Saturday, January 10, 2009

eMule 0.49b PrE-Mod v1.5

Welcome Cagliari
LeecherMods Presents Sarutobi's

>>>>>> eMule 0.49b PrE-Mod v1.5 <<<<<<

(based on Mephisto Mod v2.1)

Coded by:


Changelog / Features:

* Ported all features to mod Mephisto v2.1
+ Credit Hack (Multi or Single) (recommended to use Multi)
+ Extended Modthief
+ Multi server connection & requests
+ Auto & manual RSA key generation
+ Fake eChanblard Community
+ Fake AppleJuice Community
+ Manual Unshare complete file in sharedlist
+ Community nick thief
+ Multi "Kick & add to ipfilter.dat"
+ Disable XS send
+ Option to disable excessive bans done by DLP (recommended to be enabled if using leecher features such as ext.modthief or fake communities)
* Minor gui bug in phoenix options
* On share level changes now shared files are reloaded
- Limit in search results & globlal source limit
- Old NickThief

To view log entries of leecher features enable verbose

Password from ed2k link is: sarutobif0rsb1

Please request by Program Authors Homepage a CLEAN safe Version or post by unpacking forums request for help unpack themida file
original crypted file:

- Themida + WinLicense - OEP Finder + IAT Repair
- Themida Fix API Virtual Machine + IAT Repair
- Themida Instruction Logger

New version - No change log
tmdunpacker.rar 586.19 KB
Tmdunpacker_TheMida_Winlicense_Unpacker_ 584.71 KB
Detemida1005.rar 106.81 KB

rar pass original theMidia target file: sarutobif0rsb1

post hash checksum to the files and no one ever 'fake' or can change it.


After spending a lot of time in this Themida Injected eMule. Try to clean Themdia shit from emule.exe same as fuqued Armadilled eMules, all from one source spreed to the net 'SBI', I have it unpacked with script but still get from 2 AV's alerts (possible not well clean unpacked). It's really not funny cause in Rapidrush forums they advice using exactly this protectors to hide Trojans from AV's.


Anonymous said...

There is no Virus inside.
You can check it on the sbi leecher. Download the packed and the unpacked exe from the public threat and run your online virus scan.
Some av products have really problems with the most good exe packer.
The mod is only protected that seba don't change all links to his site again.
We don't like it if someone steals a mod and change it that it looks like his own.
It's not like on your site, you write mostly the correct coder and the home board in your topics.
Normal you should know what's the problem with that idiot...

IlLusioN said...

ok, ic change it. Thank you.
If have unpacked version will be better and write on my blog the sha-1 and md5 shecksum so that no one can fake it.
Im afraid cause this webcrawlers from opera service and firefox, microsoft can if mcafee detect something blacklist in serchengines the url domain.
Best what can be done is publish to the mods the original emule.exe file hashes
I know the problem with the fakes. Did not download it from the other site got it from Poland file share with the right rar password as source.

Sorry for missunderstanding

5 infections in 2 months with armadilled and thermided dll's and exes from p2p downloads makes everyone suspiciouse.

IlLusioN said...

is this what i mean that index even false positive as website warnings

si t eadv isor . c om

Anonymous said...

use imagebase randomization or something else in c# compiler. Write url addresses in base64 as in php scripts. browser can read it. will be invisible in hexeditor also md5 protect to hide/make impossible from hexediting {in vs 2009+sp1 and some hotfix and plugin its default}. it will be much better as exe protectors

Anonymous said...

terible exe packer. very bad compression rate. armadilo and thermidia is used almost to pack viri in files. av's have a high tollerance for this 2 commercial packers > see rapidrush forum instruct to use armadillo and themidia to bundle old trojans (detected if not packed) into files.

get rid of this protection shit

Post a Comment