Register for your free account! | Forgot your password?

You last visited: Today at 00:08

  • Please register to post and access all features, it's quick, easy and FREE!

 

AFX Rootkit (Bypass!)

Reply
 
Old   #1
 
elite*gold: 209
The Black Market: 135/1/0
Join Date: Jul 2003
Posts: 16,603
Received Thanks: 17,591
epvp is not responsible if you screwup your computer!

Credits : quybao, rapuser mpc
This program patches Windows API to hide certain objects from being listed.

Current Version Hides:
a) Processes
b) Handles
c) Modules
d) Files & Folders
e) Registry Values
f) Services
g) TCP/UDP Sockets
h) Systray Icons

Configuring a computer with the rootkit is simple...

1. Create a new folder with a uniqiue name i.e. "c:\winnt\rewt\"
2. In this folder place the root.exe i.e. "c:\winnt\rewt\root.exe"
3. Execute root.exe with the "/i" parameter i.e. "start c:\winnt\rewt\root.exe /i"
4. Inside this folder place any other programs or files.

Everything inside the root folder is now invisible! If you place other services or programs
in the root folder they will be invisible from process/file/dll/handle/socket/etc listing.
However, all programs in the root folder can see each other.

Registry value names are hidden differently from everything else. The name must begin with the
root folder name followed by "\" and other characters i.e. "rewt\hiddenstartup1".

Also, the root folder is unique throughout the system. This means "c:\rewt\", "c:\winnt\rewt\"
and "c:\winnt\system32\rewt\" all will be hidden because they all share the root folder name "rewt".
So make sure you pick a good name!

NOTE: Most RATs have an install method that involves copying the EXE to a system folder, this is bad
because if the process is executed from outside the root folder it will be visible! If possible
disable this startup method.

Removal: Don't ask me for help on this! If you install it on yourself make sure you know how to remove it!

Method 1
1. Run the root.exe with the "/u" parameter
2. Delete all the files associated with it
3. Reboot

Method 2
1. Boot into safe mode
2. Locate the root folder name( in our case C:/winnt/rewt)
3. Delete all the files associated with it
4. Reboot

*CAUTION* This rootkit is harmful to some computers, but is working and unharmful to others.


Code:
[LEFT]File:    AFXRootkit2005.zip 
Status:    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5:    951c425aaff52d764d8ed89839155254 
Packers Detected: - 

Scan Results
AntiVir:    Found Trojan/Hider.C 
ArcaVir:    Found Trojan.Hider.C 
Avast:      Found Win32:Hider 
AVG Antivirus:    Found Generic.FI 
BitDefender:    Found Trojan.Hider.C 
ClamAV:      Found Nothing
Dr. Web:    Found Trojan.AFX 
F-Prot Antivirus:  Found W32/AFXrootkit.D 
Fortinet:    Found W32/Hider.C-tr 
Kaspersky Anti-Virus:  Found Trojan.Win32.Hider.c 
NOD32:      Found Win32/Hider.C 
Norman Virus Control:  Found Nothing
UNA:      Found Trojan.Win32.Hider 
VBA32:      Found Trojan.Win32.Hider.c 

Source: [URL="http://virusscan.jotti.org/"]Jotti's Virusscan[/URL][/LEFT]
Download from ..

epvp is not responsible if you screwup your computer!



Lowfyr is offline  
Thanks
1 User
Old   #2
 
elite*gold: 0
Join Date: Aug 2005
Posts: 2,795
Received Thanks: 519
oO es is verseucht aber es funzt? löl ^^


-SLyK3- is offline  
Old   #3
 
elite*gold: 209
The Black Market: 135/1/0
Join Date: Jul 2003
Posts: 16,603
Received Thanks: 17,591
ist halt n rootkit
Lowfyr is offline  
Old   #4
 
elite*gold: 0
Join Date: Aug 2005
Posts: 81
Received Thanks: 3
bitte mal auf deutsch ^^


Mc.Neal is offline  
Old   #5
 
elite*gold: 0
Join Date: May 2006
Posts: 26
Received Thanks: 3
WTF a trojan was detected.
kai435 is offline  
Old   #6
Global Moderator



 
elite*gold: 76
Join Date: Apr 2004
Posts: 7,116
Received Thanks: 2,837
lol xD... its a rootkit..
gotstyle is offline  
Old   #7
 
elite*gold: 0
Join Date: Jan 2006
Posts: 63
Received Thanks: 0
would this help if i save a system restore point if my computer get mess up? if i use the system restore point that i save would it restore back to it was be4 it gotten mess up
Sonny089 is offline  
Old   #8
 
elite*gold: 0
Join Date: Apr 2006
Posts: 249
Received Thanks: 79
Quote:
Originally posted by kai435@May 19 2006, 13:47
WTF a trojan was detected.
Its a program that hides other programs, of course it will be detected as malware. Lmao. Normal Scanner sucks because it didn't pick it up in the scan.
spoonieluv97 is offline  
Old   #9
 
elite*gold: 0
Join Date: Mar 2006
Posts: 954
Received Thanks: 245
the rootkit method dont works anymore.. its very old... lol
supersry is offline  
Old   #10
 
elite*gold: 0
Join Date: Apr 2006
Posts: 249
Received Thanks: 79
Quote:
Originally posted by supersry@Jan 14 2007, 14:39
the rootkit method dont works anymore.. its very old... lol
yah i know. i don't think that link works either.
spoonieluv97 is offline  
Old   #11
 
elite*gold: 46
Join Date: Mar 2006
Posts: 2,569
Received Thanks: 1,192
LOL if you dont know what a rootkit is .. go google :x and dont flame its full of trojans :x!
syntex is offline  
Old   #12
 
elite*gold: 20
Join Date: Feb 2006
Posts: 3,174
Received Thanks: 1,151
ich kenne dieses Rootkit.... habs mal von ner Viren/Exploit site... aber ausprobiert habe ich es nie
aber zum Hiden sind Rootkits einsame spitze.
reijin is offline  
Old   #13
 
elite*gold: 0
Join Date: Jul 2008
Posts: 103
Received Thanks: 110
der link ist nicht mehr da bitte neu reinstezen
Crazy 4 Live is offline  
Old   #14
 
elite*gold: 0
Join Date: Feb 2009
Posts: 98
Received Thanks: 9
Good Thank
evilragnarok is offline  
Old   #15
 
elite*gold: 0
Join Date: May 2011
Posts: 1
Received Thanks: 0
Please repost the source code!


chandrabhanu is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
Other bypass (Rootkit?)
Hi!! I found an other bypass!! ~~Download 1~~ ~~ Download 2 ~~ Zer0 w4!t t!me with this u can hide even Headshot-Hack greez, Reijin
19 Replies - WarRock
Need help with rootkit
I follow the tutorial posted in this forum When i write "fu -pl 500" and press ENTER , the computer answer "acess denied" I dont know whats...
5 Replies - Kal Online
Please Need Wpe PRO bypass or rootkit
Hi Girls and Gyus, I really need somehting to bypass Wpe Pro for the MMO "Shot Online". I seearched around the forum but may I'm to stupid or...
5 Replies - General Coding
FU Rootkit, Bypass - Updated!
For those of you looking for dragonbotWC Aimbot, it can be found in the attachement from this topic and yes, it does work with this bypass. If you...
8 Replies - General Gaming Discussion
Rootkit to bypass nprotect
Be Careful with that Rootkit it contains a virus but its harmful when u know how to use it dont works on service pack 2 1. put root.exe in a...
9 Replies - General Gaming Discussion



All times are GMT +1. The time now is 00:08.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.