[OUTDATED / UNSUPPORTED] RemoveWAT

Boys, calm down and take it easy, you are giving him more attention then he deserves

 

LOL,even a child can do that better take up some courses..and he calls himself as a developer, i bet u s-irl.

 

You need to login to view this posts content.

 

Hopefully someone can help answer. The RemoveWAT resources contains 32-bit and 64-bit files. My problem is since this application was compiled under 32-bit, the assumptions where the 64-bit files were deployed is in question.

Code:

                this.ProgressBar1.PerformStep();
                if (File.Exists(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll.bak"))))
                {
                    if (File.Exists(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll"))))
                    {
                        this.Takeown(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll"));
                        File.Delete(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll")));
                    }
                    this.Takeown(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll.bak"));
                    MyProject.Computer.FileSystem.RenameFile(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\System32\slwga.dll.bak")), "slwga.dll");
                }
                this.ProgressBar1.PerformStep();
                if (File.Exists(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll.bak"))))
                {
                    if (File.Exists(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll"))))
                    {
                        this.Takeown(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll"));
                        File.Delete(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll")));
                    }
                    this.Takeown(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll.bak"));
                    MyProject.Computer.FileSystem.RenameFile(Conversions.ToString(Operators.ConcatenateObject(this.windir, @"\SysWOW64\slwga.dll.bak")), "slwga.dll");
                }
                this.ProgressBar1.Value = Conversions.ToInteger("100");

Hazar any idea? I'm just trying to verify that things are put in place where they should be. Too lazy to crack anything these days.

Thanks

 

Do you have a 64-bit compilation version of RemoveWAT.exe? I dumped the PE where it shows 32-bit addressing. The same .exe cannot be used on both systems unless you take care of NTDLL's system path redirection problem. The NT DLL will screw with your path once it detects 32 bits.

 

hello there, this is a very interesting tool and i can say it cause i am using it now also a big thanks for the developers of it.

what i wanted to ask is if ANY windows update can possibly "find" and disable this application or even worse "lock" windows from even being able to log in.

i am asking this so i can know if installing ANY windows update can do something of the ones mentioned above to my windows 7 x64 machine!
so am i safe to install all windows updates? should i install only some of them? (if thats the case what is the category of them? for example i shouldnt install the security ones?)

 

Install any update with this tool. Windows doesn't usually lock when "caught" it just gives warning maybe couple hr use then restarts.

 

All that stuff is free in torrents...lol SUper Spammer

 

you mean that if it gets "caught" then it will restart its self every time after that in a couple of hours? can this get fixed?

 

Don't worry about it til it happens if it does there will always be another exploit!

 

cool thanks

 

Hey Hazar i must say hats off to you on the the removewat.... I have been usen it for a couple of months but now im getting the popups to validate and or my version is not genuine .. Do i not have the right removewat or?? Thanks

 

I use this tool from November 2009 until now and I have not had any serious problems. It may be luck, but I think the truth is that this tool is well made. I just please do not abandon us after the release of SP1.

 

Sorry, I cannot download "RemoveWAT22.zip" with your link. Server say I'am not allowed to download !
Error : HTTP/1.1.403 Forbidden.
Please assist.

 

You have to click on the link, not past the link to a browser or open it in a new windows or something like that.

 

Seems to crop up as a hacktool:Win32/Wpakill.B

 

That is because it is a hacktool it hacks window 7.

 

I appreciate that fact, please the ears arent quite that wet , but seems strange its being picked up by number of security systems as potential risk & there is no guarantee there hasnt been some other code amended when installed huh, hence the word "hacktool", others have also mentioned there concerns.