You are not logged in. Please login or register.
VX Heavens forum » Posts by RthuR
Pages 1
yea I really like hidemyass too, but i don't thin i'll ever end up getting a "real" proxy
+1
It might also be nice to attach the images, I'd be interested in seeing what this page actually looks like..
Thanks 
I didnt really understand that last post, and unfortunately I didnt manage to grasp the meaning, even with the help of google translate... sorry 
Anyways, I haven't had much time to start working on this, but a question just came up...
In order to corrupt the files would merely adding random lines of code suffice, or would it be better to replace some characters, for example to switch around all the 1s with 0s?
Thanks!
Ok, but is the deepfreeze virus still rolling back your system upon every boot?
Don't worry about it
Ok, so either you have another virus, or maybe kaspersky is detecting remains of Deepfreeze. Can you find out the path of the file whose behavior is similar to keyloger? If so just try removing it I guess... But if it does turn out to be yet another virus, maybe you're better off backing up your data and simply reinstalling windows...
Otherwise are you 100% sure that deepfrz.sys was deleted (aka is still in the running process list?)
Good Luck!
Oh.. (Cant follow the link cus I just end up sitting in front of a "phishing site blocked" page, and there seems to by no way to ignore it). I commented on this and hopefully they'll review it
I'm sorry, but I dont really understand what you're trying to say.
maybe if you tried deleting the file in safe mode... (depfrz.sys doesnt run in safe mode right?)
I've been using the anonymous proxy listed on the bottom of the home page for a while now ([Register or log in to view the URL]), except that openDNS has now marked it as a phishing site and blocked it...
You mean that kaspersky is preventing killbox from deleting deepfrz.sys ?
Is there any way for you to momentarily exit kaspersky (maybe right clicking on the icon in the notification area), as this would probably enable killbox to delete deepfrz.sys
Thanks a lot, I really appreciate all of the hard work you have put into this site
Does seem to have some of the same characteristics
i'd like to get my hands on a copy of the Butterfly bot too, if anyone has it 
Ok from what I figured out, I've got two options:
1 I would need to create a fake driver which I would force windows to load (not to sure how that would work out with the digital signatures, windows 7 is quite touchy bout that) and this driver would cause the system to crash. Of course I would then have to also edit the registry in order for the driver to load at every startup...
2 I could try to use an already existing virus to inject some random code (In order to corrupt it, not too sure if that would work tho) in all the .sys files found in C:\WINDOWS\SYSTEM32\DRIVERS and in C:\WINDOWS\SYSTEM32 . But, seeing as the driver files are probably loaded to the ram, the BSOD would only occur upon reboot... maybe I could simply force the computer to reboot after having infected all the .sys files.
I think that corrupting exsisting drivers would probably be easier than creating a fake one, especially as my programming skills aren't the most advanced... (I'll probably be able to use a .bat for corrupting the .sys files and forcing a system reboot)
Haha I copied the eicar code into a simple text file, renamed it .sys and installed it instead of my broadcom ethernet port driver. Eset didnt even notice ^^
Never mind what I said I just saw your attachment and realized we wernt talking about a .exe process. If you can find out where deepfrz.sys is you could either take ownership and try to delete it then, but otherwise you could try using something like killbox (you can find it here [Register or log in to view the URL] ).
Good Luck!
I guess I could try, but eset would deffinetly notice that one ^^
I'm still not to sure how to force windows to install a driver, I know it can be done, I just dont know how
Right now i'm under control as I'm testing it on this old pc, but the goal would be for the virus to run undetected (UAC is disbled) and cause a BSOD. I'm thinking of doing this by making it load a corrupt driver (still not sure how).. but then I guess a simple "restart with last known good configuration" would be enough to get around the BSOD...
Thanks a lot!
I dont have enough posts yet to download the attachment...
If you want to terminate it run cmd and then enter this:
taskkill /t /f /im JUST ADD THE FULL PROCCESS NAME HERE
Otherwise maybe you have a system restore point that you could try?
Just another idea, if you boot from the windows installation CD, you get to a command prompt, you could try deleting the deepfrz.sys from there and the process associated with it (you can find the proces location by right clicking o it, and then on something like "show in explorer"
I'm no expert at this, but assuming deepfreeze doesn't propagate and is only contained in that specified directory, couldn't one just delete the deepfrz.sys file by taking ownership? Otherwise have you tried forcing the process to terminate using the /F filter in cmd?
Ok thanks alot, I'll try that out. But from what i've seen even if I manage to load the virus onto the PC, nod32 detects modifications in system files. (The goal being to infect and corrupt system files to cause a BSOD)
Hey,
I would like to know which construction tool in the "newest"/most advanced, in order for the virus created not to be detected on a machine running eset nod32.
Thanks a lot!
(I have tried browsing in the "collection index", but I haven't really found what I was looking for)
Pages 1
VX Heavens forum » Posts by RthuR