Quote:
Originally Posted by marcus424
thats old O.o
|
it may be old, but still works, only difference I've found so far is I skipped past these and it still works fine.
Search for IC the first kernel32.GetCurrentProcessId.
Above it look for TEST AL,AL.
Underneath change JNZ, to JMP.
Search for IC the second last kernel32.CreateProcessA.
Scroll up till you see ASCII "enc: %s".
Below it should be a set of PUSH commands,
Change the 3rd last PUSH 1 to PUSH 0.
