threat characteristics in addition to code patterns.

First Chance Prevention examines over 50 critical points of your system each time your system starts up and shuts down to eliminate threats before they have a chance to infect and infiltrate your system.

Process Interrogation Technology allows threats to be detected no matter where they are hiding on your system.

Schedule either Quick, Complete or Custom Scans Daily or Weekly to ensure your computer is free from harmful software.*

Dedicated Threat Research Team scours the web for new threats and provides daily definition updates.*

Download Site
ProActive
url correct: http://downloads2.superantispyware.com/downloads/SUPERAntiSpywarePro.exe
no pro free: http://superantispyware.com/superantispywarefreevspro.html
offer most needed options: http://downloads2.superantispyware.com/downloads/SUPERAntiSpyware.exe

Trojan Remover 6.6.7 Build 2514

0 comments
Trojan Remover aids in the removal of Malware, Trojan Horses, Worms, Adware, Spyware - when standard anti-virus software either fails to detect them or fails to effectively eliminate them. Standard antivirus programs are good at detecting this Malware, but not always good at effectively removing it.

Trojan Remover is designed to work on Windows 98/ME/2000/XP/Vista. The program is not compatible with any 64bit version of Windows.

The majority of Virus and Trojan Scanners are well able to detect malicious software - Trojan Horses, Internet Worms, Adware/Spyware etc. - but are not always very efficient in removing them once they have been triggered.

Trojan Remover is designed specifically to disable/remove Malware without the user having to manually edit system files or the Registry. The program also removes the additional system modifications some Malware carries out which are ignored by standard antivirus and trojan scanners.

Trojan Remover scans ALL the files loaded at boot time for Adware, Spyware, Remote Access Trojans, Internet Worms and other malware. Trojan Remover also checks to see if Windows loads Files/Services which are hidden by Rootkit techniques and warns you if it finds any.

Download Site
Shareware if click 1st link only

IE WebDeveloper v2.3.2.108

0 comments
IE WebDeveloper 2.3.2.108 is an add-on for Microsoft Internet Explorer. The rich web debugging toolset allows you to inspect and edit the live HTML DOM, evaluate expressions and display error messages, log messages, explore source code of webpage and monitor DHTML Event and HTTP Traffic.

Shareware
Download site
vs.

Microsoft Internet Explorer Developer Toolbar 1.00.2188.0



The Internet Explorer Developer Toolbar provides several features for exploring and understanding Web pages. These features enable you to:

* Explore and modify the document object model (DOM) of a Web page.
* Locate and select specific elements on a Web page through a variety of techniques.
* Selectively disable Internet Explorer settings.
* View HTML object class names, ID's, and details such as link paths, tab index values, and access keys.
* Outline tables, table cells, images, or selected tags.
* Validate HTML, CSS, WAI, and RSS web feed links.
* Display image dimensions, file sizes, path information, and alternate (ALT) text.
* Immediately resize the browser window to a new resolution.
* Selectively clear the browser cache and saved cookies. Choose from all objects or those associated with a given domain.
* Display a fully featured design ruler to help accurately align and measure objects on your pages.
* Find the style rules used to set specific style values on an element.
* View the formatted and syntax colored source of HTML and CSS.

The Developer Toolbar can be pinned to the Internet Explorer browser window or floated separately.

Your feedback is greatly appreciated. Please visit the IE Web Development Forum on MSDN to enter bug reports, comments, and suggestions.

more Diag Tools

Freeware
Download Site

Censored by AntiVirus Packer.FSG - FALSE POSITIVE

4 comments
FSG - F[ast] S[mall] G[ood]
Perfect compressor for small exes, eg. 4k,64kb intros, asm appz etc.(upx sux)

features:
+ designed for asm executable files (kg, cracks, trojans :) - IN HOPE NO ONE PACK TROJANS WITH IT
+ small loader size (but if u know how to improve it, mail me)
+ imports handling
+ support for executables with export tables
+ TLS support (delphi, bcc exes)
+ overlays support (flash, director, shockwave etc.)
+ aPLib compression (LZMA is too big and NRV from z0mbie's site is soo sloow)
+ command line support, eg. "fsg.exe notepad.exe" (drag&drop also works)


changes v2.0
+ 100% recoded (pure win32asm)
+ 158 bytes of loader code, gee its so cute :), can you make it smaller?
+ support for exports and overlays (flash and co.)
+ strip unused resources option (version info, delphi's resources)
+ configuration file (fsg.ini), read it for more info
+ it wasnt my intention, but you can pack executable from vb-shit too :)
+ fixed command line handling for Windows Server 2003
+ fixed Windows95 compatibility problems (command line support)
- 32x32 icon isnt removed anymore


changes v1.33
+ smaller loader code (again??), this time its 197bytes long (u cant stop us)


changes v1.32 (internal release)
+ smaller loader code (206 bytes)
+ ms-dos header optimization (PE header at 0Ch offset)
! shitty Web3000 claims that FSG is a trojan, dont use this cheap Web3000
crapware, anyway if you still think FSG is a trojan, reverse it and
tell me about your worries


changes v1.31
+ smaller loader code (thnx Jibz for aplip optimization tips), 239 bytes
+ compatibility with FASM exe files


changes v1.3
+ nice GUI
+ FSG saves its import strings in PE header, just like TLS table if detected
+ PE header moved 32bytes up (40h), i dont give a fuck about dos message
+ heavily tested under XP (yeah rite...)
+ detection of invalid PE files (signatures, packers flags at PE+F4h)
+ error handling (seh requested :P)
- polymorphic encryption (you didnt like it, am i rite?)


changes v1.2
+ now FSG loader is placed correctly in the PE header (always on 200h)
+ tested under XP (but still i wont pay 500$ for this shit :P)
- disabled compression of RT_FONTDIR & RT_FONT & RT_MANIFEST resources
- disabled compression of RT_VERSION resource (shit, now you can compress
all those little shitty VB appz)

bugs
- no .NET executables support (what can be worst than VB for .NET? :)
- no DLL support (who needs it anyway?)
- no TLS callbacks support
- no delay imports support
- and much more :)

FSG v1.33 , FSG v1.2 , FSG v2.0
Homepage: http://www.xtreeme.prv.pl/

Hit this link and see the stupidness of all wannabe security forums, AntiVirus advisor's and many more http://www.google.com/search?num=100&hl=en&newwindow=1&safe=off&q=Packer.FSG
They discuss since years because maybe some people have packed with FSG viruses into files that now the exe packer by self is a Trojan virus. Please use unlisted packer such as upx, pecompact whatsonever and pack your shit trojans into files because this packers are possible less good in compression ratio but will never be listed as trojan as name of the compressor/packer but AV Researcher will have a little bit more work to do and find the real virus inside packed files, no matter what packer have been used.

used by many and ... /CORE - not a typical keygen or scene packer, Intros and small files to get even smaller is always welcome

Packer is detected as Trojan in most AV's
disambled it up to its substance, sandbox it, no trojan there. - FALSE POSITIVE - if the packed file have no trojan, it will show positive cause some AV's have list the whole packer.

applies by those AV's which detect it as positive to all packed files with this packer.

according to PEiD its done with: FSG v1.33
I knew PEiD isn't the best it lakes on signature updates and doesn't have a anti cheat mechanism if stick some other signatures inside.
Testing with Exeinfo Pe its well updated and show some more:
Image is 32bit executable FSG v1.33 F[ast] S[mall] G[ood] - www.xtreeme.prv.pl

There is the advice to use: VMUnpacker V1.2 by www.dswlab.com (why not V1.3)
I use another one now

KAV engine in G Data detect Trojan /by the way latest WinXP SP3, a system file, genuine signed by MS is detected as virus. - Restore from quarantine failed. G Data Firewall looks not bad. AV engine slow down system same as latest Outpost Firewall. Always good that there Archive sites in the net to get older versions.



result original: http://www.virustotal.com/analisis/3e05a9dd741ca42f5001195652311a54
14/32 AV's have listed Packer FSG as virus - false positive -
unpacked: http://www.virustotal.com/analisis/3a1ba1a7606e681a11d5e6f32fb98202
by 6 from this 8 I'm sure I get the false positive alert out if I clean the unpacked file from the rest signs that it was packed before with FSG.

http://www.virustotal.com/analisis/72757bef29b2add1d564ee86ad450cd8
TheHacker 6.2.9.225 lost the virus W32/Behav-Heuristic-061
already by removing the word " FSG! " in the pe header with a hexeditor.

Webwasher-Gateway 6.6.2 changed his meaning from Packer.Dumped to Win32.Malware.gen (suspicious) by removing the word: " FSG! " in a hexeditor

looks like signs from MEW, overseen...
however if pack it again come to this:
http://www.virustotal.com/analisis/9646f7ae36603fa580408549bc12f7ae
from original 14/32 to 9/32 while Sophos show another false positive from repacking follow by Panda, eSafe, Sunbelt and Webwasher-Gateway = minus 5! It will stay 4/32
Im little bit worry if Avast have right with: Win32:Agent-QXQ

I didn't clean the unpacked file, F-Secure found signs that it was before packed with FSG and shown the file unpacked/not cleaned like before, same as by Avast. Ikarus ????
Webwasher found as well the rest signs that it was packed before. eSafe don't know anything cause it shows unpacked another virus as packed from Trojan/Worm mutated to dont know = Suspicious File. ! Packer listed !?
About CAT-QuickHeal just for laughing it show by most exe packed files independence from the packer have been used upx/Xcomp/pecompact very often: (Suspicious) - DNAScan

Norman, Sophos, FileAdvisor, AhnLab-V3, Prevx1 lost the virus (false positive alert) in unpacked conditions same as VirusBuster. Proof for me that those AV's have list just the packer as virus - no analysis or unpacking have been done.

MZ� PE L FSG!

VM Unpack

The whole thing again, better test twice now with VM Unpack V1.4 (we have the sdk)
Info:
FSG v1.33 (Eng) -> dulek/xt <===> Support
Unpacked successfully! (in less than a second)

The default DOS MZ Header / DOS stub will be always missing by FSG there will be written
MZ� PE L FSG!....
That means AntiVirus will see that it was packed with FSG unless its replaced.
See: http://win32assembly.online.fr/pe-tut1.html

The unpacking engine VM Unpack which is done for trojan research from a Chinese AV Data Security Company adds the word À.dswlab in the PE header

here the result analysis:
http://www.virustotal.com/analisis/e3c6628a12b66853f400750d31037977
same as the first unpacking solution: 8/32
For me it confirms twice that the packed file with 14/32 have lost by 6 scanner the Viruses in unpacked conditions complete > 6x proved false positive from exe packer!!!

I will say these AV's can put the result in Minus:
- Webwasher-Gateway
- TheHacker
- Sunbelt
- maybe F-Secure cause it shows by most signs from packed files done by all possible packer the same
- eSafe
- CAT-QuickHeal see F-Secure

= 2/32 scanners:
Avast report Win32:Agent-QXQ and
Ikarus report Trojan.Win32.Obfuscated.ex
while Ikarus possible get the info from other scanners as it was to seen by Packer XComp maybe from VirusTotal via Google search on that site or get the files delivered and is possible orientated on other AV's but reports different given Virus names. However about Avast Win32:Agent-QXQ Im unsure.

Rebuild and MS Dos Header + Stub added
http://www.virustotal.com/analisis/72757bef29b2add1d564ee86ad450cd8
Result: 7/32
same as above: Webwasher-Gateway changed his meaning from Virus detection Packer.Dumped to Win32.Malware.gen (suspicious).
TheHacker lost the Virus W32/Behav-Heuristic-061 and says clean just by adding a DOS MZ Header / DOS stub MZ.EXE. Sunbelt, F-Secure, eSafe, CAT-QuickHeal + Webwasher-Gateway will possible show nothing anymore if do changes by ms dos header + stub in file.

Webwasher-Gateway seems to scan focused by PE Id Sig. This sample was packed before with ASPack+Scrambler. Unpacking left rest from ASPack strings. Its packed with XComp. Ikarus was shown the same scanned file a few days ago, as Packer.XComp.A but changed virus name matching to the application and report now, cause it's utorrent.exe packed: Worm.Win32.Downloader.fb (utorrent + XComp packed = Downloader + Uploader for Win32 but no worm inside). Bitdefender cached it once wrong and don't correct them mistakes they let it as virus: Packer.XComp.A - False Positive - Hit Reanalyse change Proxy Ip's use anonym Proxys - test with ipid.shat.net/ - be sure your real IP is not under 'HTTP Forwarded For:' written by submition
Permalink: analisis/bdc253e8b7f1fa414dcfb152f7e6ef80

Anyhow for Romania its a new Packer since 13. Feb 2008. Austria did follow the old news. Checksum + MD5 of packer is since a year the same - no virus - false positive! - . It's a shame
-------------------------------------------------------------------------------------

Real viruses they don't want found such as the trojan:
%windir%/Media/csrss.exe + MSWINSCK.OCX (same filenames as the old backdoor but new md5)
start from registry
"Shell"="explorer.exe C:\WINDOWS\Media\csrss.exe" and connect to a server, found in a Forum site, not sure possible Patch Making Tools ALL IN ONE Patchmkers.exe or any other from them (posted end Jan/Feb 08.) cause they looking on the wrong places.

=====================================================================================

After many testing:

- McAfee
- Microsoft
- Symantec
- NOD32v2 (limited) Program don't like unpackers

have the best False Positive detection. - No Virus founded - if no Virus have been packed into files or can handle all packers and scan inside/unpack files...
My own meaning is that the oldest AV Companies from the early 90's / late 80's MS DOS / Windows 3.x times for example: Symantec (=Norton), McAfee have the most experience. Kaspersky I remember before year 2000 as it was once not in English Language available. The Gui language says nothing I don't care about Design and GUI, Languages. About BitDefender I have no words for them anymore as I've seen that they get the false positive packer detail info from VirusTotal.com maybe using Google search on VirusTotal sites or the files direct by submit to that site in hand cause by some testing with packer Xcomp they put the whole packer in them database as positive virus. Xcomp is analyzed already since a year and have not changed since that time. There is no Virus in XComp nor by the packer not by the packed output files done with it. BitDefender's auto submission and integrated email in the AV program by self is in my eyes a trojan. New is now that a pop up window force the user to give in personal info. If have it retail obtained or not. I have isolate all online connections to and from BitDefender AV products cause of the hidden random ISP servers. These server connection details are not to see with the Total Security Suite and Internet Security with the integrated Firewall. It scares me and I easy get paranoid about security privacy and trust to some places on earth. Especially when the product uninstallation let the half on harddisk and many registry entries after running uninstall. Not only on one computer.

If you programed a packer, protector and it's listed as Virus wrong, please contact as Author the AV Firms per email, Fax, post letter. Clear the things up, if you really did develop a clean packer. Send it for re-testing analyze to them in original same as you host it on your homepage. Otherwise it will be listed there forever. It is possible that the same packer was pick up injected with a virus and is in the virus database listed cause of this. Xcomp was listed as a Virus in a mistake by AntiVirus scanner. If you pack files with it and it still shown up as Virus, it should be resolved with coming AV signature updates.

Theoretical you can use every 30 days for testing another antivirus program. There are so many that you can a few years long protect your system for free. After all, remember your experience about Antivirus programs. You can as well every 6 months install the OS new and do a total clean up that you can test it all over again, free as trial version before you buy any Antivirus software which remove a lot files on your harddisk by detecting false positive and let you thinking that you these are all true viruses. Even more each Antivirus soft can find, you will think, even better is the antivirus cause you don't know which files are false positive and which are real viruses.
Some AV's can delete as well all your filtered ip's and urls in the windows hosts file if you did block with it unwanted websites and advertising, website counter and others to 127.0.0.1.
It will mean that this guys from: http://www.hosts-file.net/?s=Download and: http://www.bluetack.co.uk/modules.php?name=Content&pa=showpage&pid=10 are wrong with them blacklists of bad hosts.


Sorry for bad english
programmerstools.org

20 February 2008

Windows XP Service Pack 3 Release Candidate Public Notes

4 comments
Picture not updated -:)
Release Notes for this Release Candidate of Windows XP Service Pack 3

These release notes address late-breaking issues and information about this release candidate of Service Pack 3 for Windows® XP. Unless otherwise specified, these notes apply to all editions of Windows XP SP3.

New functionality included in this service pack
Technical Area Functionality or Feature Details

Networking
Black hole router detection
Improves black hole router detection (detecting routers that are silently discarding packets). This detection is turned on by default.

Networking
Network Access Protection
Allows you to better protect network assets by enforcing compliance with system health requirements. For more information about Network Access Protection, see http://go.microsoft.com/fwlink/?LinkID=110597.

Security
Credentials security service provider
Allows forward compatibility with Windows Vista® and Windows Server® 2008, And enables applications to delegate user credentials from the client to the target server. This security service provider is available through the security service provider interface, and it is used by Remote Desktop Protocol 6.0.

Security
Descriptive security options control panel
Offers more descriptive text to explain the settings and prevent incorrect configuration of settings.

Security
Enhanced security for Administrator and Service policy entries
Presents Administrators and Service entries (in System Center Essentials) by default on new policy instances. Additionally, a user will not be able to remove the setting in the UI for the "Impersonate Client After Authentication" user right.

Security
Microsoft Kernel Mode Cryptographic Module
Implements and supports the SHA2 hashing algorithms (SHA256, SHA384, and SHA512) in X.509 certificate validation.

The Federal Information Processing Standard (FIPS) 140-1 standard has been replaced by FIPS 140-2, and these modules have been validated and certified according to this standard.

Setup
Windows Product Activation
Allows users to complete their software setup without having to provide a product key.



Previously available functionality
The following items included in this release candidate were previously available as separate downloads.
Technical Area Functionality or Feature Details

Imaging
Microsoft® Windows Imaging Component (WIC)
Provides an extensible framework for working with images and image metadata. For more information about the WIC, see http://go.microsoft.com/fwlink/?LinkID=110598.

Management
Microsoft Management Console (MMC) 3.0
Provides a framework that unifies and simplifies day-to-day system management tasks in Windows Server 2003 and Windows XP. For more information about the MMC 3.0 update, see http://go.microsoft.com/fwlink/?LinkID=110599.

MDAC
Microsoft Core XML Services (MSXML) 6.0
Provides improved reliability and security, conforms with the XML 1.0 and XML Schema 1.0 W3C recommendations, and is compatible with System.Xml 2.0.

Windows Installer
Microsoft Windows Installer 3.1 v2 (3.1.4000.2435)
Provides a minor update to Windows Installer 3.0 (which was released in September 2004). For more information about Microsoft Windows Installer 3.1 v2, see http://go.microsoft.com/fwlink/?LinkID=110600.

Networking
Background Intelligent Transfer Service (BITS) 2.5
Helps improve security. This is a required component for Microsoft System Center Configuration Manager 2007 and for Windows Live OneCare. For more information about the BITS update package, see http://go.microsoft.com/fwlink/?LinkID=110601.

Networking
Digital Identity Management Service
Makes it possible for users who log on to any computer running Windows Server 2003 Service Pack 1 or higher and that is a domain member to silently have all of their certificates and private keys available for applications and services.

Networking
IPsec Simple Policy Update for Windows Server 2003 and Windows XP
Helps simplify the creation and maintenance of IPsec filters, reducing the number of filters that are required for a server and domain isolation deployment. For more information about IPsec security filters, see http://go.microsoft.com/fwlink/?LinkID=69286.

Networking
Peer Name Resolution Protocol (PNRP) 2.1
Enables Windows XP Service Pack 3-based applications that use PNRP to communicate with Windows Vista programs that use PNRP. For more information about upgrading PNRP, see http://go.microsoft.com/fwlink/?LinkID=110602.

Networking
Wi-Fi Protected Access 2
Provides the same support for Wi-Fi Protected Access 2 (WPA2) as is provided in Windows Vista and Windows Server 2003 with SP2. For more information about the WPA2 update, see http://go.microsoft.com/fwlink/?LinkId=110604.


Custom installation
This issue affects Windows XP Home Edition N and Windows XP Professional N.
Creating an integrated installer ("slipstream") by combining the installation disk for this release candidate with Windows XP Home Edition N or Windows XP Professional N by using the /integrate or /s command options is not supported. NEW !!!

To perform an integrated installation of this release candidate for Windows XP Home Edition N or Windows XP Professional N, obtain the appropriate installation media directly from Microsoft.


Website: http://download.microsoft.com/download/c/d/8/cd8cc719-7d5a-40d3-a802-e4057aa8c631/relnotes.htm

News Source: www.cnbeta.com/articles/49519.htm

Archive