01 June 2009

eMule 0.49c ZZ-R V2.5

13 comments

ZZ-R V2.5

Changelog:

+ Custom Modstring
+ Added Custom String to Feedback
+ Color for XPMenu settable
+ Rebind UPnP
+ Larger Buffersize
+ Added default URL for Nodes.dat
+ Changed default URL for Server.met
+ Updated miniupnpc from v1.60 2008/02/21 to v1.77 2008/12/18
+ IP2Country in KAD window
+ Color changes for QRDiff and Total Up/Down
+ Fixed Minimule Transparency was not saved

Download
ed2k:
ed2k://|file|eMule0.49c-ZZ-R_V2.5.rar|5147001|8DAAC34FF95924339FA74E5D75225C53|h=ZHXICNVA22NBWEEFO4ZBAZH55SPD6LO3|/

Fileshare host | DDL

Thanks a lot!

Tor - Vidalia bundle 0.2.1.15-rc - 0.1.13

0 comments
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Bundle contents

* Vidalia 0.1.13
* Tor 0.2.1.15-rc (with libevent-1.4.11, zlib-1.2.3, openssl-0.9.8k)
* Torbutton 1.2.1
* Polipo 1.0.4
Homepage: https://www.torproject.org/easy-download.html.en

Download Folder: https://www.torproject.org/dist/vidalia-bundles/?C=M;O=D

For Windows: vidalia-bundle-0.2.1.15-rc-0.1.13.exe
For Mac: vidalia-bundle-0.2.1.15-rc-0.1.13-universal.dmg

VeryCD easyMule 1.1.6 Build 090515


VeryCD eDonkey (easyMule) 1.1.6 version stability [2009-05-15]

Changelog:

* To provide time-sharing directory automatically refresh settings, automatically hang up a user-friendly time-sharing
* Update list of servers, such as eDonkey data
* Strategies to optimize the speed of uploading and downloading
* Some UI to optimize the user experience

Core base is still eMule 0.48a ( see official changelogs since 0.48a to 0.49c codebase + features http://www.emule-project.net/home/perl/news.cgi?l=2&cat_id=23 ).

Feature Manual kick (remove) single clients from upload queue can be enabled through an entry in preferences.ini as by all easymule mods add: DebugUpQueue=1

VeryCD/Easymule builds eMule.exe behaviors:
makes changes on tcpip.sys without user-interrupt (see bettersp2.cpp/h etc. in src). As soon you execute emule.exe a BHO get installed, several registry keys get added to the windows registry. Windows system file tcpip.sys change its default value (on xp it reduce to 9 connections only).
Other as by eXcalibur ( http://fzh.soft2cn.cn/ ), VC Mods are not encrypted like shareware and provided as a 'clean binary' exe.

Tip: Check with TCP-Z or XP-Antispy or any TCPIP patcher after usage your max. connection limit.




Source:
http://download.verycd.com/easyMule-VeryCD-src.zip
ed2k://|file|easyMule-VeryCD-src-090515(%E6%BA%90%E4%BB%A3%E7%A0%81%E5%8C%85).zip|8454613|C37845A8E30E4901C559893B999560A6|/

BIN:
http://download.VeryCD.com/easyMule/easyMule-1.1.6-VeryCD090515.zip
Mirrors bin only: http://www.easymule.com

ed2k links:
ed2k://|file|easyMule-1.1.6-VeryCD090515.zip|4401618|C0F9E1897EFDC3E58BE2DEB480C43C77|/
ed2k://|file|easyMule-VeryCD-src-090515.zip|8454613|C37845A8E30E4901C559893B999560A6|/

Share Mirror Hosts:
Bin:
@brsbox | @mediafire | @uploaded.to
Source:
@brsbox | @mediafire | @uploaded.to

Homepage:

http://ww-in-f132.google.com/search?q=cache:http%3A//www.verycd.com/groups/eMuleBeta/673537.topic

other builds/versions:
http://ww-in-f132.google.com/search?q=cache:http%3A//www.verycd.com/groups/eMuleBeta/

My idea to improve:

same as light see here and easymule here
add upload priority to the front in shared window ( transfer window )
upload management / slot control ( from sivka mod maybe )
upload Boost levels incomplete (partfile) / rare / ...
powershare
drag 'n drop files/folder to share add to shared files window (from emule 0.49c)
fix traversal nat implementation // NeoMule (Xantos)

31 May 2009

UserScript URL Decoder Linkbee - Ads Web trash skipper added

6 comments

How to leech redirected and linkbee download url's effective
Result - All link ads removed :

How to leech redirected and short url's such as linkbee download links effective.

Sites which trash the web full of Ads on them links can be easier cleaned now.
Linkbee etc... Ads + cookie skip over the ads page to the direct link.

Inspiration: thanks to web49.sv14.net-housting.de for the demo links page and test support.

Credits:
- setomits TinyURL Decoder ( http://userscripts.org/scripts/show/40582 )
- Johannes la Poutre Patch / diffs ( http://userscripts.org/topics/24862 )

Download/Install Firefox Greasmonkey Userscript TinyURLEncoder with Linkbee patch:
40582.user.js | Mirror | Mirror | Mirror

Source code Download: 40582.user.txt | Mirror

+ You need Skip redirect ( redirect remover , ... )

Suggested to use: Skip Redirect By Kim A. Brandt ( http://userscripts.org/scripts/show/12295 )

+ Greasemonkey ( http://www.greasespot.net/ )

others to test: http://userscripts.org/tags/redirect?sort=installs | http://www.google.com/search?q=skip+redirect+userscript




Because it's your web and your browser


Leeching Websites (Downloads) with Crawler technology:
To get just Download links from all kinds of forum software attachments. host a php search spider like sphider. run the search engine spider over a domain e.g. with pattern to index follow only: /attachment*
You may remove in crawler scripts everything with robots and meta by some domains to skip robots.txt and metatags. Change the ua string id to a genuine one as by major search engines. Keyword: Crawler User-Agent String List ( http://www.botsvsbrowsers.com/category/1/index.html )

29 May 2009

eMule 0.49c StulleMule v6.2.Plus 27.05.09

4 comments

Engo3K +Features 27.05.09
----->
added clients share visibility
added unlimited search results
added +clients colors to design settings
added ipfilter_static.dat
changed reduce score for leechers to "0=0 Score", 10-100%->(100%=No Punish), Ban
fix language dll "geschwindigkeitsanzeige in der toolbar" ;-)
<-----
----->
added clientupload time for blocked clients [5-360] mins
changed filereasktime [21-55] mins
changed englisch feedback to Ultimativ-mod format (de)
changed language de_DE.dll
<-----
----->
added: choosable modstring
added: customable priority
added: upload priority in downloadlist
added: push part files
<----
removed: friends resrtictions
removed: powershare resrtictions
removed: Release Boost resrtictions for partfile
removed: PBF resrtictions
changed: SlotLimiter from min.60 to 1-255
changed: datarate pro client now
changed: leecher standard reduce score from 33% to 10%
added: don't remove spare trickle slot in uploadList (for use client datarate)
added: reasksingle client (downloadList)
added: Drop/Swap Client in Transfer Windows/to another File
added: Kick sngle client from upload
added: Kick all upload slots
added: ban client (all list)
added: clear banlist
added: push client to upload (queuelist)
added: unlimited slot
added: friend boost *200
added: Nick boost *200
added: multichunk transfer
added: antinick punish
added: antimod punish
added: queuerang full punish
added: Up2Mule
added: Show IP (ClientDetailDialog) ,IP ,UserNick ,UserHash ,Clienversion all copyable
added: active permission
added: see OnUploadqueue and feedback
added: colors for antinick/antimod/QR-full/Nick boost/unlimited slot

removed: Ultimativ as bad Nick/UltiMatic as bad mod
remowed: other release bad Mod/Nick's


Download:


ed2k: ed2k://|file|eMule0.49c.StulleMule.v6.2.Plus.27.05.09.rar|8057193|68E54B4EB12237B194178680DBCFA709|h=6A5SP4TOCCVUHW6V5NJV5RSI33TJJDCR|/

http: DDL

Very fast Mod in upload and download speed!

==================================================


AntiLeech DLP 3.7 (int. 3.9) - antiLeech Dynamic Link Library (DLL)

Releaser Mods Ban removed

Download DLL:
antiLeech.dll | Mirror
antiLeech.dll.new | Mirror

C++ 10 ( Visual Studio 2010 ) Source code: antileech-sources37.rar | Mirror

25 May 2009

eMule 0.49c ZZ-R V2.4 {false positive}

51 comments

ZZ-R V2.4

Changelog:
==========

25.05.2009
------------------------------------------------

+ AntiMod
+ Remove Bad Blockratio Clients
+ Ban Bad Modstring Scheme
+ AntiMod added to design-settings
+ Clients share visibility added to design-settings
+ Whois IP-Lookup | Web (disable to open your favorite url from menus)
+ Some fixes for Modeless Dialogs

!! Vor dem Start bitte die preferences.ini im config Ordner löschen um Probleme mit den geänderten Limits zu vermeiden !!
!! Before starting, please delete preferences.ini in the config folder to avoid problems with the new limits !!

Addendum 27.05.2009
==================================================
Download: {the included file emule.exe shows by some AV's a false positive alert}
eMule0.49c-ZZ-R_V2.4.rar | Mirror1 | Mirror2

official release
File: eMule0.49c-ZZ-R_V2.4.rar
CRC-32: ec8c26af
MD4: 6d27d3db51b14a67e9fe5cc46f446003
MD5: 3d0e74640741e8beab2fb93d12c23c83
SHA-1: 7303f6c3e2422c14e03ad7052ed3a6af4fe6ba2a

emule.exe
File: emule.exe
CRC-32: fb09fa31
MD4: 9fba8eff0177f0444e6953ed1e6aa7e5
MD5: e1d57c4ebc7349048baf5cfc81820b62
SHA-1: 9ece7e3fca37143e6d9bf58768372cad37813a9a






Update 28.05.2009
The false positive is corrected by Kaspersky AntiVirus with updates from 28.05.2009


F-Secure and Fortinet with latest definition updates from 28.05.2009 False Positive fixed too!
http://virusscan.jotti.org/de/scanresult/0aa52375d5cedf9890758162935766cab45b88a4
http://www.virustotal.com/de/analisis/40d0b7b0489750c32211ceda5e30aee15dd9929a01b119424fac7e838b60390f-1243528638

Users of the following AntiVirus Products may get a FALSE POSITIVE alert:
New K7AntiVirus shows now False Positive

User complain about virus alert

================================================

Today a clean in c++ coded Software Mod not packed or protected with any kind of exe packer/protectors shown a Trojan in some AV's. The Binary File should not be difficult for experts to do a deep analyze and correct the false positive.


... it looks like some AV's reference signatures to Kav and add itto them signature updates by imagebase/name/etc/...

Run any PE Optimizer/Trim on the emule.exe
Get a Picture:

http://www.virustotal.com/fr/analisis/d2f85947c58777c14e6f6e3929444a0eadfad0cba1a912cc7f53764c9b935def-1243412905


Fichier emule.exe reçu le 2009.05.27 08:28:25 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.05.27 -
AhnLab-V3 5.0.0.2 2009.05.27 -
AntiVir 7.9.0.168 2009.05.27 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.27 -
Avast 4.8.1335.0 2009.05.26 -
AVG 8.5.0.339 2009.05.27 -
BitDefender 7.2 2009.05.27 -
CAT-QuickHeal 10.00 2009.05.27 -
ClamAV 0.94.1 2009.05.27 -
Comodo 1203 2009.05.26 -
DrWeb 5.0.0.12182 2009.05.27 -
eSafe 7.0.17.0 2009.05.26 -
eTrust-Vet 31.6.6523 2009.05.27 -
F-Prot 4.4.4.56 2009.05.27 -
F-Secure 8.0.14470.0 2009.05.27 -
Fortinet 3.117.0.0 2009.05.27 -
GData 19 2009.05.27 -
Ikarus T3.1.1.57.0 2009.05.27 -
K7AntiVirus 7.10.745 2009.05.26 -
Kaspersky 7.0.0.125 2009.05.27 -
McAfee 5627 2009.05.26 -
McAfee+Artemis 5627 2009.05.26 -
McAfee-GW-Edition 6.7.6 2009.05.27 -
Microsoft 1.4701 2009.05.27 -
NOD32 4108 2009.05.27 -
Norman 6.01.05 2009.05.26 -
nProtect 2009.1.8.0 2009.05.27 -
Panda 10.0.0.14 2009.05.26 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.27 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.27 -
Sunbelt 3.2.1858.2 2009.05.27 -
Symantec 1.4.4.12 2009.05.27 -
TheHacker 6.3.4.3.332 2009.05.26 -
TrendMicro 8.950.0.1092 2009.05.27 -
VBA32 3.12.10.6 2009.05.27 -
ViRobot 2009.5.27.1756 2009.05.27 -
VirusBuster 4.6.5.0 2009.05.26 -
Information additionnelle
File size: 5906432 bytes
MD5 : 46882fdd186a19a6915a80ab0e0795fe
SHA1 : ed5f0097339987777579ed2c1158281b229aef77
SHA256: d2f85947c58777c14e6f6e3929444a0eadfad0cba1a912cc7f53764c9b935def
TrID : File type identification
Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
ssdeep: 98304:Fm4hC/3YxZTENGuCxMNbiNZn6/r2PmXPcP:FYqtb6/r2uXUP
PEiD : -
RDS : NSRL Reference Data Set
-

only trimmed/optimize PE exe and virus alerts gone.
Prove False Positive:
1. Download any PE Optimizer Keywords: PE Optimizer, Trim PE PETrim ...
for example: Bitsum PE Compact Free Version is ok http://www.bitsum.com/pecompact.shtml, only trim/optimize some with PE Rebuild/Optimizer/... with gui some in command line mod. http://upx.sourceforge.net/
2. on emule.exe apply the pe optimizer and set only trim/optimize (not compress)
3. scan file with virustotal.com : all engines show suddenly false positive is gone

4. a test on some AV's which was shown False Positive on MS C++ compiler output file emule.exe and the one who inspect from beginning the file while scanning already deep enough through the binary and don't shown a false positive:

emule.exe 5.63 MB (trim)
emule.exe 3.13 MB (UPX strip)
emule.exe 5.75 MB (upx decompr. w. PE Tools)

.. suggested to use HashFile to verify talking about the same files by Scan Results such as Hashtab, HashCheck


hmmm... sometimes some Antivirus are wrong. It should be clear to see that here is no Trojan or Virus in this file otherwise it will be in the file if Trim PE / upx and -de upx on emule.exe too. A Virus/Trojan can not get lost with the above procedure.

Further tests with Microsoft Network Monitor 3.3 in combination with Process Monitor v2.04 by monitoring and logging all traffic to/from emule.exe shown no suspicious Online activity other as official eMule 0.49c nor does a second hidden process start with it.

There are no Viruses or Trojans in morph4u mods, I'm sure morph4u cares about his software and users!


Remarks:
- server.met is from peerates service ( http://peerates.net/servers.php ) in the server window to update. The server.met is an older one which was up to date as the mod got coded, it shows later on an Australian P2P Research Server in the list with address ed2k://|server|202.3.54.54|1111|/ ( http://whois.domaintools.com/202.3.54.54 )
- if the above server is bad, the mod have under Options > Update > Security a protection with IP Filter.dat from http://downloads.sourceforge.net/scarangel/ipfilter.rar , you may remove this server from the svr list if it's a questionable ed2k server.

Ref:
Response from the Software Author of the eMule Mod see comments on my Blog also in several AntiVirus and Security Forums:
Kaspersky
Panda
A-Squared
F-secure

AV Firms have been informed to re-analysis and remove the wrong virus alerts, correction of the false positive which shown up by some AV scanners.

Danke

Archive