Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral

About tobor

  • Birthday 04/18/1992

Contact Methods

  • Website URL
  • ICQ
  1. setup.exe is the flagged file. https://www.virustotal.com/en/file/0197f29e067696acbf61d889b71ab13218ac34be6d3370ae4032adc02412a745/analysis/ winhex.zip
  2. This document should help you: http://www.mcafee.com/us/resources/reports/rp-predicting-stealth-attacks.pdf It goes over history of rootkit techniques. I think most modern rootkits use IRP hooking; SSDT/IAT hooks are trivial to bypass.
  3. If you right-click in the scan results, there is a 'check all items' option
  4. Part of the guest additions for Virtual Box. File and log attached. mbam-log-2011-10-28 (11-40-45).zip
  5. For disassembling .NET projects, I would recommend ILSpy. It's easy to use and very good. You can also try Red Gate's Reflector, but it is no longer free (comes with a trial though).
  6. well not anymore it isn't now that you've posted it You should PM a Malwarebytes staff instead.
  7. I think this was for the old RogueRemover section. I think he moved all the topics from RogueRemover in here. This sticky should probably be deleted. Unless I'm wrong, that would be horrible if the general chat was removed
  8. Wow you guys are fast. Thanks!
  9. This is a setup for a legit application, it doesn't install any adware. http://rapidshare.de/files/48043693/epidemosetup.exe.html
  10. He should have been using Relakks...
  11. I'm not sure why MBAM can't update on a limited account, it stores its database in the all users application data, which can be written to from the Guest account (I just tried creating a text file, and it worked). I think it's best to run MBAM under an admin account, since it needs to load its driver for direct disk access. Programs that are run under limited accounts do not have permission to load drivers (I think, not 100% sure). Also, if you run it under an admin account, you shouldn't have to run it on any other user's accounts, since MBAM is capable of finding the paths to other user's files (open MBAM, go to 'More Tools' tab, and click 'Collect Information'. It will find everyone's folder locations).
  12. I kind of doubt Evidence Eliminator is a rogue also, they make use of one of Eldos's drivers for direct disk access, and that costs hundreds of dollars. Doesn't quite seem like something a rogue would do.
  13. I think I found a small bug, when you try to close the protection module via the tray icon, the service still runs in the background, using up cpu when processes start.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.