Usenet 4 f*r*e*e

[tifozi]

He might have been ticked off about the bypass posted here in the open. It's why he went the password route. Even if you find a workaround using your assembly background, please use discretion by not posting it out in the open. We should be thankful for the program although aesthetically it is quite hideous I agree.

For those who are able to sniff the pass, not sure we are gaining anything as we are still having to use the ugly interface but +1 to @anon's suggestion of using SmartSniff for smallish tasks like this.

My only assembly background was coding for the old TMS370 processor never worked on x86

[Hn66]

Has anyone tested Setup_NewZFinders_1.1.1_BETA_020.exe
in a sandbox and monitored for suspicious syscall?

A ClamAV scan of this .exe returns the following hit

PUA.Win.Spyware.XPCSpyPro-1

http://www.kephyr.com/spywarescanner...ro/index.phtml
https://www.symantec.com/security_re...062813-4844-99


Behavior

Spyware.XpcSpy is a spyware program that is used to secretly monitor other users by logging keystrokes and screen shots.

[tifozi]

Now there's a surprise Moved off of Windows a long time ago and only recently used this app in a VM. Going to help a lot if @sandman_1 is successful in reversing this malware.

[Hn66]

Now there's a surprise Moved off of Windows a long time ago and only recently used this app in a VM. Going to help a lot if @sandman_1 is successful in reversing this malware.

I'm not outright claiming this .exe is malware, but it did trigger against a signature. Someone would need to debug and probe it further to determine if ClamAV is reporting a false positive result. I also moved off windows long ago, and don't have virtualbox on this machine, so I'm apprehensive to run it outside of a sandboxed environment.

[Diceair]

Hi there.

Can someone please guide me or pm me how to do the wireshark thing? I'm a total noob and would like to download. I used the links provided to get the details to to use my nzb's but now it tells me the following

ERROR Il vous faut au minimum la version beta 020 - Pas le bon pass.

I don't want a link to the pass but maybe someone can guide me so that in future I can find it myself.

So far I have newzfinders beta 020 installed and wireshark installed but just don't know where to look for the password

EDIT: I sort of figured it out.

Thanks

[anon]

Get SmartSniff. Open it, press F9, and select your network adapter. Then press Ctrl+F9 and paste the following in the text box:

Code:

include:remote:tcp:80

Press OK, press F5. Run NewzFinders and some entries should appear in SmartSniff's bottom panel - the password should be among them. Press F6 to stop capturing data.

[Diceair]

Get SmartSniff. Open it, press F9, and select your network adapter. Then press Ctrl+F9 and paste the following in the text box:

Code:

include:remote:tcp:80

Press OK, press F5. Run NewzFinders and some entries should appear in SmartSniff's bottom panel - the password should be among them. Press F6 to stop capturing data.

cool thanks for the info. I have it now.

[sandman_1]

Just an update:

This is more tedious than I thought trying to follow the assembler output in the debugger. I have forgotten a lot! Also the password isn't generated until a child window is open and I am having problems debugging that. Ollydbg keeps crashing every time I try to debug the child. I will keep at and hopefully stumble upon something though but it may be awhile.

[jkl49]

Could someone post or PM me the latest password for the list of newzfinders accounts? I haven't found any kind of free/decent replacement since they started requiring a password, which still normally wouldn't be a big problem but there's something specific I want to get. I've tried Usenet.cat and can't ever get it to work to download something, and XSusenet only has a retention of 10 days. Thanks in advance if anyone can help, I appreciate it.

[anon]

Could someone post or PM me the latest password for the list of newzfinders accounts?

Unless they have recently increased their security, my tip on post #146 should work.