question about Nero Multimedia Suite 10 Keygen Only by JONGCANZ

[myidisbb]

okay i was one that jump at the download. i saw the assassain creed face icon and thought it was one of the usually god posters. i had just gotten up getting ready for work. i did not notice the 7mb file size. i click on it and nothing. click admin for it then. i notice afterwards that UAC was turn off each time i had lcick on it. este was okay. i am scaning my computer with mbam at the moment. going to get a rootkit scanner just to be safe.

has anyone figure out what was going on with that so called mother F!@#$ BS keygen file? please excuse the language. a bit upset to things and myself for not catching it before hand.

[sanjoa]

Me having the same problem as you all day.

[myidisbb]

Me having the same problem as you all day.

i turn off the computer until i got off form work today. turn on. click to turn UAC on and restarted. sent the winrar and file each to virus online scanner. and used software este and sa and mbam. nothing came up. download the RootkitRevealer. it crashes when click on. so i download hitman pro. it found some stuff in the temp folder. going to restart and scan it again. oh using a 64 bit system vista.

the worker bees for nsane have looked into the file and they believe its okay. "As per the tests performed by the staffs, the file posted wasn't a malware but the keygen was giving only known serials that are spread around the net." somewhere i read that it was requiring microsoft netframe 4 something. question is if the computer has it installed then what would happen? worked or do something nasty? im going to go with what the staff said that it just a file that didnt work. i got sucker into downloading it because i say the assassain creed avatar and assume it was one of the known good posters

[tonyblair]

This so called "keygen" is in fact a converter. It has included some data encrypted by a symmetrical algorithm (Microsoft standard API).

Of course the MORE OBSCURE core program is also decrypted in memory and launched as a winPE.

It is written with Visual Basic using Framework version 2.0.50727.

The first task it achieves : Play with the system policy and more particularly the LUA

As the executable is in an intermediate language and the core program hidden, there is no possibility to an AV to find something suspect. So be careful mates with this. ;)

[sanjoa]

what's LUA?

[tonyblair]

what's LUA?

LUA = logical unit application

as you can see in the line number 01BE and 01E7 in the listing above it loads the value "0" with the instruction ldc.i4.0. (load integer 0)

So the program disable the UAC.

[sanjoa]

OK. At my virtual XP installation the same problem happens. This is a virus

[tonyblair]

This "keygen" in his code try to connect silently to a remote service in the net. I stopped debugging it as it is dangerous for my machine. ;)

[sanjoa]

Shit. I did run it yesterday, and I have to delete it using Unlocker because I coudn't stop it.

[tonyblair]

I am not surprised that you cannot stop it. As you will see below the core program is loaded in memory and virtually protect in a virtual memory zone.

Task manager can do nothing to stop it. :

[tonyblair]

Now here is the list of the functions used by it's external envelope (the core program is encrypted and hidden) as a virus:

It is easy to understand the underlined functions that it looks for the computer signature, the identification of the user. It set up an internet link with a remote server

the program is launched with RunPE in a virtually protected zone. Voila!

[sanjoa]

So on, this is a virus or malware

[myidisbb]

if you turn uac back on and reboot are you okay then? or should i consider this a rootkit? i try using the rootkit revealer on the front page and it crash

[LeetPirate]

w00t w00t! Go tonyblair! :rolleyes:

That crappy fake release topic was obliterated, sorry we didn't deal with it earlier. :(

[Marik]

That crappy fake release topic was obliterated, sorry we didn't deal with it earlier. :(

there was no way for us to even know what it did...unless you're some kind of genius or (dunno what you are Tony) cracker like Tony...or some IT student

[myidisbb]

w00t w00t! Go tonyblair! :rolleyes:

That crappy fake release topic was obliterated, sorry we didn't deal with it earlier. :(

not yours or the sites fault. i didnt catch the 2 posting only plus the new account. i looked at the avatar and rmemeber that being used by a known poster and went with it. plus didnt notice the 7mb size. early iin the morning.

my sister in law husband who in airforce on computersnad network think form read the above messages that it might been trying to bot a computer. doesnt look to be around anymore. used sophos anti rootkit to scan my computer. didnt see anything but but lots of hidden temp internet files. i disk clean and ccleaner my computer

we count on the frontpage stuff to be safe. share coding of the other stuff always chancie

[neeraj]

That crappy fake release topic was obliterated, sorry we didn't deal with it earlier. :(

there was no way for us to even know what it did...unless you're some kind of genius or (dunno what you are Tony) cracker like Tony...or some IT student

I agree with Marik...tony sure is a genius when it comes to software......