Quote:
Originally Posted by brucezhou
who can unpack the (logintoot.exe)
may be use OllyDBG??
i Record the logintool Process of operation
修改 means laws
改变 means change
and this logintool use Gateway local127.0.0.1 to 125.91.11.26 |
sure i used OllyDBG i already posted it in other topic ... so search for it
it just make lot of outgoing connection but its easy to block if you have firewall with modified block list
+ it change few system items for example delete ur host file + change proxy setting of all explorer + reset router (if you using some) + it gather some kind information ( sorry i dont know what exactly it just have acces to some randomly addres) in system folder and not many antivirus can detect it because it hide under mask of windows service pack fix for internet explorer/windows media player /outlook without any user promt that random
( yea they are fking clever this chinks, enven ESET Smart Security system dont detect it)
i can post debug logs from olly but i think most of ppl here will not understand it so its useless
