Unveiling of Epsilon Anti-Virus

Pages: 1... 5678910
Look at the code and it remove's

all malwares without rootkit
There are plenty of "malwares without rootkit" that I can promise you that code does not remove. I can make a whole bunch myself right this second ;p
Last edited on
@spaceworm
Why do you move 0 to eax on line 64 and 69? I know that eax is where the return value is stored, but I don't see what you are accomplishing by moving 0 to eax manually, especially since this function only has one exit point where it always returns 0 anyways.
Last edited on
As I said in the comments, it removes it all in the registry, and then blocks the file. Next if I can use Kernel Drivers I am sure to mess up the Malwares, just understand read the code before commenting man.

First any malware in the registry location specified in the code will be fried and also do be aware it will kill your malware because normally that's where they start up from.

Sorry, if you read the code it returns true meaning 1. Anyway I felt like doing that. Sorry bout that.
Last edited on
I bet if I wrote a quick virus up and ran it with your code in a VM it wouldn't detect the virus as you claim.
closed account (1yR4jE8b)
Is nobody going to bring up that he licensed his "module" under GPL?
Sorry, if you read the code it returns true meaning 1. Anyway I felt like doing that. Sorry bout that.

i was referring to the second function, BasicRegCheckUp.
Last edited on
@darkestfright
So? I'm fairly sure you can use GPL code in proprietary software if the copyright holder gives you permission, so if you're the copyright holder then you automatically have permission.
closed account (1yR4jE8b)
Shit. Forgot about that. Thanks.
@L B

Let me challenge you to a AV, kill and dual, what we do is you create a malware I will try kill it in any way possible, then I will create a Malware and you will try kill it And I assure you putting a bet, that you will not even some close to killing my Malware. It will instead own your AV so badly.

Next this code can kill known malware like Black Shades and as your would be a unknown virus it would need heuristics to scan and I got the right one.

My technique, hook all process from before, then when a new process comes into hand hook that as well, then if the process is malware it would use CopyFile and MoveFile fairly quickly so I will just create a callback and return 0, then call ExitProcess from within the process, and bamn your Virus has been terminated.

400 Posts next milestone: 500
Last edited on
This is not about your coding skill, this is about a statement you made earlier :p I have no doubt that I will fail miserably at making any kind of AV, but I also think you should not boast with untrue statements.
My technique, hook all process from before, then when a new process comes into hand hook that as well, then if the process is malware it would use CopyFile and MoveFile fairly quickly so I will just create a callback and return 0, then call ExitProcess from within the process, and bamn your Virus has been terminated.

Why do I have the impression this isn't anything new? Maybe because it's common sense for an antivirus to function this way?
Hey,

Look I am not boasting but I am saying with minor improvement it can kill even famous Malwares such as Black Shades right? which does have ACL and DACL protection yet it kills it via few tricks but all malwares without rootkits always start up in the registry and in the run location and mine scans around it and removes those malwares and technically it does so look try create a malware with the specifications of the scan and see what the scan file does.

@Catfish

AV's do not hook what functions I hook they operate solely from Kernel whereas mine use Malware tricks against themselves. This is the idea, I adopted and changed the idea from SpyEye.

SpaceWorm wrote:
Look I am not boasting...
Uh you had your supposed I.Q. in your profile, seriously who does that?

I am willing to test you in a sandboxed environment if you ever actually release anything. I expected a thread titled "Unveiling of Epsilon Anti-Virus" that something would be unveiled, 7 pages later...still nothing.
Boasting is Talk with excessive pride and self-satisfaction about one's achievements, possessions, or abilities.

I am just mentioning besides others do say whats you IQ and compare it right, besides I am releasing the code if you read through it.
SpaceWorm wrote:
Boasting is Talk with excessive pride and self-satisfaction about one's achievements, possessions, or abilities.
Are you saying posting your I.Q. doesn't qualify?

I am just mentioning besides others do say whats you IQ and compare it right
I would say no, not very often. In fact I don't think I've ever been asked what my I.Q. is.

besides I am releasing the code if you read through it.
I've read all 7 pages and I saw the code snippet. I'm not a winapi guy so I can't really comment on it.
Last edited on
Anybody remember this?
http://www.cplusplus.com/forum/windows/97377/

Cyberwarfare wrote:
 
_asm mov eax ,0 //Love ASM due to epic syntax 

Yeah, I know that dude ask Script Coder, he knows us two and we do talk to him often, at-least I do anyway I don't know bout Script Coder we did work on a project with him.

I think Script should comment.

Anyway Naraku then why are you commenting if the topic is not understood by you, the best thing is to keep quite.
SpaceWorm wrote:
Yeah, I know that dude ask Script Coder, he knows us two and we do talk to him often, at-least I do anyway I don't know bout Script Coder we did work on a project with him.


SpaceWorm wrote:
If any of you are familiar with "Cyberwarfare" I am his Older Brother & I have uploaded a video in his Account. I hope you enjoy this:

http://www.cplusplus.com/forum/windows/100456/

Anyway, back on topic:

SpaceWorm wrote:
Anyway Naraku then why are you commenting if the topic is not understood by you, the best thing is to keep quite.

He offered to test your AV, if you ever release it.
SpaceWorm wrote:
Yeah, I know that dude ask Script Coder...
IIRC you said he was your younger brother.

I think Script should comment.
You say that like it means anything. I don't know him anymore than I know you.

Anyway Naraku then why are you commenting if the topic is not understood by you
I never said I couldn't understand your code, I said I'm not a WINAPI guy by which I meant I don't use it much other then for testing and trying to help others.
the best thing is to keep quite.
So only those with I.Q. >= 160 need apply?

Gangstalicious from the boondocks wrote:
Eat a dick.
Pages: 1... 5678910