Flux Removal Tool from a

By +hayc59
in Back Page News

 Share

Recommended Posts

Grand Master

+hayc59 MVC

Posted
  • MVC
Posted

Flux Removal Tool from a? (Emsi Software GmbH )>

Hi,

Because the "Flux problem" becomes more and more public in diffrent boards we decided to create a little thread about that relativly new nastie.

Flux is a so called reverse backdoor. While normal backdoors would open a port on your computer and a control program would connect to it, Flux won't open a port. The control program opens the port and the backdoor connects to the control program. This makes it fully LAN and router compatible and can circumwent most hardware firewalls.

Flux uses quite a stealthy technique to run on a victims computer. Instead of creating an own process for himself or injecting a DLL to a third party process Flux uses code injection techniques. That means it injects code (NOT a DLL) to a third party process and runs it within it.

That makes Flux currently undetectable in memory by most anti malware products cause they only scans the modules of a process (which means the EXE file and all loaded DLLs) and allows Flux to bypass several software firewalls.

We at Emsi Software GmbH were prepared for the case of the appearance of such a backdoor and already developed an enhanced memory scan to detect such trojans for a? v2. We didn't think such a backdoor would appear that soon so we decided to backport the detection techniques to the current v1 releases. What does that mean?

Well, a? is currently the only program offering a reliable detection of Flux in memory so a? users are already protected and you don't have to worry about Flux:

flux.png

We released a little stand alone scanner that scans for active Flux trojans:

http://download1.emsisoft.com/fluxscan.exe

http://download2.emsisoft.com/fluxscan.exe

It works almost automatically. It scans your whole processes and terminates infected processes. Please remember to scan you system with an uptodate anti malware scanner to ensure the loader is removed from the system.

IMPORTANT:

While detection and deactivation of Flux is quite easy your computer keeps infected as long as you didn't remove the "Flux loader" that did the code injection. So for complete removal of Flux feel free to post a HiJackThis log or to create a support ticket to ensure no loader is left on your computer.

Wish you all a malware free t:)e :).

Link to comment
https://www.neowin.net/forum/topic/240836-flux-removal-tool-from-a/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft is bringing big performance improvements to OneDrive on Mac

      By MacDaddyAz · Posted

      It does invite Linux because MS should have been improving their products all along these years instead chose to ignore the users now this year they’re making all of these improvements to their products where as Linux doesn’t have this kind of problems in fact it has gotten so good I can even play Windows games in Steam that I no longer ever needed Windows to carry on with my life, unlike you still use Windows and chose to try beat down down those who don't use Windows because they love their LG TV. (Surprisingly I actually own a 55” LED LG TV and it has been going strong for almost 14 years, longer than any Sony TV”)
    • Nvidia's GeForce NOW summer sale drops prices for Ultimate and Premium memberships

      By sphbecker · Posted

      As much as I love owning my own hardware, it's hard to argue with the value. I'm not a huge gamer, I'd actually be interested in a cheaper plan with limited monthly hours, or even a pay-by-the-hour plan.
    • Euro-Office must default to ODF to be considered "genuinely European", LibreOffice argues

      By leonsk29 · Posted

      Well, they (LibreOffice/The Document Foundation) are bitchy and whiny, yes, but they're right, at least this time. It doesn't make sense to market something as "free and open source to thwart dependency on foreign companies' software" but at the same time, using the formats of said companies (Microsoft) by default. That way, you are changing nothing, essentially, you're just using another UI. We all know that users just use the defaults and almost never change them. I'm not saying they should drop other formats altogether, but they shouldn't default to the thing they're trying to run away from in the first place. If you're gonna do something, just go all the way in, don't stop in the middle, IMO. Otherwise, shut up and move along.
    • Microsoft explains how it made Teams so much faster in 2026

      By escobar_ · Posted

      Words cannot express how much garbage this app is.
    • Vivaldi 8.0.4033.46

      By Copernic · Posted

      Vivaldi 8.0.4033.46 by Razvan Serea Vivaldi is a cross-platform web browser built for – and with – the web. A browser based on the Blink engine (same in Chrome and Chromium) that is fast, but also a browser that is rich in functionality, highly flexible and puts the user first. A browser that is made for you. Vivaldi is produced with love by a founding team of browser pioneers, including former CEO Jon Stephenson von Tetzchner, who co-founded and led Opera Software. Vivaldi’s interface is very customizable. Vivaldi combines simplicity and fashion to create a basic, highly customizable interface that provides everything a internet user could need. The browser allows users to customize the appearance of UI elements such as background color, overall theme, address bar and tab positioning, and start pages. Vivaldi features the ability to "stack" and "tile" tabs, annotate web pages, add notes to bookmarks and much more. Vivaldi 8.0.4033.46 fixes: [Chromium] Update to 148.0.7778.263 ESR (includes security fixes from 149.0.7827.102/103) Download: Vivaldi 64-bit | 139.0 MB (Freeware) Download: Vivaldi 32-bit | ARM64 View: Vivaldi Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Week One Done
      FBSPL earned a badge
      Week One Done
    • One Year In
      Jim Dugan earned a badge
      One Year In
    • One Month Later
      Tommi118 earned a badge
      One Month Later
    • One Month Later
      sjbousquet earned a badge
      One Month Later
    • Week One Done
      sjbousquet earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      487
    2. 2
      PsYcHoKiLLa
      196
    3. 3
      +Edouard
      155
    4. 4
      Steven P.
      84
    5. 5
      ATLien_0
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!