Hacking Trojan.Downloader with ModMii?

[PPSainity]

Trojan.Downloader with ModMii?
I saw this title and wondered how XFlax figured out a way to download name-brand contraceptives for his Wii... What experiments were you doing on your honeymoon?!?!?

-[]D

 

[Sicklyboy]

Trojan.Downloader with ModMii?
I saw this title and wondered how XFlax figured out a way to download name-brand contraceptives for his Wii... What experiments were you doing on your honeymoon?!?!?

-[]D

Maybe he just went to the drugstore and bought them. *shrug*

This program just informs you that "hey, you might get lucky tonight, be prepared!"

 

[luckwii]

Trojan.Downloader with ModMii?
I saw this title and wondered how XFlax figured out a way to download name-brand contraceptives for his Wii... What experiments were you doing on your honeymoon?!?!?

-[]D

Maybe he just went to the drugstore and bought them. *shrug*

This program just informs you that "hey, you might get lucky tonight, be prepared!"

Great, now the noobs are going to read this and get their Wii-niis stuck in the SD slot.

 

[XFlak]

UPX is used to compress the .exe's and .dll's. It has a history of generating false positives on virus scanners. This isn't a virus, it's just a side effect of the whole grab-bag frontend pack and play nature of this program.

normally I would agree with you, but even when UPX compressed ppl are reporting that the old libwiisharp.dll (v0.21 on google code) isn't causing problems but the non-time-stamping mod of it (v0.22) which is bundled with ModMii does cause problems.

hmmm, can someone test one more thing for me? Extract and scan the source of the official ModMii v4.6.1--launch ModMii (anti-virus disabled if necessary), go to the options page and type "decompiler", then save the source somewhere, then scan the source. If the libwiisharp.dll (v0.22 mod) is not flagged as a virus then it's probably safe to say it's only reported as a virus when it's UPX compressed (ie. bundled inside modmii.exe). If this is the case, I have a simple solution in mind

ps. the trojan condoms jokes are hilarious!

 

[shortz1994]

UPX is used to compress the .exe's and .dll's. It has a history of generating false positives on virus scanners. This isn't a virus, it's just a side effect of the whole grab-bag frontend pack and play nature of this program.

normally I would agree with you, but even when UPX compressed ppl are reporting that the old libwiisharp.dll (v0.21 on google code) isn't causing problems but the non-time-stamping mod of it (v0.22) which is bundled with ModMii does cause problems.

hmmm, can someone test one more thing for me? Extract and scan the source of the official ModMii v4.6.1--launch ModMii (anti-virus disabled if necessary), go to the options page and type "decompiler", then save the source somewhere, then scan the source. If the libwiisharp.dll (v0.22 mod) is not flagged as a virus then it's probably safe to say it's only reported as a virus when it's UPX compressed (ie. bundled inside modmii.exe). If this is the case, I have a simple solution in mind

ps. the trojan condoms jokes are hilarious!

well did it for you, (decompiled) saved to desktop an ran CA virus scan, an nothing. then i ran every thing through every single file that was shown, an still nothing. 0/threats found. even if i reinstall/download.. it still does set any alarms off, i even removed modmii from the trusted list, an still nothing.

mybe someone with the problems should do this for you. seeing that i never had a problem with modmii to begin with.

 

[ChrisLuther]

Scan of the ModMii.exe with NIS 2011

Scan Statistics:
Scan Time: 1 seconds
Scan Targets: C:\ModMii\ModMii.exe
Counts:
Total items scanned: 1
- Files & Directories: 1
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

Scan of the Source after running decompiler

Scan Statistics:
Scan Time: 1 seconds
Scan Targets: C:\ModMii\Source\7za.exe, C:\ModMii\Source\algmap.cfg, C:\ModMii\Source\cygbz2-1.dll, C:\ModMii\Source\cygwin1.dll, C:\ModMii\Source\fvc.exe, C:\ModMii\Source\hy.exe, C:\ModMii\Source\jptch.exe, C:\ModMii\Source\libexpatw.dll, C:\ModMii\Source\libWiiSharp.dll, C:\ModMii\Source\mingwm10.dll, C:\ModMii\Source\ModMii.bat, C:\ModMii\Source\msvcr100.dll, C:\ModMii\Source\nircmd.exe, C:\ModMii\Source\nusd.exe, C:\ModMii\Source\NusFileGrabber.exe, C:\ModMii\Source\patchIOS.exe, C:\ModMii\Source\settings.exe, C:\ModMii\Source\sfk.exe, C:\ModMii\Source\SMW-Mod.exe, C:\ModMii\Source\UnRAR.exe, C:\ModMii\Source\WadMii.exe, C:\ModMii\Source\wget.exe, C:\ModMii\Source\wit.exe
Counts:
Total items scanned: 23
- Files & Directories: 23
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

 

[XFlak]

nvm, scanned it myself, the libwiisharp.dll (v0.22 mod) is the problem
http://www.virustotal.com/file-scan/report...85a3-1311862709

So yea, I think i'll need someone's help (ie. cwstjdenobs, Leathl, or anyone else qualified) to re-mod libwiisharp.dll v0.21 so it doesn't timestamp wads. Then hopefully the new libwiisharp mod isn't falsely labelled as a virus. Those capable of looking into this please contact me. Thanks!

edit: One person working on it so far! Wish him luck!

 

[PsyBlade]

can someone check v0.22 vanilla to see who (intentionally or unintentionally) introduced the change that caused the AVs to pick it up

 

[XFlak]

can someone check v0.22 vanilla to see who (intentionally or unintentionally) introduced the change that caused the AVs to pick it up

Leathl made the v0.22 mod for me. He sent me the dll (which is now included in ModMii) and uploaded the source as r5 to the libwiisharp google code page. I'm pretty sure r4 on the google code page is v0.21

Leathl's a very busy guy, and I've probably only spoken to him once in the past 1.5 years.

fyi, scooby is making progress on modding v0.21 to recreate a "virus-free" v0.22

 

[scooby74029]

problem fixed(soon to be)

Xflak will have details for everyone

 

[XFlak]

Here's ModMii v4.6.1 bundled with the new libwiisharp (mod by scooby)
http://www.mediafire.com/?77yk9ox5qq5ewgu

Scooby and I would like a few people to test it to make sure it builds the same "valid" files as the old ModMii. libwiisharp is used when building any patched IOS from DL page 1, any cIOS from DL page 4, and any .app file from download page3. So if a few ppl could volunteer to test downloading\building those files that would be awesome.

And here's the new libwiisharp source code (by Leathl, mod by scooby):
http://www.mediafire.com/?485bbub4es5mw20

 

[shortz1994]

Here's ModMii v4.6.1 bundled with the new libwiisharp (mod by scooby)
http://www.mediafire.com/?77yk9ox5qq5ewgu

Scooby and I would like a few people to test it to make sure it builds the same "valid" files as the old ModMii. libwiisharp is used when building any patched IOS from DL page 1, any cIOS from DL page 4, and any .app file from download page3. So if a few ppl could volunteer to test downloading\building those files that would be awesome.

And here's the new libwiisharp source code (by Leathl, mod by scooby):
http://www.mediafire.com/?485bbub4es5mw20

do i need the pass, or can i just download.no problem testing
never mind answered my own question, duuu.
all is good, when i downloaded the 236. it came back as "unable to find file", then started to correct it self, then downloaded the file. all files said valid
250d2/55 249d2/56. an 236 patched. 249 v14-21v.. but i think someone with the problems should test an see what happens.

 

[techboy]

Scooby and I would like a few people to test it to make sure it builds the same "valid" files as the old ModMii. libwiisharp is used when building any patched IOS from DL page 1, any cIOS from DL page 4, and any .app file from download page3. So if a few ppl could volunteer to test downloading\building those files that would be awesome.

It builds cIOS249[38]-d2x-v6 and IOS70-patched without issue. Also built darkwii (both .app file and an SM) without a problem. All were reported as good files.

EDIT: Forgot to turn AVG back on...Libwiisharp.dll is now clean, but patchIOS.exe is still being flagged as Trojan.dropper. VirusTotal says that AVG is the ONLY antivirus flagging this file though (1/43).

 

[FIX94]

Here's ModMii v4.6.1 bundled with the new libwiisharp (mod by scooby)
http://www.mediafire.com/?77yk9ox5qq5ewgu

It works fine, no virus anymore and I created 5 random cIOS and all are valid, great work!

 

[scooby74029]

awesome