OK I found this on a popular forum and am suprised not to see it here. So I guess ill take the time to help all you and post it! My file is clean check the file size and checksums from the actual D/L link. wich is here: h**p://membres.lycos.fr/rogergirardin/generator/av_tester_v1.22.rar

@buzzons:Stealth tools does nothing of the sort. Its not that hard just go get a free site with php support and follow the directions like its on your comp. If your talking about the file split feature, I never got that shit to work, this doesnt split the file. It is very similir to the meathod posted on CIA website, replaces bit by bit with 00 intill it replaces a bit that makes it undetected; except its automated!Take a look again b4 posting.

Lol, I think know this log was be fount !
Underkonnekt no ?

for those who that would be to much effort for. there is of course StealTools by Gobbo (i think) which does most of that and is a lot more user friendly

oppS

no this is totally different than stealth tools. this actually helps you find the pattern the av is triggering on. very good stuff. thanks!

woooooooooow
thanx
makes hex editting pretty easy
cheers

I've put the exe file in a dir named "exes"

Trying to clone the gui finds the exe but there is no rule file?!? I've created a folder named "rules" and inside it is a rule.txt file, but it still doesn't work.

The functions "hexa editor" and "rule table" doesnt work either beacuse there is no "save" or "execute" button for changes to take effect.

How do i solve it?

thx man .
good stuff
,but doesnt work for me ,
and googled for more info and get nothing..
are there any topics u know about this stuff?

how do i use this shit?
i have two .php files and when i open them it just close the explorer

Stelth Tools 2.0 FE

Question about telnet. When I add a user. and do
net start telnet

when i actually telnet in to that box i get the msg

Microsoft ® Windows 2000 ™ Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Client
Telnet Client Build 5.00.99206.1

Escape Character is 'CTRL+]'


You are about to send your password information to a remote computer in Internet
zone. This might not be safe. Do you want to send it anyway(y/n):


I of course type 'y' and press enter
and it gives me this screen instantly

NTLM Authentication failed due to insufficient credentials. Please login with
clear text username and password

Server allows NTLM authentication only
Server has closed connection


Connection to host lost.

Can anyone explain. I get this in dos prmpt and in putty.

hello it does not work to me, I am new in this but I have been able to install the apache and php and have verified that works.

example i put <? phpinfo();?> and see this.



but when attempt to open one of the 2 php (index.php or function.php) does not leave anything to me, but if that has created me the folders (exes, hexa_backup.........) but the page leaves to me in target.

somebody can help me.

thanks

useless

I use norton and rising
they killed all the file in result

Numberone, your doing something wrong or there a multiple strings that are detected; for this there is no solution... Or your using a trojan with INJECTION tech. wich in this case it will not work...

wow this is a pretty advanced tool !
thanks a lot ... this could be a valuable asset

argh php and apache, anyone have the time to convert this proggy in perl/python ?

I installed apache and php on my home comp and i was able to run the script fine, but im very confused how to use it.

I tried following the instructions, but I still have no idea what to do after that.

Can anyone write a step-by-step thing on exactly how to use it?

Thanks in advance!

@ tianzhen
and now work fine to me


Change your php.ini file but make a backup before.
#######################
[PHP]

;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; This file controls many aspects of PHP's behavior. In order for PHP to
; read it, it must be named 'php.ini'. PHP looks for it in the current
; working directory, in the path designated by the environment variable
; PHPRC, and in the path that was defined in compile time (in that order).
; Under Windows, the compile-time path is the Windows directory. The
; path in which the php.ini file is looked for can be overriden using
; the -c argument in command line mode.in
;
; The syntax of the file is extremely simple. Whitespace and Lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
;
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
;
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), or a quoted string ("foo").
;
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
;
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
;
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
;
; foo = ; sets foo to an empty string
; foo = none ; sets foo to an empty string
; foo = "none" ; sets foo to the string 'none'
;
; If you use constants in your value, and these constants belong to a dynamically
; loaded extension (either a PHP extension or a Zend extension), you may only
; use these constants *after* the line that loads the extension.
;
; All the values in the php.ini-dist file correspond to the builtin
; defaults (that is, if no php.ini is used, or if you delete these lines,
; the builtin defaults will be identical).


;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;

engine = On ; Enable the PHP scripting language engine under Apache
short_open_tag = On ; allow the <? tag. otherwise, only <?php and <script> tags are recognized.
asp_tags = Off ; allow ASP-style <% %> tags
precision = 14 ; number of significant digits displayed in floating point numbers
y2k_compliance = Off ; whether to be year 2000 compliant (will cause problems with non y2k compliant browsers)
output_buffering = Off ; Output buffering allows you to send header lines (including cookies)
; even after you send body content, in the price of slowing PHP's
; output layer a bit.
; You can enable output buffering by in runtime by calling the output
; buffering functions, or enable output buffering for all files
; by setting this directive to On.
implicit_flush = On ; Implicit flush tells PHP to tell the output layer to flush itself
; automatically after every output block. This is equivalent to
; calling the PHP function flush() after each and every call to print()
; or echo() and each and every HTML block.
; Turning this option on has serious performance implications, and
; is generally recommended for debugging purposes only.
allow_call_time_pass_reference = On ; whether to enable the ability to force arguments to be
; passed by reference at function-call time. This method
; is deprecated, and is likely to be unsupported in future
; versions of PHP/Zend. The encouraged method of specifying
; which arguments should be passed by reference is in the
; function declaration. You're encouraged to try and
; turn this option Off, and make sure your scripts work
; properly with it, to ensure they will work with future
; versions of the language (you will receive a warning
; each time you use this feature, and the argument will
; be passed by value instead of by reference).

; Safe Mode
safe_mode = Off
safe_mode_exec_dir =
safe_mode_allowed_env_vars = PHP_ ; Setting certain environment variables
; may be a potential security breach.
; This directive contains a comma-delimited
; list of prefixes. In Safe Mode, the
; user may only alter environment
; variables whose names begin with the
; prefixes supplied here.
; By default, users will only be able
; to set environment variables that begin
; with PHP_ (e.g. PHP_FOO=BAR).
; Note: If this directive is empty, PHP
; will let the user modify ANY environment
; variable!
safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comma-
; delimited list of environment variables,
; that the end user won't be able to
; change using putenv().
; These variables will be protected
; even if safe_mode_allowed_env_vars is
; set to allow to change them.


disable_functions = ; This directive allows you to disable certain
; functions for security reasons. It receives
; a comma separated list of function names.
; This directive is *NOT* affected by whether
; Safe Mode is turned on or off.


; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work.
highlight.string = #DD0000
highlight.comment = #FF8000
highlight.keyword = #007700
highlight.bg = #FFFFFF
highlight.default = #0000BB
highlight.html = #000000

; Misc
expose_php = On ; Decides whether PHP may expose the fact that it is installed on the
; server (e.g., by adding its signature to the Web server header).
; It is no security threat in any way, but it makes it possible
; to determine whether you use PHP on your server or not.



;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;

max_execution_time = 3000 ; Maximum execution time of each script, in seconds
memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; error_reporting is a bit-field. Or each number up to get desired error reporting level
; E_ALL - All errors and warnings
; E_ERROR - fatal run-time errors
; E_WARNING - run-time warnings (non fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings which often result from a bug in
; your code, but it's possible that it was intentional (e.g., using an
; uninitialized variable and relying on the fact it's automatically
; initialized to an empty string)
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non fatal errors) that occur during PHP's initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non fatal errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
; Examples:
; error_reporting = E_ALL & ~E_NOTICE ; show all errors, except for notices
; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; show only errors
error_reporting = E_ALL & ~E_NOTICE ; Show all errors except for notices
display_errors = On ; Print out errors (as a part of the output)
; For production web sites, you're strongly encouraged
; to turn this feature off, and use error logging instead (see below).
; Keeping display_errors enabled on a production web site may reveal
; security information to end users, such as file paths on your Web server,
; your database schema or other information.
display_startup_errors = Off ; Even when display_errors is on, errors that occur during
; PHP's startup sequence are not displayed. It's strongly
; recommended to keep display_startup_errors off, except for
; when debugging.
log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
track_errors = Off ; Store the last error/warning message in $php_errormsg (boolean)
;error_prepend_string = "<font color=ff0000>" ; string to output before an error message
;error_append_string = "</font>" ; string to output after an error message
;error_log = filename ; log errors to specified file
;error_log = syslog ; log errors to syslog (Event Log on NT, not valid in Windows 95)
warn_plus_overloading = Off ; warn if the + operator is used with strings


;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order = "EGPCS" ; This directive describes the order in which PHP registers
; GET, POST, Cookie, Environment and Built-in variables (G, P,
; C, E & S respectively, often referred to as EGPCS or GPC).
; Registration is done from left to right, newer values override
; older values.
register_globals = On ; Whether or not to register the EGPCS variables as global
; variables. You may want to turn this off if you don't want
; to clutter your scripts' global scope with user data. This makes
; most sense when coupled with track_vars - in which case you can
; access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
; You should do your best to write your scripts so that they do
; not require register_globals to be on; Using form variables
; as globals can easily lead to possible security problems, if
; the code is not very well thought of.
register_argc_argv = On ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
; increased performance
post_max_size = 8M ; Maximum size of POST data that PHP will accept.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.

; Magic quotes
magic_quotes_gpc = On ; magic quotes for incoming GET/POST/Cookie data
magic_quotes_runtime= Off ; magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_sybase = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \')

; automatically add files before or after any PHP document
auto_prepend_file =
auto_append_file =

; As of 4.0b4, PHP always outputs a character encoding by default in
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
; PHP's built-in default is text/html
default_mimetype = "text/html"
;default_charset = "iso-8859-1"

;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
include_path =".;h:\apache_server\php\pear\" ; UNIX: "/path1:/path2" Windows: "\path1;\path2"
doc_root = ; the root of the php pages, used only if nonempty
user_dir = ; the directory under which php opens the script using /~username, used only if nonempty
extension_dir ="h:\apache_server\php\extensions\" ; directory in which the loadable extensions (modules) reside
enable_dl = On ; Whether or not to enable the dl() function.
; The dl() function does NOT properly work in multithreaded
; servers, such as IIS or Zeus, and is automatically disabled
; on them.


;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
file_uploads = On ; Whether to allow HTTP file uploads
upload_tmp_dir ="h:\apache_server\tmp\" ; temporary directory for HTTP uploaded files (will use system default if not specified)
upload_max_filesize = 2M ; Maximum allowed size for uploaded files


;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
allow_url_fopen = On ; Wheter to allow trating URLs like http:... or ftp:... like files


;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;

[Syslog]
define_syslog_variables = Off ; Whether or not to define the various syslog variables,
; e.g. $LOG_PID, $LOG_CRON, etc. Turning it off is a
; good idea performance-wise. In runtime, you can define
; these variables by calling define_syslog_variables()


[mail function]
SMTP = localhost ;for win32 only
sendmail_from = me@localhost.com ;for win32 only
;sendmail_path = ;for unix only, may supply arguments as well (default is 'sendmail -t -i')

[debugger]
debugger.enabled = true
debugger.host = clienthost
debugger.port = 7869

[Logging]
; These configuration directives are used by the example logging mechanism.
; See examples/README.logging for more explanation.
;logging.method = db
;logging.directory = /path/to/log/directory

[Java]
;java.class.path = .\php_java.jar
;java.home = c:\jdk
;java.library = c:\jdk\jre\bin\hotspot\jvm.dll
;java.library.path = .\


[SQL]
sql.safe_mode = Off

[ODBC]
;uodbc.default_db = Not yet implemented
;uodbc.default_user = Not yet implemented
;uodbc.default_pw = Not yet implemented
uodbc.allow_persistent = On ; allow or prevent persistent links
uodbc.check_persistent = On ; check that a connection is still validbefore reuse
uodbc.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
uodbc.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
uodbc.defaultlrl = 4096 ; Handling of LONG fields. Returns number of bytes to variables, 0 means passthru
uodbc.defaultbinmode = 1 ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation of uodbc.defaultlrl
; and uodbc.defaultbinmode

[MySQL]
mysql.allow_persistent = On ; allow or prevent persistent link
mysql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
mysql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
mysql.default_port = ; default port number for mysql_connect(). If unset,
; mysql_connect() will use the $MYSQL_TCP_PORT, or the mysql-tcp
; entry in /etc/services, or the compile-time defined MYSQL_PORT
; (in that order). Win32 will only look at MYSQL_PORT.
mysql.default_socket = ; default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults
mysql.default_host = ; default host for mysql_connect() (doesn't apply in safe mode)
mysql.default_user = ; default user for mysql_connect() (doesn't apply in safe mode)
mysql.default_password = ; default password for mysql_connect() (doesn't apply in safe mode)
; Note that this is generally a *bad* idea to store passwords
; in this file. *Any* user with PHP access can run
; 'echo cfg_get_var("mysql.default_password")' and reveal that
; password! And of course, any users with read access to this
; file will be able to reveal the password as well.

[mSQL]
msql.allow_persistent = On ; allow or prevent persistent link
msql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
msql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit

[PostgresSQL]
pgsql.allow_persistent = On ; allow or prevent persistent link
pgsql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
pgsql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit

[Sybase]
sybase.allow_persistent = On ; allow or prevent persistent link
sybase.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
sybase.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
;sybase.interface_file = "/usr/sybase/interfaces"
sybase.min_error_severity = 10 ; minimum error severity to display
sybase.min_message_severity = 10 ; minimum message severity to display
sybase.compatability_mode = Off ; compatability mode with old versions of PHP 3.0.
; If on, this will cause PHP to automatically assign types to results
; according to their Sybase type, instead of treating them all as
; strings. This compatability mode will probably not stay around
; forever, so try applying whatever necessary changes to your code,
; and turn it off.

[Sybase-CT]
sybct.allow_persistent = On ; allow or prevent persistent link
sybct.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
sybct.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
sybct.min_server_severity = 10 ; minimum server message severity to display
sybct.min_client_severity = 10 ; minimum client message severity to display

[bcmath]
bcmath.scale = 0 ; number of decimal digits for all bcmath functions

[browscap]
;browscap = extra/browscap.ini

[Informix]
ifx.default_host = ; default host for ifx_connect() (doesn't apply in safe mode)
ifx.default_user = ; default user for ifx_connect() (doesn't apply in safe mode)
ifx.default_password = ; default password for ifx_connect() (doesn't apply in safe mode)
ifx.allow_persistent = On ; allow or prevent persistent link
ifx.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
ifx.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
ifx.textasvarchar = 0 ; if set on, select statements return the contents of a text blob instead of it's id
ifx.byteasvarchar = 0 ; if set on, select statements return the contents of a byte blob instead of it's id
ifx.charasvarchar = 0 ; trailing blanks are stripped from fixed-length char columns. May help the life
; of Informix SE users.
ifx.blobinfile = 0 ; if set on, the contents of text&byte blobs are dumped to a file instead of
; keeping them in memory
ifx.nullformat = 0 ; NULL's are returned as empty strings, unless this is set to 1. In that case,
; NULL's are returned as string 'NULL'.

[Session]
session.save_handler = files ; handler used to store/retrieve data
session.save_path ="h:\apache_server\tmp\"; argument passed to save_handler
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1 ; whether to use cookies
session.name = PHPSESSID
; name of the session
; is used as cookie name
session.auto_start = 0 ; initialize session on request startup
session.cookie_lifetime = 0 ; lifetime in seconds of cookie
; or if 0, until browser is restarted
session.cookie_path = / ; the path the cookie is valid for
session.cookie_domain = ; the domain the cookie is valid for
session.serialize_handler = php ; handler used to serialize data
; php is the standard serializer of PHP
session.gc_probability = 1 ; percentual probability that the
; 'garbage collection' process is started
; on every session initialization
session.gc_maxlifetime = 1440 ; after this number of seconds, stored
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check = ; check HTTP Referer to invalidate
; externally stored URLs containing ids
session.entropy_length = 0 ; how many bytes to read from the file
session.entropy_file = ; specified here to create the session id
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = nocache ; set to {nocache,private,public} to
; determine HTTP caching aspects
session.cache_expire = 180 ; document expires after n minutes
session.use_trans_sid = 1 ; use transient sid support if enabled
; by compiling with --enable-trans-sid
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[MSSQL]
;extension=php_mssql.dll
mssql.allow_persistent = On ; allow or prevent persistent link
mssql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit
mssql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit
mssql.min_error_severity = 10 ; minimum error severity to display
mssql.min_message_severity = 10 ; minimum message severity to display
mssql.compatability_mode = Off ; compatability mode with old versions of PHP 3.0.

[Assertion]
;assert.active = On ; assert(expr); active by default
;assert.warning = On ; issue a PHP warning for each failed assertion.
;assert.bail = Off ; don't bail out by default.
;assert.callback = 0 ; user-function to be called if an assertion fails.
;assert.quiet_eval = 0 ; eval the expression with current error_reporting(). set to true if you want error_reporting(0) around the eval().

[Ingres II]
ingres.allow_persistent = On ; allow or prevent persistent link
ingres.max_persistent = -1 ; maximum number of persistent links. (-1 means no limit)
ingres.max_links = -1 ; maximum number of links, including persistents (-1 means no limit)
ingres.default_database = ; default database (format : [node_id::]dbname[/srv_class]
ingres.default_user = ; default user
ingres.default_password = ; default password

[Verisign Payflow Pro]
pfpro.defaulthost = "test.signio.com" ; default Signio server
pfpro.defaultport = 443 ; default port to connect to
pfpro.defaulttimeout = 30 ; default timeout in seconds

; pfpro.proxyaddress = ; default proxy IP address (if required)
; pfpro.proxyport = ; default proxy port
; pfpro.proxylogon = ; default proxy logon
; pfpro.proxypassword = ; default proxy password

; Local Variables:
; tab-width: 4
; End:


;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; if you wish to have an extension loaded automaticly, use the
; following syntax: extension=modulename.extension
; for example, on windows,
; extension=msql.dll
; or under UNIX,
; extension=msql.so
; Note that it should be the name of the module only, no directory information
; needs to go here. Specify the location of the extension with the extension_dir directive above.


;Windows Extensions
;Note that MySQL and ODBC support is now built in, so no dll is needed for it.
;
;PHPExt
extension=php_bz2.dll
extension=php_cpdf.dll
extension=php_ctype.dll
;extension=php_curl.dll
extension=php_cybercash.dll
extension=php_db.dll
extension=php_dba.dll
extension=php_dbase.dll
;extension=php_dbx.dll
;extension=php_domxml.dll
;extension=php_dotnet.dll
extension=php_exif.dll
;extension=php_fbsql.dll
;extension=php_fdf.dll
;extension=php_filepro.dll
extension=php_gd.dll
;extension=php_gd_gif.dll
;extension=php_gd2.dll
;extension=php_gettext.dll
;extension=php_hyperwave.dll
;extension=php_iconv.dll
;extension=php_ifx.dll
;extension=php_iisfunc.dll
extension=php_imap.dll
;extension=php_ingres.dll
;extension=php_interbase.dll
;extension=php_ixsfunc.dll
extension=php_java.dll
extension=php_ldap.dll
;extension=php_mbstring.dll
;extension=php_mcrypt.dll
extension=php_mhash.dll
extension=php_ming.dll
;extension=php_msql.dll
;extension=php_mssql.dll
;extension=php_notes.dll
;extension=php_oci8.dll
;extension=php_openssl.dll
;extension=php_oracle.dll
extension=php_pdf.dll
;extension=php_pear.dll
extension=php_pgsql.dll
;extension=php_printer.dll
;extension=php_shmop.dll
;extension=php_snmp.dll
;extension=php_sockets.dll
;extension=php_sybase_ct.dll
;extension=php_xslt.dll
;extension=php_yaz.dll
;extension=php_zlib.dll
;/PHPExt

@eskeletor

sorry not using the same version php as u..

so cant use your php.ini posted

what exactly did u modified, plz..

This php.ini was posted on a french board by the author of the software. Also, If it is not working for you try usin EASYPHP 1.6 not the newest.

~Eyeless

I was having some trouble and was wondering if someone could help me out. Well my problem is this >>> I made alot of trojans , old and new undetected from norton and is undetectable by many online scaners from big companys , I forgot there names and I also sent it through yahoo msn and let there scanner scan it , well it says nothing is found . But when I send my trojans out in chat rooms alot of people are saying I sent them a virus , what am I doing wrong and what can I do to be sure that my trojans arent being detected by others ?

I made this program in Delphi that I think do the same that the script but is easy to use... (sorry de ftp is down)

Looks like a neat proggy.
Gonna check this 1 out and let you know if it worked.
THNXXX

thx i search such a tool its very nice ! And it works fine :-)

Ok.

The Mcfee online scan is far behind one on your local computer; I have done the same WAY back when I cam on the scene. Well not that far back, (been doing this to long) but when Hotmail added the virus scanning, I used it for checking my servers; but then a scan on my puter resulted in a virus found.. Just simple Adding bits to the server should be sufficent to pass Online AV.

For all who are have problems setting up Easyphp and getting it going go here and get these One is a TDS dumper wich will give you the signature TDS uses here is the beging post Here and someone ported the orginal Roger.Giradin AVtester to executable....Get it Here

thx man Nice I need This Tool

Or you can use some tools like ASPack to compress and modify .exe file. Some good PE encryptors you can find here:
http://y0da.cjb.net/

Hey!
I this method with 4 various backdoors but NAV detected them all ... is there no other way to undetect trojans ?

I can to make undetectable trojan's .... Using only HIEW ( my new method )
i tested myself.... it is not detect by: McAfee 8.0, Norton 2004, KAV 5.0, Dr.Web 4.31, Panda AV Platinum.....
icq: 1554239
mail: fat3@ok.kz

bypassing av seems to be a little complicated

but it's not so

file scanning :

the first step is discovering how do the av detect the malwares

some strings are known by the avs as malware unic components

so when scanning the file it detects the strings, it will return a positive identification

on the most used malware, the av update the offsets so your undetected server can be identificate tomorrow

obs : the offset can be a regular expression

if you protect the server by encrypting it, you will bypass a file scanning
but when the data are decrypted and dropped to memory, the av will block and identificate it

memory scanning :

the best way to bypass a resident memory protection

you have to chose a standalone server unpacked (no ext file generated like .dll)

with my generator, you will find the offset detected by your av
you can change a bit on the detected offset

Can you post the tool on this board ? I click the link and it says they are not excepting any more people at this time

download

just take the time to read the readme file

Looks like a neat proggy.
Gonna check this 1 out and let you know if it worked.
THNXXX

THX man ..
I'll going to check your prog

any1 got it works?

Anyone got that file avfucker they can post up ? the origonal is down

Well I found a tool that can help you make a file undetected.It does not work always but when it does, its a great help.It finds the offsets detected by your antivirus.Once the offsets are found,you can work on them to make the file undetected.First disable realtime scanning by your antivirus.Start the Avdevil.Browse to the file.Start the offset finder.And enable realtime scanning.If you are lucky offsets will be found and displayed.

bump since this question is coming up alot...

ok

All that did was make 2.5gb of exes on my freebsd server. All the exes where the same!

I guess its only for windows then

ok!

really exellent !!!
really really exellent !!!
good job !!!