New_Style_xd

On 3/15/2023 at 4:44 AM, SeedTheNet said:

Whatsapp has moved installer to Microsoft Store only

If you cannot use Microsoft Store in your environment , you can use this direct download link from Whatsapp website

https://web.whatsapp.com/desktop/windows/release/x64/WhatsAppSetup.exe

 

Currently this version shows [OUTDATED] and a black Whatsapp icon.

Very good for those who don't use the Microsoft Store.
Thank you friend. Lucky for me I use the Microsoft Store. and I see that Whatsapp is always being updated

On 12/31/2023 at 6:38 AM, SeedTheNet said:

I bet this is a GUI for the command DISM

https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/what-is-dism?view=windows-11

I will take a look at it , thanks for suggestion brother.

Yes, but there is a tool that makes it easier to avoid typing commands. I will put the link.

https://dism.softonic.com.br

On 5/23/2022 at 3:20 AM, SeedTheNet said:

Eu costumava limpar arquivos Temp e registro etc., mas naqueles dias eu simplesmente não faço

O Windows acabará fazendo isso sozinho, a menos que eu precise liberar algum espaço em disco, começo a remover as coisas.

Have you ever heard about the DISM++ tool? It does a very good job of cleaning your computer.

31 minutes ago, SeedTheNet said:

Before in the days of Windows XP , this used to be more helpful because before the CPUs were slow and not that much big disk space and by the time Windows will grow slow , those apps used to come in play

But in those days , I don't find them useful , if you are on Windows 10+ , don't use those as a personal opinion , waste of time and Windows does that job for itself.

32 minutes ago, SeedTheNet said:

Before in the days of Windows XP , this used to be more helpful because before the CPUs were slow and not that much big disk space and by the time Windows will grow slow , those apps used to come in play

But in those days , I don't find them useful , if you are on Windows 10+ , don't use those as a personal opinion , waste of time and Windows does that job for itself.

I can't send you a private message, I'm going to ask you a question, you can answer it right here.

Can you post a serial of any program here on the forum?

29 minutes ago, SeedTheNet said:

Before in the days of Windows XP , this used to be more helpful because before the CPUs were slow and not that much big disk space and by the time Windows will grow slow , those apps used to come in play

But in those days , I don't find them useful , if you are on Windows 10+ , don't use those as a personal opinion , waste of time and Windows does that job for itself.

Really my friend, nowadays these programs don't make any difference. I put it because there is someone on the forum who likes these types of programs.

[LINK REMOVED]

Kaspersky tells you how to protect your passwords.

https://www.kaspersky.com/blog/how-to-store-passwords-securely/48784/

On 5/2/2023 at 6:15 AM, SeedTheNet said:

In this topic we will explain on how to remove Trojan/Remcos from your PC.

Remcos is a RAT type malware that attackers use to perform actions on infected machines remotely. This malware is extremely actively caped up to date with updates coming out almost every single month.

We will have to use an Antivirus to clean up the stuff for us , for example : ESET , Kaspersky , Fortinet or any other good vendor, but those are our recommended vendors.

Before around a month(from this topic date) , Remcos weren't known to most AV vendors and the file can be seen here :

A full analysis : https://any.run/report/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c/f26fd95b-3cc1-4578-abf1-17289380ebe5

------------------------------
Regenererede.vbs - https://www.virustotal.com/gui/file/08739fea7bfdf3b641709a3d5b6e6d64be4ea75375dda9fe5cf7234e40cfbe12/detection

TrueCrypt.exe - https://www.virustotal.com/gui/file/b1afbce51ad052f936b989214964d56e2290a7fb5548763273c1fc4382cd5c1c/detection

And then the Trojan proceeds to drop multiple files including a legit and trusted but vulnerable executables

Python.exe

VLC.exe

notepad++.exe

Firefox.exe

Yet the .dll with those files are the ones that are infected/hijacked , and those are the files that will be included with those vulnerable executables

python39.dll - https://www.virustotal.com/gui/file/e9262441ef8e401acce28d13100c63e90e3de2ffb0ec6763611eebdc1aa60dbd/detection/f-e9262441ef8e401acce28d13100c63e90e3de2ffb0ec6763611eebdc1aa60dbd-1679390226

libvlccore.dll - https://www.virustotal.com/gui/file/e7754d8e4c33b35b85d85554488069fe731190201fa9e42d1b53f38c843025a3/detection/f-e7754d8e4c33b35b85d85554488069fe731190201fa9e42d1b53f38c843025a3-1679390159

ss3.dll - https://www.virustotal.com/gui/file/65327e1555994dacee595d5da9c9b98967d1ea91ccb20e8ae4195cd0372e05a0

And so on to prevent the Trojan from coming back again , we have to check the Task Scheduler in Windows

There would be weird entries with very long commands for the fake executables that we explained about, upon entering the Task Scheduler incase you find any of these vulnerable executables are set to run everyday, make sure to removerr the entries, and also as far as we know that in Windows 10, the Trojan is able to create a startup entry also, that can be taken out through

Examples of Task Scheduler entries that we must removerr
 

    <Command>C:\Users\xxxxxxx\AppData\Roaming\Adobe\python.exe</Command>
      <Arguments>--yoky=66585 --uapb --vgb --mgxfde</Arguments>

      <Command>C:\Users\xxxxxxx\AppData\Roaming\36c011cd\vlc.exe</Command>
      <Arguments>-cbriqvr</Arguments> 

Downloading Autoruns from Microsoft https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns , and then using Autoruns to see what runs on Logon, a weird entry should be there for one of the fake executables or something to run Powershell , we also need to removerr it

Yet there are few images that are downloaded from imgur.com which they contain the load as Steganography which is the code is hidden inside a photo so it can avoid detections, and then it will be decrypted through somekind of application inside the computer probably the vulnerable ones that are provided with the trojan.

Photo source : BleepingComputer

Fruit.png - https://www.virustotal.com/gui/file/cadd19935b6d2bd7208402c760923bbaa2807633d0306c3cb15337227179399e?nocache=1

Fruit.png - https://www.virustotal.com/gui/file/4bb7fcab55b4f55f74d98c20205148a69f33dc39f3f99d9c11d1b22a4476562f?nocache=1

ms.png -https://www.virustotal.com/gui/file/b2b8b97427bacead4a3de569d4901c13fb60131d7d9c5ba10fa885e13a9cc1f7?nocache=1

Those are marked as CLEAN in VT because they are encrypted, but Fortinet also checked them and detects them , but in VT still shows clean.

<Regenererede.vbs> with MD5: e627f016283c17b4badc6f5b47f677d3 - <VBS/Agenteeeee.77d3!tr>
<SciLexer.dll> with MD5: 688c0480ed192ed336911d7ed3730561 - <W32/Rugmi.0561!tr>
<Fruit.png> with MD5: c2a09a3c72717c71a6ac22c9f342a0d2 - <Data/Agenteeeee.STGP!tr>
<ms.png> with MD5: 7b2f3421621a080c2043e6c90821c618 - <Data/Agenteeeee.STGP!tr>
<Fruit.png> with MD5: fd5cb5160053fcd028ad81016357dff5 - <Data/Agenteeeee.STGP!tr>
<Pine.png> with MD5: 7f5546e1202e06e17c3eabe86107a504 - <Data/Agenteeeee.STGP!tr>
<Fruit.png> with MD5: 0086f1ed58e6516027bdc7d8a6c2c9ad - <Data/Agenteeeee.STGP!tr>

Any of those files if they are available somewhere in your AppData Roaming folder , then you should remove them manually if an AntiVirus doesn't pick them up.

If more assistance is needed about this Trojan , please reply to this topic.

 

Good to know about that my friend. 

Lessons to remember from DEF CON 30: Vulnerability in Zoom for macOS.

In March 2020, when the entire world was just starting to deal with remote work, a vulnerability was discovered in the installation package for Zoom — one of the world's top remote communication tools — allowing arbitrary code execution on Apple computers. . Zoom fixed the vulnerability… sort of.

Moving forward in time, now in August 2022, a similar loophole was found (in terms of location and exploration consequences).

What is the latest vulnerability?

The new issue in the Zoom video conferencing app was highlighted by renowned researcher Patrick Wardle at DEF CON 30 in early August this year. In short, some bugs were found in Zoom's auto-update system for Apple users. These bugs, in theory, made it possible to obtain so-called superuser rights, which allow a would-be attacker to do whatever he wants on a victim's computer.

To exploit the vulnerability, however, the malicious person needed to have physical access to the computer, albeit without special rights. But this is not a totally unrealistic scenario: for example, the user can go to lunch and forget to lock the computer. Theoretically, the vulnerability could also be exploited by malware, which would otherwise not cause serious harm to the user.

We explain how attackers can steal your credentials and how you can prevent it. 

Spy Trojans.
phishing
Browser attacks
Public Wi-Fi
Passwords all over the place
external leaks

On 04/09/2022 at 04:17, SeedTheNet said:

Sim, o Google e as grandes empresas sempre colocam um prêmio para as pessoas que relatam vulnerabilidades para que ganhem dinheiro com isso, em vez de vendê-lo na darknet ou em outros lugares.

I really like google's work on paying bounties to find flaws.

Google will pay up to BRL 164,000 to anyone who discovers vulnerabilities
The company announced the launch of a bug bountry program that will pay researchers who identify vulnerabilities in software that is part of its open source projects.

5 Enterprise Threats That Aren't Ransomware
Although ransomware is one of the digital threats that most concern companies around the world, there are other malware that also deserve the attention of organizations.

Cybercriminals use several alternatives to carry out malicious activities, from taking advantage of misconfigured databases, social engineering techniques to trick employees and obtain access information, vulnerabilities in technologies that the company or provider uses, or the use of weak credentials. and easy to decipher. While ransomware is a business concern, it is not the only form of cyber threat.

The threats hidden in malware on routers
Malware can infect your router, slow down your Internet connection, and steal data. We explain how to secure your Wi-Fi.

You scan your computer every week, update systems and programs promptly, use strong passwords, and generally take care of yourself online… but for some reason, your internet is slow and some websites deny you access? It could be malware not on your computer, but on the router.

Well, starting this topic, I'll tell you which one I use and why.
- I use vivaldi.
- And the chromium based browser.
- There is a privacy and ad blocking tool.
- Super Personalized with several themes and formats.
- Safe browser.
- Has email manager
- password manager
- Only using and testing will see how good this browser is.

On 8/9/2020 at 11:57 AM, SeedTheNet said:

Should I use Registry Cleaners?

Shortanswer is No

I've used CCleaner for a good time , but their recent move to Avast has added lot of data transmission to Avast and in the same time it was packed with a malware since the time of the move , but since that , it has been fixed

Anyway it is recommended by Microsoft not to touch the registry , as cleaning them won't have any kind of performance improvements as Registry will never grow and be heavy to the computer.

Really, if it's used the good one is better used to clean up temporary files.