electroglyph

I like to think i'm fairly computer literate. I'm an amateur coder and I like to dabble in reverse engineering. I'm one of those guys that doesn't run antivirus and instead relies on common sense + VirusTotal. Lately I've been seeing some crazy smart trojans. I come across all my potential trojans on P2P. It used to be pretty simple to ID them. You download an app and it's by some no-name group and doesn't even function. Guaranteed trojan, right? You submit it to VirusTotal and get 10 hits. Nowadays you download your app and do some basic recon. Your PEiD database turns up no known packer. There seems to be a semi-legit NFO file. Execute it in virtual machine and it works perfectly. Run IceSword and everything's fine. Submit it to VirusTotal and it's 100% clean. BUT within 5 minutes you're running a clandestine HTTP server that's dishing out malware. In the past couple months I've discovered several trojans that are 100% undetectable by VirusTotal. More advanced real-time behavioral analysis might be more effective, might not. They seem to be undetectable for 2 reasons: hexing and really good packing. Amateurs who didn't bother hexing in the past are now figuring out the AV signatures in their malware and patching them out. It used to be that only professionals did this and now kids are doing it. So even when their malware is finally unpacked (it always will be) there aren't immediate red flags from the file signature. I've been seeing some strange custom/private editions of ancient Armadillo versions which none of the AVs seem to be able to unpack right now. Or else they're not being unpacked correctly. These EXEs are very widespread at the moment. I'm not sure if it's the first layer (Armadillo) that's making them difficult to unpack, or the combination of packers used. Most I'm seeing are PEC packed and then ARM packed. The prevalence of high quality underground packers combined with the high quality commercial ones (Themida + Armadillo) is really upping the ante for AV companies. There are now what appears to be several organized groups releasing software with really insidious trojans in them that are, for the average person, not detectable. Some of the trojans they drop are very small, but pack a big punch. I don't plan on doing any research on these bugs or to even investigate them any further. These are just some amateur observations. This isn't meant to be a big alarmist "the world is going to end" thread, nor is it focused on software piracy. Just wondering if anyone else is seeing these particularly sneaky trojans.

my el cheapo MB didn't like single sided RAM being mixed with double sided RAM. i hate new memory.

Had 512mb of PC3200 in this PC, running at normal 200mhz. But when I pop in another 512mb chip with very similar timings it drops down to 166mhz. I tried swapping the chips into different slots, tried disabling most of the "extra" stuff in BIOS like Cool n quiet, spread spectrum, etc. also tried manually setting different timings (it autodetects at 2.5 so i tried forcing it to 3, etc.) all to no avail. Any ideas? I haven't tried adjusting voltage yet...it's set at 2.6v.

After reading hundreds of posts I finally came across http://support.microsoft.com/kb/928788 and that's all I needed.

I've opened all the ports, all the right services are running, my media is in the WMP library and shared with the Xbox 360, but xbox can't see my computer. WMP11 does see the Xbox 360 though and sharing with it is enabled. I also shared my media folders over the network to see if that would help but it didn't. I uninstalled WMP11 and reinstalled but that didn't help. Tried restarting PC/Xbox ... nothing. edit: I just installed Winamp Remote and I can stream just fine with it. But the video streaming is kind of crappy so I'd still like to get WMP11 working if anyone knows how. Apparently lots of people are having the same problem I am

oh crap, i knew i was forgetting something, lol

Is XP Pro support planned for the future?

ah, it's the MPA filter. well, it is allowing me to seek now so i guess i had a glitch last night. and i figured you had good reason to still include the WV decoder i was just curious what it was props = respect! edit: dunno what the glitch is, but for me AAC doesn't seek unless i manually unregister the MPA filter and then re-register. after that it works fine.

couple questions: why do you still include CoreCodec's WavPack decoder when the DCoder one does the job fine? and there seems to be a small glitch in your CDXA folder, there is a file called "cdxareader.ax (Gabest(clsid) - CDXA Source Filter 1.0.0.2 - 18092007)" which i presume is the updated filter? (also, you should enable DCoder's AAC support, as it allows seeking and FFDShow does not) p.s. Props!

oh cool, even though it crashes on me it does extract the files first.

i can't even get Comodo's silent install to work. it crashes every time, but if i do a regular install it works great

check out Registry Workshop if you'll be doing this a lot: http://www.torchsoft.com/en/rw_information.html this is the nicest registry editor i've used, it's search feature is many many times faster than RegEdit and it also supports loading hives

my nlited unattended disk installs in 20 minutes and includes .net 2.0, IE7 and all post SP2 updates. for standard installs i think disabling WFP gives the single most noticeable speed increase... it knocks off at least 5 minutes. unattended installs are faster by nature too. i'm content with starting an install and leaving to do other things for 20 minutes, though if i were doing say a whole lab full of PCs i'd be installing from a network image for sure.

like everyone else i just got a SE16 WD5000AAKS too and i'm very happy with it. this is by far the fastest 7200 drive i've ever used. i was actually stunned by it's performance for such a cheap drive. now if only i had realized before i backed my stuff up that i had my drive set up as a dynamic disk....

I can pretty much guarantee those are completely random. There is no way to generate more because Microsoft simply keeps a master list of their randomly generated keys and when you enter the code online Microsoft checks to see whether it was issued or not. Generated keys are typically found in shareware or trial versions of software. I've also been thinking more on the subject, and I think it would be nearly impossible to make such a program anyways. The biggest bottleneck would be testing the generated keys. You would need many many many sample keys to work with and you'd still generate tons of incorrect keys. This would force you to develop an interface between the key generator and the target software so that keys could be tested programmatically. Since there would be custom programming required for each different target to make it even remotely feasible your time would probably be much better spent reverse engineering the target software to begin with.