Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 09-14-2010, 09:53 PM
pipsqueek pipsqueek is offline
Member
 
Join Date: Sep 2010
Posts: 10
Default Still no luck

I have tried all the methods described here and they work on Windows 7 and XP 32 bit great but Windows 7 64 bit just will not allow the driver to be installed. All devcon variants crap out. I even tried installing in test mode to no avail.
Interestingly enough I tried to install in safe mode and command prompt actually stated it had installed but on review of device manager it had the damned exclamation mark on it.

Thanks for the help but its time to give up trying, there are other things in life
Reply With Quote
  #12  
Old 09-14-2010, 11:08 PM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Surely there r many other things in life but u have to try till u suceed
think frm every aspect of it...
Meanwhile try installing original dongle drivers and restart...yellow exclamation mark says drives not installed
Reply With Quote
  #13  
Old 09-14-2010, 11:22 PM
pipsqueek pipsqueek is offline
Member
 
Join Date: Sep 2010
Posts: 10
Default Step back and smell the coffee.

I will surely try again.

Sometimes when things don't work out its good to take a break and do some more reading.
Reply With Quote
  #14  
Old 09-15-2010, 02:12 AM
narciszu narciszu is offline
Senior Member
 
Join Date: Apr 2008
Location: r0m4n14
Posts: 77
Default

raapi, I don't want to argue with anybody. I say just what I noticed about that file. And I'm not alone. WhiteBoroda noticed that too.
Look this:

And this:

And maybe another ANTIV find that.

On the other hand, properties of the files are:
Quote:
Original file:
SIZE: 241,664 bytes and DATE: ‎January ‎19, ‎2007
Your file:
SIZE: 270,336 bytes and DATE: ‎January ‎19, ‎2007
Size is not the same but the date it is.

More INFO about this kind of infection:
Quote:
Discovered: February 4, 2009
Updated: February 4, 2009 6:14:14 PM
Also Known As: W32/Virut.n [McAfee], PE_VIRUX.A [Trend]
Type: Virus
Infection Length: 17,044 bytes
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

When the virus executes, it attempts to infect any file accessed with the following extensions:

.exe
.scr


The threat does not infect files starting with the following strings:

OTSP
WC32
WCUN
WINC


The virus also attempts to infect files with the following extensions by injecting an iframe in to the body of each file:

.htm
.html
.php
.asp


The above iframe redirects the browser on the computer to the following location:
[http://]ZieF.pl/r[REMOVED]

It creates the following event so that only one instance of the threat is running on the compromised computer:
Vx_5

The virus then modifies the hosts file by prepending the following strings to its body:
127.0.0.1 ZieF.pl
#

It then opens a back door by joining a channel controlled by a remote attacker on one of the following IRC servers:

irc.zief.pl on TCP port 80
proxim.ircgalaxy.pl on TCP port 80


The remote attacker may use the following nick name:
[EIGHT RANDOM CHARACTERS]

It may use the following registry entry in binary format in order to decode an unknown server name and port number:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\"UpdateHost" = "[BINARY VALUE]"

The threat disables Windows File Protection in order to infect files on the computer.

It also modifies the following registry subkey in order to add a firewall exception:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List

The virus also attempts to download files on the compromised computer.
AND here, http://www.symantec.com/content/en/u...s/FixVirut.com you can find a removal tool.

And YES, maybe all the files on the internet are infected, including my files. Everyone is free to choose how to protect.

Have a nice day !

Last edited by narciszu : 09-15-2010 at 03:35 AM.
Reply With Quote
  #15  
Old 09-15-2010, 02:48 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

@raapi brother ur file is infected with virus.
scan with online virus scanner http://www.virustotal.com
Reply With Quote
  #16  
Old 09-15-2010, 03:24 AM
Trit0n Trit0n is offline
Senior Member
 
Join Date: Feb 2008
Posts: 114
Default

@ALL JOKERS
This is the orignal from the EDGE team:
http://rapidshare.com/files/41913960...-Edge.rar.html
(No virus)
Reply With Quote
  #17  
Old 09-15-2010, 04:12 AM
raapi raapi is offline
Member
 
Join Date: Dec 2008
Posts: 19
Default

Quote:
Originally Posted by pipsqueek View Post
... but its time to give up trying...
Don't give up mate!
lets look at the steps:
1. did you sign the multikey.sys in your multikey folder BEFORE you installed it?
2. did you enable "test mode"? - it wont work otherwise.
3. did you install the Sentinel drivers v7.6.1? - try to uninstall them, then use ssdcleanup tool (download from safe-net page), reboot and install again.
4. after installing multikey you need to reboot.

PS. I changed the SENTEMUL2007.exe in program pack with the one Trit0n posted (thanks!).
Also doing a deep scan to my PC, if you were right, my apologies to you all!
Thank you.

Last edited by raapi : 09-15-2010 at 04:31 AM.
Reply With Quote
  #18  
Old 09-15-2010, 05:13 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

nevermind rappi don't change the sentemul2007 provided by triton it is a buggy version it has bug regarding some drivers team edges provided new with bug fixed
it has bug that was querying cell<08
Reply With Quote
  #19  
Old 09-15-2010, 05:29 AM
raapi raapi is offline
Member
 
Join Date: Dec 2008
Posts: 19
Default

Ok, changed and uploaded, again, the SentEmul2007 to original EDGE FIXED release in program pack. That's the original untouched sc*ne release.

Last edited by raapi : 09-15-2010 at 05:32 AM.
Reply With Quote
  #20  
Old 09-15-2010, 03:03 PM
pipsqueek pipsqueek is offline
Member
 
Join Date: Sep 2010
Posts: 10
Default At last!!!!

I want to thank the other members for prodding me with the proverbial pointed stick.
I did some more reading and came up with this working scenario.

1. Disable and turn off UAC

Control Panel-User Accounts and Family Safety-User Accounts-Change Use Account Control Settings-Move Slider to "Never Notify"
REBOOT!!

2. Disable Digital Driver Signing using command prompt with admin rights.

Type in the following 2 separate commands:

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

bcdedit.exe -set TESTSIGNING ON

REBOOT!!!

3. Install Multikey in command prompt with admin rights.

Move to Multikey directory (c:\Multikey)

Input the following command:

devcon install multikey.inf root\multikey

Dos window should state this was successfull.

REBOOT!!

4. Digitally sign the installed driver using DSEO13b

(c:\windows\system 32\drivers\multikey.sys)

REBOOT!!

Should now be working

It is important to note that all Command Prompt windows and DSEO13b are activated with Administration Rights!!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.