wildman424

all them fools did is make things worse, there will be repercussions for there actions. They will get caught. were trying to avoid getting the interwebs censored and them idiots are going to bring down the heat

we all posted copywrited material in this thread, looks like were all pirates...... by there definition If SOPA/PIPA gets passed this site could get shutdown just because we shard what we like. PROTECT THE NET - OPPOSE SOPA/PITA

Huh? I don't remember seeing it in there. Dan at malwareup gave me the tip about LAZARUS. I've found it very useful

For us that hang around forums this is a very useful addon for your Firefox browser Lazarus Form Recovery

With VT when you get an error sometimes all you have to do is wait a few minutes and try it again. They get quite busy, especially when the honeypots are feeding them submissions. Remember tho there is a 32mb limit, If you feed it a file over the limit it will not take it.

maybe this will help you get it sorted out. bug check 0x0000007B = INACCESSIBLE_BOOT_DEVICE http://msdn.microsof...v=vs.85%29.aspx Do you know what made the system you cloned the virtual drive from crash. Does the hard drive you cloned the virtal drive from boot, or do you get an error from it as well?

:lol: I love Mexican food, unfortinatly it doesn't always love me back,

ah gotcha .Thanks sho-dan

I had to create some custom folders to get those options.... I can move a message from My Conversations to one of the custom folders but not to or from the other folders.

thanks David

how'd you get the followed content fixed again? I havn't gotton any notifications from this forum since the upgrade.

WoW I disaperar for a while and eveything changes, first this then VT. My head hurts any luck recovering our cans

yep that's it. I had a lot of notes. Now its not there any more. and the Topic/Forum jumpboxes where really nice when searching, or trying to swithch topics really quickly.

I can't find the scratchpad that used to be in the user control panel.

Thanks, No detection now

Thanks You, I'll retest the file when you give the ok.

I'm getting a hit on PEID's executable this morning. That detection is for the UPX packer correct? PEID is packed with UPX UPX 0.89.6 - 1.02 / 1.05 - 2.90 -> Markus & Laszlo Malwarebytes Anti-Malware (PRO) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.08.02 Windows XP Service Pack 3 x64 NTFS Internet Explorer 9.0.8112.16421 wildman424 :: WildThang1 [administrator] Protection: Enabled 1/8/2012 7:37:43 AM mbam-log-2012-01-08 (07-38-00).txt Scan type: Custom scan Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 1 Time elapsed: 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Program Files (x86)\PEiD-0.95\PEiD.exe (Packer.ModifiedUPX) -> No action taken. [5ad81816db810531348d1f64f40c4db3] (end) File name: PEiD.exe Submission date: 2012-01-08 12:33:40 (UTC) MD5 : 4b5289d1dbd727c5dd0e247a7d7db03e SHA1 : bff141822aefd08fa9b7e17684934ed8ca1a3417 SHA256: e13171d50f45a79bc09b9e4b9ffa38eb02301aca94a1867a9bf8acccc3759030 http://www.virustotal.com/file-scan/report.html?id=e13171d50f45a79bc09b9e4b9ffa38eb02301aca94a1867a9bf8acccc3759030-1326026020

Hello, One problem I see from what you described is your running more than one anti-virus. Running more than one anti-virus will cause some major performanence issues. I'd recommend you choose one and uninstall the other. This registry scanner, I would recommend you NOT use. Have a look at this article You can't use two Anti-viruses you need to choose one & uninstall the other. Registry cleaners are not necessary and quite often cause more issues. I wouldn't even waste your money on them. Windows Expert Mark Russinovich (Author of the “Bible”, Windows Internals, co-founder of Winternals and Sysinternals, and since both companies were bought by Microsoft, now a senior Microsoft employee) was asked: His reply:

I think Dark celebrated more than one birthday this year. but... Happy Birthday Dark.... again

If you ran that executable I recommend you follow Maurice's advice and give your system a FULL scan with MBAM & your anti-virus then follow up in the HJT forum if either show any issues. Sandboxie is good, but it can be and has been bypassed by malware before. happy new year to you, and thanks for the sample

Hello, If you have the link copy it into a notepad, and create a new topic in the Newest Malware Threats forum, attaching the .txt file containing the link to your post. And we will harvest a sample of the malware.

Thank You Rich.

the Heuristics.Reserved.Word.Exploit detection on the file makes perfect sense since there's boo-coos of malware out there that likes to name it self explorer.exe and place it self in unusual locations. Just saying this file isn't one of them. We've seen many executable renamed like this as a work-a-round without getting a hit. Just so you understand as one of its developers I have to step in and say something to protect its name when this kinda things happen.

Its an early crude version of Buttons' Kobra Text, While experimenting with work-a-rounds to counter malware blocking it from running, he renamed the executable to explorer.exe . The source code is freely available from our site, under the GNU GPL3. File name: explorer.exe Submission date: 2011-12-25 04:44:51 (UTC) First seen: 2011-02-25 02:04:51 Last seen : 2011-12-25 04:44:51 Result: 1/ 42 (2.4%) File size: 681984 bytes MD5: 8d1be016626ad6fc5411228e4a8d2d83 SHA1: 3b558f109a78365ec3be1a022716929baaa15c1a SHA256: 9a8cd514b789201555581a104aadce00b50344fa37d67b1de7f2e01ad15abd83 sigcheck: publisher....: Cyber Stealth Labs copyright....: Copyright © 2011 Cyber Stealth Labs product......: Kobra Text description..: Kobra Text original name: Kobra Text.exe internal name: Kobra Text.exe file version.: 1.0.0.0 comments.....: Plain text editor signers......: - signing date.: - verified.....: Unsigned http://www.virustotal.com/file-scan/report.html?id=9a8cd514b789201555581a104aadce00b50344fa37d67b1de7f2e01ad15abd83-1324788291 Malwarebytes Anti-Malware (PRO) 1.60.0.1600 www.malwarebytes.org Database version: v2011.12.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 wildman424 :: WildThang1 [administrator] Protection: Enabled 12/25/2011 12:10:15 AM mbam-log-2011-12-25 (00-10-40).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 186362 Time elapsed: 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\wildman424\Downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [d66f049c60eed264fe09b8ed2dd7e51b] (end) Edit: just a note - I think that file version info is incorrect, the UI looks like version .0005 or .0006 we released a version 1.0 but it has a completely different UI, and we're currently writing a new version in C#... C++

I'm just........ shocked, This is terrible news, very very sad . Matt was a great guy, really friendly, always helpful. This news saddens me to no end. What a tragic loss.