Thread: [HELP] 1/24 NOD32 Win32/Injector.ALA

File Info

Report date: 18.2.2010 at 20.19.48 (GMT 1)
File name: Icggwe2.exe
File size: 606208 bytes
MD5 Hash: 3580d2ac3dcb575582263cbccfa94b0a
SHA1 Hash: 55F94CE35F81DD68CB7500B0CFBB6091A6970FED
Detection rate: 1 on 19
Status: INFECTED

Detections

a-squared - -
Avira AntiVir - -
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Ewido - -
F-PROT6 - -
G-Data - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 - Win32/Injector.ALA
Panda - -
Solo Antivirus - -
TrendMicro - -
VirusBuster - -
ZonerAntivirus - -

Scan report generated by
NoVirusThanks.org

Hi ,

i have crypted my api's in RC4 and my stub in BLOWFISH added fake functions and all the things i had to do but my stub and my server crypted stay at 1/24 NOD32 detect Win32/Injector.ALA .......... how can i fix this ? plz help me.

thank you.

are you using runpe?

If your using RunPe it is detecting something in there(ie injector), heres what you need to do to find what it is. First if you havent already, randomize all functions, variables, constants etc. Now scan, didnt do it? If your using the same RunPe as I was that got that detection, one by Karcrack, then its the module originally name "Invoke" by cobien, you gotta move that out of Runpe to fud it. If not, now go 3 functions at a time and comment them like this:

Public Function Detected (blah as string,dumb as variant) as string
CODE
CODE
CODE
CODE
End Function

TO:

Public Function Detected (blah as string,dumb as variant) as string
'CODE
'CODE
'CODE
'CODE
End Function

And then scan, if whats detected is there, then it wont be detected, if it isnt there it will still be detected.

If you dont find it the first try, uncomment those lines you commented and continue down the code. When it isnt detected, start uncommenting 1 line at a time, for EACH line you uncomment, compile and scan. If that compile is detected, then the last line you uncommented has the detected code, modify or move this code to make it fud.