Sh4DoVV tools January 10, 2009
Posted by reversengineering in OTHER, TOOLS.4 comments
Armadillo Detacher special for Debug-Blocker & Copy-MemII
Sh4DoVV Enigma 1.5x-1.6x Generic Loader
by Sh4DoVV
http://rapidshare.com/files/181251204/Sh4DoVV_Armadillo_Detacher.rar.html
http://rapidshare.com/files/181251856/Sh4DoVV_Generic_Enigma_1.5x-1.6x_Loader.rar.html
New NEWFOLDER.EXE (part1) January 10, 2009
Posted by reversengineering in RCE vs BadWares.2 comments
hi
today somebody give me an usb mobile disk and tell me check it for virus and etc….i check it by NOD32(3750) and nothing ,everything seems fine !! but when i see closer to files i find new badware( worm or virus…. !)
summary of this file and my observation without any tools but i have 2 windows 
:
size :386 kb
other name of this file : solary.exe , p.exe
waht happend if we execute it:
1-it generates itself by names that likes to all folder/subfolder on ur hard drive for example u have windows folder or system 32 ; u will have windows.exe ,system32.exe …
if u have 100 folders and subfolders u will have 100 foldername.exe and subfoldername .exe 
2-it delets ur task mananger and all IMPORTANT CONTOROL PANEL
LIKE:
D:\WINDOWS\system32\sysdm.cpl
D:\WINDOWS\system32\wscui.cpl
D:\WINDOWS\system32\appwiz.cpl
D:\WINDOWS\system32\inetcpl.cpl
msconfig
&…
3-and replace notepad.exe to D:\WINDOWS\regedit.exe and delete it.
4-also disable all in ur registry:)
5-remove RUN and SEARCH bar from start menu .
6-and creates AUTORUN.INF to all root of ur harddrive and etc.
…everything is clear for cleaning
for deleted files u have to copy them in right place
i hope u never see this
