_Mastermind25_

No offence...i've used this proggy and i think i am not infected yet..and i do trust bro [Only registered users can see links. ]
But i tried to scan it with Kaspersky and it says the file is infected..

cjdelphi

same result when scanned alone? just the exe?

Got a full virus scan there? i've got my bandwidth back now so i could scan it but i'm lazy lol.... virustotal etc etc, the only 1 i've come across is a false pos from VBA32 even a compiled do nothing program shows up with VBA...

all i can think of is that the program downloads dlls/ocx's from a website chances are some virus / trojan out there which is real does a similar thing and the code to do it are similar but that's where the similarities end, but i'll check it out, i like to know what causes False Positives so i can then go and complain to the AV companies.


Frack me....

there's about 5 false positives in the scan from virustotal, RegOCX prior to adding the ability to download an ocx/dll from the website just had the routines to register the OCX/DLL / com object with the added code to connect to the website all these others jumped up...

interesting i'm now ripping the code apart to find exactly what part is flagging all these warnings off.

[back soon with answers]

[Only registered users can see links. ]

That result is without the code to register the ocx/dll

now compiling version without the ability to download the file....

[back again]

cjdelphi

[back again]

[Only registered users can see links. ]

Now the code for downloading the file has been removed.....

now waiting for the results to show so i can pinpoint the offending code so i can go and bug them, as for VBA i've emailed them about 12 times each time i do they find more "false positives" .

I have no idea what's causing it remove either 1 and the false positives go away with them both in they show...

here's the code can anyone see the offending code?...

unit RegOCX;

interface

uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
SkinData, DynamicSkinForm, spSkinShellCtrls, SkinCtrls, StdCtrls, ShellAPI,DbSock,
SkinBoxCtrls, ScktComp, Menus, SkinMenus;


Const
CrLf: String = #$0d+#$0a;

type
TDllRegisterServer = function: HResult; stdcall;

Type TFileDownload = Class(TThread)
Private
Sock: TDCBsock;
Offset: Longint;
ItemName,Url,Server: String;
SprtUpdate: Boolean;
ItemsIndex: Integer;
LocalF: String;
Port: String;
function LastCharPos(Text: String; C: Char): Integer;
function GetFirstUrl(Text: String): String;
function GetURL(Text: String; IgnoreIPs: Boolean): String;
function IsItAnIP(Str: String): Boolean;
function instr(subs, searchstr: string; donde: integer): integer;
function ScanIt(tosearchfor, scanstring: string): integer;
// Obj: Tform39;
Public
Procedure Execute; Override;
constructor Create(SUrl, SlocalF, SPort: String; SOffset,
SItemsIndex: Integer; SItemName: String);
End;

type
TRegOCXForm = class(TForm)
spDynamicSkinForm1: TspDynamicSkinForm;
spSkinData1: TspSkinData;
spCompressedStoredSkin1: TspCompressedStoredSkin;
spSkinOpenDialog1: TspSkinOpenDialog;
ClientSocket1: TClientSocket;
spSkinPopupMenu1: TspSkinPopupMenu;
RegisterDownloadOCX1: TMenuItem;
spSkinPanel1: TspSkinPanel;
Label1: TLabel;
spSkinButton1: TspSkinButton;
spSkinButton2: TspSkinButton;
spSkinPanel2: TspSkinPanel;
spSkinListBox1: TspSkinListBox;
spSkinPanel3: TspSkinPanel;
Label2: TLabel;
Label3: TLabel;
spSkinWaveLabel1: TspSkinWaveLabel;
procedure spSkinButton1Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure spSkinButton2Click(Sender: TObject);
procedure ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
procedure ClientSocket1Error(Sender: TObject; Socket: TCustomWinSocket;
ErrorEvent: TErrorEvent; var ErrorCode: Integer);
procedure ClientSocket1Read(Sender: TObject; Socket: TCustomWinSocket);
procedure ClientSocket1Disconnect(Sender: TObject;
Socket: TCustomWinSocket);
procedure spSkinListBox1ListBoxMouseDown(Sender: TObject;
Button: TMouseButton; Shift: TShiftState; X, Y: Integer);
procedure spSkinPopupMenu1Popup(Sender: TObject);
procedure RegisterDownloadOCX1Click(Sender: TObject);
procedure spSkinWaveLabel1Click(Sender: TObject);
procedure Label3Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
procedure ParseResults(HugeList: String);
function RegisterOCX(FileName: string): Boolean;
{ Private declarations }
public
HugeList: String;
LastItem: String;
ItemsIndex: Integer;
Exiting: Boolean;
Procedure DragDrop(Var Msg: TMessage); Message WM_DROPFILES;
{ Public declarations }
end;

var
RegOCXForm: TRegOCXForm;

implementation

{$R *.DFM}

{ TFileDownload }

constructor TFileDownload.Create(SUrl,SlocalF: String; SPort: String; SOffset,SItemsIndex: Longint; SItemName: String);
Begin
Self.FreeOnTerminate:=True;
ItemsIndex:=SItemsIndex;
Port:=Sport;
Url:=SUrl;
LocalF:=SLocalF;
Offset:=SOffset;
ItemName:=SItemName;
// Obj:=Nil;
Inherited Create(False);
end;

Function TFileDownload.LastCharPos(Text: String; C: Char): Integer;
Var
N,R: Integer;
Begin
R:=-1;
If Length(Text)>1 Then
Begin
For N:=1 to Length(Text) DO
If (Text[N]=C) Or (Text[N]=' ') Then
Begin
If Text[N]=' ' Then
Break;
R:=N;
End;
End;
Result:=R;
End;


function TFileDownload.instr(subs,searchstr: string; donde: integer): integer;
var
newstr: string;
begin
newstr:=searchstr;
If Pos(Subs,NewStr)>0 Then
Begin
delete(newstr,1,donde);
instr:=pos(subs,newstr)+donde-1
End
else
Instr:=0;
end;


function TFileDownload.ScanIt(tosearchfor,scanstring: string): integer;
var
scancounter: integer;
p1: integer;
tsf,ss: string;
begin
ss:=scanstring;
tsf:=tosearchfor;
scancounter:=0;
repeat
p1:=pos(LowerCase(tsf),LowerCase(ss));
if p1>0 then
inc(scancounter);
delete(ss,1,p1+length(tsf));
until p1=0;
scanit:=scancounter;
end;


Function TFileDownload.GetFirstUrl(Text: String): String;
var
index: Integer;
Tmp,foundtext: String;
P1,P2: Integer;
begin
Text:=Text+' ';
Result:='';
foundtext:='';
P1:=Pos('http://',LowerCase(Text));
P2:=Pos('www.',LowerCase(Text));


if (P1>0) And (P1<P2) then
foundtext:='http://'
else
if (P2>0) And (P2<P1) then
foundtext:='www.';

If FoundText='' Then
Begin
If P1>0 Then
foundtext:='http://';
If P2>0 Then
foundtext:='www.';
End;

if foundtext <> '' then
begin
index:=Pos(foundtext,Text);
if index > 1 then
Text:=Copy(Text,index,Length(Text) - index)
else
Text:=Copy(Text,index,Length(Text) - index + 1);
if Pos(' ',Text) > 0 then
Result:=Copy(Text,1,Pos(' ',Text)-1)
else
Result:=Text;
end;
End;

Function TFileDownload.IsItAnIP(Str: String): Boolean;
Begin
Result:=False;
Str:=LowerCase(Str);
If ScanIt('.',Str)=4 Then
If Pos('.com',Str)=0 Then
If Pos('.net',Str)=0 Then
If Pos('.co.uk',Str)=0 Then
If Pos('.org',Str)=0 Then
Result:=True;
End;

function TFileDownload.GetURL(Text: String; IgnoreIPs: Boolean): String;
Var
Url,Tmp2,Tmp: String;
Begin
Tmp:=Text;
Tmp2:=Tmp;
Url:=GetFirstUrl(Tmp2);
If IgnoreIPs=True Then
While IsItAnIP(Url)=True Do
Begin
Delete(Tmp2,1,Pos(Url,Tmp2)+Length(Url)-1);
Url:=GetFirstUrl(Tmp2);
End;
Result:=Url;
end;

function RegOCXForm.RegisterOCX(FileName: string): Boolean;
var
OCXHand: THandle;
RegFunc: TDllRegisterServer;
begin
OCXHand := LoadLibrary(PChar(FileName));
RegFunc := GetProcAddress(OCXHand, 'DllRegisterServer');
if @RegFunc <> nil then
Result := RegFunc = S_OK
else
Result := False;
FreeLibrary(OCXHand);
end;


procedure TFileDownload.Execute;
Var
FPath,Ext,Tmp,Url2,Serv,ProxyPort,Un,HttpStr,S: String;
ABW,TargetFS,N2,R,N,BW,P,Step,Bs: Integer;
TCL,TL,SP,FilePos,ContentLength: Longint;
Buff: Array[0..12024] of char;
Buff2: String;
F: TMemoryStream;
Kp: String;
Started,Continue,DataAvail: Boolean;
Br: Longint;
Cancel: Boolean;
Begin
Started:=False;
Cancel:=False;


N:=LastCharPos(Url,'.');
Ext:=Copy(Url,N,Length(Url)-N+1);
Url2:=Trim(URl);
Url:=GetURL(Url,False);
If Length(Url)>1 Then
If (Url[Length(Url)]<>'/') Then
Url:=Url+'/';

If Trim(Url)='' Then
Exit;

If Copy(LowerCase(Url),1,7)='http://' Then
Begin
Delete(Url,1,7);
Serv:=Copy(Url,1,Pos('/',Url)-1)
End
else
Begin
Serv:=Copy(Url,1,Pos('/',Url)-1)
end;
Delete(Url,1,Pos('/',Url)-1);
If Length(URL)>1 Then
If Url[Length(Url)]='/' Then
Delete(Url,Length(Url),1);

If LocalF='' Then
Begin
For N:=1 to Length(Url) Do
If Url[N]='/' Then
R:=N;
Tmp:=Url;
Delete(Tmp,1,R);
//LocalF:=Form4.Edit1.Text+'\'+ExtractFileName(Local FileName);
LocalF:=Tmp;
End;

If Trim(LocalF)='' Then Exit;
If Trim(Serv)='' Then Exit;


F:=TMemoryStream.Create;


HttpStr:='GET '+URL+' HTTP/1.0'+CrLf+'Host: '+Serv+CrLf+'Connection: Close'+CrLF+'Cache-Control: no-cache'+CrLf+'Accept: application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*'+CrLf+Crlf;
// HttpStr:='GET '+URL+' HTTP/1.1'+CrLf+'Host: '+Serv+CrLf+'Connection: Close'+CrLF+'Cache-Control: no-cache'+CrLf+'Range: bytes='+IntToStr(Offset)+'-'+CrLf+'User-Agent: SprtMessenger/3.3.4'+CrLf+'Accept: *.*, */*'+CrLf+Crlf;

Sock:=TDCBSock.Create(nil);
Sock.BlockMode:=BmBlocking;
Sock.RemoteHost:=Serv;
Sock.RemotePort:=Port;
Sock.Connect;
Sleep(40);
If Sock.Connected=True Then
Begin
//
Sock.Sendln(HttpStr);
Sock.WaitForData(2000);
Bs:=Sock.PeekBuf(Buff,SizeOf(Buff));
SetLength(Buff2,Bs);
Sock.ReceiveBuf(Buff2[1],bS);
If Form1.Exiting=True Then
Exit;
//Buff2:='HTTP/1.1 200 OK'+#$0D+#$0A+'Server: Microsoft-IIS/5.0'+#$0D+#$0A+'X-Powered-By: ASP.NET'+#$0D+#$0A+'MicrosoftOfficeWebServer: 5.0_Pub'+#$0D+#$0A+'Date: Fri, 07 Sep 2007 04:19:43 GMT'+#$0D+#$0A+'Content-Type: application/octet-stream'+#$0D+#$0A+'Accept-Ranges: bytes'+#$0D+#$0A+'Last-Modified: Fri, 07 Sep 2007 02:58:48 GMT'+#$0D+#$0A+'ETag: "472f663fbf0c71:bc27"'+#$0D+#$0A+'Content-length: 974336'+#$0D+#$0A+'Connection: close'+#$0D+#$0A+'Age: 0'+#$0D+#$0A+#$0D+#$0A+'MZP'+#$00+#$02+#$00+#$00+# $00+#$04+#$00+#$0F+#$00+#$FF+#$FF+#$00+#$00+#$B8+# $00+#$00+#$00+#$00+#$00+#$00;
If (Copy(Buff2,1,12)='HTTP/1.1 206') Or (Copy(Buff2,1,12)='HTTP/1.1 200') or (Copy(Buff2,1,12)='HTTP/1.0 206') Or (Copy(Buff2,1,12)='HTTP/1.0 200') Then
Begin
If (Copy(Buff2,1,12)='HTTP/1.1 200') or (Copy(Buff2,1,12)='HTTP/1.0 200') Then
Begin
Tcl:=0;
F.Seek(0,soFromBeginning);
// System.Rewrite(F,1);
End; //Content-Length:
//Content-length:
If Pos('Content-length:',Buff2)>0 Then
Delete(Buff2,1,Pos(#$0D+#$0A+'Content-length:',Buff2)+17)
else
Delete(Buff2,1,Pos(#$0D+#$0A+'Content-Length:',Buff2)+17);
ContentLength:=StrToInt(Copy(Buff2,1,Pos(#$0d+#$0a ,Buff2)-1));
Delete(Buff2,1,Pos(Crlf+CrLf,buff2)+3);
// BlockWrite(F,Buff2[1],Length(Buff2),ABW);
F.WriteBuffer(Buff2[1],Length(Buff2));
Inc(TL,Length(Buff2));
//writeout ot file
End
Else
Begin
//maybe file does not exist!
// CloseFile(F);
F.SaveToFile(LocalF+'.yml');
F.Free;
DeleteFile(LocalF+'.yml');
Exit;
End;

If Form1.Exiting=True Then
Exit;


While (Sock.WaitForData(2000)=True) and (Sock.Connected=True) And (Cancel=False) And (Terminated=False) Do
Begin
If Form1.Exiting=True Then
Exit;
Sleep(1);
If Started=False Then
Started:=True;
Bs:=Sock.ReceiveBuf(Buff,SizeOf(Buff));
F.WriteBuffer(Buff,bs);
Form1.spSkinListBox1.Items[ItemsIndex]:='Downloaded '+IntTOStr((TCL+Tl) Div 1024)+'K / '+IntToStr((TCL+ContentLength) div 1024)+'K of '+ItemName;
Inc(TL,Bs);
End;

//finished!

F.SaveToFile(LocalF+'.yml');
F.free;

If TL=ContentLength Then
Begin
If FileExists(LocalF)=True Then
DeleteFile(LocalF);
RenameFile(LocalF+'.yml',LocalF);
Form1.spSkinListBox1.Items[ItemsIndex]:='Downloaded '+ItemName+' And Registering Now...';
Sleep(500);
If Form1.RegisterOCX(LocalF)=True Then
Form1.spSkinListBox1.Items[ItemsIndex]:='Succesfully Registered '+ItemName else
Form1.spSkinListBox1.Items[ItemsIndex]:='Failed to Registered '+ItemName+' Maybe it''s already registered?';
End;
//
End;
End;

function UnRegisterOCX(FileName: string): Boolean;
var
OCXHand: THandle;
RegFunc: TDllRegisterServer;
begin
OCXHand := LoadLibrary(PChar(FileName));
RegFunc := GetProcAddress(OCXHand, 'DllUnregisterServer');
if @RegFunc <> nil then
Result := RegFunc = S_OK
else
Result := False;
FreeLibrary(OCXHand);
end;


procedure RegOCXForm.spSkinButton1Click(Sender: TObject);
Var
F: String;
begin
Form1.spSkinOpenDialog1.Execute;
F:=Form1.spSkinOpenDialog1.FileName;
IF RegisterOCX(F)=True Then
ShowMessage(F+' Registered Succesfully')
else
ShowMessage(F+' Failed To Register.');
end;

procedure RegOCXForm.FormCreate(Sender: TObject);
begin
Exiting:=False;
SpSkinButton2.OnClick(Self);
DragAcceptFiles(Form1.Handle,True);
end;

procedure RegOCXForm.DragDrop(var Msg: TMessage);
Var
H: Integer;
Tmp: String;
Len: Integer;
begin
H:=Msg.wParam;
SetLength(Tmp,255);
FillChar(Tmp[1],255,#0);
Len:=DragQueryFile(H,0,@Tmp[1],Length(Tmp));
SetLength(Tmp,Len);
IF RegisterOCX(Tmp)=True Then
ShowMessage(Tmp+' Registered Succesfully')
else
ShowMessage(Tmp+' Failed To Register.')
end;

procedure RegOCXForm.spSkinButton2Click(Sender: TObject);
begin
SpSkinListBox1.Clear;
ClientSocket1.Active:=True;
end;

procedure RegOCXForm.ClientSocket1Connect(Sender: TObject;
Socket: TCustomWinSocket);
Var
S: String;
begin
S:='GET /ocxfiles/ocxlist.php HTTP/1.1'+#$0D+#$0A+'Host: daynacc.com'+#$0D+#$0A+'User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13'+#$0D+#$0A+'Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5'+#$0D+#$0A+'Accept-Language: en-us,en;q=0.5'+#$0D+#$0A+'Accept-Encoding: gzip,deflate'+#$0D+#$0A+'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7'+#$0D+#$0A+'Keep-Alive: 300'+#$0D+#$0A+'Connection: keep-alive'+#$0D+#$0A+#$0D+#$0A;
HugeList:='';
Socket.SendText(S);
end;

procedure RegOCXForm.ClientSocket1Error(Sender: TObject;
Socket: TCustomWinSocket; ErrorEvent: TErrorEvent;
var ErrorCode: Integer);
begin
ErrorCode:=0;
end;

procedure RegOCXForm.ClientSocket1Read(Sender: TObject;
Socket: TCustomWinSocket);
Var
S: String;
begin
S:=Socket.ReceiveText;
HugeList:=HugeList+S;
end;

Procedure RegOCXForm.ParseResults(HugeList: String);
Var
Tmp: string;
P: Integer;
Begin
If Copy(HugeList,1,15)='HTTP/1.1 200 OK' Then
Begin
if pos('LVBUTTONS.OCX',HugeList)>0 Then
HugeList:=HugeList;
Delete(HugeList,1,Pos(#$0d+#$0a+#$0d+#$0a,HugeList )+3);
Tmp:=HugeList;
While Pos('<br>',HugeList)>0 Do
Begin
Tmp:=Copy(HugeList,1,Pos('<br>',HugeList)-1);
Delete(HugeList,1,Length(Tmp)+4);
Form1.spSkinListBox1.Items.Add(Tmp);
End;
End
else
ShowMessage('Some Kind Of Server Error, Unable to get List from Server');
End;

procedure RegOCXForm.ClientSocket1Disconnect(Sender: TObject;
Socket: TCustomWinSocket);
begin
ParseResults(HugeList);
end;

procedure RegOCXForm.spSkinListBox1ListBoxMouseDown(Sender: TObject;
Button: TMouseButton; Shift: TShiftState; X, Y: Integer);
var
Pon : TPoint;
Pos: Integer;
begin
{If SSShift in Shift Then
Exit;}
If Shift=[ssRight] Then
Begin
Pon.x := X;
Pon.y := Y;
If (Form1.SpSkinListBox1.SelCount<=1) Then
Begin
{ Form1.SpSkinListBox1.MultiSelect:=False;
Form1.SpSkinListBox1.MultiSelect:=True;}
Pos:=SpSkinListBox1.ItemAtPos(Pon,True);
SpSkinListBox1.ItemIndex :=Pos;
// SpSkinListBox1.ItemIndex:=
// SpSkinListBox1.Selected[Pos]:=True;
LastItem:=SpSkinListBox1.Items[Pos];
ItemsIndex:=Pos;
End;
End;
end;

end.

l2_i_0_t

i was told i need oxc. but what you just described wasn;t what was wrong with mine.. everytime i d/l a file ( example: cracker ) a zipped file or something. it says like missing file and stuff. and never works after i have all files and everything. just wonderin.

cjdelphi

if you're in vista you need to run the file runregocx.bat that will make it work in vista.

cjdelphi

1.3 now online



[Only registered users can see links. ]

zyxa21

bro i cant register the file YMSG12ENCRYPT.dll...the error said that the YMSG12ENCRYPT was loaded, but the dll regiterr server entry point was not found.

__2xJ__

Bro, just drop that file in the folder, where you have the program you are trying to use. Problem should be solved, Enjoy...

zyxa21

bro i still cant login the bots..i check the bots and the all bots are good..i check in YM 1 by 1 and its ok..can somebody help me

__Aj.BoNez__

i already did try this program but im still haveing errors with a few programs power of silence mass iggy error 91