A forum for reverse engineering, OS internals and malware analysis 

Search found 140 matches

 Go to advanced search

Re: Fireball for ThreatFire

 by Jaxryley ¦  Sat Feb 12, 2011 12:41 pm ¦  Forum: Tools/Software ¦  Topic: Fireball for ThreatFire ¦  Replies: 4 ¦  Views: 16260

Liked the popup boxes from Fireball. :lol:

Re: RogueKiller

 by Jaxryley ¦  Tue Feb 08, 2011 10:08 pm ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

@Jaxryley, Yeah sure but the rogue stop roguekiller anyway so he can block it really, if the author have not done a feature for 'allow'. You can disarm this rogue family manually by going into Device Manager - System devices and Disabling "[cmz vmkd] Virtual Bus". Once that is disabled a scan with ...

Re: RogueKiller

 by Jaxryley ¦  Tue Feb 08, 2011 9:49 pm ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

Tigzy wrote: EDIT: Anyone got a sample of Windows problem detector?
Windows Wise Protection
Windows Problems Protector
Windows Problems Remover
Windows Software Guard
But no Windows Problem Detector as yet.
!http://www.mediafire.com/file/ud7zf017b ... ection.rar

Re: RogueKiller

 by Jaxryley ¦  Tue Feb 08, 2011 9:25 am ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

Thanks for posting Tigzy. 8-) Below is a recent installer for the rootkitted exe killing rogue "Internet Security 2011" if anyone would like to test against RogueKiller. InternetSecurity2011.exe - 6/42 - MD5 : c98538eb0b1e5597c0a000bd55c08147 http://www.virustotal.com/file-scan/report.html?id=8362be...

Re: Sandboxie Terminate Cmd

 by Jaxryley ¦  Tue Feb 08, 2011 12:22 am ¦  Forum: Tools/Software ¦  Topic: Sandboxie Terminate Cmd ¦  Replies: 5 ¦  Views: 7572

Reverting to a snapshot or deleting undo disks in MS Virtual PC then you lose any droppers that you may want to harvest. There are horses for different courses and I use both Sandboxie and MS VPC with it being easier to harvest any droppers from within the sandbox than looking throughout the whole s...

Sandboxie Terminate Cmd

 by Jaxryley ¦  Mon Feb 07, 2011 2:16 am ¦  Forum: Tools/Software ¦  Topic: Sandboxie Terminate Cmd ¦  Replies: 5 ¦  Views: 7572

A lot of those screenlockers/ransomewares still lock the screen up if run via Sandboxie needing a reboot to get back control of the machine. The malware is dead on reboot but to save a reboot and kill the sample without a reboot you could run the below batch file before executing any screenlockers v...

Re: RogueKiller

 by Jaxryley ¦  Mon Feb 07, 2011 1:05 am ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

With Internet Security 2011, took a few executions of RogueKiller and hitting "Dismiss" on the rogues warning RogueKiller was able to run and nullify it. RogueKiller V3.9.0 by Tigzy contact at !http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: !http://www.sur-la-toile.com/discussi...

Re: RogueKiller

 by Jaxryley ¦  Mon Feb 07, 2011 12:34 am ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

Installed Windows Problems Detector and RogueKiller failed on first execution but succeeded on the second attempt with the rogue not showing up on reboot. Malwarebytes is now able to run a quick scan to completion to clean up any dregs where a scan was terminated by the rogue when it was active. Rog...

RogueKiller

 by Jaxryley ¦  Sun Feb 06, 2011 2:52 am ¦  Forum: Tools/Software ¦  Topic: RogueKiller ¦  Replies: 12 ¦  Views: 17576

This little app seems to do very well against exe killing rogue AV's.

http://www.sur-la-toile.com/RogueKiller/

Re: Koob(face) of the week

 by Jaxryley ¦  Thu Jan 27, 2011 8:04 am ¦  Forum: Malware ¦  Topic: Koob(face) of the week ¦  Replies: 18 ¦  Views: 31595

!http://goldmaniac.com/.66x01w9/?getexe=fc.valls.exe !http://goldmaniac.com/.66x01w9/?getexe=jan32.exe !http://goldmaniac.com/.66x01w9/?getexe=rb.exe !http://goldmaniac.com/.66x01w9/?getexe=drk.exe drk.exe - 6/42 http://www.virustotal.com/file-scan/report.html?id=49e934fa8ad2aee0008cc46a5b53f2a3b8f...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 14