[Release]GreYFoX NoDC 1.141 Beta 2 (Memory Patch)

Have u got a NoDC for TBot?

EDIT: When u said Isro u mean the bot or the silkroad? xD

sorry but im kinda noob xD

he means international

Edit : ISro comes with a now d/c.

it worx for tbot too i just tried it :)

Analysis of the file GreYFoX_NoDC_1.141_Beta_2_Memory_

AhnLab-V3 2008.1.23.10 2008.01.22 -
AntiVir 7.6.0.48 2008.01.22 -
Authentium 4.93.8 2008.01.22 -
Avast 4.7.1098.0 2008.01.22 -
AVG 7.5.0.516 2008.01.22 -
BitDefender 7.2 2008.01.23 -
CAT-QuickHeal 9.00 2008.01.22 I-Worm.Sohanad.fg
ClamAV 0.91.2 2008.01.22 -
DrWeb 4.44.0.09170 2008.01.22 -
eSafe 7.0.15.0 2008.01.16 suspicious Trojan/Worm
eTrust-Vet 31.3.5477 2008.01.22 -
Ewido 4.0 2008.01.22 -
FileAdvisor 1 2008.01.23 -
Fortinet 3.14.0.0 2008.01.23 -
F-Prot 4.4.2.54 2008.01.23 -
F-Secure 6.70.13260.0 2008.01.23 -
Ikarus T3.1.1.20 2008.01.23 IM-Worm.Win32.Sohanad.cv
Kaspersky 7.0.0.125 2008.01.23 -
McAfee 5213 2008.01.22 -
Microsoft 1.3109 2008.01.22 -
NOD32v2 2815 2008.01.22 archive damaged
Norman 5.80.02 2008.01.22 -
Panda 9.0.0.4 2008.01.22 -
Prevx1 V2 2008.01.23 -
Rising 20.28.12.00 2008.01.22 -
Sophos 4.24.0 2008.01.22 -
Sunbelt 2.2.907.0 2008.01.17 -
Symantec 10 2008.01.23 -
TheHacker 6.2.9.195 2008.01.23 W32/Sohanad.gk
VBA32 3.12.2.5 2008.01.21 -
VirusBuster 4.3.26:9 2008.01.22 -
Webwasher-Gateway 6.6.2 2008.01.22 -



I would not use:(

Quote:

Originally Posted by antares I would not use:(

Lucky me :)
That You Won't use it... the less ppl who use it the more server space i get XD

Quote:

Originally Posted by GreYFoXGTi Lucky me :) That You Won't use it... the less ppl who use it the more server space i get XD

what you are not going to obtain is my PW!!;)

it's clean?

Quote:

Originally Posted by wesleyc it's clean?

nformation about the Sohanad Worm(detected in Analysis of the file GreYFoX_NoDC_1.141_Beta_2_Memory_):

Sohanad is a worm. The worm will infect Windows systems and spreads through Yahoo! Messenger, a popular instant messaging application.

The worm arrives as a downloaded file via Yahoo! Messenger.

Upon execution, this worm copies itself as SVHOST32.EXE and SVHOST.EXE in the Windows folder.

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

It also creates the following registry keys to modify the settings of Yahoo! Messenger.

HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_ buzz
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_ Launchcast

The worm also modifies the registry to disable Registry Editor and Task Manager.

It also changes the Internet Explorer (IE) home page to;

[Only registered and activated users can see links. Click Here To Register...]

This worm propagates via Yahoo! Messenger by sending an instant message to all the contacts of an active user. This message contains a link to a remote copy of itself. When the recipient clicks the link, a copy of this worm is downloaded and executed on the recipients' system.

The details of the message sent out by this worm are;

Do you realize who is in this image: http://{BLOCKED}coolpics.net/who.jpg . Just think for a moment and tell me soon ;))
:D who is beside you in this pic [Only registered and activated users can see links. Click Here To Register...] so good-looking
:( the page cannot be displayed http://{BLOCKED}coolpics.net/error.jpg Something was wrong !!! Check it again and tell me later. THanks
Images shot in Iraq _ The war will never end http://{BLOCKED}coolpics.net/Iraqwar.jpg << :(
Miss World 2006: http://{BLOCKED}coolpics.net/MissWorld.jpg !! <<
oh my god , i've won a 20000 usd lottery :O http://{BLOCKED}coolpics.net/mylottery.jpg <<

It also attempts to connect to the following website to download and execute some malicious files.

http://{BLOCKED}vey-sales.com/ipn/transactions/en.exe
http://{BLOCKED}vey-sales.com/ipn/transactions/link-en.exe

The worm tries to terminate some of the security related processes.

This worm first appeared on November 12, 2006.

Blueball Other names of Sohanad Worm:

This Worm is also known as WORM_SOHANAD.AE.

Quote:

Originally Posted by antares what you are not going to obtain is my PW!!;)

take it easy :)
i'm not taking anyone's password :)
i don't need it... any way have fun....

and that crap about the worm the scan is 5/32 you really need to go out more buddy.. cause when 3 scan says worm
doesn't mean it is a work........


however they are only saying that cause in this release.
it checks for updates and if the beta is still open
then open the application

if you don't believe me don't use it
I'm well known around here and i wouldn't risk my reputation to get noobs passwords


and i released a nodc client in the same time.... with 0/32 scan , if i wanted to hack i would have rigged that to if this was rigged in the 1st place


and my app only contacts toolsera.com\news.htm <-- my web

as i said have fun

keep working GreyFox
dont look back
and thanks ( antares ) for you advice and information about viruses and the explantation and we arent noobs to take the file without scan and another thx for lady slasher for the explantation also ;)

eshtaaaa we doooos yaba ========> GreyFox

i will try this :D. Dont care about loggers or something. People like greyfox dont even need loggers to know your pw

GreYFoX i dont see start buton no luncher.... im using rave bot. If i restart luncher fiew times i get "server is undergoing inspection or updates" error what should i do ?

Grey has proved us so many times how helpful he can be so when he realises something I just download it and i try it wothout scanning. By the way: it's awsome

thnx greyfox, fuck those noobies that dont appriciate the work that u do for us.