Register for your free account! | Forgot your password?

You last visited: Today at 15:39

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

AFX Rootkit (Bypass!)

Discussion on AFX Rootkit (Bypass!) within the General Gaming Discussion forum part of the General Gaming category.

Reply
 
Old   #1
 
Lowfyr's Avatar
 
elite*gold: 235
The Black Market: 135/1/0
Join Date: Jul 2003
Posts: 16,559
Received Thanks: 17,765
epvp is not responsible if you screwup your computer!

Credits : quybao, rapuser mpc
This program patches Windows API to hide certain objects from being listed.

Current Version Hides:
a) Processes
b) Handles
c) Modules
d) Files & Folders
e) Registry Values
f) Services
g) TCP/UDP Sockets
h) Systray Icons

Configuring a computer with the rootkit is simple...

1. Create a new folder with a uniqiue name i.e. "c:\winnt\rewt\"
2. In this folder place the root.exe i.e. "c:\winnt\rewt\root.exe"
3. Execute root.exe with the "/i" parameter i.e. "start c:\winnt\rewt\root.exe /i"
4. Inside this folder place any other programs or files.

Everything inside the root folder is now invisible! If you place other services or programs
in the root folder they will be invisible from process/file/dll/handle/socket/etc listing.
However, all programs in the root folder can see each other.

Registry value names are hidden differently from everything else. The name must begin with the
root folder name followed by "\" and other characters i.e. "rewt\hiddenstartup1".

Also, the root folder is unique throughout the system. This means "c:\rewt\", "c:\winnt\rewt\"
and "c:\winnt\system32\rewt\" all will be hidden because they all share the root folder name "rewt".
So make sure you pick a good name!

NOTE: Most RATs have an install method that involves copying the EXE to a system folder, this is bad
because if the process is executed from outside the root folder it will be visible! If possible
disable this startup method.

Removal: Don't ask me for help on this! If you install it on yourself make sure you know how to remove it!

Method 1
1. Run the root.exe with the "/u" parameter
2. Delete all the files associated with it
3. Reboot

Method 2
1. Boot into safe mode
2. Locate the root folder name( in our case C:/winnt/rewt)
3. Delete all the files associated with it
4. Reboot

*CAUTION* This rootkit is harmful to some computers, but is working and unharmful to others.


Code:
[LEFT]File:    AFXRootkit2005.zip 
Status:    INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5:    951c425aaff52d764d8ed89839155254 
Packers Detected: - 

Scan Results
AntiVir:    Found Trojan/Hider.C 
ArcaVir:    Found Trojan.Hider.C 
Avast:      Found Win32:Hider 
AVG Antivirus:    Found Generic.FI 
BitDefender:    Found Trojan.Hider.C 
ClamAV:      Found Nothing
Dr. Web:    Found Trojan.AFX 
F-Prot Antivirus:  Found W32/AFXrootkit.D 
Fortinet:    Found W32/Hider.C-tr 
Kaspersky Anti-Virus:  Found Trojan.Win32.Hider.c 
NOD32:      Found Win32/Hider.C 
Norman Virus Control:  Found Nothing
UNA:      Found Trojan.Win32.Hider 
VBA32:      Found Trojan.Win32.Hider.c 

Source: [URL="http://virusscan.jotti.org/"]Jotti's Virusscan[/URL][/LEFT]
Download from ..

epvp is not responsible if you screwup your computer!
Lowfyr is offline  
Thanks
1 User
Old 11/23/2005, 14:56   #2
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2005
Posts: 2,795
Received Thanks: 519
oO es is verseucht aber es funzt? löl ^^
-SLyK3- is offline  
Old 11/23/2005, 14:57   #3
 
Lowfyr's Avatar
 
elite*gold: 235
The Black Market: 135/1/0
Join Date: Jul 2003
Posts: 16,559
Received Thanks: 17,765
ist halt n rootkit
Lowfyr is offline  
Old 11/27/2005, 15:05   #4
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2005
Posts: 81
Received Thanks: 3
bitte mal auf deutsch ^^
Mc.Neal is offline  
Old 05/19/2006, 14:47   #5
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2006
Posts: 26
Received Thanks: 3
WTF a trojan was detected.
kai435 is offline  
Old 05/19/2006, 18:41   #6




 
gotstyle's Avatar
 
elite*gold: 71
The Black Market: 5/0/0
Join Date: Apr 2004
Posts: 7,158
Received Thanks: 3,090
lol xD... its a rootkit..
gotstyle is offline  
Old 05/20/2006, 05:42   #7
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jan 2006
Posts: 63
Received Thanks: 0
would this help if i save a system restore point if my computer get mess up? if i use the system restore point that i save would it restore back to it was be4 it gotten mess up
Sonny089 is offline  
Old 01/12/2007, 02:31   #8
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2006
Posts: 249
Received Thanks: 79
Quote:
Originally posted by kai435@May 19 2006, 13:47
WTF a trojan was detected.
Its a program that hides other programs, of course it will be detected as malware. Lmao. Normal Scanner sucks because it didn't pick it up in the scan.
spoonieluv97 is offline  
Old 01/14/2007, 14:39   #9
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: Mar 2006
Posts: 978
Received Thanks: 250
the rootkit method dont works anymore.. its very old... lol
supersry is offline  
Old 01/16/2007, 05:42   #10
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Apr 2006
Posts: 249
Received Thanks: 79
Quote:
Originally posted by supersry@Jan 14 2007, 14:39
the rootkit method dont works anymore.. its very old... lol
yah i know. i don't think that link works either.
spoonieluv97 is offline  
Old 01/16/2007, 13:53   #11
 
syntex's Avatar
 
elite*gold: 46
The Black Market: 1/0/1
Join Date: Mar 2006
Posts: 2,589
Received Thanks: 1,198
LOL if you dont know what a rootkit is .. go google :x and dont flame its full of trojans :x!
syntex is offline  
Old 01/19/2007, 21:59   #12
 
reijin's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Feb 2006
Posts: 3,174
Received Thanks: 1,153
ich kenne dieses Rootkit.... habs mal von ner Viren/Exploit site... aber ausprobiert habe ich es nie
aber zum Hiden sind Rootkits einsame spitze.
reijin is offline  
Old 07/16/2008, 18:10   #13
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jul 2008
Posts: 103
Received Thanks: 110
der link ist nicht mehr da bitte neu reinstezen
Crazy 4 Live is offline  
Old 05/08/2010, 21:21   #14
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 98
Received Thanks: 9
Good Thank
evilragnarok is offline  
Old 05/03/2011, 13:17   #15
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: May 2011
Posts: 1
Received Thanks: 0
Please repost the source code!
chandrabhanu is offline  
Reply

« [search] Crime Craft hacks | bf account »

Similar Threads Similar Threads
Other bypass (Rootkit?)
01/30/2011 - WarRock - 19 Replies
Hi!! I found an other bypass!! ~~Download 1~~ ~~ Download 2 ~~ Zer0 w4!t t!me with this u can hide even Headshot-Hack greez, Reijin
Need help with rootkit
01/01/2009 - Kal Online - 5 Replies
I follow the tutorial posted in this forum When i write "fu -pl 500" and press ENTER , the computer answer "acess denied" I dont know whats wrong. I cant find a solution. Can someone help me?
Please Need Wpe PRO bypass or rootkit
07/23/2008 - General Coding - 5 Replies
Hi Girls and Gyus, I really need somehting to bypass Wpe Pro for the MMO "Shot Online". I seearched around the forum but may I'm to stupid or something else -> i found nothing. I found some bypasses or rootkits but they all are detected by Shot Online. I think it uses Hackshield but I'm not sure. So is it possible to bypass it this time with a prog or do i have to wait for a new version of a bypass or does anybody has an idea??? And please if you want to tell me something, first think...
FU Rootkit, Bypass - Updated!
02/15/2008 - General Gaming Discussion - 8 Replies
For those of you looking for dragonbotWC Aimbot, it can be found in the attachement from this topic and yes, it does work with this bypass. If you get the "New version avaliable" Msg, use the "AimUnlimitedE.rar" from the attachment (Click Delete Registar Click Change Date Close Program Your done permanently!!!) ------------------------------------------------- -------- Do not touch any files in the "d33" Folder, do not rename or delete it or this bypass will not work. If you move the...
Rootkit to bypass nprotect
12/28/2005 - General Gaming Discussion - 9 Replies
Be Careful with that Rootkit it contains a virus but its harmful when u know how to use it dont works on service pack 2 1. put root.exe in a unique folder with ur hacks (it hide the hacks and all in the folder) 2. be sure that ur folder have a uniques name and dont put it into ur system folder it crashes ur pc 3. start->run E:\xxxCheatEnginexxx\root.exe /i" paramerter /i" 4. run ur hack and nprotekt dont detect it How to remove



All times are GMT +1. The time now is 15:40.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.