Vinzenz Feenstra's WebLog

C++ 0x Variadic Templates sooo nice :))

Vinzenz Feenstra — Wed, 26 Mar 2008 22:38:06 +0000

C++0x feature is so nice Here an example what can be done with it!
#include
#include
#include

template<typename IterT>
void fill_args(IterT it, IterT end)
{}

template<typename IterT, typename T, typename …Args>
void fill_args(IterT it, IterT end, T const & value, Args const & …args)
{
  if(it != end)
  {
    *it = value;
    fill_args(++it, end, args…);
  }
}

template< typename T, size_t N >
struct fixed_vector //aka array
{
  typedef T *         iterator;
  typedef T const *   const_iterator;
  typedef T &         reference;
  typedef T const &   const_reference;

  template<typename …Args>
  fixed_vector(Args const & …args)
  {
    fill_args(begin(), end(), args…);
  }

  reference operator[](size_t idx)
  {
    return arr[idx];
  }

  const_reference operator[](size_t idx) const
  {
    return arr[idx];
  }

  iterator begin()
  {
    return arr + 0;
  }

  const_iterator begin() const
  {
    return arr + 0;
  }

  iterator end()
  {
    return arr + N;
  }

  const_iterator end() const
  {
    return arr + N;
  }

  size_t size() const
  {
    return N;
  }

private:
  T arr[N];
};

int main()
{
fixed_vector<int, 4> v(1,2,3,4);
std::copy(v.begin(), v.end(), std::ostream_iterator<int>(std::cout, ", "));
}

After all that years…

Vinzenz Feenstra — Tue, 19 Feb 2008 19:05:32 +0000

I am really wondering how many users are using Visual Studio + GTKmm since there is still no real template for it.
At least until today there was none.

I finally wrote today a Visual C++ Wizard for GTKmm projects which utilizes the property pages supplied with the Development Environment of GTKmm for Windows.

You can find the Download for the Installer for this Template here

It will work with Visual Studio 2005 and 2008 (tested on my machines)

Enjoy!

Regards,
Vinzenz

AVG Anti-Spyware 7.5.1.43 released!

Vinzenz Feenstra — Thu, 14 Jun 2007 13:40:49 +0000

Release Notes:

- Fixed inability to run in safe mode
- Fixed endless loop in full system scan on Vista
- Fixed premature ending of trial on Vista
- Fixed partial failure of report generation
- Fixed wrong behavior of tray icon for free users

The setup for 7.5.1.43 will be available for download within in a few minutes.

Upgrading via program update is enabled for 7.5.1.36 users only at the moment and will be enabled for 7.5.0.50 in a few days.

Regards,
Vinzenz

AVG Anti-Spyware 7.5.1.36 released!

Vinzenz Feenstra — Tue, 05 Jun 2007 08:01:32 +0000

Hi all there,

after a long silent period without any news I am proud to announce the new version of the AVG Anti-Spyware 7.5.1.36

Here a short overview about the changes in the new release:

- Windows Vista support
- Support for 64-Bit editions of Windows (Windows XP 64-bit & Windows Vista 64-Bit)
- Better reliability + speed of updates
- Higher priority for paying users on update servers
- Fixes for many bugs (including high CPU usage + scheduler bugs)

The problem with the slow/unreliable updates will not be fixed at once, it will take some time until the vast majority of the user base has switched to the new version.

The new version will also be released via online-update in the next days. You can either wait for the update or manually download it from:

http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.1.36.exe

In any case, a system reboot is required.

Regards,

Vinzenz Feenstra

Tags: Anti-Rootkit, Rootkits, Threats, Malware, Removal, Anti-Spyware, Download, Screenshot, Images, Security, Windows, Microsoft, AVG, Grisoft

AVG Anti-spyware 7.5.0.47 replaces ewido anti-spyware 4.0.0.172

Vinzenz Feenstra — Mon, 02 Oct 2006 16:00:40 +0000

AVG Anti-Spyware 7.5.0.47

[quote from ewido.net:]

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5.

AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

[/quote]

The following languages are now supported: English, German, Czech, French, Italian, Spanish, Slovak, Portuguese (More languages will follow)

There are many bugs removed in this new version. It is highly recommended for every ewido antispyware user, to switch to the version.

A Screenshot of the new version:

Regards,

Vinzenz Feenstra

Tags: Threats, Malware, Removal, Anti-Spyware, Download, Screenshot, Images, Security, Windows, Microsoft, AVG, Grisoft

German HipHop youngster released his first Music video

Vinzenz Feenstra — Thu, 10 Aug 2006 15:57:44 +0000

Yesterday the 16 years old german hiphop youngster ‘F.R.’ has released his first video ‘Sport’.

Feel free to download it from here and don’t forget to visit his website.

Low Quality Video (28 MB, WMV)

High Quality Video (119 MB, MPEG)

Don’t forget to buy his album ‘Mittelweg’ which is really tight! I have it since 16th June 2006.
Check out the free tracks on his Website www.eff-arr.de

Enjoy the video!

Regards,
Vinzenz

Tags: F.R., HipHop, German, Music, Video, MusicVideo, Sport

How to remove Trojan.Downloader.uj

Vinzenz Feenstra — Mon, 07 Aug 2006 13:23:42 +0000

I have previous posted about the Windows threat ‘Trojan.downloader.uj’ and that I have build a removal help tool for it.

I think it would be best for all if I post here some removal steps for this special threat which is really tricky, since it is a trojan but uses userland rootkit techniques.

Here are the steps:

Download the file "rmdlagentuj.exe" from following location: http://fileserver.ewido.net/public.cgi?id=20845
Execute the file "rmdlagentuj.exe" if it was successful you will get a message dialog where you will be asked to reboot
Reboot your computer (Important!)
Execute a complete system scan with ewido anti-spyware 4.0 ( http://www.ewido.net )

Or you can try Grisoft AVG Anti-Rootkit Beta 1.0.0.13, but be careful it is a beta!
Thats’s all the threat should be removed now.

Aliases for this threat are:

Antivirus	Alias
AntiVir	TR/Dldr.Agent.uj.1
Authentium	W32/Downloader.LTB
Avast	Win32:Agent-IU
AVG	Downloader.Agent.BAH
BitDefender	Trojan.Downloader.FFZ
CAT-QuickHeal	TrojanDownloader.Agent.uj
ClamAV	Trojan.Downloader.Agent-262
DrWeb	Trojan.DownLoader.4316
eTrust-InoculateIT	Win32/SillyDL.51200!Trojan
eTrust-Vet	Win32/Alureon.Y
Ewido	Downloader.Agent.uj
Fortinet	RuinDl.G!tr
F-Prot	security risk named W32/Downloader.LTB
F-Prot4	W32/Downloader.LTB
Ikarus	Trojan-Downloader.Win32.Agent.uj
Kaspersky	Trojan-Downloader.Win32.Agent.uj
McAfee	Downloader-ASI
Microsoft	TrojanDownloader:Win32/Agent.RR
NOD32v2	a variant of Win32/Small.FB
Norman	W32/DLoader.NNL
Panda	Trj/Ruins.MB
Sophos	Troj/RuinDl-G
Symantec	Downloader
TheHacker	Trojan/Downloader.Agent.uj
UNA	TrojanDownloader.Win32.Agent.68D6
VBA32	Trojan.DownLoader.4316

I hope this is helpful.

Regards,

Vinzenz Feenstra

Tags: Removal, Steps, Security, Windows, Userland, Rootkit, Rootkits, Tutorial

Should we be scared about future rootkits?

Vinzenz Feenstra — Sat, 05 Aug 2006 09:36:54 +0000

I was reading blog entry of Joanna Rutkowska, a really smart and good looking (*fg*) expert in security and rootkits from Poland, and I was really asking myself, should we be scared about rootkits in the future? To give you a short answer: Yes we should!

Ok of course such rootkit can maybe be blocked before they’re installed or while it tries to installs itself or any other malware tries to install it. I am reading about the technology and the evolution of the knowledge in this area for a while and I need to say that it is really scary how fast the evolution moves forward.

Last year I was reading something about DKOM (Direct Kernel Object Manipulation), after thinking about the concept I was sure something like this is comparative easy to detect. Also hooking SSDT, IAT, EAT or using Inline Hooks (Detours) is almost harmless if you know how to get rid of it (see my previous post Trojan.Downloader.uj which is about an userland rootkit)

Anyway this year, only about 6 months later I read something which really scared me. joanna Rutkowska held some presentations about rootkits again and there she demonstrated a rootkit she is calling ‘deepdoor’. After taking a look at what she can do with this threat I was really asking myself how should you detect something like this. Ok there will be some smart guy who will be abled to detect (I am sure there will be one!). But now (ok it was already in June, but it doesn’t matter) she is writing about ‘Blue Pill’. Think about this: You are running VMWare on your computer and host another windows in there. This no great deal, that’s right but what would you say if somebody tells you that you’re hosting VMWare already in a virtual environment?

Huh? That’s really scary. And I must admit that using the name ‘Blue Pill’ is a really good choosen name.

I am right in the beginning in understanding how malware works and how it can be detected and removed but if I read something like this I am really asking myself how should we prevent ourselves from such threats?

I hope that we will be abled to have an idea how to get a ‘Red Pill’ for such threats and are abled to remove or at least to warn the users about such a threat.

Further reading about this subject you can find at:

http://invisiblethings.org/papers.html - Rootkit Hunting vs. Compromise Detection (AKA Rootkits vs. Stealth by Design Malware) - January 2006
http://theinvisiblethings.blogspot.com/ - There you will find the blog entry about ‘Blue Pill’
And an article in eWeek

Edit: (8th August 2006) I found another really interesting blog entry about this at http://www.ryanpmanning.com/?p=56

Be aware! Be scared!
Regards,
Vinzenz Feenstra

Tags: Rootkits, Malware, Security, Microsoft, AMD, Windows, Detection

“Extended Security Links”

Vinzenz Feenstra — Fri, 04 Aug 2006 19:48:34 +0000

Hi,

I have created a new page with a list of security links. Please find the page at

http://blog.evilissimo.net/extended-security-links/

I would appreciate comments on it and it would be great if you have links which can be added there.
I will update this page from time to time so that it will stay up-to-date.

Regards,

Vinzenz

Tags: Security, Links, Communities, Anti-Virus, Anti-Malware, Anti-Spyware, Removal, Boards, Forums

Grisoft AVG Anti-Rootkit Beta

Vinzenz Feenstra — Tue, 01 Aug 2006 09:56:50 +0000

Grisoft AVG Anti-Rootkit 1.0.0.13 Beta released

I am proud to announce that Grisoft has released the AVG Anti-Rookit Beta available at http://beta.grisoft.cz after a registration (which is for free)

It is abled to detect and to remove a lot of rootkits. How good it is you will really know if you have a rootkit on your system The Screenshots below are showing the tests in a VMWare Session where I have installed the Vanquish rootkit which is available at rootkit.com

I really warn everyone this is a beta software it may work but you should be careful!

While scanning:

After a scan:

Please report your test results and your opinion about it.

Regards,

Vinzenz

Tags: Security, rootkit, anti-rootkit, anti-malware, anti-spyware, rootkits, trojans,