[shellcode4fun]

Hello everybody!

I see many users interested in this classic anti-executable called EXE Radar Pro, developed by NoVirusThanks company srl.

I analyzed a bit this software and, despite what it should be able to do (prevent any executable from running), it actually contains several design bugs that compromise the effectiveness of this security tool.

I have uploaded a video showing how a simple exploit using specific shellcode I've written can effectively bypass EXE Radar Pro. Link to the video is the following: http://www.youtube.com/watch?v=5KXbnIhhODc . Hope you'll enjoy it.

Keep up the good work kernelmode.info board!

[Buster_BSA]

Send your findings to the developer so he can fix the problems you found.

[shellcode4fun]

I tried to write on their thread on Wilders Security but they don't allow me to write a post, so they clearly don't care :roll:

[DerW]

You could also write them a mail, they have a contact page: http://www.novirusthanks.org/contacts/
The Wilders Security thread wasn't even created by one of them from what I can see (the poster "novirusthanks" only joins the discussion a few posts later).

[Buster_BSA]

Send a mail to info@novirusthanks.org

Roberto Melacci is a nice guy.

[shellcode4fun]

I've just seen the new update to the build 2.6.6.0. Change log is:

[29-08-2012] v2.6.6.0
+ Fixed refreshing of processes in x86 version when "Processes" tab is opened
+ Fixed IE problem that allowed it to start a process if "Auto-Allow System Processes" was checked

Looks like that there was at least another serious vulnerability as written in the change log. Anyway, it wasn't the one I'm exploiting. A new video with the build 2.6.6.0 tested: http://www.youtube.com/watch?v=8_frYKeTllA

I've received a question about testing the exploit after disabling the "Auto allow system processes" option. I already recorded the video before reading the question, so I couldn't record it again as well, anyway disabling such option doesn't stop my exploit from executing the trojan ;)