Stay up to date with all of our Windows 7 news right here! windows7
Reply to this topic Topic Options
Flux Removal Tool from a² (Emsi Software GmbH )
+hayc59
Post #1 Nov 6 2004, 19:42


VoodØØ Child™
Group Icon
Group Icon

Group: +MVC
Posts: 1,648
Joined: 10-July 01
From: LSD melts in your mind, not in your hand.
Member No.: 8
Flux Removal Tool from a² (Emsi Software GmbH )
Hi,
Because the "Flux problem" becomes more and more public in diffrent boards we decided to create a little thread about that relativly new nastie.

Flux is a so called reverse backdoor. While normal backdoors would open a port on your computer and a control program would connect to it, Flux won't open a port. The control program opens the port and the backdoor connects to the control program. This makes it fully LAN and router compatible and can circumwent most hardware firewalls.

Flux uses quite a stealthy technique to run on a victims computer. Instead of creating an own process for himself or injecting a DLL to a third party process Flux uses code injection techniques. That means it injects code (NOT a DLL) to a third party process and runs it within it.

That makes Flux currently undetectable in memory by most anti malware products cause they only scans the modules of a process (which means the EXE file and all loaded DLLs) and allows Flux to bypass several software firewalls.

We at Emsi Software GmbH were prepared for the case of the appearance of such a backdoor and already developed an enhanced memory scan to detect such trojans for a² v2. We didn't think such a backdoor would appear that soon so we decided to backport the detection techniques to the current v1 releases. What does that mean?

Well, a² is currently the only program offering a reliable detection of Flux in memory so a² users are already protected and you don't have to worry about Flux:



We released a little stand alone scanner that scans for active Flux trojans:

http://download1.emsisoft.com/fluxscan.exe
http://download2.emsisoft.com/fluxscan.exe

It works almost automatically. It scans your whole processes and terminates infected processes. Please remember to scan you system with an uptodate anti malware scanner to ensure the loader is removed from the system.


IMPORTANT:
While detection and deactivation of Flux is quite easy your computer keeps infected as long as you didn't remove the "Flux loader" that did the code injection. So for complete removal of Flux feel free to post a HiJackThis log or to create a support ticket to ensure no loader is left on your computer.

Wish you all a malware free time smile.gif.
Profile Card PM + Reply to Post Go to the top of the page

Log In or Register · Advertise on Neowin
empty
Post #2 Nov 6 2004, 23:28


Hm.
Group Icon

Group: Registered
Posts: 3,237
Joined: 30-November 02
From: Glasgow, Scotland
Member No.: 19,998
sounds pretty nasty.
Profile Card PM + Reply to Post Go to the top of the page Email Poster
todd
Post #3 Nov 6 2004, 23:52


Linux Hobbyist
Group Icon

Group: Registered
Posts: 2,330
Joined: 24-March 04
Member No.: 51,000
mmm.. this will be the future of viruses hmm.gif
Profile Card PM + Reply to Post Go to the top of the page
Tran
Post #4 Nov 6 2004, 23:53


Hmm?
Group Icon

Group: Registered
Posts: 3,792
Joined: 2-December 02
From: Ottawa, Canada
Member No.: 20,070
Damn. Thanks for the link - gonna scan it now just to be safe.
Profile Card PM + Reply to Post Go to the top of the page
IK47
Post #5 Nov 10 2004, 01:40


Neowinian Senior
Group Icon

Group: Banned
Posts: 3,733
Joined: 16-August 04
From: Toronto, Canada Occupation: Diplomat
Member No.: 67,123
a^2 + b^2 = c^2


I know that, and

y=mx+b
Profile Card PM + Reply to Post Go to the top of the page
« Older · Back Page News · Newer »
 Reply to this topic

 
Powered By IP.Board © 2009  IPS, Inc.