Trojans in uTorrent Mods and BitTorrent (Armadillo) Mods packed?

BitTorrent 6.x SBI Mods (Armadillo 5.x) - http://www.sb-innovation.de
check by some mods outgoing connections / requests activity to program exe's when the bittorrent 6 mod is closed. See firewall log by enable and disabled rule for bittorrent_mods exe's.

Remarks:
Kaspersky, BitDefender have a unpacking engine include for PECompact and Armadillo 4 - 5 also manual unpacking shows the same result in multi_100_seeder and one kind of mod by Bittorrent 6

uTorent seeder x100 Mods (PEcompact ver.2.78a ~2.80 with ADDED DLL INJECTION)
see screenshot:

NEW AV Signature Updates 05.02.2005

BitDefender Internet Security 2008 v11.0.15
Virus Database Date: 06.02.2008
Known Viruses: 979216

Now new av signatures improved. Detect already in inno setup installer: µtorrent 1.7.7 LP_setup.exe and others

AV-Signature + engine and modules hourly updates:
BitDefender Internet Security 2008 v11.0.15 German
Virus Database Date: 06.02.2008
Known Viruses: 979232

The 3th AV def. update today does not more show the above screen but by doing innounp / inno unpack or running setup, one mod utorrent 1.7.x. multi100_seeder.exe found positive Trojan AX patched in the temp folder and by skip also in the unpacked folder.

Software Description Software Version Virus Database Date Known Viruses
BitDefender Internet Security 2008 11.0.15 06.02.2008 979348

-------------------------------------------------------------------------------

Some (packers) are not detected:
new Backdoor

Creates the following files to Windir\Media folder (same as some very old Backdoors but different signatures):
C:\WINDOWS\Media\csrss.exe
C:\WINDOWS\Media\MSWINSCK.OCX

Adds to the value "Shell"="explorer.exe"

"Shell"="explorer.exe" C:\WINDOWS\Media\csrss.exe"
to the registry key:
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon

and maybe like the old Backdoor:
"RegWrite"="c:\windows\media\csrss.exe"
to the registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run


After executing it run a "fake" csrss.exe from folder windir\Media in process manager as soon windows starts together with the original \system32 Microsoft Corporation Client Server Runtime Process (csrss.exe) and connect to a webserver.


After removing these files under windir\Media appears :


No AV, Anti Spyware, Anti Malware Program or Startup Manager Tools ever monitored logon shell:
WinLogon = Explorer.exe for changes
extensions for example :
"Shell"="explorer.exe C:\WINDOWS\Media\csrss.exe"
"Shell"="explorer.exe C:\any application to run with startup test.dll"

Azureus 3.0.4.3 Beta 19 (-B19)

CHANGELOG Azureus Vuze 3.0.4.3 B19

FEATURE: Core | Added µTorrent PEX support [amc1]
FEATURE: Core | Azureus probes trackers for UDP-capabilities on first scrape/announce now and uses udp instead of http where available [The 8472]
FEATURE: Core | Added option to enforce IP bindings even when the specified interfaces are not available (useful when Azureus should not use certain network interfaces) [The 8472]
FEATURE: UI | Added option for "Open Containing Folder" menu action - which may integrate better with non-standard file browsers [amc1]
FEATURE: UI | Added option for "Show Torrent Menu" -- Users can now decide to see the Torrent menu in the menubar or not [knguyen]
FEATURE: UIv3 | New menu configuration for Vuze and Vuze Advanced UI's [knguyen]

CHANGE: Core | Further memory footprint reductions; for additional tweaks see http://www.azureuswiki.com/index.php/Reduce_memory_usage [The 8472]
CHANGE: Core | Reimplemented LT extension protocol code [amc1]
CHANGE: Core | DND/Compact (aka Delete) priority now deletes all files that do not share pieces with normal/high priority files [The 8472]
CHANGE: Core | Queuing rules now don't start any further torrents if the global up/download speed limits are reached [The 8472]
- makes "don't count torrent ..." minimum speed rules more useful to dynamically regulate the queue lengths
- recovers faster from chain reactions in case of connection loss
CHANGE: Core | Made the crypto handshake a bit less predictable [The 8472]
CHANGE: Core | Added support for udp-multiscrapes [The 8472]
CHANGE: Core | Added support for plugins which implement mainline DHT [amc1]

BUGFIX: Core | Request limiting/Priorities no longer pinch off LAN peers if seperate LAN speeds are enabled [The 8472]
BUGFIX: UI | Shells no longer use the low-res frog icon, the normal main window icon is now used instead [amc1]
BUGFIX: UI | Limiting comments in General View to 5k characters under WinXP to avoid crashes due to faulty comctl32.dll [The 8472]
BUGFIX: UI | Setting speed parameters manually now disables autospeed [The 8472]

To use, rename the downloaded AzureusXxxx-Bxx.jar file to Azureus2.jar to replace your old jar in the Azureus program dir: ChangeTheAzureusTwoJarFile
Azureus v2 vs. v3 (Vuze) FAQ
Changelog
Commitlog
Snapshot RSS Feed
Beta Site: http://azureus.sourceforge.net/index_CVS.php

★ Download: Azureus3043-B19.jar - 06 Feb 2008 07:53:21 AM [10081896 bytes]
Azureus3043-B19.jar.torrent

Prevx CSI 1.5.103.197

Prevx CSI allows you to benefit from the knowledge gained from the entire Prevx community.
- Totally Free
- Instantly scans for all forms of malware to let you know if you're infected
- No Install required
- Runs completely independently and as many times as you like!
- Always up-to-date - checks with the up-to-the-second Prevx community database for the very latest threats

Are you responsible for your company's security?
Prevx CSI for Business can be used free of charge in low volume (up to 250 PCs) by business users and large enterprises, subject to a simple registration process. Prevx CSI for Business may also be configured to run in silent mode allowing companies to deploy it easily using a simple login script. Business users also benefit from a web based console which provides a summary view of all PCs scanned by Prevx CSI with clear details of which ones are infected.

Prevx CSI - FREE Malware Scanner v1.5.103.197 BugFix Release Update

*fixed ACDSee Screen Capture rootkit detection problem
*some more fixes
*scan speed improved

Homepage: http://www.prevx.com

Download: http://info.prevx.com/downloadprevx2.asp

Business user: http://www.prevx.com/csilogon.asp

eMule 0.48a D10Tmain MorphXT 0.9.7.10.3 -a8

D10Tmain MorphXT 10.3 WC 0.9.7 alpha 8
eMule 0.48a MorphXT v10.3 WebCache 0.9.7 Alpha 8 D10Tmain

[D10Tmain] MorphXT WC 0.9.7.10.3 alpha8

Based on emule MorphXT 10.3 + WebCache
+ finished (resolved last issue) WC code is in state as in M9.6
ADD: run as NT service v1. [leuk_he]
-No need to login into XP.
-keeps running after logging out/ switching users
-new command line options:
emule install -> install as as service
emule uninstall -> uninstall as a service.
-make sure all settings are correct before installing as a service.
-links as passed to webservice.
-See Preferences-> Webserver-> NTservice tab
remark: Not meant to save cpu/memory.
ADD: Context menu on chat context. (wizard code snippet)
ADD: Lost preferences. Most official preferences that got an preferences.ini setting but no gui are
Added in preferences-> extended-> Advanced preferences.
CHANGED: USC: better slotfocus.
CHANGED: More upload speed for webcache requester. (no 100ms delay)
CHANGED: And also DBR reviewed for high bandwidth transfer.
CHANGED: Flush thread, improved.
CHANGED: Better requested block queuing
CHANGED: Sr-13 import, Also use AICH hash when required.
FIX: Upnp: using same port for tcp & udp now possible.
CHANGED: uPnP moved most logging to verbose level.
FIX: sr-13 import: crash on cancel during running import.
FIX: crash on low disk space resume.
ADDED: Official fix around Create Packed Packets (missed overhead file request value for file >4GB)
24 instead of 28

Download: [D10Tmain]MorphXTWC.0.9.7.10.3.alpha8.rar [1.91 MB]
DDL: d10tmain_morphxtwc.0.9.7.10.3.alpha8.rar

older Versions: [D10Tmain]MorphXTWC.0.9.7.10.2.alpha7.rar
[D10Tmain]MorphXTWC.0.9.7.10.1.alpha6.rar

PREVX CSI v1.5.103.193

Check your PC is safe in less than 2 minutes. Finds Spyware, Rootkits, Spambots, Trojans and Viruses - plus is so easy to use.
The business version of Prevx CSI finds and removes all serious infections quickly and easily on a few PCs, or across your
entire organization.

Program doesn't like to get screen captured, ACDSEE Pro v2 original get detect as rootkit if it's running in background (ACDSee Pro 2 Screen Capture a component from ACDSee Pro 2 Photo Manager Software). ACDSeePro2.exe v2.0.238.0

Today's Active Infections: http://www.prevx.com/malwarecenter.asp
Homepage: http://www.prevx.com/default.asp

Prevx2.0 available for:

Desktop/Laptop
Windows XP (All versions - 32/64bit) and Windows 2000 Professional.
Windows Vista Beta (All versions - 32/64bit)

Servers
Windows 2003 Server (All versions - 32/64bit) and Windows 2000 Server (SP4 only).

Prevx CSI - FREE PC Check available for:
Windows XP, Vista, 2000 & 2003 (All versions - 32/64bit).

Download: http://info.prevx.com/downloadprevx2.asp
For Business and Network Admins: http://www.prevx.com/csireglickey.asp

VeryCD easyMule 1.0.0 080202 beta

VeryCD easyMule 1.0.0 Beta
Build Date 02.02.2008

Include http/ftp Download Manager and Web browser

VeryCD easyMule is VeryCDTeam based open source eMule on the basis of the development of a new product has the following characteristics:
1. New interface, more intuitive to use
2. Penetration in the network, download speeds improved significantly
3. Look under the edge, exciting content online player
4. Disk buffer, the maximum protection drive
5. Almighty download, multi-protocol interoperability comprehensive
6. Quick Search, a key Direct search results
7. Arbitrary download directory arbitrary designation
8. Continued sharing, Releaser Mod

* Download improve the efficiency of dynamic log output
* Download optimization task scheduling, task can be downloaded from the completion guarantee
* Optimization http/ftp Download Connection Control
* Optimization of a multi-site document amounted to rename the algorithm
* fixed bug: http unable to redirect download locations
* fixed bug: With some file name can not scan antivirus
* fixed bug: Download sometimes when loading unusual task Crash
* fixed bug: http/ftp after the download is complete, detailed information lost in the original links

Homepage: http://www.verycd.com/groups/eMuleBeta/
Announcement site: http://www.verycd.com/groups/eMuleBeta/232027.topic

Download:
Installer: easyMule-Beta-Setup.exe
http://download.VeryCD.com/easyMule-Beta-Setup.exe

Bin (Installer extracted incl. Chinese Language files): easyMule-Beta-BIN.zip

easyMule v1.0.0 Build 080202 BETA English:
without debug code [2.74 MB]: easyMule-Beta-BIN.7z
with debug code:
easyMule-Beta-BIN-eng.rar

Source:
http://download.VeryCD.com/easyMule-VeryCD-src.rar

( not 4 RocketMule v1.x and eMule SpeedShare -:) )

Shanghai Source Networking Technology Co., Ltd
AV P2P Worm and Virus Protection Plugin: Beijing Rising Technology Co., Ltd. Version 20.0.0.3