Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

What hell has happend?

BOSCH
BOSCH
in Malware Reverse Engineering

Featured Replies

Posted

My friends i have a problem!There are some days,which i try to reversing with olly and in every aplication the start assembly code is:

0049596E > $- E9 8DA6B07F JMP 7FFA0000

00495973 . 68 20 7B 4A 0>ASCII "h {J",0

00495978 . 68 78 5D 49 0>ASCII "hx]I",0...

When i recovery the windows everything it is ok,and in my reversing application the code is:

PUSH EBP

MOV EBP,ESP...

I can't find which aplication causes it!Perhaps it is a virus?I check my pc with avast and malwarebytes,but everything it is ok!

Thanks in advance!

That sounds like a virus.. One of those viruses that append themselves before every app.

Quite annoying to get rid of. Also once found a virus the same way..

Might want to try a different virus checker..

and or update your AV

  • Author

Thank you my friend for your answers,but yesterday i recovery my windows again,and i install every aplication one by one and i found that for all this thing my problem was only one,but i can't believe it,ZONEALARM FIREWALL the last version!Now if can someone tell me why i would like to know! :confused:

Edited by BOSCH

  • 3 weeks later...

thats why i just use Windows Firewall

A hint. Years ago I was known for cracking boxes with ZoneAlarm on them, and changing the filename to "zoneHAHAHAlarm.exe". There's been a massive spate of backdoors via ZoneAlarm, Norton, Adobe and other stuff (check vulpen.com).

Windows Firewall does a pretty fair job I will say. Personaly i'm using Comodo firewall and Avast to check files (i've had to send a few into them because it did'nt pick them up, overall it's not so paranoid "This file was compressed, it's a virus!" gah !).

Just for sport - AVG had an interesting feature for XP, if you tried the 60 day trial and uninstalled it, it'd continuously reboot your system.

As for the initial problem - the entry point seems VERY obfuscated if you get that on EVERY programme. Some firewalls "use" malware-like code because "you are not meant to be reversing engineering". Maybe ZoneAlarm now hooks proggies before execution and redirects them - not sure but I would not be surprised. And i'm not about to install ZoneAlarm either ;)

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.