[crafty]

ive found PC Guard For Win32 or PC Guard for DOS, works the best...

:D

beats all AV in one hit...

[herman2k]

Spiffypat, on Jan 18 2005, 01:54 AM, said:

Wow, very nice list you got there.� I think going in and hexing the detected part is pretty easy, It only takes me 4-5 min to do a server per AV, and works 95% of the time.

<{POST_SNAPBACK}>

I think u dont know what realy up ;)
Your hexing method is not more sure.
Maybe AV�s same Norton :D

Some Av�s (example KAV) changing by famous RAT�s (bifrost) the signature after updates.

And why change same AV�s the signature,
because lot of people use the Hex method, (before avpoffset,ok not more work)and today like offsetfinder AVdevil.

And second, not all Signature�s can you easy change.i mean same signatures are hard in code and when you change this... the file is then broken.

And your Hex Method does not 95% work!


btw:nice undetected thread from here

best regards

herman2k

[Xion]

crafty, on Jan 18 2005, 04:41 AM, said:

ive found PC Guard For Win32 or PC Guard for DOS, works the best...

:D

beats all AV in one hit...

<{POST_SNAPBACK}>

Do you have the serial for this soft ?

WARNED FOR THE LAST TIME ....read the rules account disabled for 10 days for serial request

[lev]

Pseudonym, on Jan 11 2005, 06:43 AM, said:

Just wondering what are all the ways to make a file undetected without the source?


Here are some

- Packing
- Binding
- Crypting
- Hex modifying
- Packing, then removing the packers headers.
- Changing the entry point.
- Using something like code pervertor which can replace instructions
in the file with other instructions which will do the same thing.

Can anybody else think of any other methods?

<{POST_SNAPBACK}>

Here's some good sites for this:

hxxp://www.exetools.com/
hxxp://protools.cjb.net/
hxxp://unpack.cjb.net/
hxxp://yodap.cjb.net/

Another way to get close to the same goal is to make the file difficult to delete ;)

[matiano]

1. For Macafee is changing the recource section good.

2. For KAV ist good the NOP method with changing the entrypoint.

3. Rebasing the server file is an other good method

4. For Norton, we dont must speak about that :D

another good link

When somebody want know more about make undetected, i�ve a top-secret link about lot of undetected methods they can write me a PM!... i�m free4chat :)

btw: somebody know how i can make files undetected for Ewido Security Suite without crypter.

Who this can is some one the best!

best regards,

matiano

[fulvioo]

Top secret link?

Why you say that, share the knowledge you know... thats the propouse of forums, isnt?


This is a nice tutorial made by IDESpinner

http://www.governmen...ndpost&p=104148

[matiano]

The reason why i dont make the link puplic is,
because when the website master see that, that i post the link here,
maybe he dont make more puplic his secrets!

His website is for the AV producer :)

[AdmiralB]

i find using a combination of packing and perhaps crypting or binding best to avoid detection

[Progressor]

Quote

2. For KAV ist good the NOP method with changing the entrypoint.

No, it doesn't work for KAV. You better add section to file or try opcode substitute.

[Lie8]

hmmm .... the pcguard method works .... but the size gets bigger of the server .... not tested much but it skips well .... thnx for the info.

[matiano]

Progressor, on Jan 23 2005, 08:58 AM, said:

Quote

2. For KAV ist good the NOP method with changing the entrypoint.

No, it doesn't work for KAV. You better add section to file or try opcode substitute.

<{POST_SNAPBACK}>

The NOP method does work with standart scan KAV!

[Lie8]

@matiano,

pmed u twice ... can u pls PM me the top secret link of urs or add me in MSN .... thnx inadvance.

[matiano]

Lie8, on Feb 9 2005, 05:34 PM, said:

@matiano,

pmed u twice ... can u pls PM me the top secret link of urs or add me in MSN .... thnx inadvance.

<{POST_SNAPBACK}>

sorry i dont trust u because u have only 2 postings :)

[jase_uk]

lol
I im still working on making my file UD.

I have a program called stealth tools 2 but its not much help to be honest.

I might try and use some software protecters, but i mean if anyone has any good ideas then let us know.

I tryed cutting up the server and scanning each little bit, but not a single bit of it came as a virus, so i dunno what was going on there.

i mean if anyone knows anything about hex editing then let us know. :P