Friday, October 2, 2009

Alpha Antivirus Protection bypass

Alpha Antivirus rogue has a protection against execution in virtual environment. This video show how to bypass the protection in VMWare.

Once unpacked, we need to modify the code to inhibit some tests. So the Trojan-Downloader does not display the error message but downloads the rogue. (The rogue is also protected with the same routine).

Youtube link.
Thanks to Jerome for the Anti-VM post suggestion.