Actual Virus

[What]

I think we have actuall Virus in download sections on the front page. Im not sure which it was, but I think it FishPE, but could be PlutoCrypt, StarForce 4.7, Cryptic 2.1. I wasnt doing anything but downloading some unpackmes. Just beware when checking one of these files. Good old anti-virus caught it after I turned it back on 3 sec later.

Edited October 25, 2007 by What

[syk071c]

have you tried scanning the file at virus total a lot of anti-virus come up with false positives sometimes..?

[What]

Yeah I know that sometimes they come up with false positive, thats why I ran it without antivirus on, however this wasnt one. The file that came out of it was called Mdn.exe, look it up, it kills your task manager, then runs on start up, the file is written to system32 folder.

Edit in: I did a scan at virus total of the the two I suspected the most FishPE 12/32 (37.5%), and the other one has to be one because I took the file from the Windows directory after I ran Pluto crypt My antivirus went off saying UPX.exe, I scanned that file and with these results 21/32 (65.63%). Almost every major av but mcafee detected that one. Not waht i was looking for so may have 2 different ones.

Edited October 16, 2007 by What

[Teddy Rogers]

Actually that isn't a virus it is one of the options in one of the packers. I can't recall exactly which one it was right now but if you want confirmation let me know and I'll look it up. It deletes the Task Manager entry.

I don't release unpackme's with trojans or virus's in them - at least not so far. One packer... well a binder to be more exact which, I am aware of as being bad is PowerCrypt:

http://www.tuts4you.com/forum/index.php?showtopic=13733

I avoided binding anything with that however its a binder and I don't create unpackme's of binders for obvious reasons...

Ted.