Jump to content

electroglyph

Member
  • Posts

    26
  • Joined

  • Last visited

  • Donations

    $0.00 
  • Country

    United States

Everything posted by electroglyph

  1. I like to think i'm fairly computer literate. I'm an amateur coder and I like to dabble in reverse engineering. I'm one of those guys that doesn't run antivirus and instead relies on common sense + VirusTotal. Lately I've been seeing some crazy smart trojans. I come across all my potential trojans on P2P. It used to be pretty simple to ID them. You download an app and it's by some no-name group and doesn't even function. Guaranteed trojan, right? You submit it to VirusTotal and get 10 hits. Nowadays you download your app and do some basic recon. Your PEiD database turns up no known packer. There seems to be a semi-legit NFO file. Execute it in virtual machine and it works perfectly. Run IceSword and everything's fine. Submit it to VirusTotal and it's 100% clean. BUT within 5 minutes you're running a clandestine HTTP server that's dishing out malware. In the past couple months I've discovered several trojans that are 100% undetectable by VirusTotal. More advanced real-time behavioral analysis might be more effective, might not. They seem to be undetectable for 2 reasons: hexing and really good packing. Amateurs who didn't bother hexing in the past are now figuring out the AV signatures in their malware and patching them out. It used to be that only professionals did this and now kids are doing it. So even when their malware is finally unpacked (it always will be) there aren't immediate red flags from the file signature. I've been seeing some strange custom/private editions of ancient Armadillo versions which none of the AVs seem to be able to unpack right now. Or else they're not being unpacked correctly. These EXEs are very widespread at the moment. I'm not sure if it's the first layer (Armadillo) that's making them difficult to unpack, or the combination of packers used. Most I'm seeing are PEC packed and then ARM packed. The prevalence of high quality underground packers combined with the high quality commercial ones (Themida + Armadillo) is really upping the ante for AV companies. There are now what appears to be several organized groups releasing software with really insidious trojans in them that are, for the average person, not detectable. Some of the trojans they drop are very small, but pack a big punch. I don't plan on doing any research on these bugs or to even investigate them any further. These are just some amateur observations. This isn't meant to be a big alarmist "the world is going to end" thread, nor is it focused on software piracy. Just wondering if anyone else is seeing these particularly sneaky trojans.
  2. my el cheapo MB didn't like single sided RAM being mixed with double sided RAM. i hate new memory.
  3. Had 512mb of PC3200 in this PC, running at normal 200mhz. But when I pop in another 512mb chip with very similar timings it drops down to 166mhz. I tried swapping the chips into different slots, tried disabling most of the "extra" stuff in BIOS like Cool n quiet, spread spectrum, etc. also tried manually setting different timings (it autodetects at 2.5 so i tried forcing it to 3, etc.) all to no avail. Any ideas? I haven't tried adjusting voltage yet...it's set at 2.6v.
  4. After reading hundreds of posts I finally came across http://support.microsoft.com/kb/928788 and that's all I needed.
  5. I've opened all the ports, all the right services are running, my media is in the WMP library and shared with the Xbox 360, but xbox can't see my computer. WMP11 does see the Xbox 360 though and sharing with it is enabled. I also shared my media folders over the network to see if that would help but it didn't. I uninstalled WMP11 and reinstalled but that didn't help. Tried restarting PC/Xbox ... nothing. edit: I just installed Winamp Remote and I can stream just fine with it. But the video streaming is kind of crappy so I'd still like to get WMP11 working if anyone knows how. Apparently lots of people are having the same problem I am
  6. ah, it's the MPA filter. well, it is allowing me to seek now so i guess i had a glitch last night. and i figured you had good reason to still include the WV decoder i was just curious what it was props = respect! edit: dunno what the glitch is, but for me AAC doesn't seek unless i manually unregister the MPA filter and then re-register. after that it works fine.
  7. couple questions: why do you still include CoreCodec's WavPack decoder when the DCoder one does the job fine? and there seems to be a small glitch in your CDXA folder, there is a file called "cdxareader.ax (Gabest(clsid) - CDXA Source Filter 1.0.0.2 - 18092007)" which i presume is the updated filter? (also, you should enable DCoder's AAC support, as it allows seeking and FFDShow does not) p.s. Props!
  8. i can't even get Comodo's silent install to work. it crashes every time, but if i do a regular install it works great
  9. check out Registry Workshop if you'll be doing this a lot: http://www.torchsoft.com/en/rw_information.html this is the nicest registry editor i've used, it's search feature is many many times faster than RegEdit and it also supports loading hives
  10. my nlited unattended disk installs in 20 minutes and includes .net 2.0, IE7 and all post SP2 updates. for standard installs i think disabling WFP gives the single most noticeable speed increase... it knocks off at least 5 minutes. unattended installs are faster by nature too. i'm content with starting an install and leaving to do other things for 20 minutes, though if i were doing say a whole lab full of PCs i'd be installing from a network image for sure.
  11. like everyone else i just got a SE16 WD5000AAKS too and i'm very happy with it. this is by far the fastest 7200 drive i've ever used. i was actually stunned by it's performance for such a cheap drive. now if only i had realized before i backed my stuff up that i had my drive set up as a dynamic disk....
  12. I can pretty much guarantee those are completely random. There is no way to generate more because Microsoft simply keeps a master list of their randomly generated keys and when you enter the code online Microsoft checks to see whether it was issued or not. Generated keys are typically found in shareware or trial versions of software. I've also been thinking more on the subject, and I think it would be nearly impossible to make such a program anyways. The biggest bottleneck would be testing the generated keys. You would need many many many sample keys to work with and you'd still generate tons of incorrect keys. This would force you to develop an interface between the key generator and the target software so that keys could be tested programmatically. Since there would be custom programming required for each different target to make it even remotely feasible your time would probably be much better spent reverse engineering the target software to begin with.
  13. i don't think there are many programs at all that can do this. fact is, i think it would require some seriously impressive math skills to write an efficient program to do it. simply put, there's no practical way to do it. probably only feasible with an FPGA or NVidia GPU + SDK. but it would be a cool project to undertake. there is only one program i can think of that does this: THC-Shagg, but it's only for check digit algorithms. the quickest method will always be reverse engineering...input an invalid key and debug the application to see how it checks the key. however, any system which uses a third party for key verification is probably not using "generated" keys at all. with online gaming for instance keys could be randomly generated, placed on a list, and then simply checked to see whether they were issued or not.
  14. re: #4: i install .net 2.0 at t-13, and i think i have been for over a year. re: #6: max CAB compression is the same compression used on retail CDs. ISO optimization has no effect on the resulting CD at all. all it does is generate a more efficient ISO which will save you a few MBs of hard drive space. re: #7: i had a hard time decoding this one, but xp setup does support automatic partitioning. AFAIK nlite doesn't support it because it is potentially a huge bummer. forget your autopart windows cd in the drive and you lose all your data. re: #8: i've been using nlite for a long time (still have a couple RCs in my downloads folder) and have never had it 'forget' unattended settings. although i've used it extensively, i have yet to make 100 different builds. your process seems strange to me and may very well be the source of your problems. i think it's generally accepted that nlite is meant to be run once on a source, anything more is experimental. if you can't get it right in one run you should either revert your source to it's pre-nlite status, or start over with a clean source. that's how i do it anyways and i've always had rock solid builds, minus a few expected glitches with component removals. obviously since you've discovered the wonder of nlite you're not a dumb lamer. i think a better approach for addressing this forum would be to ask for help on any specific issues you have instead of listing things you think are wrong. a more positive approach will yield much more positive results. nlite has seen a lot of development over the years and is reliable and stable.
  15. does pdfxviewer ignore security flags on PDFs? would be nice if it does. i use PDFSecure to strip security from PDFs, it works very well.
  16. this is the same question i've been asking myself. i've been looking at all of em, and i'm leaning towards this card: POWERCOLOR 26XT512M/D3HDMI Radeon HD 2600XT 512MB 128-bit GDDR3 PCI Express x16 HDCP Ready CrossFire Supported Video Card - Retail it's $135 with a $10 rebate, and it seems decent enough for the likes of me
  17. there must be a simple way to do it by checking environment variables... just found this: http://www.freedos.org/freedos/news/technote/118.html
  18. i think you'd have to check the specific model router you're asking about. checking for unsolicited UDP would require the router to keep a list of UDP requests you have made. this goes beyond the "passive" firewall that a router provides and requires an active checking mechanism. there may be some routers that do this, but i would think this is a feature more commonly associated with firewalls.
  19. http://www.javascriptkit.com/howto/htaccess.shtml create it and place in the root folder of your site(htaccess affects current folder and all subfolders). htaccess is an apache thing, won't work if your site runs on a different webserver. also, your host may not allow you to use .htaccess because it can slow down the server. so you'll want to test whether or not your .htaccess does anything once you upload it. an easy test would be to first try out an ErrorDocument directive.
  20. If you just want to run a linux live CD you don't need to make a multiboot one. Just open up that iso you downloaded with whatever CD burning app you use (i.e. Nero, Imgburn) and directly burn the iso file.
  21. put this in your .htaccess order deny,allow deny from anonymouse.org 85.195. allow from all


×
×
  • Create New...