BOSCH Posted December 15, 2009 Posted December 15, 2009 My friends i have a problem!There are some days,which i try to reversing with olly and in every aplication the start assembly code is:0049596E > $- E9 8DA6B07F JMP 7FFA000000495973 . 68 20 7B 4A 0>ASCII "h {J",000495978 . 68 78 5D 49 0>ASCII "hx]I",0...When i recovery the windows everything it is ok,and in my reversing application the code is:PUSH EBPMOV EBP,ESP...I can't find which aplication causes it!Perhaps it is a virus?I check my pc with avast and malwarebytes,but everything it is ok!Thanks in advance!
quosego Posted December 15, 2009 Posted December 15, 2009 That sounds like a virus.. One of those viruses that append themselves before every app. Quite annoying to get rid of. Also once found a virus the same way.. Might want to try a different virus checker..
BOSCH Posted December 16, 2009 Author Posted December 16, 2009 (edited) Thank you my friend for your answers,but yesterday i recovery my windows again,and i install every aplication one by one and i found that for all this thing my problem was only one,but i can't believe it,ZONEALARM FIREWALL the last version!Now if can someone tell me why i would like to know! Edited December 16, 2009 by BOSCH
TMM Posted January 14, 2010 Posted January 14, 2010 A hint. Years ago I was known for cracking boxes with ZoneAlarm on them, and changing the filename to "zoneHAHAHAlarm.exe". There's been a massive spate of backdoors via ZoneAlarm, Norton, Adobe and other stuff (check vulpen.com). Windows Firewall does a pretty fair job I will say. Personaly i'm using Comodo firewall and Avast to check files (i've had to send a few into them because it did'nt pick them up, overall it's not so paranoid "This file was compressed, it's a virus!" gah !). Just for sport - AVG had an interesting feature for XP, if you tried the 60 day trial and uninstalled it, it'd continuously reboot your system. As for the initial problem - the entry point seems VERY obfuscated if you get that on EVERY programme. Some firewalls "use" malware-like code because "you are not meant to be reversing engineering". Maybe ZoneAlarm now hooks proggies before execution and redirects them - not sure but I would not be surprised. And i'm not about to install ZoneAlarm either
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now