Undetectable - Some More Information

Full Version: Undetectable - Some More Information

GovernmentSecurity.org > System Security > Trojan & Virus Errata

metrox

Oct 17 2003, 10:22 AM

hi, at first my english is bad.

k, i have a problem, most of the good programs are detectable from anti-virus-progs. i know, that i change everthing on the file, version, image and packet with upx, but thats not enough, can anybody help me wiht furthermore information about this topic. i am very happy for your answer. exescope,ressourcehacker,hexeditor, i have all change, but hexeditor i dont know what i musst change.

metrox

ScriptGod

Oct 17 2003, 11:46 AM

every good antvirus programm check signatures in the file. these siganture is not the complete file only "the" bad/unique part(s) in the moste cases. so you cannot not trick an antivirus program by changing some bytes... there is now way to do that. you can only write a programm by yourself wich does the same as the programm but with a little differnts like other buffer sizes etc.

metrox

Oct 17 2003, 12:26 PM

k thanks, that is a answer

GhostCow

Oct 18 2003, 12:06 PM

can you give an example for us non-coders how one changes buffer sizes?

MAeStRo

Oct 22 2003, 07:17 PM

do u mean we have to add some bytes to the trojan?
i think this way is no effective one
cus i'd tested this one and the answer was negative

matiano

Oct 22 2003, 09:31 PM

change EPO (entry point) is good for KAV

absolution

Oct 23 2003, 12:04 AM

How would you go about changing the buffer or entry point?

MAeStRo

Oct 23 2003, 12:19 AM

tnkx so much bro matiano
i'll try to change EPO

tibbar

Nov 3 2003, 08:37 AM

i can always beat Norton with a simply hexing and packing...that AV program is absolutely useless - especially when u consider about 60% of people rely on it.

Faceless Master

Jan 8 2004, 05:15 PM

hmm
Well I coded a tool in VB.I named it ByPass.
It can make any trojan undetected for any AV but after it making your torjan Undetected your trojan will need VB Runtimes.(Msvbvm60.dll)
Well if you want you can mail me @
facelessmaster@linuxmail.org
...

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Undetectable - Some More Information GovernmentSecurity.org > System Security > Trojan & Virus Errata metrox Oct 17 2003, 10:22 AM hi, at first my english is bad. k, i have a problem, most of the good programs are detectable from anti-virus-progs. i know, that i change everthing on the file, version, image and packet with upx, but thats not enough, can anybody help me wiht furthermore information about this topic. i am very happy for your answer. exescope,ressourcehacker,hexeditor, i have all change, but hexeditor i dont know what i musst change. metrox ScriptGod Oct 17 2003, 11:46 AM every good antvirus programm check signatures in the file. these siganture is not the complete file only "the" bad/unique part(s) in the moste cases. so you cannot not trick an antivirus program by changing some bytes... there is now way to do that. you can only write a programm by yourself wich does the same as the programm but with a little differnts like other buffer sizes etc. metrox Oct 17 2003, 12:26 PM k thanks, that is a answer GhostCow Oct 18 2003, 12:06 PM can you give an example for us non-coders how one changes buffer sizes? MAeStRo Oct 22 2003, 07:17 PM do u mean we have to add some bytes to the trojan? i think this way is no effective one cus i'd tested this one and the answer was negative matiano Oct 22 2003, 09:31 PM change EPO (entry point) is good for KAV absolution Oct 23 2003, 12:04 AM How would you go about changing the buffer or entry point? MAeStRo Oct 23 2003, 12:19 AM tnkx so much bro matiano i'll try to change EPO tibbar Nov 3 2003, 08:37 AM i can always beat Norton with a simply hexing and packing...that AV program is absolutely useless - especially when u consider about 60% of people rely on it. Faceless Master Jan 8 2004, 05:15 PM hmm Well I coded a tool in VB.I named it ByPass. It can make any trojan undetected for any AV but after it making your torjan Undetected your trojan will need VB Runtimes.(Msvbvm60.dll) Well if you want you can mail me @ facelessmaster@linuxmail.org ... This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.