+hayc59 MVC Posted November 6, 2004 MVC Share Posted November 6, 2004 Flux Removal Tool from a? (Emsi Software GmbH )> Hi, Because the "Flux problem" becomes more and more public in diffrent boards we decided to create a little thread about that relativly new nastie. Flux is a so called reverse backdoor. While normal backdoors would open a port on your computer and a control program would connect to it, Flux won't open a port. The control program opens the port and the backdoor connects to the control program. This makes it fully LAN and router compatible and can circumwent most hardware firewalls. Flux uses quite a stealthy technique to run on a victims computer. Instead of creating an own process for himself or injecting a DLL to a third party process Flux uses code injection techniques. That means it injects code (NOT a DLL) to a third party process and runs it within it. That makes Flux currently undetectable in memory by most anti malware products cause they only scans the modules of a process (which means the EXE file and all loaded DLLs) and allows Flux to bypass several software firewalls. We at Emsi Software GmbH were prepared for the case of the appearance of such a backdoor and already developed an enhanced memory scan to detect such trojans for a? v2. We didn't think such a backdoor would appear that soon so we decided to backport the detection techniques to the current v1 releases. What does that mean? Well, a? is currently the only program offering a reliable detection of Flux in memory so a? users are already protected and you don't have to worry about Flux: We released a little stand alone scanner that scans for active Flux trojans: http://download1.emsisoft.com/fluxscan.exe http://download2.emsisoft.com/fluxscan.exe It works almost automatically. It scans your whole processes and terminates infected processes. Please remember to scan you system with an uptodate anti malware scanner to ensure the loader is removed from the system. IMPORTANT: While detection and deactivation of Flux is quite easy your computer keeps infected as long as you didn't remove the "Flux loader" that did the code injection. So for complete removal of Flux feel free to post a HiJackThis log or to create a support ticket to ensure no loader is left on your computer. Wish you all a malware free t:)e :). Link to comment Share on other sites More sharing options...
empty Posted November 6, 2004 Share Posted November 6, 2004 sounds pretty nasty. Link to comment Share on other sites More sharing options...
todd Posted November 6, 2004 Share Posted November 6, 2004 mmm.. this will be the future of viruses :/ Link to comment Share on other sites More sharing options...
Tran Posted November 6, 2004 Share Posted November 6, 2004 Damn. Thanks for the link - gonna scan it now just to be safe. Link to comment Share on other sites More sharing options...
IK47 Posted November 10, 2004 Share Posted November 10, 2004 a^2 + b^2 = c^2 I know that, and y=mx+b Link to comment Share on other sites More sharing options...
Recommended Posts