Jump to content
Tuts 4 You

Actual Virus


Recommended Posts

I think we have actuall Virus in download sections on the front page. Im not sure which it was, but I think it FishPE, but could be PlutoCrypt, StarForce 4.7, Cryptic 2.1. I wasnt doing anything but downloading some unpackmes. Just beware when checking one of these files. Good old anti-virus caught it after I turned it back on 3 sec later.

Edited by What
Link to comment

Yeah I know that sometimes they come up with false positive, thats why I ran it without antivirus on, however this wasnt one. The file that came out of it was called Mdn.exe, look it up, it kills your task manager, then runs on start up, the file is written to system32 folder.

Edit in: I did a scan at virus total of the the two I suspected the most FishPE 12/32 (37.5%), and the other one has to be one because I took the file from the Windows directory after I ran Pluto crypt My antivirus went off saying UPX.exe, I scanned that file and with these results 21/32 (65.63%). Almost every major av but mcafee detected that one. Not waht i was looking for so may have 2 different ones.

Edited by What
Link to comment

Actually that isn't a virus it is one of the options in one of the packers. I can't recall exactly which one it was right now but if you want confirmation let me know and I'll look it up. It deletes the Task Manager entry.

I don't release unpackme's with trojans or virus's in them - at least not so far. One packer... well a binder to be more exact which, I am aware of as being bad is PowerCrypt:

http://www.tuts4you.com/forum/index.php?showtopic=13733

I avoided binding anything with that however its a binder and I don't create unpackme's of binders for obvious reasons... :)

Ted.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...