@911medic Any news?? Well, can u add a option so that user can back their system to 30 day trial!! I mean by using the retail oembios set & the default sp3 retail key??? Whats ur thought??
I was hoping to make us of this on my hp laptop that is somehow missing its key. Only when I try to download the Win XP files (any of the three) it says that they are not available due to bandwidth being exceeded. Is anyone able to host them for me please?
The OEMBIOS changer (OEM.exe) won't run on my Windows XP. I placed the OEMBIOS files in the uncompressed folder, but when i run the EXE it shows the black window, with no text, then it closes itself. No error message.
For a couple of weeks, OEMchangerinstaller was not available and then, I just noticed it came back but is registering as a Trojan.ADH.2. Normally warez type products are flagged but their descriptions are different. Was there a MD5 on the original file?
Code: File: OEMBIOS Changer.exe CRC-32: e7b612fb MD4: f3b9a91d29a8c10f5ae8efc209b1f3e0 MD5: 7974f59672167a5b8893b5346d2f68b4 SHA-1: 8fad7f3537bc08e93057f8a1213a364eb6e19809
Here for you and the other ones... xxx.mediafire.com/?eczx7rve5gks68h replace xxx with www Pass: forMDL
Beware! The files found at the link in the previous post contain the malicious backdoor Bifrose trojan/virus. There are many .exe files packed into the OEMBIOS changer installer.exe. One of the files is "XP Activation OOBE Check.exe". This one contains the Bifrose trojan. Sherman Tank should do a more robust scan of the files he posts links to. Edit: A plausible reason for the positive antivirus alerts is given in the posts below. If I was wrong about the files in the link ST posted, my apologies to ST. This forum is an amazing resource of information, for which I am thankful.
+1. Months ago someone maliciously reported that software to a virus database, hence you are receiving a false positive. I guarantee this as 100% fact.
How many antivirus positives does it take to consider a file "high risk"? It is more likely than not that this file contains the Bifrose backdoor trojan. I think the high number of positives on virustotal and viruscan.jotti are both sufficient evidence. Several antivirus sites have specific information on what the virus does. Malwarebytes does not alert on the file. Malwarebytes is also not a top tier antivirus program, though it is an excellent anti malware program. Oddly, Avast5 alerts on virustotal.com, but not on viruscan.jotti.org. Go figure. In any event, the results speak for themselves. I fail to see how alextheg can claim 100 percent certainty that this is a clean file with these scanner results. I won't repeat my comment about Sherman. But, until otherwise convinced, I make no apology. Comodo Security alerts: .Heur.Suspicious@1 cima.security.comodo.com/report/dac4480eddfea8cfdfa3883f9c8cd84583d1e31c.htm Results from virustotal.com: AntiVir - 7.11.12.103 - 2011.07.25 - BDS/Bifrose.ctif.10 Antiy-AVL - 2.0.3.7 - 2011.07.25 - Trojan/win32.agent.gen Avast5 - 5.0.677.0 - 2011.07.25 - Win32UP-gen [PUP] AVG - 10.0.0.1190 - 2011.07.25 - Generic3_c.FUE BitDefender - 7.2 - 2011.07.25 - Backdoor.Generic.457613 CAT-QuickHeal - 11.00 - 2011.07.25 - Trojan.Sisproc.rts Commtouch - 5.3.2.6 - 2011.07.25 - W32/GenBl.4AF1236D!Olympus DrWeb - 5.0.2.03300 - 2011.07.25 - Tool.Wpakill.1 Emsisoft - 5.1.0.8 - 2011.07.25 - Backdoor.Win32.Bifrose!IK eSafe - 7.0.17.0 - 2011.07.25 - Win32.BDSBifrose.Cti F-Prot - 4.6.2.117 - 2011.07.25 - W32/Wpakill F-Secure - 9.0.16440.0 - 2011.07.25 - Backdoor.Generic.457613 GData - 22 - 2011.07.25 - Backdoor.Generic.457613 Ikarus - T3.1.1.104.0 - 2011.07.25 - Backdoor.Win32.Bifrose Jiangmin - 13.0.900 - 2011.07.25 - Backdoor/Bifrose.caz K7AntiVirus - 9.108.4945 - 2011.07.25 - Hacktool McAfee - 5.400.0.1158 - 2011.07.25 - Artemis!91D13444DC21 McAfee-GW-Edition - 2010.1D - 2011.07.25 - Artemis!91D13444DC21 Microsoft - 1.7104 - 2011.07.25 - Trojan:Win32/Sisproc!rts NOD32 - 6324 - 2011.07.25 - Win32/HackTool.WpaKill.C Norman - 6.07.10 - 2011.07.25 - W32/Suspicious_Gen3.KDPJ Panda - 10.0.3.5 - 2011.07.24 - Trj/CI.A Rising - 23.68.00.05 - 2011.07.25 - Suspicious Sophos - 4.67.0 - 2011.07.25 - Mal/Generic-L TrendMicro - 9.200.0.1012 - 2011.07.25 - TROJ_SPNR.03CJ11 TrendMicro-HouseCall - 9.200.0.1012 - 2011.07.25 - TROJ_GEN.R01C3KK VBA32 - 3.12.16.4 - 2011.07.25 - Backdoor.Bifrose.ctif VIPRE - 9963 - 2011.07.25 - Trojan.Win32.Generic!BT VirusBuster - 14.0.138.0 - 2011.07.25 - Backdoor.Bifrose!i8WD/mr5Ln4 File info: MD5: 91d13444dc21b09917010a705f3a7f39 SHA1: 7ad77a009fdf624eda5f60e17310614be99d8133 SHA256: 6421a0c937e3681a989112cdf1ace87f1b05c44486469f7cde878c7175117679 File size: 1608716 bytes Scan date: 2011-07-25 19:33:49 (UTC) viruscan.jotti.org results: 12 out of 20 scanners reported malware. AVG reports: Generic3_c.FUE Antivir reports: BDS/Bifrose.ctif.10 BitDefender reports: Backdoor.Generic.457613 DrWeb reports: Tool.Wpakill.1 Emsisoft reports: Backdoor.Win32.Bifrose!IK F-Prot reports: W32/Wpakill F-Secure reports: Backdoor.Generic.457613 Ikarus reports: Backdoor.Win32.Bifrose NOD32 reports: Win32/HackTool.WpaKill.C Quick Heal reports: Trojan.Sisproc.rts SOPHOS reports: Mal/Generic-L VBA32 reports: Backdoor.Bifrose.ctif File size: 1608716 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 91d13444dc21b09917010a705f3a7f39 SHA1: 7ad77a009fdf624eda5f60e17310614be99d8133 Packer (Drweb): UPX, ASCRIPT Given these results, I would say that using the file from the link posted by Sherman Tank poses a fairly high risk of infection. Since the link posted at the beginning of this thread in now dead, I have no way to compare the two. What I might do tonight is run an installation logger to record system changes this file makes upon execution. The results would be limited by what the logging program actually checks for, though.
It is better to ask before you accuse. If you would just ask for verification of the file, many people would be glad to help. Just look on the previous page posts 287 and 288, asked and answered.
I appreciate your comment. In my view, posts 287 and 288 do not validate the safety of the file. There is no way to confirm that the MD5 posted is from the original, unaltered file. With a 60% fail rate on viruscan.jetti, and a 68% fail rate on virustotal, most indicating a backdoor trojan, the file cannot be considered safe. Backdoor trojans are not harmless and not to be taken lightly. When 22 of the top antivirus programs detect a malicious backdoor/trojan, you can't ignore that and claim the file is clean. If it walks like a duck, looks like and duck and quacks like a duck, I'd bet a dollar to a donut... it's a duck! I will make no judgement as to whether or not this was intentional. But, a duck is a duck is a duck. I've seen to many ducks not to know the difference.
The files are safe..only compiled batch scripts. I have the original .cmd script in the same folder as the oobechecker. I would suspect a few of the "viri" are simply created by the AV industry as propaganda and marketing. At any rate, use it or don't..the file is very safe and can be decompiled as Urie shows..no crazy payload or shenanigans..I simply don't have the time or inclination (or skill for that matter) to spread malicious crap...plain and simple.. Bottom line is the file is useful and safe if the paranoia doesnt get ya..
911medic, would it be possible for you update your download links perhaps upload to another file host ?
Yep..but I need a latest download. Otherwise I will have to look for the last tool I made..dont know when that could be.. Our server down??for good...