Syndrome 1.10.1:5320 [Undetected]

[bweliky]

Yes, I am not your god.

Quote:

Originally posted by "Read Me"+--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE ("Read Me")</td></tr><tr><td id='QUOTE'>
I DID NOT MAKE THIS

ALL CREDITS GO TO FALDO, ALL I DID WAS RECODE SOME OF IT TO MAKE IT UNDETECTABLE!

EVERYTHING STILL WORKS

-----------

Run dist/installer/installer.exe to install the protection.

It should start cmdc.exe

From there you load jahfjahfakhgw.exe which is syndrome

ENJOY

~Brandon
[/b]

Enjoy, scan it if you want, etc.

I can take critisism, only to a certain extent, so dont be a prick if you think its a virus, the only thing that they say is a virus is the auto it file, but you get that everytime. Enjoy the undetectableness, hopefully they dont screw you guys over again.

<!--QuoteBegin--"Virus Scanner"

File: jahfjahfakhgw.exe
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 c9c147f0452ea460c6410315672444bd
Packers detected:
UPX, AUTOIT
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
[/quote]

It works nicely btw.

[bweliky]

Sorry for double post, but please +Karma

[JohnDS]

What exactly did you do so that you think it's now undetectable?

[bweliky]

Blizzard looks for certain things in the file, all I did was recode it so it would work the sameway but in different coding.

[JohnDS]

Yes, I thought so.

But did you also think about the whole function of warden?

Example:

Warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way.

[bweliky]

The bypass is still the same, its just hasn't been caught, all the functions are also the same but changed so that it reads and writes differently but works the same way. I've been using it since the release of 1.10 and haven't been banned, even after the mass ban a couple weeks ago.

[JohnDS]

That's no answer on my question but we'll see.

[ogR1sH]

Still too dangerous in my opinion. "Undetectable"..

[Stealth_soul]

i would like some little piggys 2 test drive this beast

[UGMatt]

TheHacker says Trojan/Clicker.Small.ht
UNA says Backdoor.Rbot

..
hmm no thanks.

[Darkshade]

NOT safe!

The "installer.exe" tries to send an email to "mail.nerdshack.com" (209.235.105.50:2525) using local port 1268.
Maybe your WoW Account data or something.


Run it with your Personal Firewall active and see it for yourself.

[impzor]

haha stupid *** scammer :S

[impzor]

doesnt work anyway

Protection not running. please reload installer.exe

Make sure it works when you post a hax or something

****

[invisible]

who would be so stupid to use a hack from a user with 4 posts? -.-,,

[Shortyyyy]

installer.exe is infected