View Full Version : New SEPP protector from aNti-Crucking...
evaluator
May 5th, 2002, 18:30
Seems finally aNti-Crucking released their newest-cruel
EXE-password-protector
with ANTIdbgDRIVER!
Hey, SPLAJ!
Look at this, they finally did driver!?
I included in package both: Driver(NT/XP) & VXD (W9x)
This VXD seems a tracer?
Little help, please:
Who knows, how is possible reversing of DRIVER or VXD!?
evaluator
May 5th, 2002, 18:38
tried upload
foxthree
May 5th, 2002, 18:53
I smell a heavy polymorph in this as NAV flags this one as W95.Fono. Anyways, happy reversing
Signed,
-- FoxThree
evaluator, ida can handle vxd and sys files.
btw, the nt driver looks like a 90% copy/paste from a sample driver written in asm by someone called 'MadPrgmr'.
ancev
May 6th, 2002, 23:57
hey,
and if its detected as w95/fono, he stole my poly engine, coz i am the author of that virus
hehe... lucky he didnt found about others ones from me, also published with source, that have a very better poly engine to him ripe
code ripping isnt a shame... shame is ripe 1997 code
ancev
Aimless
May 7th, 2002, 09:48
For crying out loud....
separator
May 10th, 2002, 11:47
Hello all,
yes SEPP was protected with polymorph code too, but it isn't why NAV detects it as virus Win95.Fono.
There is very normal procedure:
call delta
delta:
pop ebp
sub ebp, (delta-start)
Maybe it is at special file pointer or I don't know. If I removed this code, or add instruction(s) to this code NAV doesn't detect it as virus. I tried other antivirus programs like NOD and they didn't detect SEPP as virus. I think it is problem NAV virus database.
ancev: Bad news SEPP doesn't use your simple polymorph engine from Win95.Fono. Yes it uses poly engine, but more complex than uses Win95.Fono.
evaluator: Can you send me your e-mail ? I want to ask you to one question. Thanks.
Hwoarang
May 11th, 2002, 21:49
that getdelta to ebp routine is found in most viruses why would nav flag it to be infected exactly by that virus?? nav sux, anyway thats the general idea: av programs sux (give fake alarms, crash computer, corrupt files..etc.)
hey best anti-virus is softice
u should try it
bart
May 12th, 2002, 22:05
SEPP -> recompiled -> rebuilded -> patched
h**p://www.ctrl-d.prv.pl/crack/sepp10.zip
but still doesnt work on 2K
Dr.Golova
May 12th, 2002, 23:16
Quote:
Originally posted by bart
but still doesnt work on 2K [/B] |
Corrupted menu entry in dialog template. Fix it to 102 and all works fine.
+SplAj
May 13th, 2002, 13:10
Bart,
thanks for cheering me up today. That 'Special_protector_help.rtf' file is definately on my base-level
Spl/\j
+SplAj, Bart,
I think i missed the joke, the link http://www.ctrl-d.prv.pl/crack/sepp10.zip doesnt work
What was so funny then?
Regards,
Ni2
The link works. Try the first hours of a day, CET.
It was funny indeed.
bart
May 14th, 2002, 10:14
now its fixed & works fine in 2k, thnx dr. golova (andrew golota?)
h**p://www.ctrl-d.prv.pl/crack/sepp10.zip
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.