Flux Removal Tool from a

By +hayc59
in Back Page News

 Share

Recommended Posts

Grand Master

+hayc59 MVC

Posted
  • MVC
Posted

Flux Removal Tool from a? (Emsi Software GmbH )>

Hi,

Because the "Flux problem" becomes more and more public in diffrent boards we decided to create a little thread about that relativly new nastie.

Flux is a so called reverse backdoor. While normal backdoors would open a port on your computer and a control program would connect to it, Flux won't open a port. The control program opens the port and the backdoor connects to the control program. This makes it fully LAN and router compatible and can circumwent most hardware firewalls.

Flux uses quite a stealthy technique to run on a victims computer. Instead of creating an own process for himself or injecting a DLL to a third party process Flux uses code injection techniques. That means it injects code (NOT a DLL) to a third party process and runs it within it.

That makes Flux currently undetectable in memory by most anti malware products cause they only scans the modules of a process (which means the EXE file and all loaded DLLs) and allows Flux to bypass several software firewalls.

We at Emsi Software GmbH were prepared for the case of the appearance of such a backdoor and already developed an enhanced memory scan to detect such trojans for a? v2. We didn't think such a backdoor would appear that soon so we decided to backport the detection techniques to the current v1 releases. What does that mean?

Well, a? is currently the only program offering a reliable detection of Flux in memory so a? users are already protected and you don't have to worry about Flux:

flux.png

We released a little stand alone scanner that scans for active Flux trojans:

http://download1.emsisoft.com/fluxscan.exe

http://download2.emsisoft.com/fluxscan.exe

It works almost automatically. It scans your whole processes and terminates infected processes. Please remember to scan you system with an uptodate anti malware scanner to ensure the loader is removed from the system.

IMPORTANT:

While detection and deactivation of Flux is quite easy your computer keeps infected as long as you didn't remove the "Flux loader" that did the code injection. So for complete removal of Flux feel free to post a HiJackThis log or to create a support ticket to ensure no loader is left on your computer.

Wish you all a malware free t:)e :).

Link to comment
https://www.neowin.net/forum/topic/240836-flux-removal-tool-from-a/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Why it's almost impossible to produce a smartphone in the United States

      By Asgardi · Posted

      Ridiculous claim that the labor cost difference of $6000 annually would increase cost per phone by $200. The employees produce 3 phones per month or what?
    • Sparkle 2.20.1

      By Copernic · Posted

      Sparkle 2.20.1 by Razvan Serea Sparkle is a free, open-source Windows optimization tool designed to make your PC faster, cleaner, and more private. With Sparkle, you can easily debloat Windows by removing unnecessary apps and services, disable Microsoft tracking to enhance privacy, and apply performance tweaks to boost speed. Its cleaner removes junk and temporary files, while every change is safe and fully reversible. Sparkle also features a modern, user-friendly interface with automatic updates, making system maintenance simple. Explore over 39 tweaks, from disabling telemetry and hibernation to optimizing network and game settings, all aimed at customizing and enhancing your Windows experience. Sparkle supports Windows 10 and 11. Sparkle 2.20.1 changelog: You can now change the Animation Direction from Up, Left, or Off. Added configurable animation direction (Up, Left, Off) for improved accessibility Added TTL caching to the system info backend Refactored tweak application flow to await NvidiaProfileInspector Improved IPC listener cleanup to correctly remove specific listeners Fixed online status not updating after successful network requests Updated system info tests to support backend caching Removed electron-toolkit utils dependency in favor of internal is.dev helper Fixed unwanted files and folders being included in application bundles Download: Sparkle 2.20.1 | Portable | ~100.0 MB (Open Source) Links: Sparkle Website | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • The best controller for XBOX and PC is down to the lowest price

      By Figure 8 Dash · Posted

      Never used the G7 Pro, but I've never had a good experience with that style of d-pad and fighting games.
    • Sihoo Doro C300 Pro V2 Ergonomic Office Chair review: The Ikea of chairs

      By Figure 8 Dash · Posted

      And I just bought a seat cushion for my mesh chair. The chair feels nice but the first time I sat in it with boxers, I realized I don't like the feel of mesh on my legs. 😂
    • This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time

      By jordanspringer · Posted

      "This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time" ... Lol.

  • Recent Achievements

    • One Month Later
      JKR earned a badge
      One Month Later
    • Dedicated
      Asgardi earned a badge
      Dedicated
    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well
    • One Month Later
      Excellence2025 earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      244
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      Steven P.
      84
    5. 5
      macoman
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!