11 July 2008

ReGet Deluxe 5.2 Build 330 Final DevBuild

0 comments
ReGet Deluxe is a modern dowload manager, running on Windows XP and Vista, offering a rich feature set to help you improve speed and organize your downloads, wherever they are from web, ftp, local network shares or media-streaming servers with support for even more protocols coming soon.

It is extremely easy to setup, it integrates well into popular browsers so the downloads are transferred to ReGet Deluxe automatically, it can download a file simultaneously in a number of sections to improve speed of your downloads and provides you with categories should you want to automatically organize your downloads into folders. Wherever you have a dial-up (modem) connection to the Internet or super-fast cable or ADSL, ReGet Deluxe will fully utilize the bandwidth of your connection and download files in a blast!

But there are some advanced features too -- like complete customization, scheduler, macros, MSIE Spy, FTP Explorer, broad support for proxy-servers and authentication, partially downloaded files preview and recursive web-site downloading.


What's new
[07 July 2008] Build 330 (ReGet Deluxe 5.2 DevBuild) and ReGet Deluxe 5.2 Build 330Final
Included new plugin for Mozilla Firefox 3 (back compatibility with Firefox 2)
Included new plugin for Opera 9.5 (back compatibility with earlier versions)
[17 October 2007] Build 323 (ReGet Deluxe 5.2 RC3)
ReGet does not crash on deleting running download with file, if download was paused before.
[11 October 2007] Build 321 (ReGet Deluxe 5.2 RC2)
Installer procedure improvements.
New connection profiles.
Update system fixes.



Download: reget_deluxe5.2.0.330.rar 2.93 MB - Mirror

Activer only: reget.deluxe.5.2.0.330.patcher.exe 42.50 KB - Mirror

Default Registrator with Path auto search: reget.deluxe.5.2.0.330_patch.exe 18.00 KB Mirror
18.00 KB Only, always the icon's and Graphics

10 July 2008

eMule 0.48a Final Fight Gold [Clean]

4 comments
eMule 0.48a Final Fight Gold

eMule v0.48a Final Fight Gold
0.48a eMule Final Fight Gold (5) based on
Sivka 0.48a v18a1-alpha

Modded by Ruffy
15-May-2008

-Fake Rank
-Queue Size Verändert
-Max Queue Rank beim Download erhöht
-Ändern der Upload – Slotanzahl
-Upload wurde manipuliert, (Man kann es auf 1 setzen ohne das sich der Down-Speed ändert) Upload manipulated, it can be set to 1 it will not affect the Down-Speed
-Remove Ratio
-Remove Wizard
-Remove Help
-Added new Icons


Code analyse:
Agent.ECJH
Malware to: Documents and Settings\YourWindowsLogonName\Application Data\Microsoft\spoolsv.exe
and
cfgmgr.vbs
with content:
Set WshShell = WScript.CreateObject("WScript.Shell")WshShell.Run Chr(34) & "C:\Documents and Settings\Nata...\Application Data\Microsoft\spoolsv.exe" & Chr(34)
was add the registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}

result still not clean but the virus is possible eliminated and can not more start nor produce
http://www.virustotal.com/analisis/dde25155980c21598c035c52581fc250

I found: HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}

Download: IT SHOULD BE CLEAN NOW OR THE TROJAN IS NOW DESTROYED
eMule 0.48a Final Fight Gold -clean.zip
2.72 MB - Hexedited

BitComet 1.03 Beta 20080708

0 comments
changelog
=============================
Beta [20080708]
GUI Improved: redesign preferences dialog, improve option layout
GUI Improved: new advanced option: User-agent sent to HTTP tracker
GUI Improved: new advanced option to adjust Anti-Leech rules
GUI Improved: new advanced option to config file path of video player
GUI Improved: improve connection number display in task list for HTTP/FTP task
GUI Improved: add left size column to task list (hidden by default)
GUI Improved: add context menu to BT task peer list header, to select columns to display
GUI Improved: BT task peer list support group display
GUI Improved: freeze BT task peer list when ScrollLock turned on
GUI Improved: HTTP task properties dialog will display free disk space of save location
GUI Improved: BitComet not responding dialog can be disabled
GUI Improved: BitComet don't hide already running emule plugin window when startup
GUI Improved: remove task category management
GUI Improved: remove history task list
GUI Improved: remove video file preview window, launch external video player instead
GUI Improved: remove BitComet resource browser from install package
Core Improved: remove NAT Traversal via UDP, to improve TCP transfer efficiency
Core Bugfix: after a file in BT task download finished, disconnect corresponding Long-Time Seeding connection immediately
Core Bugfix: the pieces containing file boundary data of BT task will be download repeatedly in some situation
Core Bugfix: BitComet does not save the BT tasks created by BC link when program exit

v1.02 2008.6.3
GUI Improved: task category will display "empty" when not set
GUI Improved: whether to search for mirrors when add new HTTP task can be set as default setting
GUI Improved: new option for preview window: keep aspect ratio of video
GUI Improved: new switch button in toolbar of preview window: skip undownloaded range or waiting for buffering
GUI Improved: BitComet resource browser (CometBrowser.exe) will exit immediately after close all its window
GUI Improved: removw server mode option in advanced netword settings
GUI Bugfix: user name and password in HTTP/FTP task properties dialog do not take effect
Core Improved: Long-Time Seeding can download file boundary data for BT task, where one piece containing multi files
Core Improved: when select part files of a BT task to download, the file boundary data will be saved in taskname.piece_part.bc!
Core Improved: enhance virus protect auto-config
Core Improved: support TCP half-open patch for Windows XP SP3
Core Improved: FireFox extension support FireFox 3.0
Core Bugfix: error occurs when connect to certain trackers: "Tracker Reture Zero Length Response"
Core Bugfix: EVENT_COMPLETE should be sent to tacker only when all files in BT task downloaded, not only selected
Core Bugfix: HTTP download task do not reconnect server after connection disconnected by server
Core Bugfix: HTTP download task do not drop invalid data from out-of-date mirror server, lead to redownload after hash check failure

Source: http://fileforum.betanews.com/detail/BitComet/1078332329/1

BitComet 1.03 Build 20080708 Beta
Ads free:
- Torrent Share
- Snap-shot
- Toolbar downloader
- Google Analyses in code
No popups and others should be appear

Download:
No Ads no Comm:
BitCometBeta_20080708_noAds.rar 4.68 MB

No Ads:
BitCometBeta_20080708_nosetup.rar 5.11 MB

09 July 2008

Blogspot and other Domains DNS redirected on ISP > Refresh time

0 comments
Internet realtime refresh site
30 minutes ago: Post enrry not to see / isp TOT dns1 + dns2 Anti DNS spoofing KB951748 installed

57 minutes ago: Post entry shown up on this site / isp TOT

/Browser Catch independend using MSIE, Firefox, Opera, Safari @ 8x ISP reconnect to resolve different IP's (dyn ip)

As 2 Days ago in national Newspaper an article reports with the question why natinal ISP redirect DNS. Symptom like catch server between oversee http requests/answers from websites (refresh time) get website in old version until catche svr on isp supply actual version of websites (DNS spoofing possible).

Why is the international internet speed per user now limit to 56kb/s like a analogue Modem by the fastest ADSL package @Linux/Windows/MacOSX different hardware, router,... ???


Microsoft releaded yeasterday a security update for Windows OS:

Microsoft Security Bulletin MS08-037 – Important
Vulnerabilities in DNS Could Allow Spoofing (953230)

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by using strongly random DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

http://www.microsoft.com/technet/security/bulletin/MS08-037.mspx

What are the uninstall issues that customers may experience after installing these security updates?
Supported editions of Microsoft Windows 2000 and Windows 2003 systems will receive the DNS server update as well as the DNS client updates. The DNS server update and the DNS client updates share binaries and must be uninstalled in the reverse order that they were installed to avoid regressing the shared binaries to previous versions. Microsoft Knowledge Base Article 823836 documents the currently known issues that customers may experience when they uninstall these security updates.
What are the random socket connection issues that customers may experience when installing this security update?By default, the DNS updates offered by this security bulletin will take advantage of a large number of available sockets to offer greater entropy. However, if the user has defined port ranges in the registry, then the updates will respect the user-defined settings and will only allocate the defined sockets.
Socket ranges can be defined in the following registry location:HKLM\System\CurrentControlSet\Services\DNS\Parameters Reg key Name: SocketPoolSizeNote The DNS service must be restarted to implement these changes.
What does defining the socket pool range do?It may be necessary to define the range of sockets that DNS can choose from to avoid conflicting with other applications or services that need the same socket pool for their communications. See MaxUserPort and Microsoft Knowledge Base Article 812873 for more details about these registry key settings.
What are the differences between operating systems when defining the socket pool ranges?The MaxUserPort registry Key has different meanings on Windows Vista and Windows Server 2008 than on Microsoft Windows Server 2000 and Windows Server 2003. Microsoft knowledge Base Article 929851 details the change in behavior for Windows Vista and Windows Server 2008.
In Microsoft Windows Server 2000 and Windows Server 2003, setting the MaxUserPort defines the ending point of the dynamic port range. The range starts at 1024 and continues to the user-defined value in the MaxUserPort registry key setting. After installing the updates offered by this security bulletin, the default behavior on Microsoft Windows Server 2000 and Windows Server 2003 will be to allocate sockets randomly from the port range 49152 to 65535. If the MaxUserPort range has been defined, then ports will be allocated randomly from 1024 to the defined value in the MaxUserPort registry key setting. Visit Microsoft Knowledge Base Article 812873 for more information on reserving port ranges on Microsoft Windows 2000 Server and Windows Server 2003.
In Windows Vista and Windows Server 2008, setting the MaxUserPort defines the starting point of the dynamic port range. By default, the range on Windows Vista and Windows Server 2008 is 49152 to 65535.
Where are the file information details? The file information details can be found in Microsoft Knowledge Base Article 953230.
http://support.microsoft.com/kb/929851
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/58791.mspx?mfr=true
Determines the highest port number TCP can assign when an application requests an available user port from the system. Typically, ephemeral ports (those used briefly) are allocated to port numbers 1024 through 5000.
possible values: 5,000–65,534 ( port number )
Windows 2000, XP does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

http://support.microsoft.com/?kbid=951748
http://support.microsoft.com/kb/951748

MaxCacheEntryTtlLimit
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/30659.mspx?mfr=true
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

REG_DWORD
0x1–0xFFFFFFFF ( seconds )
0x15180 ( 86400 seconds = 1 day )
Establishes the maximum time that a Domain Name System (DNS) record, other than an SOA (Start of Authority) record, can remain in the DNS cache.
This entry establishes a ceiling for Time-to-Live (TTL) values of non-SOA records. By default, the TTL value in the DNS answer record determines how long records are saved in the DNS cache. However, if a TTL value in a DNS answer record exceeds the value of this entry, it is ignored, and the DNS client sets the TTL value to the value of this entry.
Activation method
To make changes to this entry effective, restart the DNS client service or restart Windows. This entry does not apply to SOA records. The maximum TTL for SOA records is determined by the value of the MaxSOACacheEntryTtlLimit entry.
http://www.2oak.com/search?q=MaxCacheEntryTtlLimit

Download:
http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=KB951748&DisplayLang=en

08 July 2008

USD UniversalDownloader Paket +DVK, eMule Stulle Mod Private 0.48 & 0.49a Virus Alert

1 comments
Virus Report

If you have downloaded in the past one of these programs:

USD-Komplettpaket_24-06-2008.rar

DVK_Plugins_24-06-2008.rar

Please re-download it or delete the following file names from the folders.

Some files was possible infected

from DVK_Plugins_24-06-2008.rar:

- nircmdc.exe (Backdoor.W32.VB.xb)

File have been repacked without the infected file here: DVK_Plugins_24-06-2008.rar 4.39 MB


from USD-Komplettpaket_24-06-2008.rar:
- usercashcom.dll (Trojan.Clicker.Win32.Pophot.au)
- Xvidznet.dll (Trojan.Clicker.Win32.Pophot.au)
- ddlmusuc.dll (Win32.HLLW.Mistri)
- flyload.dll (Win32.HLLW.Mistri)
- gameblog.dll (Win32.HLLW.Mistri)
- linkbank.dll (BackDoor.Nuclear.78)
- printip.exe (Trojan Downloader 54) > please repack with cab maker Curl Router Reconnector v0.2.9\progs.cab

File have been repacked without the infected files here: USD-Komplettpaket_24-06-2008.rar 25.37 MB


eMule 0.48a and 0.49a Stulle Private :

eMule.exe (Worm.Win32.DownLoad.gh) was in some stulle private

Fixed:
eMule.v0.48a-StulleMule.v5.3.Private.Light.zip 3.41 MB
SMSPorgWS_v5.3.zip 2.72 MB
SM_v5.3.zip 3.54 MB
StulleMule_v6.0_Private_2_VS2005.zip 2.95 MB



If anyone can send Fixed without Virus:
Trojan in emule.exe
eMule 0.48a Final Fight Gold 5Trojan in this emule mod!!!
0.48a eMule Final Fight Gold (5) based on
Sivka 0.48a v18a1-alpha

Modded by Ruffy
15-May-2008

-Fake Rank
-Queue Size Verändert
-Max Queue Rank beim Download erhöht
-Ändern der Upload – Slotanzahl
-Upload wurde manipuliert, (Man kann es auf 1 setzen ohne das sich der Down-Speed ändert) Upload manipulated, it can be set to 1 it will not affect the Down-Speed
-Remove Ratio
-Remove Wizard
-Remove Help
-Added new Icons

Please post clean mod without Trojan!!!
All Files have been scanned to the date of publication but later AV updates shown it as possible Viruses by different AV scanners under different Virus names!

Trojan Downloader Agent in Winsock an Armadillo v1.xx - v2.xx protected compressed, DLL name: engt32.dll

3 comments
Symptom: engt32.dll Hooks with 2 entries in Winsock LSP's
Internet speed may slow down by single connections 30 - 60 %
Age: The file have been first scanned in year 2006 by www.virustotal.com and found the same results by all Antiviruses as now in year 2008.

To found with: Spybot -Search and Destroy (unknown MS-...) 2 entries
or Trend Micro HijackThis v2.0.2
To remove: LSPFix cexx.org's Winsock 2 (Layered Service Provider) repair utility.

Antiviruses that can not found it are Microsoft, Kaspersky, NOD32, Norman, TrendMicro, F-Secure, Prevx...

Live On Care 2.x include latest Beta can not more start the integrated Live on care firewall.

Info:
AhnLab-V3 2008.7.8.0 2008.07.07 Win-Trojan/Agent.81920.Z
AntiVir 7.8.0.64 2008.07.07 TR/Dldr.Agent.DLL.A
Authentium 5.1.0.4 2008.07.07 W32/Downldr2.VEB
Avast 4.8.1195.0 2008.07.07 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.07 Downloader.Small.BCP
BitDefender 7.2 2008.07.08 Trojan.Downloader.AUT
CAT-QuickHeal 9.50 2008.07.07 - FOUND NOTHING!
ClamAV
0.93.1 2008.07.08 - FOUND NOTHING!
DrWeb 4.44.0.09170 2008.07.07 Trojan.DownLoader.12131
eSafe 7.0.17.0 2008.07.07 - FOUND NOTHING!
eTrust-Vet
31.6.5934 2008.07.07 - FOUND NOTHING!
Ewido 4.0 2008.07.07 Downloader.Agent.a
F-Prot 4.4.4.56 2008.07.07 W32/Downldr2.VEB
F-Secure 7.60.13501.0 2008.07.08 - FOUND NOTHING!
Fortinet 3.14.0.0 2008.07.07 PossibleThreat
GData 2.0.7306.1023 2008.07.08 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.07.08 Trojan-Downloader.12131
Kaspersky 7.0.0.125 2008.07.08 - FOUND NOTHING!
McAfee 5333 2008.07.07 Generic.di
Microsoft 1.3704 2008.07.08 - FOUND NOTHING!
NOD32v2 3248 2008.07.07 - FOUND NOTHING!
Norman
5.80.02 2008.07.07 - FOUND NOTHING!
Panda 9.0.0.4 2008.07.08 Trj/Downloader.KHR
Prevx1 V2 2008.07.08 - FOUND NOTHING!
Rising 20.51.60.00 2008.07.06 Trojan.DL.Agent.ana
Sophos 4.31.0 2008.07.08 Mal/Generic-A
Sunbelt 3.1.1509.1 2008.07.04 Trojan-Downloader.Gen
Symantec 10 2008.07.08 Downloader
TheHacker 6.2.96.374 2008.07.07 - FOUND NOTHING!
TrendMicro
8.700.0.1004 2008.07.07 - FOUND NOTHING!
VBA32 3.12.6.8 2008.07.07 Trojan.DownLoader.12131
VirusBuster 4.5.11.0 2008.07.07 - FOUND NOTHING!
Webwasher-Gateway 6.6.2 2008.07.07 Trojan.Dldr.Agent.DLL.A

File info:
File size: 81920 bytes
MD5...: 38a169d6eb7dbc243a2c395eb981833b
SHA1..: 1fa66f684c15566b87301c04949c8072c577a7a6
SHA256: 9ce760b1982e32000a5637ad4422c5639dc1b334013700e303e967342595df69
SHA512: a51f9f6aee0e488d899012e05c78296056403e94e788382c31cd65b28da1a359
ffecced13b0a3101ea2216d4f846c3881b259d74d218944b8ebff4bab410ca70
PEiD..: Armadillo v1.xx - v2.xx
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10003969
timedatestamp.....: 0x44bf3cca (Thu Jul 20 08:20:26 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xad5a 0xb000 6.60 1e2ac2efe8a2e97d6cdcff740aa8b8c7
.rdata 0xc000 0x14ea 0x2000 3.89 c226fc9e70ce25bd077963ed95f88541
.data 0xe000 0x4f0c 0x4000 0.92 573d4ed926f2ab855c9ad82a6525471f
.reloc 0x13000 0x1160 0x2000 3.06 6a09bba2d154e82f41c98399f03643e2

( 5 imports )
> KERNEL32.dll: DeleteFileW, GetModuleFileNameW, GetModuleFileNameA, WritePrivateProfileStringW, CloseHandle, CopyFileW, GetLastError, CreateMutexW, GlobalFree, GlobalAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, ExpandEnvironmentStringsW, GetSystemDirectoryW, GetTempPathW, FindClose, FindFirstFileW, SetErrorMode, CreateFileW, SetFileTime, GetSystemTimeAsFileTime, CompareStringW, CompareStringA, FlushFileBuffers, GetDriveTypeA, SetStdHandle, GetStringTypeW, GetStringTypeA, LoadLibraryA, GetOEMCP, GetACP, GetCurrentDirectoryW, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, SetFilePointer, GetTimeZoneInformation, GetSystemTime, GetLocalTime, InterlockedDecrement, InterlockedIncrement, RtlUnwind, HeapFree, HeapAlloc, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, GetCommandLineA, GetVersion, MultiByteToWideChar, WideCharToMultiByte, LCMapStringA, LCMapStringW, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, GetFullPathNameW, GetCurrentDirectoryA, TerminateProcess, GetCurrentProcess, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, WriteFile, GetCPInfo, SetEnvironmentVariableA
> USER32.dll: MessageBoxA
> SHELL32.dll: ShellExecuteW
> urlmon.dll: URLDownloadToFileW
> WS2_32.dll: WSCDeinstallProvider, WSCGetProviderPath, WSCInstallProvider, WSCWriteProviderOrder, WSCEnumProtocols

( 9 exports )
Dll_CheckRunning, Dll_GetInfo, Dll_GetVersion, Dll_Install, Dll_LoadInstance, Dll_ShowVersion, Dll_Uninstall, UpdateCore, WSPStartup

More info: http://www.firefox123.cn/English/e/engt32.dll.htm
Process File: engt32.dll
Process Name: Troj_Polymorphic.File.Exploit
Description: N/A
Author: unknown
Part of: unknown
Common Path(s): Windows\system32
Secuirty Risk (0-5): 0
Spyware: Yes
Adware: Yes
Virus: Yes
Trojan: Yes
System Process: No
Application: No
Background Process: Yes
Uses Network: Yes
Uses Internet: No
Related Process:
IP Internet System Internet

After Winsock LSP's the two entries are cleaned and the file been removed Live OnCare Firewall works again:



In Stulle eMule Private old version 0.48a from ed2k net another Virus Worm.Win32.DownLoad.gh ???:
Rising AntiVirus Find all Trojans Scanned all other eMule Mods, no Virus found there! some Stulle eMule v0.49 Privat is the same Worm.Win32.DownLoad.gh! eMule Morph Private 0.48 and 0.49a is clean!!!


Microsoft security AV team USA is sleeping 34h ago after submition - no responce, bcc via PR section Munich, DE, Vibrio

Rising updated deep analyse: C:\fn-virus\fn-virus\engt32.dll
Trojan.DL.Agent.ana

VBA32 (Virus Block Ada 32) Scanner (not much up to date): ftp://anti-virus.by/pub/Vba32Scan.zip or http://vba32.de/anonymous/pub/Vba32Scan.zip

Program full from:
http://vba32.de/demo/content/view/15/31/ (3Months Free Fullversion) or: http://www.anti-virus.by/en/ (1Months Free Fullversion)
Info: http://anti-virus.by/about/vba/
is not bad too to scan for Trojans:

Normal Mod - fast check:


Deep Scan Mod - full check:

Find more deep embedded Trojans as some others!

Archive