Movie

Voodooman's BLOG

http://blog.bitcomet.com/voodooman/

Copy

Add to favorites

My Home|
Posts|
Talk|
Albums|
Stickers|
GuestBook|
Profile|
More
- Friends
- Visitors
- Favourites
- Visited

My Profile

Voodooman

15521

.....

Points: 62

Country: Russia

Shortcuts

New Post

My Controls

My GuestBook

Post

UniBitComPatch v1.0 released

Size: Large, Medium, Small Mon Mar 17, 08 02:01 PM | Category: patch

UniBitComPatch v1.0 released !!! Get it here. Здесь же читаем всю информацию. http://torrents.ru/forum/viewtopic.php?p=7778745#7778745 Unleash the power of latest BitComet with аny tracker!!!

No more Baned Bitcomet

BitComet hack user agent Patch 403 Tracker fixed Problem torrent

Link: http://blog.bitcomet.com/voodooman/post_19639/ ©

Add to favorites | Quote Reads (4000) | Comments (13)

Next: Universal bitcomet user agent spoofer patch by Voodooman

Download Speed Really slow& Nat port mapping Failed	harshkabra25's BLOG	Sun Dec 6, 09 07:42 AM
ALL US WE CAN DO IT BETTER.TO BITCOMETET SUPPORT	bartolo7's BLOG	Thu Dec 3, 09 07:10 PM
Passport Server shutdown	Mortan's BitComet Node	Thu Dec 3, 09 10:35 AM
This blog will not be updated	BitComet Support Team's BLOG	Wed Dec 2, 09 04:58 AM
This blog will not be updated	sirstar's BLOG	Wed Dec 2, 09 04:06 AM

Comments Reload

↑

Ichisanno (Michi) Wed Mar 19, 08 07:51 AM

Thanks.

Wish I Had An Angel

↑

XSTREM Sun Mar 23, 08 09:07 AM

Greetings V00d00m4n!

Can you tell me why my antivirus reports both a trojan (Trojan.Win32.Small.apn) and a trojan-downloader when updating UBCP?

The Unofficial BitComet Ambassador. - Your guide, Your allied.

↑

v00d00m4n (Voodooman) Mon Mar 24, 08 01:35 PM

Well not every suspect is actualy murderer, i mean that Antivirus that uses byte check signature, also possibly its catching technique i used (runing not exe but dll files which downloading file from intrnet) that usualy u can c in malware (actualy trojan downloaders works in same way), but anyway 70% of aniviruses i know catching programs that arent malware at all but have some similiarities.

Another reason possibly is packer and manualy edited signatures of that packer.

Anyway i can give u my word that its 100% false report (i rechecke myself with Kaspersky and Dr Web with maximum level of security and nothing suspicious was found) u can check online both files here http://www.kaspersky.com/scanforvirus

Updater consist from 4 main components, popup dll that shows ending message of success or failure, downloader dll that downloading Update.rar file from my site, unrar dll that unpacking update.rar, and sublauncher with joined closeapp.exe (console tool that termination UBCP process to overright patch if ut still runing .. i did that sublauncher for one purpose - to unload original GetUBCPupdate.exe so unrar module could be able to overrite both updater and patch. After u clicking ok on popup window that sublauncher unloading everything and cleaning temorary files.

Can u tell me more details on that? Whats was that antivirus and what was exacly that file in report and additional info?

↑

XSTREM Tue Mar 25, 08 11:34 AM

I thought so.

I'm using Kaspersky 6.0.

Kaspersky reports Trojan.Win32.Small.apn in

_SYSTEMUSER_\Local Settings\Temp\20.tmp\b2e.exe making me unable to update the application using GetUBCPupdater.exe

Well, just downloaded the new version and it works perfectly as always! Thanks a lot for your work!

The Unofficial BitComet Ambassador. - Your guide, Your allied.

↑

v00d00m4n (Voodooman) Wed Apr 2, 08 01:26 PM

TADAAAAAAAA!!!

Thats the respond from Kaspersky lab that prove that my patch absolutly SAFE !!!

No viruses and no trojans!!!!

about B2E inside getUBCPupdate.exe

> Attachment: b2e.zip

> False positive.

Hello.

Sorry,this was a false detection

it will be fixed in the next updates

thank you for your help

-----------------

Virus Analyst, Kaspersky Lab.

Now if everyone ask u can show them this quote and refer to future virus database updates where b2e will be removed))

But there few others antivirs still got it in list, also some got CLOSEAPP in in list so beware for few more False positives

↑

v00d00m4n (Voodooman) Wed Mar 26, 08 11:04 AM

No problem, b2e its just 3rd party loader\launcher (that probably was also used by some trojanmakers to load trojans so thats why it was added in kaspersky 6 database) it keep all the other files unloaded to make them possible to replace during update and then deleting all the temporal files.

By the way u really should upgrade to kaspersky 7, its much better, have less false reports and enhanced analysis methods more heuristic and less byte signatures checking.

↑

XSTREM Thu Apr 3, 08 04:14 PM

That is perfect, voodooman! :)

Now nobody will experience this false positive again. Thanks for reporting it to the Kaspersky developers. Didn't know that was possible.

Well, I cannot upgrade to Kaspersky 7, as my registration is for 6.0 only. But when it runs out, I might consider upgrading.

The Unofficial BitComet Ambassador. - Your guide, Your allied.

↑

XSTREM Tue Apr 8, 08 10:07 AM

What the hell?

I just read you were banned from Torrents.ru due to your patch! What the hell are their reasons?

They claim it contanied malware?! Well, if that is so - then that could only be because of the false-positive from Kaspersky? Even though you wrote a very straight-forward explanation of your patch, they still banned you without even point it out for you first.

I'd wish I could read and write Russian, so I could show them some "mild" hell-fire, those imbecile jackasses. (Sorry for my language.)

Good luck with your attempt on unban. If I can do anything, then just write.

-Best regards

XSTREM.

The Unofficial BitComet Ambassador. - Your guide, Your allied.

↑

XSTREM Tue May 13, 08 03:14 PM

Hi Voodooman!

I recieved your message on my blog, but I cannot find a 1.4 or 1.5 version on the Russian site. V. 1.3 however works fine with BitComet V. 1.01 - you do have to unpack it first though using one of the unpackers.

After patch with V. 1.3, BitComet reports: User-agent: BitComet.

Client-ID: BitComet 1.01.

You said you would spoof the client-id to V. 0.70. I don't like that idea that much, since some trackers have banned all BitComet versions below 0.90.

I've been searching for the code using a Hex Editor to find the parameter which controls the peer-id, but I can't find it. Could you please say what ascii-string or decimal I should search for?

Best regards,

XSTREM.

The Unofficial BitComet Ambassador. - Your guide, Your allied.

↑

v00d00m4n (Voodooman) Mon May 19, 08 05:31 PM

Guy there HIT_HAT tiped me with his found that peer-id isnt variable string and showed me how its generated.

Its generated during initialisation of Bitcomet.exe by using separate Strings '-' 'B' 'C', then there are few pointers to version strings, but these version string are program wide (uses everywhere from caption and about) so its not good idea to change them, but there is another solution, replace pointers in peed id generatin opcode with fixed values in stack.

↑

Guest Sun Feb 22, 09 08:41 PM

tanx

↑

[Guest]lv news Thu Oct 8, 09 03:40 PM

It was a very nice idea! Just wanna say thank you for the information you have shared. Just continue writing this kind of post. I will be your loyal reader. Thanks again.

↑

[Guest]cheap air jordan shoes on sale Mon Nov 2, 09 09:25 PM

http://www.nikejordansale.com

TOP

Leave your comment

* Name:
Website:
* Verification:	Try another
* Body:

Voodooman's BLOG

My Profile

Shortcuts

Categories

Popular Posts

Post

Related Posts

Comments Reload

Voodooman's BLOG

My Profile

Shortcuts

Categories

Popular Posts

Post

Related Posts

CommentsReload

Comments Reload