Not to mention this is hardly even assembly. This is like really ghetto
assembly. In REAL assembly, there would be no ".if" statements. It's all cmp
blah blah, jz, jnz, etc. Lot's more work. Also, there is no such thing as
.invoke MessageBox. Give me a break. In real assembly, that code would be
about 5 times longer.
Regards,
Paul
Greyhats Security
http://greyhatsecurity.org
----- Original Message -----
From: "Thierry Zoller" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[email protected]>
Sent: Saturday, August 20, 2005 1:57 PM
Subject: Re: [Full-disclosure] FrSIRT False Alarm
aco> btw illwill made something to block it, havent tested it myself but
this
aco> might be useful to post it here:
aco> http://illmob.org/files/0day/msdds.dll_deactivator.rar
It sets the killbit that's all. A .reg file would have been enough but
then of course doing that in asm makes it all l33t and stuff...
--
Thierry Zoller
mailto:[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
