|
|
||||||||||||||||||
|
Full Version: Hiding Sumthing Important
I actually have a rootkit but it's bat file are getting me into trouble.. all the antivirus detect those bats file as virus.. and aslo i have a copy of IROFFER with that kit so sumtime it is also detected as virus..
I want to know is there any way by which i can add sum sealth to the bat files and IROFFER so that antivirus don't catch them...  THANK U IN ADVANCEAlso 1 more thing i wanna ask I usually use Firedaemon with my rootkit to make my kit starts up when the pc restarts but i have noticed that the old firedaemon do not work with WINDOWS XP systems.. and also i tried using the latest firedaemon but it is not working properly so can sum1 guide me how to work with the latest firedaemon... 
well... no clue why iroffer is being detected , have u tried to rename stuff to make them llook like system files? .. u should try to get off firedaemon and find different tools to make programs run as services scince they work on all systems firedaemon is buster..
sry if that didnt help but was more toward tellin u to read for new stuff 
hmm.. yeah will have to sit one day and read.. but i though my job cud be made easy... neways what are u saying abt different tools to make iroffer run as services can u guide me pls. and also i would like to know how can i edit bat files or do sumthing with them so that they don't get caught by antivirus..
and ya i do rename iroffer i tried it without renameing it but same thing..
There is something great called msdn. This is your ultimate tool, the second tool you will need is a compiler and a few libaries. Then you'll be secure against most of the AVs
No idea if this works, I found it somewhere - please virus scan it before use.. no idea what it is..
Thank you! Regards, LS
I have NEVER had a .bat file detected as a virus.... Maybe changing a couple of lines helps?
Never use Firedaemon as its just so obvious.... It's unstable too. Better use instsrv.exe/srvany.exe (NT Reskit). Maybe a upx/morphine combi helps stealth your iroffer exe.
the problem i had with instsrv etc. was it wouldnt start mirc as a service.... and yes there is a reason behind having such a cumbersome program installed - 1) not detected EVER by antiviruses and 2) acts as a backdoor for me
3) In case iroffer goes down - i still know ip of the pc ;D
try writing ur own bat files using the originals as source.
I'm not flaming, but if a bat file and all ur other "rootkit" files are detected by anti virus they must be very very widely used, eg based around perhaps the tk.worm or something. Your best bet is to build ur own bats, change it around, think a little about what u want to do etc and then type, bat scripting isnt hard really. oh, to stop antivirus protection, use ur own programs, or legal programs, or pack them urself using the many techniques described on this forum
@ saetji
Better not use that sig from danasoft.... The sites this sig is posted on are published on www.danasoft.com: LAST 5 REFERRERS vul.fi medlem.spray.se 3lunch.net homemsg.focus.cn www.cu2.nl We don't want this site on there too much (am I right Admins?) Just my 5c
prob with instrv is that i'm unsure how u could say type iroffer config.file with it...
you could covert the batch files to exe files using bat2exe (google it)
Hey guys thanks for StealthBatch it works fine
bur as yet i am trying to find morphine i didn't got it where to get that i tried in goole and no good result  so pls. help aslo can u tell me how sud i use upx/morphine combination coz never used these before thank u
True, M$ actually does all the work for you. Look for *cough* Windows Resource Kit *cough* by M$  My hint about AV Progs is to search some AV Databse for processes killed by Worms, add them to your batch, whip up some nice registry patch to patch your folders and restart the services.
Sometimes morphine messes up your exe so make a backup.
Nice  AVG detects it as a virus though here ,, Dropper.Stbat.C Thnx though
hmmm.. i guess IROFFER can't be done with UPX and MORPHINE.. is there any other program which i can try..
Thank U
hmmm.. i was trying to edit iroffer but when i edit with morphine it do not work. can sum one help me coz my iroffer is getting caught by Antivirus
Thanks in ADVaNce
Why don't you use a *.vbs or a *.js file with the same job ?
hmm.. didn't got u littlehacker
what do u mean
I think he means not to write a .bat file, instead use .vbs or .js since they are different 'languages' than batch and let them do the job. Thsi way it doesn't get detected. Most likely not 
hmm.. my bat files problem is solved i need to get iroffer.exe fixed my antivirus says it's a virus.. so i want antivirus not to catch it as virus.
Well if your Rootkit is small in size Then you can use some convertor proggies.
I'd some small utilities that compress an *.exe file to a *.vbs one! Try this!
what you wanne say is cu2 leaky?? sind when.. i only have a simple accound on that page but i don't belieave that don't update..
When you post that danasoft sig here the url http://www.governmentsecurity.org/ is posted on www.danasoft.com for every visitor to read. That might attract some people that come here for the wrong reasons.... I don't know anything about cu2 so I don't know if they are leaky. This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
||||||||||||||||||
