pcmhacking.net

Please delete if not allowed...

So I found a cracked version of win ols 4.7 floating around on the webs...

It uses the standard E VC installer, but then uses a cracked (chinese) version of the .exe file to run it.

Virus Total shows some stuff with the .exe (gee can't imagine that):https://www.virustotal.com/gui/file/845 ... d/behavior

It is beyond my capability to dissect the .EXE and possibly the one .DLL file to remove said garbage, so I thought i'd ask if any of you gents could take a go at it.

If so, i'm more than happy to share the file on here...

It's a whole lot less effort just to set up a VM and run it in there. Pass through whatever hardware you need but keep that chinese crap isolated. It's the same with the chinese K-tag and pretty much anything from there. They may be false positives but not worth the headache. A lot of that software must be run in Win7 mode or earlier anyway. I use pastebin and other file sharing sites to transfer binaries from the VM back to my main machine.

Ill leave this for now because its good general advice for any software, but please support the original companies that make this software. If I change my mind or we receive complaints i'll delete the thread. This forum is a place for free tools and knowledge, not piracy.

BennVenn wrote: ↑Sun Apr 14, 2024 8:47 am It's a whole lot less effort just to set up a VM and run it in there. Pass through whatever hardware you need but keep that chinese crap isolated. It's the same with the chinese K-tag and pretty much anything from there. They may be false positives but not worth the headache. A lot of that software must be run in Win7 mode or earlier anyway. I use pastebin and other file sharing sites to transfer binaries from the VM back to my main machine.

I could be wrong, but I thought some of the new virus's and such could somehow port through VM Ware?

antus wrote: ↑Mon Apr 15, 2024 1:46 pm Ill leave this for now because its good general advice for any software, but please support the original companies that make this software. If I change my mind or we receive complaints i'll delete the thread. This forum is a place for free tools and knowledge, not piracy.

Thank you, and I normally do try to support vendors, this is one that I would rarely use right now, when I get to a point where I would use it more I will definitely purchase it.

mytunes wrote: ↑Mon Apr 15, 2024 11:02 pm I could be wrong, but I thought some of the new virus's and such could somehow port through VM Ware?

You may be thinking of this, stay up to date and you should be OK.

https://arstechnica.com/security/2024/0 ... abilities/

BennVenn wrote: ↑Sun Apr 14, 2024 8:47 am It's a whole lot less effort just to set up a VM and run it in there. Pass through whatever hardware you need but keep that chinese crap isolated. It's the same with the chinese K-tag and pretty much anything from there. They may be false positives but not worth the headache. A lot of that software must be run in Win7 mode or earlier anyway. I use pastebin and other file sharing sites to transfer binaries from the VM back to my main machine.

Being known that the file is infected, I'd keep the VM off line, setup a folder on the host pc and "share" it to the guest OS, pretty sure it shows up as an external drive, been a while since I've done that. That works in Virtual Box at least on Linux. If the VM can access your network, it can data log and track info, attack other devices on your network, etc so best to not allow that. The other route is to setup a firewall that blocks all traffic except for a white list of allowed ip's.



For the OP, removing viruses and such from an existing exe file might be somewhat easy, or could be very hard depending on how integrated it is. From the little I've looked into that stuff, most use packers/droppers where you open the file, it dumps a section of the orig exe to a location on your drive (encrypted generally), then runs that file which is the actual virus. If you remove the code that drops the virus and the run command line, in theory you can remove the encrypted data out of the file (generally at the end) and have the exe in the original form (cracked but no virus).

Realistically it should never be trusted if it's from a shady source, there's some nasty stuff out there that exists. In theory if you run it in a VM, and inside a sandbox, the sandbox would show you the temp file it creates and such. I used to use Sandboxie long long ago.