[Triple Helix]

OK thanks I thought I was doing something wrong!

TH

[EP_X0FF]

Everything is ok :)

[EP_X0FF]

Yet another checksum from Prevx with love. This time primitive checksum for code buffer inside application addresses that belongs to injected dll :D As in fact they calculated it only in executable range, totally primitive. I'm losing fate in Prevx abilities as AV since they even do not know how to generate signatures.

BTW long time ago ready to use few different methods for next versions of UnPrevx.

Updated version with eradicated signature. After posting source code to public I think it will be no sense to break signatures again.

[ssj100]

Well it's been about 2 hours since you released this POC, and I can confirm that Prevx still hasn't black-listed it. Again, this emphasises the poor zero-day/zero-hour capabilities of software like Prevx (despite the marketing strategies and what the "fanboys" of Prevx might say).

Anyway, tested with Prevx version 3.0.5.188 on Windows XP, 32-bit, Admin account - Prevx is terminated from the system tray. When I try to bring back its GUI, it appears for about 1 second then gets spontaneously terminated.

[EP_X0FF]

Sources have been published @ rootkit.com
Thread will be locked until something sane from the Prevx except stupid signatures.

@Prevx
"internal testings", "cannot run" - this is named Fail at failing.

[EP_X0FF]

Good news for Prevx users :)
New beta 189 is out.

They revised NtOpenProcess hook, revised NtDuplicateObject hook, added NtDebugActiveProcess hook and now think that:
http://rootkit.com/board.php?thread=140 ... disp=14079 it is kinda "The End"

No, it's not =))) Another fail from Prevx.

Trusted members can contact me to get new version.

[EP_X0FF]

Demo of 189 successful termination, no chances for resurrection =) Played perfectly by MPC.
As now Prevx developers thinks this is "The End" I will simple use other builds of UnPrevx =)
What a problem. "The End" will only when I will tell this.
Keep failing.

[SecConnex]

If they don't keep improving their product, their product will continually be vulnerable.

[EP_X0FF]

Sure, telling "The End" is quite very naive, especially for Daniel, 30 years old developer.

[ssj100]

Tested with the latest POC (the one not released publically yet). Prevx 3.0.5.189 doesn't black-list it (again, emphasising the pathetic...sorry harsh word...the poor zero-day/zero-hour protection).

Prevx is successfully terminated. This POC seems to work much more smoothly than the previous few.

EDIT: it still doesn't work in a LUA. This once again shows the benefits of running in a LUA. You could almost say that Prevx's poor self protection becomes bullet-proof in a LUA haha.