Log in

View Full Version : Patching Antivirus XP 2008 [Malware]


Zhelatin
October 14th, 2011, 22:32
Hi,

i need some help for patching the fake antivirus "Antivirus XP 2008". I'm a newbie @ RE and i can't find the "good boy" and "bad boy" message, i need them for dUP2 patching. i'm sure that malware is not packed. Someone can give me some tricks, how can i defeat that? I upload that malware, would be cool if anyone can check that sample. It's better to use a VMWare for that!

Tools who i use: ImpREC, Ollydbg, PEiD, LordPE

a screenshot:

http://www.abload.de/thumb/screen2op7.png (http://www.abload.de/image.php?img=screen2op7.png)

About AV XP 08.. : http://www.bleepingcomputer.com/virus-removal/remove-antivirus-xp-2008

Download: http://www.mediafire.com/?aydzdmqmyx5vvbf

WinRAR archive pw: zhelatin

Thanks in advance..

Kayaker
October 14th, 2011, 23:51
What do you mean by the "good boy" and "bad boy" message? I assumed that thing was all bad boy and it was installed whether you liked it or not. What behaviour are you trying to patch?

Zhelatin
October 15th, 2011, 07:53
Quote:
[Originally Posted by Kayaker;91219]What do you mean by the "good boy" and "bad boy" message? I assumed that thing was all bad boy and it was installed whether you liked it or not. What behaviour are you trying to patch?


good boy message= thank you for your purchase bla bla bla
bad boy= invalid key. try again bla bla..

look here is the other version of av xp 08 succesfully cracked: http://www.youtube.com/watch?v=MGzlxlzzTCQ

JeRRy
October 22nd, 2011, 17:14
Nice blog. You can find some tutorials about rogue/ransomwares .

Code:
http://xylibox.blogspot.com/

Zhelatin
October 22nd, 2011, 17:16
i know Xylitol..

evaluator
October 31st, 2011, 07:17
Cracking fraud-commercial apps.. new kind of hobby..