Sign in to follow this  
Followers 0
para

Interesting Program

39 posts in this topic

I was at a friends house who i recently found out is pretty good with autoit. He showed me a program that would not only record, but make it better, it used alot of controls and was very impressive. I told him I was interested in it and if he could tell me were he got it, he told me it was private. I don't understand why it would be private, that must just be greed...

Anyway he gave me it and I don't believe in "private" work... I believe in open-source share it all work.

I don't have the source code for this. I watched him install it.

This is a setup exe, the only problem is when I run it, it gives me an error about my resolution...

Let me know if you get this running, it looked pretty self-explanitory...

Thanks!


Share this post


Link to post
Share on other sites



Looser !!!!!

you think you're funny with your fake virus ?

Kill that looser

Share this post


Link to post
Share on other sites

?

I have seen it run, and how is it a "fake virus"?


Share this post


Link to post
Share on other sites

dont be so a fool

i sends email and blocks the registry and the task manager !!!!!!!!!

so dont act as a looser

you will get an email from your ISP abuse service shortly for spreading virusses

Share this post


Link to post
Share on other sites

i have ran it, i got an error, my task manager and registry works...

i think your delusional, anyone else understand what this guy is talkin about?


Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Jon/Larry, if this is really a kind of virus please remove the link...

Edit: Symantec AV says...

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Bloodhound.Packed

Edited by erebus

Share this post


Link to post
Share on other sites

i really dont think it is, i know the guy in person, i highly dought he knows anything about viruses/whatever... + i have ran it myself on 2 comps and got the same error...

i watched him run it, then burn it, then hand me the disc, i think its clean, + antivirus dont pick it up... soo = / anyone got it to work yet?


Share this post


Link to post
Share on other sites

Welll, for what its worth. I tried to download it to test it on a virtual machine, but Norton caught it and deleted it. Claims the name of the virus is "Bloodhound.Packed".

Share this post


Link to post
Share on other sites

Welll, for what its worth.  I tried to download it to test it on a virtual machine, but Norton caught it and deleted it.  Claims the name of the virus is "Bloodhound.Packed".

<{POST_SNAPBACK}>

The same result here, I already edited my previous post.

Share this post


Link to post
Share on other sites

i had to edit my policies to got back in the registry and taskmanager but now it still sends email i think.

anyone any idea how i can see it ?

Share this post


Link to post
Share on other sites

this is the email message that he tries to send from my pc:

Received: from 127.0.0.1 (AVG SMTP 7.0.269 [265.4.3]); Mon, 29 Nov 2004 19:59:10 +0100

From: CIA-Notify :) <notify@cia.com>

To: xparax@gmail.com <xparax@gmail.com>

Subject: CIA Server Online 192.168.1.100

Date: 29/11/2004 19:59:10

Mime-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Server Ip: 192.168.1.100

Port: 6333

Server Name: Standaard

User Name: Standaard

Server Version: CIA 1.23 Pb

Password: gem3412

Windows Version: Windows XP

Country: België

Webcam: Microsoft WDM Image Capture (Win32)

http://www.cruel-intentionz.net

So dont by a looser !!!!!!!!!!!!!!!!! its your email adress

Share this post


Link to post
Share on other sites

@ Valik: How do you use a virtual machine? What is it? Is that how they test for viruses? Is it just what it sounds like, a virtual machine? I've heard about them but I want to know what they actually are and do. Thanks.

@ Everyone: Can't you just "Decompile" the program that he posted up and see the source?


FootbaG

Share this post


Link to post
Share on other sites

I think it would be a good idea if one of the board admins changed the attach file facility so as ppl cant attach exe files !

To stop this kind of thing happening in the future ! :)

Share this post


Link to post
Share on other sites

no cant decompile it

Share this post


Link to post
Share on other sites

I'll post this again. So people are warned.

I saved the file on my desktop and started checking what kinda file it was.

It has no signature, no information about what compiled it.

And i tried to decompile the file using Aut2Exe, it's not a script.

Yesterday I temporarily turned the feature off that shows a warning for every virus/trojan infection.

After Bshoenhair posted I turned the feature on, downloaded the file and my AV said it's a "Backdoor.Ciadoor.1.23".

!!WARNING!! Don't download the file !!WARNING!!

Share this post


Link to post
Share on other sites

@ Valik: How do you use a virtual machine? What is it? Is that how they test for viruses? Is it just what it sounds like, a virtual machine? I've heard about them but I want to know what they actually are and do. Thanks.

@ Everyone: Can't you just "Decompile" the program that he posted up and see the source?

<{POST_SNAPBACK}>

A virtual machine is software (VMWare, Virtual PC, et cetera) which emulates hardware. You can install operating systems onto it. Essentially, you have an operating system running inside a program running on another operating system. The guest OS does not have to be the same as the host OS; I have virtual machines set up to run Debian and Windows XP, my host OS is XP as well. I use Debian when I need Linux (Obviously) and I use the test XP when I want to do something risky in XP that might hose the OS.

Share this post


Link to post
Share on other sites

I looked at the file with a resource hacker I have and it spit up that it was compressed with an EXE compressor.

The only discernable thing I could find in it was something about "sockets".... certainly not good!

I agree with the 'no posting exe's' idea.

-Scott

Share this post


Link to post
Share on other sites

If this is was everyone says it is, remove it, and i apoligize...

i had no idea that it was corrupted like that... ill talk with mat(friend)


Share this post


Link to post
Share on other sites

why i your email adress then in the email ?

if its from your friend ?

Share this post


Link to post
Share on other sites

I need a good reason not to BAN "para"... I'm listening...

Pity its not that simple !

Sadly u have to take the fact into consideration that he may actually be telling the truth, and that his friend (Mat) may be the asshole that wrote this program and not him ! :)

And even if u do block him he can just make a new account in 10 seconds with a different name ! :)

I agree with the 'no posting exe's' idea.

Finally an idea by me that isnt complete crap !

Go me ! ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0