PDA

View Full Version : how to create a detectable trojan undetectable?



humza
01-08-2006, 04:44 PM
can some one help me i want to make a detectable trojan undetectable how do i go about doing it. if someone could help me plzzz.

Ezekiel
01-09-2006, 11:38 AM
can some one help me i want to make a detectable trojan undetectable how do i go about doing it. if someone could help me plzzz.

To make a trojan undetectable to the antivirus, you need to know assembly code. The way you would make it undetectable would be:

*. Somehow find the strings of code, or "signatures" included in all antivirus programs to detect viruses and trojans.
2. Find the signature of the trojan you wish to make undetectable,
*. Try to find this string of code inside your trojan by splitting it.
4. Then disassemble it and insert a few extra bits of code that would not affect the program, but would change the detectable part of code enough to make it unrecognisable to the AV.

Now, the trojan would be undetectable, because you have modified it enough for it not to be recognised by the antivirus. Of course, this is an extremely complex thing to attempt, and I don't even know any assembly or machine code, so there are definitely more things you would have to do than I have described, I am just not experienced enough to know about this. So I doubt you would be able to make a trojan undetectable, to do that you have to know machine code and assembly, which is much harder than normal programming languages like c++ because machine code is directly interpreted by the processor, you have to know about how antivirus programs work, and you have to have the right tools to use, like disassemblers etc. So basically, it's not as simple as "here, download this program and it will make all your trojans undetectable", you have to have a lot of knowledge and experience to be able to modify binary programs. If you really wanted to know, you could probably ask some of the admins and moderators of this forum, they might know, although they wouldnt help you if you said you were doing this to a trojan.

Alucard
01-12-2006, 10:29 AM
i read a post by carlo and this is actualy his and the title was "Make your trojans undetactable by Hexing Malware" find that post. maybe that will help you.

Ezekiel
01-14-2006, 01:40 PM
i read a post by carlo and this is actualy his and the title was "Make your trojans undetactable by Hexing Malware" find that post. maybe that will help you.
Also, if you wanted to make any program like trojan, keylogger etc. undetectable to all antivirus programs, then you could make your own packer from this tutorial:

http://dasomnetwork.com/~leedw/pub/writing_your_own_packer.html

If you haven't got a good knowledge of programming yet then you have no chance following this tutorial, a packer is quite a complex program. But if you could follow it through, the packer you would make would have the ability to make any program at all undetectable to all antiviruses, unless you shared it with people and got it added to the detections. Also, you could follow carlo's post about "hexing your malware", which is probably simple enough for any n00b with a hex editor to follow. His post is here:

http://www.all-nettools.com/forum/showthread.php?t=222*

or the original post he took it from is here:

http://www.governmentsecurity.org/archive/t*466*.html

Halla
01-21-2006, 03:55 AM
thinking outside the box for a moment, why not program something that configures windows remote desktop for your access needs? Given this idea is OS dependant, but antivirus shouldnt pick up a program that simply calls on part of the built in programming of the operating system. Think of Remote Desktop as a windows built in trojan.

Going with that route or one similar I think you'll find it easy not to set off too many alarms.

Hope that helps.
www.informationleak.com

kOdE_krEEp
01-26-2006, 10:10 AM
not entirly linked to making the trojan undetectable but...

if you got into the computer initally (telnet or whatever you choose) then dropping a virus that would then disable or kill the antivirus then going about your original plan without needing to know ASM or having to make your own packer (given you dont have the programming experience or time).

But if you do have the time...take the other guys's advice of making your own creation...since its nicer to have your own creation instead of piggy backing off of someone elses work :P

Ezekiel
01-26-2006, 11:11 AM
not entirly linked to making the trojan undetectable but...

if you got into the computer initally (telnet or whatever you choose) then dropping a virus that would then disable or kill the antivirus then going about your original plan without needing to know ASM or having to make your own packer (given you dont have the programming experience or time).

But if you do have the time...take the other guys's advice of making your own creation...since its nicer to have your own creation instead of piggy backing off of someone elses work :P

Yes, it's always better to create your own stuff, it will not be detected, you can trust it to do what you programmed it to do, etc. Before people start asking stuff like "how do I telnet to someone's computer", you can only telnet to a computer with a telnet server running, or some other server that will allow you to connect, you can't randomly telnet to someone and expect to get in, most people do not run servers. If you did a port scan and found an exposed port that would allow you to connect, then you could telnet in and drop a virus or trojan in.

kOdE_krEEp
01-26-2006, 02:49 PM
true, but i guess i am missing that alot of people dont know most entry methods into a computer and i may have misused the example of Telnet. :P

fabioejp
01-28-2006, 09:26 PM
The only ways to turn detectables into undetectables is:
(This is not shitty stuff)
Get HEX editor and start hexing, the guy that talk about asm simply shut up over there.

Get several packers and try to combine them.

xtreme_1here
01-30-2006, 02:55 AM
hex editing is to hard to do, i give up. :mad:

Alucard
01-30-2006, 10:47 AM
well wat did u except its no just a step. hexing is not hard you just think that hexing is hard :D

Ezekiel
01-30-2006, 11:09 AM
The only ways to turn detectables into undetectables is:
(This is not shitty stuff)
Get HEX editor and start hexing, the guy that talk about asm simply shut up over there.

Get several packers and try to combine them.


I can't really understand who you are talking to, but

"the guy that talk about asm simply shut up over there"

Simply shut up about ASM? ASM (well actually machine code) is what makes up every binary program on computers and IS what you are hex editing, so you can't just ignore it and tell him to shut up. Actually I can't understand much of what you wrote, so I could have totally misinterpreted that. BTW, what you said about using two packers, well antivirus programs include packed and unpaced versions of the viruses/trojans in their detections, so this would only work if you uses a small, unknown packer or made your own.

carlo
01-30-2006, 11:29 AM
Hi again mike.

Although as you may notice im quite good at this kind of thing but you mentioned that you can drop trojans through telnet if they have an open port that you can telnet. Would you by anychance know how to do this?

Thanks

Carlo

Ezekiel
01-30-2006, 02:36 PM
Hi again mike.

Although as you may notice im quite good at this kind of thing but you mentioned that you can drop trojans through telnet if they have an open port that you can telnet. Would you by anychance know how to do this?

Thanks

Carlo

If they are running a telnet server (or some sort of server that will handle your connection correctly), then you telnet to the port it is listening on, issue the correct commands to transfer a file accross, then depending on how much access you have, enter a command to run the file on their computer or put it in a directory included in startup. I think I may have worded my post "drop a trojan in through an open port", they have to have a server running as with anything like this, and not many people do.

sansvirus
01-30-2006, 03:01 PM
wwwwwwwwwwwwwwaaaaaaaaaaaaaaaarrrrrrrrrrrrrrrr

Ezekiel
01-31-2006, 11:56 AM
wwwwwwwwwwwwwwaaaaaaaaaaaaaaaarrrrrrrrrrrrrrrr

You went through the whole process of joining this forum just to say THAT? Man, you must have way too much time on your hands if you are signing up to forums just to post some random spam.

ilyacella621
04-07-2007, 03:18 PM
wwwwwwwwwwwwwwaaaaaaaaaaaaaaaarrrrrrrrrrrrrrrr

hahah your right mike i think he went throught to much trouble just to tell people war lol he must be damn bored.

squidderuds
04-11-2007, 03:42 PM
making trojans undetectable is simple once u get the hang of it,ive been doing it for a few years,here is a scan for a bifrost server i undetected.If anyone is interested in a undetected server from me email me, squidderuds@**********

http://i*7.tinypic.com/2rxfekl.jpg

nozf3r4tu
04-11-2007, 09:28 PM
there is a program that i think is one of the best out there to make a trojan or keylogger undetectable.

your Homework is " Themida"

Also for the newbiews,windows XP has it's own packer and is pretty good.

squidderuds
04-14-2007, 02:26 AM
lol themida adds a megabyte to your servers,and also windows built in "packer" isnt a packer,its a binder,called iexpress,and it wont make your files undetectable,possibly at scan time,but not at runtime.

r4g3dSkillz
04-17-2007, 02:15 PM
Themida worked in making my Poison Ivy RAT undetected.
Does anyone know if PC Guard for Win*2 would do an even better job at that?

Now I'm trying to bind a game hack loader exe to my server build exe using Trendy Nigger Binder *.0b, but the output exe file gets detected by AV scans...

toxik
04-23-2007, 09:50 PM
Themida worked in making my Poison Ivy RAT undetected.
Does anyone know if PC Guard for Win*2 would do an even better job at that?

Now I'm trying to bind a game hack loader exe to my server build exe using Trendy Nigger Binder *.0b, but the output exe file gets detected by AV scans...

Hey man,
Have a link for Themida ? PI Is one of my favs. =)

nozf3r4tu
04-23-2007, 10:02 PM
In my opinion themida is one of the best out there right now.
As far as trendy nigger,when you save the file,"do not save it with a .exe at the end,use .jpg or something else.People are very cautious when they see a .exe file

Ezekiel
04-24-2007, 05:14 PM
In my opinion themida is one of the best out there right now.
As far as trendy nigger,when you save the file,"do not save it with a .exe at the end,use .jpg or something else.People are very cautious when they see a .exe file

Didn't I warn you about those Hotmail scam pages? Last time I'm gonna say this...

d3cr3pitor
06-09-2007, 01:15 PM
Hey people, i am looking for a Tool to convert my .exe Trojan in another one wich looks more good, if is possible to be .JPG is great but i think is very hard , anyway nozf*r4tu i see you post something about .jpg trojan/virus/keylogger , can you tell me more about this ? I understand i can do my keylogger in .src & .msi , looks more better than .exe , but i need another format if is possible, thanks for your time :D

loco
06-15-2007, 04:06 AM
need to create a undetectable virius but i am a nube:confused:

shiney
07-26-2009, 06:10 AM
removing is one thing, but detection is another thing. It also really depends on which trojan and which OS. There is a trojan for unix/linux which is very hard to detect. As far as i'm aware, theres only one tool to find that specific trojan. Its a very rare trojan, actually its a lot more than a simple trojan. It does not sit and listen on a port like other trojans, it does not show up on any process listing, it only shows up with its antidode. This trojan is called KIS (kernel intrusion system) made by 0ptyx. Its by far the most advanced trojan tool i have ever seen. It acutally sits inside the kernel itself. Even IDS cannot pick up the setup of this trojan. On the other hand, normal users have nothing to fear, since the trojan KIS is used very rarely and its target is mainly very high security boxes. I have never heard of this trojan infecting a home user, or even a small private company.

For the normal common trojans on windows systems, there are some excellent tools to remove them. I always recomend a look at aswell as getting adaware. Netstat is also helpful, since it shows which ports are in st On the other hand, on windows it normally takes user error to get infected by a trojan, as in lack of antivirus, lack of knowledge, by just clickin on files where you have no idea what they are etc.....