BOSCH Posted December 15, 2009 Share Posted December 15, 2009 My friends i have a problem!There are some days,which i try to reversing with olly and in every aplication the start assembly code is:0049596E > $- E9 8DA6B07F JMP 7FFA000000495973 . 68 20 7B 4A 0>ASCII "h {J",000495978 . 68 78 5D 49 0>ASCII "hx]I",0...When i recovery the windows everything it is ok,and in my reversing application the code is:PUSH EBPMOV EBP,ESP...I can't find which aplication causes it!Perhaps it is a virus?I check my pc with avast and malwarebytes,but everything it is ok!Thanks in advance! Link to comment Share on other sites More sharing options...
quosego Posted December 15, 2009 Share Posted December 15, 2009 That sounds like a virus.. One of those viruses that append themselves before every app. Quite annoying to get rid of. Also once found a virus the same way.. Might want to try a different virus checker.. Link to comment Share on other sites More sharing options...
xsp!d3r Posted December 15, 2009 Share Posted December 15, 2009 and or update your AV Link to comment Share on other sites More sharing options...
BOSCH Posted December 16, 2009 Author Share Posted December 16, 2009 (edited) Thank you my friend for your answers,but yesterday i recovery my windows again,and i install every aplication one by one and i found that for all this thing my problem was only one,but i can't believe it,ZONEALARM FIREWALL the last version!Now if can someone tell me why i would like to know! Edited December 16, 2009 by BOSCH Link to comment Share on other sites More sharing options...
Kpoch Posted January 7, 2010 Share Posted January 7, 2010 thats why i just use Windows Firewall Link to comment Share on other sites More sharing options...
TMM Posted January 14, 2010 Share Posted January 14, 2010 A hint. Years ago I was known for cracking boxes with ZoneAlarm on them, and changing the filename to "zoneHAHAHAlarm.exe". There's been a massive spate of backdoors via ZoneAlarm, Norton, Adobe and other stuff (check vulpen.com). Windows Firewall does a pretty fair job I will say. Personaly i'm using Comodo firewall and Avast to check files (i've had to send a few into them because it did'nt pick them up, overall it's not so paranoid "This file was compressed, it's a virus!" gah !). Just for sport - AVG had an interesting feature for XP, if you tried the 60 day trial and uninstalled it, it'd continuously reboot your system. As for the initial problem - the entry point seems VERY obfuscated if you get that on EVERY programme. Some firewalls "use" malware-like code because "you are not meant to be reversing engineering". Maybe ZoneAlarm now hooks proggies before execution and redirects them - not sure but I would not be surprised. And i'm not about to install ZoneAlarm either Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now