23 July 2008

Trojan:Win32/Vundo.HT

1 comments

based on own exerience
By infection:
- Computer startup takes more than 10 times longer (can be 1 - 2 Minutes) as before 20, 30 seconds
- Explorer.exe error by shut down Windows + mem address ... error cant read before windows can be shut down shown up.
- Internet speed slow down between 25 - 50 % depence. A download takes long till it reach ful speed, websites going slower open
- No other symptoms where found on this machine (Ads was not displayed maybe cause of a big windows host file + Hardware firewall in router + software firewall + resident Spy Boot Search and destroy

Scanner detected as of today:
Microsoft Live OnCare Version 2.5.2900.03 + updates from today 1.37.1028.0

Scanner tested and failed:
VBA Version Vba32 Windows/CL 3.12.8.1 / 2008.07.23 07:36 (Vba32.W) - (Product installed w/o resident shield, scan only)
Rising 20.54.22 + Updates from 2008-07-23 15:18 - (Product installed w/o resident shield, scan only)
Kaspersky online scan
Mc Afee online scan
Symantec online scan
Avast Antivirus Professional latest Version 4.8.1227 + Database from 23.07.2008 - (Product installed with resident shield)

It can not be the same Win32/Vundo.HT as written and reported here:
http://virscan.org/report/5eef7ac939a5b56864e17fd6e6692f6f.html an this:
http://www.virustotal.com/pt/analisis/c183084f5aa165e8bf6090b0ea772ab2

more this can be matching if Vundo is not exeprotected (almost with Armadillo founded) or have changed again: http://forum.malekal.com/viewtopic.php?f=62&t=11351

otherwise todays scan with Rising Antivirus, VBA32, Symantec and Kaspersky will found and show it. As well yesterdays scan with Norman_Malware_Cleaner ( Norman Malware Scanner Build 2008/07/07 23:58:09 Engine version 5.92.08 Nvbin.def Version 5.92.00) will already detect and found it. The file is (was) more than one week on disk.


Virus info

Advice: Scan Computer online using Windows LiveOnCare (See links collection to the left)

I just see Norman have updated Norman Malware Cleaner to: Build 2008/07/17 23:58:30 Version 5.93.01 Nvcbin.def Version: 5.93.00. Can give it a try:
http://download.norman.no/public/Norman_Malware_Cleaner.exe



Rising have a great support:
Please submit the file from the link below, then RISING Virus Lab will analyse further.
Link: http://sample.rising-global.com/webmail/upload_en.htm
RISING ANTIVIRUS - Lion-strong security
Free Download: http://download.rising-global.com/ Buy Now: http://buynow.rising-global.com/
Rising Website: http://www.rising-global.com/ Europe Website



Kaspersky maybe have support if you have a customer number and send it with a Europe Union IP or USA IP Address. I never again send them any Virus samples if I found a Virus with and from an Asian, Middle East or African IP to check for virus. They answer in an email that they can not found in the submited sample here THIS VIRUS: http://www.virustotal.com/de/analisis/948e937da2471d95f0852ae850eb7ae7
Datei engt32.dll empfangen/received 2008.07.08 03:09:01 (CET)Status: Beendet/finished
Ergebnis/result: 20/33 (60.61%)
and that I should send my customer number. Im not a virus reasearcher but I get a hate if get infected and the installed AntiVirus failed to protect especially from P2P downloads.
So you stay infected with Kaspersky with this parasite from year 2006 unless anyone send the sample again if possible with from a Country what they like to support them customers. I heared if send them sample Virus from Germany they need only 15 minutes until they update the database.

Addendum

Rising AntiVirus updates today Version 20.54.30 can found it now too.
http://go.rising.com.cn/download/transfer.asp?ver=setup

Ratio Master 2 0.16 Beta

1 comments
Ratio Master 2 0.16 Beta
What is Ratioblaster?

Ratioblaster is a new spoofing program based heavily on ratiomaster with a whole bunch of new features:

* can fake on a lots of torrents with one instance of the app running.
* consume less memory(because this does not use tabs)
* utorrent like UI
* skinnable
* automatic memory reader function
* have all most all the RM's features(like .client files made for RM, NRPG doesn't support these... Grin)


http://www.moofdev.org/ratioblaster

*RM2 is based on reverced engineered RatioMaster code.

Thanks a lot for Ratiomaster(the person) and JTS(plus all the others who helped build/run/test RM) for there grate work on RM.

*Why This?

The main dev of this program wanted to right this just for fun and learning. after all cheating the system is a lot of fun ;)

--Credits--

*Programming
me! phiscker(on www.moofdev.org/fourms) aka silentp33r (silentp33r.wordpress.com)*
*Inspiration(lol)
zeebo*
*Testing
zeebo
12345b
timmiychang
BigHead
abcabc
boom25
phonzie*


Thank you

eMule 0.49a DaZZle Mod No Ratio

0 comments
to bring it up to Full No-Ratio Performance:

15EA65 75 ---> E9
15EA66 71 ---> 42
15EA67 8B ---> 01
15EA68 1D ---> 00
15EA69 60 ---> 00
15EA6A C7 ---> 90
15EA6B 7A ---> 90
15EA6C 00 ---> 90

This new code will let you check BOTH Download/Upload Boxes and set Download to 96 KB/sec with a 1KB/sec Upload! Great for 56K Modem Users! No more killed Downloads!

Code changes all thanks to KiDr0Ck0

Download: eMule-0.49a-Dazzle-Mod-Full-No-Ratio.rar (1.69MB) - Mirror

ed2k: ed2k://|file|eMule-0.49a-Dazzle-Mod-Full-No-Ratio-Leecher-For-56K-Modem-Users.rar|1780376|A0956B6D64DB6A7062D263F1AAC62FB7|h=S6W4YIUUVGKHOXRZHATEX2IGZXNKJXVG|/

DDL: dazzle_based_emule_0.49a_binary.7z
SRC: dazzle_based_emule_0.49a_sources.7z

22 July 2008

Bitspirit v3.3.2.263 Ads Free - English - Chinese - Polish - German

0 comments


Bitspirit v3.3.2.263 official version

Changelog:

Bitspirit v3.3.2.263
Fixed: the use of shortcuts (ALT + up or down arrows) mobile task to list the top / bottom when the performance of tasks for the replacement of two rather than the location of mobile tasks;
Fixed: "direct mandate to add (not displayed task dialog)," added the adoption of the clipboard copy the performance of its mandate not correct the problem;
Improvement: seed market to increase the list of goods in order to sort of ID;

Bitspirit v3.3.2.255
Changelog


Skin in Blue Style, All Advertising removed, Links to english Translation site, Installer customated to select your Language Chinese, Deutsch, English, Polska
UPnP Tool Optional, BHO Optional,..

Upx Compressed: bsv3.3.2.263.EN-CHN-PL-DE-NoAds-NoBHO-upx.exe 2.68 MB

easyMule 1.0.3 final

1 comments
This version of stability so that we waited too long, the team officially launched today VeryCD stable version 1.0.3
Compared to 1.0.0 stable version, 1.0.3 all the improvements and bug fixes are as follows:


1) To improve the "eDonkey file" user experience

(Prior to 1.0.0 because of the design so that many users will not use the eDonkey file, so we carried out a number of interface design optimization perfect, the default home page of resources to add a search tab, "eDonkey file", More convenient for users more easily find eDonkey file at the same time in the search results have been re-search, eDonkey has signed up a new page to display search results at the same time the mouse moved to the main interface on the left side of the search box automatically when the bomb To choose the type of search;)

2) add a lot of user expectations of the "View each other to share files" feature

3) enhance the stability of procedures, remove the download task of resolving the possible collapse of the procedures

4) speed up the proceedings eDonkey and optimize the speed of memory, saving a number of unnecessary dynamic log output

5) optimization ed2k/http/ftp mixed agreement to download and download the document to speed up the final stage of the download speed

6) restoration of the http / ftp download to a certain stage in the task of stopping a progress can not continue after the download bug

7) optimization process: the task of downloading large files can be deleted quickly deleted

8) process optimization: a new mandate to download large files, you can immediately rapid withdrawal does not create a procedure Jiangsi

9) process optimization: http / ftp download connection control optimization, to avoid invalid link

10) fixed bug: sharing the download page on the F1 key at the same time when the old emule pop with the help of web pages and new pages to help easyMule

11) fixed bug: set-up options in the ED2K and HTTP / FTP monitoring settings sometimes Failure

12) fixed bug: clients.met damage caused after the crash and procedures Runtime error

13) fixed bug: the download page of the "upload" in the list are sometimes not fully displayed in the user to upload

14) fixed bug: Calling some antivirus software caused the collapse of the procedures

15) fixed bug: lowid find a buddy in after failure to make timely release documents to the KAD network

16) fixed bug: the pure digital Hash ed2k link to download the task can not be deleted

17) fixed bug: Click on eDonkey links will be lost in the download link http / ftp source of information

18) the code number of collating and several other reconstruction and stability of repair

BBS: http://www.verycd.com/groups/eMuleBeta/
http://www.easymule.com/en-us/

Download:
http://download.verycd.com/easyMule/easyMule-080722-Setup.exe

http://download.verycd.com/easyMule/easyMule-1.0.3-VeryCD080722.rar

src: http://download.verycd.com/easyMule/EasyMule-VeryCD-src-080722.rar



Mirrors http:
BIN:
easymule_1.0.3_verycd080722.rar 3.55 MB - Mirror DDL
Installer:
easymule_080722_setup.exe 3.26 MB - Mirror DDL
SRC:
EasyMule-VeryCD-src-080722.rar 7.00 MB


here so far some ed2k links BIN:
ed2k://|file|easyMule-1.0.3-VeryCD080722%28%E7%BB%BF%E8%89%B2%E5%8E%8B%E7%BC%A9%E5%8C%85%29.rar|3718819|ff8505246e6d356881f3380d777ad6c4|h=IAJNAKHJBM44VLXZA6R2Q3JYY2YCEFTT|/

easyMule-1.0.3-VeryCD080722

src:
ed2k://|file|EasyMule-VeryCD-src-080722%28%E6%BA%90%E4%BB%A3%E7%A0%81%E5%8C%85%29.rar|7337953|39a0f363a93703ffeacf3343d8572f51|h=AAG77JDYEKYMH7FM7MVA5OVTHNLOUCHV|/

EasyMule-VeryCD-src-080722

Installer:
ed2k://|file|easyMule-080722-Setup%28%E5%AE%89%E8%A3%85%E5%8C%85%29.exe|3416912|70dd8ef51ebfc667e37949e6c76f8b1b|h=SK6BYGZFOMYD7AN7362NWRNIKQN5HOVA|/

easyMule-080722-Setup

21 July 2008

DreaMule v3.2 VeryCD Mod Patch

0 comments
DreaMule v3.2 VeryCD Mod Patch
- Webbrowser url changed
- Modstring and hello tag + hello answer = Changed / ModTag
- Prior comm to VeryCD codebase
- uneeded res removed slim use less cpu load / memory
- Default username comm changed to: [CHN][VeryCD]yourname
- send right eMule Version to VeryCD clients

Screenshot click on picture for full screen
DreaMule v3.2 VeryCD Mod Patch



Download with VeryCD Comm and right eMule Version 0.48.0.66 string: DreaMule_3.2_VeryCD Patch show version 0.48 6.05 MB

send eXcalibur 1.8 to VeryCD Clients: DreaMule_3.2_bin-eXcalibur 1.8 Mod Patch 6.05 MB

Download with VeryCD Comm: Caution shows Version 0.49
DreaMule_3.2_bin-VeryCD Mod Patch.7z 6.04 MB

Download without VeryCD Comm: DreaMule_3.2_bin-icon-opt-mini.7z 6.04 MB

may show invalide client on some servers

Archive