Hi,

i need some help for patching the fake antivirus "Antivirus XP 2008". I'm a newbie @ RE and i can't find the "good boy" and "bad boy" message, i need them for dUP2 patching. i'm sure that malware is not packed. Someone can give me some tricks, how can i defeat that? I upload that malware, would be cool if anyone can check that sample. It's better to use a VMWare for that!

Tools who i use: ImpREC, Ollydbg, PEiD, LordPE

a screenshot:

http://www.abload.de/thumb/screen2op7.png (http://www.abload.de/image.php?img=screen2op7.png)

About AV XP 08.. : http://www.bleepingcomputer.com/virus-removal/remove-antivirus-xp-2008

Download: http://www.mediafire.com/?aydzdmqmyx5vvbf

WinRAR archive pw: zhelatin

Thanks in advance..

What do you mean by the "good boy" and "bad boy" message? I assumed that thing was all bad boy and it was installed whether you liked it or not. What behaviour are you trying to patch?

good boy message= thank you for your purchase bla bla bla
bad boy= invalid key. try again bla bla..

look here is the other version of av xp 08 succesfully cracked: http://www.youtube.com/watch?v=MGzlxlzzTCQ

Nice blog. You can find some tutorials about rogue/ransomwares .

i know Xylitol..

Cracking fraud-commercial apps.. new kind of hobby..