Jump to content
Tuts 4 You

uPPP v0.7 RTM


Ufo-Pu55y

Recommended Posts

  • 2 weeks later...

AV DrWeb report uPPP.exe infected with Trojan.Download2.41068

You can make open weblink to down net. 2.0. i't will be more user frendly. Also there is exist more high versions of net.

Also i can't run it at xp sp 3


/>http://tinypic.com/r/149nb6/5

at w7 running ok.

Edited by tam-tam
Link to comment
AV DrWeb report uPPP.exe infected with Trojan.Download2.41068

Online check doesn't say so about DrWeb.

And I highly doubt that your uPPP.exe would run at all,

if it was infected on your machine for some reason.


VirSCAN.org Scanned Report :
Scanned time : 2012/02/26 15:27:11 (CET)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : uPPP.exe
File Size : 2657792 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono
MD5 : aa4e25f93abe92b7eb3a4c485c9bfd2b
SHA1 : ae998489f5eda96860ab56544021158db027bba4
Online report : http://r.virscan.org/67a85c75d4804a4496606a3cc7e7dc00
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120225211656 2012-02-25 0.43 -
AhnLab V3 2012.02.26.00 2012.02.26 2012-02-26 2.93 -
AntiVir 8.2.8.44 7.11.21.199 2012-01-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.18 -
Arcavir 2011 201202170436 2012-02-17 3.91 -
Authentium 5.1.1 201202251833 2012-02-25 1.59 -
AVAST! 4.7.4 120226-2 2012-02-26 0.57 -
AVG 12.0.1782 2114/4832 2012-02-25 0.34 -
BitDefender 7.90123.7232898 7.41141 2012-02-25 3.65 -
ClamAV 0.97.3 14529 2012-02-26 1.25 -
Comodo 5.1 11622 2012-02-26 2.29 -
CP Secure 1.3.0.5 2012.02.26 2012-02-26 0.55 -
Dr.Web 7.0.0.11250 2012.02.24 2012-02-24 13.52 -
F-Prot 4.6.2.117 20120225 2012-02-25 0.94 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 2.41 -
Fortinet 4.3.388 15.246 2012-02-25 0.30 -
GData 22.3982 20120226 2012-02-26 5.00 -
ViRobot 20120225 2012.02.25 2012-02-25 0.43 -
Ikarus T3.1.32.20.0 2012.02.26.80576 2012-02-26 5.10 -
JiangMin 13.0.900 2012.02.25 2012-02-25 2.95 -
Kaspersky 5.5.10 2012.02.24 2012-02-24 0.30 -
KingSoft 2009.2.5.15 2012.2.26.9 2012-02-26 1.31 -
McAfee 5400.1158 6631 2012-02-25 9.89 -
Microsoft 1.8101 2012.02.26 2012-02-26 3.41 -
NOD32 3.0.21 6841 2012-01-30 0.18 -
Panda 9.05.01 2012.02.25 2012-02-25 2.51 -
Trend Micro 9.500-1005 8.802.03 2012-02-25 0.20 -
Quick Heal 11.00 2012.02.25 2012-02-25 1.85 -
Rising 20.0 23.98.04.02 2012-02-24 4.09 -
Sophos 3.28.1 4.74 2012-02-26 5.03 -
Sunbelt 3.9.2527.2 11592 2012-02-25 1.56 -
Symantec 1.3.0.24 20120225.008 2012-02-25 0.83 -
nProtect 20120225.01 11243173 2012-02-25 1.27 -
The Hacker 6.7.0.1 v00412 2012-02-25 0.63 -
VBA32 3.12.16.4 20120224.1216 2012-02-24 4.39 TrojanDownloader.CodecPack.andr
VirusBuster 5.4.1.7 14.1.236.0/79863632012-02-25 0.21 -
Link to comment

i talk about http://forum.tuts4yo...&attach_id=6843

from 1st page.

uPPP.v0.7.7z

426f68ed3c02292054540cb2749a8003 *uPPP.v0.7.7z

uPPP.exe

8088f36851f4b66c36135d8e50e27193 *uPPP.exe

http://online.drweb.com/

uPPP.exe infected with Trojan.DownLoad2.41068

or

virustotal

eSafe Suspicious File

McAfee Artemis!8088F36851F4

McAfee-GW-Edition Artemis!8088F36851F4

VBA32 TrojanDownloader.CodecPack.andr

+drweb

you talking about anoter build with

MD5 : aa4e25f93abe92b7eb3a4c485c9bfd2b

Edited by tam-tam
Link to comment

Ok, you're right. It's not that I don't believe you. smile.png

But just look at this:

http://r.virscan.org...2155ea00fd.html

Supposedly also done by an up-to-date Dr.Web on the same binary.

I'm not bashing on scanners (I'm using one myself),

but the only thing that we learn in this is to not trust in scanners anyway.

Also it casts a poor light on Dr. Web in this case, since giving false positives

on .NET binaries still might be kinda lame nowadays (at least some bashing ^^).

Link to comment
  • 2 weeks later...
how can i resolve this error

That's weird. What AV or security tools do you use?

Looks like something's grabbing the new EXE immediately.

/EDIT:

"ProcMon" might help to find the 'another process'..

Edited by Ufo-Pu55y
Link to comment

MSE (Microsoft Security Essentials)

Nope, M$E is "ok". I'm using it at work myself (in order to get rid of admin terms like KAV sick.gif).

I seriously don't know wtf might lock the created patch on your box.

Simply run "ProcMon" (or any other tool with balls) in the background

to see your global file actions when you're creating the patch.exe.

Link to comment
  • 2 weeks later...

how to skip the adreess if not found?

example:

Untitled-3.jpg

if address 1 NOT FOUND then skip to adress 2 but not failed

if address 2 FOUND then patch successfull not failed

if address 1 n 2 NOT FOUND patch failed

diabloo2oo2 (DUP2) can do this

sorry my english is not good

Edited by andrextrap
Link to comment

Hi,

in uPPP you can "skip" a full S+R patch entry instead.

Simply do it like this:

post-20979-0-26054900-1332148074.png

-in the first S+R patch do your search for "1BC04089.."

-in the second S+R patch do your search for "1BF65246.."

-uncheck the first S+R patch in the list (screenshot)

In the manual it's called grouping.. check it out.

At least 1 patch of such a group has to be successful.

Link to comment
  • 4 months later...
SaadCrackz™

What we really need is support for a release info box.

If you just add it uPPP will become the best patch maker

and also in the offset patch dialog can you pls add a dont check original old bytes option pls

when will version 0.9 come

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...