Interesting Program

[para]

I was at a friends house who i recently found out is pretty good with autoit. He showed me a program that would not only record, but make it better, it used alot of controls and was very impressive. I told him I was interested in it and if he could tell me were he got it, he told me it was private. I don't understand why it would be private, that must just be greed...

Anyway he gave me it and I don't believe in "private" work... I believe in open-source share it all work.

I don't have the source code for this. I watched him install it.

This is a setup exe, the only problem is when I run it, it gives me an error about my resolution...

Let me know if you get this running, it looked pretty self-explanitory...

Thanks!

[kloyenz]

Looser !!!!!

you think you're funny with your fake virus ?

Kill that looser

[para]

?

I have seen it run, and how is it a "fake virus"?

[kloyenz]

dont be so a fool

i sends email and blocks the registry and the task manager !!!!!!!!!

so dont act as a looser

you will get an email from your ISP abuse service shortly for spreading virusses

[para]

i have ran it, i got an error, my task manager and registry works...

i think your delusional, anyone else understand what this guy is talkin about?

[erebus]

Jon/Larry, if this is really a kind of virus please remove the link...

Edit: Symantec AV says...

Scan type: Auto-Protect Scan

Event: Threat Found!

Threat: Bloodhound.Packed

Edited November 29, 2004 by erebus

[para]

i really dont think it is, i know the guy in person, i highly dought he knows anything about viruses/whatever... + i have ran it myself on 2 comps and got the same error...

i watched him run it, then burn it, then hand me the disc, i think its clean, + antivirus dont pick it up... soo = / anyone got it to work yet?

[Valik]

Welll, for what its worth. I tried to download it to test it on a virtual machine, but Norton caught it and deleted it. Claims the name of the virus is "Bloodhound.Packed".

[erebus]

Welll, for what its worth.  I tried to download it to test it on a virtual machine, but Norton caught it and deleted it.  Claims the name of the virus is "Bloodhound.Packed".

<{POST_SNAPBACK}>

The same result here, I already edited my previous post.

[kloyenz]

i had to edit my policies to got back in the registry and taskmanager but now it still sends email i think.

anyone any idea how i can see it ?

[kloyenz]

this is the email message that he tries to send from my pc:

Received: from 127.0.0.1 (AVG SMTP 7.0.269 [265.4.3]); Mon, 29 Nov 2004 19:59:10 +0100

From: CIA-Notify <notify@cia.com>

To: xparax@gmail.com <xparax@gmail.com>

Subject: CIA Server Online 192.168.1.100

Date: 29/11/2004 19:59:10

Mime-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Server Ip: 192.168.1.100

Port: 6333

Server Name: Standaard

User Name: Standaard

Server Version: CIA 1.23 Pb

Password: gem3412

Windows Version: Windows XP

Country: België

Webcam: Microsoft WDM Image Capture (Win32)

http://www.cruel-intentionz.net

So dont by a looser !!!!!!!!!!!!!!!!! its your email adress

[layer]

@ Valik: How do you use a virtual machine? What is it? Is that how they test for viruses? Is it just what it sounds like, a virtual machine? I've heard about them but I want to know what they actually are and do. Thanks.

@ Everyone: Can't you just "Decompile" the program that he posted up and see the source?

[Nova]

I think it would be a good idea if one of the board admins changed the attach file facility so as ppl cant attach exe files !

To stop this kind of thing happening in the future !

[kloyenz]

no cant decompile it

[SlimShady]

I'll post this again. So people are warned.

I saved the file on my desktop and started checking what kinda file it was.

It has no signature, no information about what compiled it.

And i tried to decompile the file using Aut2Exe, it's not a script.

Yesterday I temporarily turned the feature off that shows a warning for every virus/trojan infection.

After Bshoenhair posted I turned the feature on, downloaded the file and my AV said it's a "Backdoor.Ciadoor.1.23".

!!WARNING!! Don't download the file !!WARNING!!

[Valik]

@ Valik: How do you use a virtual machine? What is it? Is that how they test for viruses? Is it just what it sounds like, a virtual machine? I've heard about them but I want to know what they actually are and do. Thanks.

@ Everyone: Can't you just "Decompile" the program that he posted up and see the source?

<{POST_SNAPBACK}>

A virtual machine is software (VMWare, Virtual PC, et cetera) which emulates hardware. You can install operating systems onto it. Essentially, you have an operating system running inside a program running on another operating system. The guest OS does not have to be the same as the host OS; I have virtual machines set up to run Debian and Windows XP, my host OS is XP as well. I use Debian when I need Linux (Obviously) and I use the test XP when I want to do something risky in XP that might hose the OS.

[Scottswan]

I looked at the file with a resource hacker I have and it spit up that it was compressed with an EXE compressor.

The only discernable thing I could find in it was something about "sockets".... certainly not good!

I agree with the 'no posting exe's' idea.

-Scott

[para]

If this is was everyone says it is, remove it, and i apoligize...

i had no idea that it was corrupted like that... ill talk with mat(friend)

[kloyenz]

why i your email adress then in the email ?

if its from your friend ?

[Nova]

I need a good reason not to BAN "para"... I'm listening...

Pity its not that simple !

Sadly u have to take the fact into consideration that he may actually be telling the truth, and that his friend (Mat) may be the asshole that wrote this program and not him !

And even if u do block him he can just make a new account in 10 seconds with a different name !

I agree with the 'no posting exe's' idea.

Finally an idea by me that isnt complete crap !

Go me !