Sunday, May 31, 2009

VeryCD easyMule 1.1.6 Build 090515

VeryCD eDonkey (easyMule) 1.1.6 version stability [2009-05-15]


* To provide time-sharing directory automatically refresh settings, automatically hang up a user-friendly time-sharing
* Update list of servers, such as eDonkey data
* Strategies to optimize the speed of uploading and downloading
* Some UI to optimize the user experience

Core base is still eMule 0.48a ( see official changelogs since 0.48a to 0.49c codebase + features ).

Feature Manual kick (remove) single clients from upload queue can be enabled through an entry in preferences.ini as by all easymule mods add: DebugUpQueue=1

VeryCD/Easymule builds eMule.exe behaviors:
makes changes on tcpip.sys without user-interrupt (see bettersp2.cpp/h etc. in src). As soon you execute emule.exe a BHO get installed, several registry keys get added to the windows registry. Windows system file tcpip.sys change its default value (on xp it reduce to 9 connections only).
Other as by eXcalibur ( ), VC Mods are not encrypted like shareware and provided as a 'clean binary' exe.

Tip: Check with TCP-Z or XP-Antispy or any TCPIP patcher after usage your max. connection limit.


Mirrors bin only:

ed2k links:

Share Mirror Hosts:
@brsbox | @mediafire |
@brsbox | @mediafire |


other builds/versions:

My idea to improve:

same as light see here and easymule here
add upload priority to the front in shared window ( transfer window )
upload management / slot control ( from sivka mod maybe )
upload Boost levels incomplete (partfile) / rare / ...
drag 'n drop files/folder to share add to shared files window (from emule 0.49c)
fix traversal nat implementation // NeoMule (Xantos)

UserScript URL Decoder Linkbee - Ads Web trash skipper added

How to leech redirected and linkbee download url's effective
Result - All link ads removed :

How to leech redirected and short url's such as linkbee download links effective.

Sites which trash the web full of Ads on them links can be easier cleaned now.
Linkbee etc... Ads + cookie skip over the ads page to the direct link.

Inspiration: thanks to for the demo links page and test support.

- setomits TinyURL Decoder ( )
- Johannes la Poutre Patch / diffs ( )

Download/Install Firefox Greasmonkey Userscript TinyURLEncoder with Linkbee patch:
40582.user.js | Mirror | Mirror | Mirror

Source code Download: 40582.user.txt | Mirror

+ You need Skip redirect ( redirect remover , ... )

Suggested to use: Skip Redirect By Kim A. Brandt ( )

+ Greasemonkey ( )

others to test: |

Because it's your web and your browser

Leeching Websites (Downloads) with Crawler technology:
To get just Download links from all kinds of forum software attachments. host a php search spider like sphider. run the search engine spider over a domain e.g. with pattern to index follow only: /attachment*
You may remove in crawler scripts everything with robots and meta by some domains to skip robots.txt and metatags. Change the ua string id to a genuine one as by major search engines. Keyword: Crawler User-Agent String List ( )

Thursday, May 28, 2009

eMule 0.49c StulleMule v6.2.Plus 27.05.09

Engo3K +Features 27.05.09
added clients share visibility
added unlimited search results
added +clients colors to design settings
added ipfilter_static.dat
changed reduce score for leechers to "0=0 Score", 10-100%->(100%=No Punish), Ban
fix language dll "geschwindigkeitsanzeige in der toolbar" ;-)
added clientupload time for blocked clients [5-360] mins
changed filereasktime [21-55] mins
changed englisch feedback to Ultimativ-mod format (de)
changed language de_DE.dll
added: choosable modstring
added: customable priority
added: upload priority in downloadlist
added: push part files
removed: friends resrtictions
removed: powershare resrtictions
removed: Release Boost resrtictions for partfile
removed: PBF resrtictions
changed: SlotLimiter from min.60 to 1-255
changed: datarate pro client now
changed: leecher standard reduce score from 33% to 10%
added: don't remove spare trickle slot in uploadList (for use client datarate)
added: reasksingle client (downloadList)
added: Drop/Swap Client in Transfer Windows/to another File
added: Kick sngle client from upload
added: Kick all upload slots
added: ban client (all list)
added: clear banlist
added: push client to upload (queuelist)
added: unlimited slot
added: friend boost *200
added: Nick boost *200
added: multichunk transfer
added: antinick punish
added: antimod punish
added: queuerang full punish
added: Up2Mule
added: Show IP (ClientDetailDialog) ,IP ,UserNick ,UserHash ,Clienversion all copyable
added: active permission
added: see OnUploadqueue and feedback
added: colors for antinick/antimod/QR-full/Nick boost/unlimited slot

removed: Ultimativ as bad Nick/UltiMatic as bad mod
remowed: other release bad Mod/Nick's


ed2k: ed2k://|file|eMule0.49c.StulleMule.v6.2.Plus.27.05.09.rar|8057193|68E54B4EB12237B194178680DBCFA709|h=6A5SP4TOCCVUHW6V5NJV5RSI33TJJDCR|/

http: DDL

Very fast Mod in upload and download speed!


AntiLeech DLP 3.7 (int. 3.9) - antiLeech Dynamic Link Library (DLL)

Releaser Mods Ban removed

Download DLL:
antiLeech.dll | Mirror | Mirror

C++ 10 ( Visual Studio 2010 ) Source code: antileech-sources37.rar | Mirror

Monday, May 25, 2009

eMule 0.49c ZZ-R V2.4 {false positive}

ZZ-R V2.4



+ AntiMod
+ Remove Bad Blockratio Clients
+ Ban Bad Modstring Scheme
+ AntiMod added to design-settings
+ Clients share visibility added to design-settings
+ Whois IP-Lookup | Web (disable to open your favorite url from menus)
+ Some fixes for Modeless Dialogs

!! Vor dem Start bitte die preferences.ini im config Ordner löschen um Probleme mit den geänderten Limits zu vermeiden !!
!! Before starting, please delete preferences.ini in the config folder to avoid problems with the new limits !!

Addendum 27.05.2009
Download: {the included file emule.exe shows by some AV's a false positive alert}
eMule0.49c-ZZ-R_V2.4.rar | Mirror1 | Mirror2

official release
File: eMule0.49c-ZZ-R_V2.4.rar
CRC-32: ec8c26af
MD4: 6d27d3db51b14a67e9fe5cc46f446003
MD5: 3d0e74640741e8beab2fb93d12c23c83
SHA-1: 7303f6c3e2422c14e03ad7052ed3a6af4fe6ba2a

File: emule.exe
CRC-32: fb09fa31
MD4: 9fba8eff0177f0444e6953ed1e6aa7e5
MD5: e1d57c4ebc7349048baf5cfc81820b62
SHA-1: 9ece7e3fca37143e6d9bf58768372cad37813a9a

Update 28.05.2009
The false positive is corrected by Kaspersky AntiVirus with updates from 28.05.2009

F-Secure and Fortinet with latest definition updates from 28.05.2009 False Positive fixed too!

Users of the following AntiVirus Products may get a FALSE POSITIVE alert:
New K7AntiVirus shows now False Positive

User complain about virus alert


Today a clean in c++ coded Software Mod not packed or protected with any kind of exe packer/protectors shown a Trojan in some AV's. The Binary File should not be difficult for experts to do a deep analyze and correct the false positive.

... it looks like some AV's reference signatures to Kav and add itto them signature updates by imagebase/name/etc/...

Run any PE Optimizer/Trim on the emule.exe
Get a Picture:

Fichier emule.exe reçu le 2009.05.27 08:28:25 (UTC)
Situation actuelle: terminé
Résultat: 0/40 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 2009.05.27 -
AhnLab-V3 2009.05.27 -
AntiVir 2009.05.27 -
Antiy-AVL 2009.05.27 -
Authentium 2009.05.27 -
Avast 4.8.1335.0 2009.05.26 -
AVG 2009.05.27 -
BitDefender 7.2 2009.05.27 -
CAT-QuickHeal 10.00 2009.05.27 -
ClamAV 0.94.1 2009.05.27 -
Comodo 1203 2009.05.26 -
DrWeb 2009.05.27 -
eSafe 2009.05.26 -
eTrust-Vet 31.6.6523 2009.05.27 -
F-Prot 2009.05.27 -
F-Secure 8.0.14470.0 2009.05.27 -
Fortinet 2009.05.27 -
GData 19 2009.05.27 -
Ikarus T3. 2009.05.27 -
K7AntiVirus 7.10.745 2009.05.26 -
Kaspersky 2009.05.27 -
McAfee 5627 2009.05.26 -
McAfee+Artemis 5627 2009.05.26 -
McAfee-GW-Edition 6.7.6 2009.05.27 -
Microsoft 1.4701 2009.05.27 -
NOD32 4108 2009.05.27 -
Norman 6.01.05 2009.05.26 -
nProtect 2009.1.8.0 2009.05.27 -
Panda 2009.05.26 -
PCTools 2009.05.21 -
Prevx 3.0 2009.05.27 -
Rising 2009.05.27 -
Sophos 4.42.0 2009.05.27 -
Sunbelt 3.2.1858.2 2009.05.27 -
Symantec 2009.05.27 -
TheHacker 2009.05.26 -
TrendMicro 8.950.0.1092 2009.05.27 -
VBA32 2009.05.27 -
ViRobot 2009.5.27.1756 2009.05.27 -
VirusBuster 2009.05.26 -
Information additionnelle
File size: 5906432 bytes
MD5 : 46882fdd186a19a6915a80ab0e0795fe
SHA1 : ed5f0097339987777579ed2c1158281b229aef77
SHA256: d2f85947c58777c14e6f6e3929444a0eadfad0cba1a912cc7f53764c9b935def
TrID : File type identification
Windows OCX File (71.0%)
Win32 Executable MS Visual C++ (generic) (21.6%)
Win32 Executable Generic (4.9%)
Generic Win/DOS Executable (1.1%)
DOS Executable Generic (1.1%)
ssdeep: 98304:Fm4hC/3YxZTENGuCxMNbiNZn6/r2PmXPcP:FYqtb6/r2uXUP
PEiD : -
RDS : NSRL Reference Data Set

only trimmed/optimize PE exe and virus alerts gone.
Prove False Positive:
1. Download any PE Optimizer Keywords: PE Optimizer, Trim PE PETrim ...
for example: Bitsum PE Compact Free Version is ok, only trim/optimize some with PE Rebuild/Optimizer/... with gui some in command line mod.
2. on emule.exe apply the pe optimizer and set only trim/optimize (not compress)
3. scan file with : all engines show suddenly false positive is gone

4. a test on some AV's which was shown False Positive on MS C++ compiler output file emule.exe and the one who inspect from beginning the file while scanning already deep enough through the binary and don't shown a false positive:

emule.exe 5.63 MB (trim)
emule.exe 3.13 MB (UPX strip)
emule.exe 5.75 MB (upx decompr. w. PE Tools)

.. suggested to use HashFile to verify talking about the same files by Scan Results such as Hashtab, HashCheck

hmmm... sometimes some Antivirus are wrong. It should be clear to see that here is no Trojan or Virus in this file otherwise it will be in the file if Trim PE / upx and -de upx on emule.exe too. A Virus/Trojan can not get lost with the above procedure.

Further tests with Microsoft Network Monitor 3.3 in combination with Process Monitor v2.04 by monitoring and logging all traffic to/from emule.exe shown no suspicious Online activity other as official eMule 0.49c nor does a second hidden process start with it.

There are no Viruses or Trojans in morph4u mods, I'm sure morph4u cares about his software and users!

- server.met is from peerates service ( ) in the server window to update. The server.met is an older one which was up to date as the mod got coded, it shows later on an Australian P2P Research Server in the list with address ed2k://|server||1111|/ ( )
- if the above server is bad, the mod have under Options > Update > Security a protection with IP Filter.dat from , you may remove this server from the svr list if it's a questionable ed2k server.

Response from the Software Author of the eMule Mod see comments on my Blog also in several AntiVirus and Security Forums:

AV Firms have been informed to re-analysis and remove the wrong virus alerts, correction of the false positive which shown up by some AV scanners.


Paint.NET v3.5 Alpha build 3424

Changes since version 3.36:

* Now requires (and uses!) .NET Framework 3.5 SP1.
* Significant improvements to the installer. Prerequisites are now handled in a much more user-friendly fashion (it's no longer "go to the Microsoft website and decipher geek talk and download stuff")
* The auto-updater can now download in the background, and then install the update after you've exited Paint.NET. Compare this to v3.36 and earlier that jump in your face and require the download and installation to happen right now, and block you from using the program until it's done!
* New effect: Blurs -> Surface Blur, by Ed Harvey
* New effect: Distort -> Dents, by Ed Harvey
* New effect: Distort -> Crystalize, by Ed Harvey
* The responsiveness of effect dialogs has been greatly improved.
* When zoomed-in, the rendering quality has been substantially improved. ... zoomed-in/
* When zoomed in, it is now much easier to correctly resize or move a selection.
* Improved performance when opening multiple images, especially for systems with only 1 processor. ... humbnails/
* Memory usage has been greatly reduces when more than one image is open.
* The selection outline is no longer animated, which substantially reduces CPU usage. It also uses XOR blending.
* The middle mouse button can now be used to close an image tab
* Improved the Unfocus effect
* Fixed an issue with Gaussian Blur and its treatment of alpha values
* Fixed a crash with the "Units" selector in the toolbar area
* Added a "Utilities" menu, and moved the following menu items there: Check for Updates, Language chooser, and View Plugin Load Errors. For the alpha release, there are also menu items for "Force Crash" and "Perform Full GC" (you'll know what that means if you're a developer -- Otherwise it isn't interesting).
* Installer now has a "Start Paint.NET" checkbox at the end. (On Vista and Win7 with UAC enabled, it will correctly start Paint.NET at non-elevated privilege.)
* Renamed "Grid" to "Pixel Grid", to more accurately describe its functionality.
* The DirectDraw Surface (.DDS) file type now allows you to select the resampling algorithm for auto-generated mip-maps
* Effect plugins now have access to a "Services" property which allows them to properly access certain internal Paint.NET functionality.
* Fixed some very small memory leaks when opening many images
* Russian translation. ... -paintnet/
* A processor that supports SSE is now required (almost all CPU's purchased this decade satisfy this)



older Builds: | Mirrors Fileshare host: 4.52 MB | DDL | Mirrors Fileshare host: 4.52 MB | DDL

Extras: Plugins

SRWare Iron

SRWare Iron: The browser of the future - based on the free Sourcecode "Chromium" - without any problems at privacy and security

Google's Web browser Chrome thrilled with an extremely fast site rendering, a sleek design and innovative features. But it also gets critic from data protection specialists , for reasons such as creating a unique user ID or the submission of entries to Google to generate suggestions. SRWare Iron is a real alternative. The browser is based on the Chromium-source and offers the same features as Chrome - but without the critical points that the privacy concern.

We could therefore create a browser with which you can now use the innovative features without worrying about your privacy.

We want our users to participate in our work and make the browser free to download under the name "SRWare Iron" into the net.

What does Iron makes different? Read here:

17.05.2009: New Iron-Release:

You can now download a new Iron Release based on Chromium
Fixed are a lot of Bugs - e.g. at Incognito Modus, at the Downloadmanager and at lot of other things. Also speed and stability are significant better. We also updated the Adblocker.

12.03.2009: New Iron-Release:

released a new Iron based on Chromium There were updates to Webkit and the Javascript Engine V8, so the new Iron version should be significant faster. Additionally we improved the the adblocker.

To have also updated the adbock.ini is, which you can get here:
Themes can be downloaded e.g. from
Iron is free and OpenSource. You can get it here:



Filedate: 17.05.09



Sunday, May 24, 2009

diablo2oo2's Universal Patcher dUP 2.20 Beta 3

diablo2oo2's Universal Patcher [dUP]
Version: 2.20

-multiple file patcher
-create Offset and Search&Replace patch/loader
-compare files (RawOffset and VirtualAddress) with different filesize
-text patcher
-registry patcher, also for loaders
-attach files to patcher
-get filepaths from registry
-usage of CRC32 and filesize checks
-patching packed files
-compress patcher with your favorite packer
-saving projects
-use custom skin in your patcher
-add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
-multilanguage support
-and many more...

Version History
-added wildcard support for textpatch module
-windowresize bugs fixed
-minimize patcherwindow with rightmouseclick
-added new "event" module for patcher
-bugfixes in textpatch module


Mirror: dup2.beta.rar 184.32 KB

emule.exe Mods and BT Software safety scan

I ensure this page does not have any Trojans or Virus in Mods. Every single Mod have been scanned with If an exepacker/protector have been found which can be suspicious signs of hiding a kind of Trojan in c++ coded software, unpacking tips and remarks are published as well.
Leecher mods exist since ever it doesn't mean any bad. Some mods are performed to release the full power of upload speed not only download (no limit in sharing partfiles by powerrelease etc...).

If you found any form of possible Trojan, Virus please click contact us link and we will check it instantly and try to unpacking for deep analysis of the pe (exe, dll) files.

Up to now known suspicious Mods, done with exe protectors are:
- Early Versions of all Applejuice Mods (shown false positive after unpacking) include IL reverse engineered AJ mods // Shows the exe protector caused false positive
- eMule eXcalibur
- eMule BigBan / eMule PRO (Protector: Obsidium)
- 3 or 4 minor Board mods (the links are removed)

Category others (no exe protector/packer, but malicious functions):
- Newer eMule Applejuice Mod Versions // Some Tracking Cookies download automatically from the embedded Mod Webbrowser and collect user data (info for Advertiser only?), Embedded Ads scripts/codes collect user info.
- Some VeryCD mods // patch (makes changes) without user interrupt on a Windows system file tcpip.sys connection limit + installs a BHO as soon emule.exe executed.
- some eMule (mods) Installers (we never publish installer versions). // Toolbars and Ads can be installed with it. Our Advice: unpack the installer with uniextract than take just the application .exe, delete 'unknown' rest content.

If be not more sure how to deal with 'unknown' binaries use tools like PE identifier and scan exe/dll's before executing any new files. My suggestion use Exeinfo PE from A.S.L. which can as well show some embedded url's in files. Test file to open in PE Explorer if this fails, it's packed and or pe protected as in shareware and hacked software used.
Another sign, eMule.exe is usually above 5 MB in size, not many get it in real below 5 mb by compiling. Test emule.exe files in sizes smaller than 5.03 MB and bigger as 6.7 MB.

Submit a comment under the topics so that people can do an eye on the file.

( packer: Armadillo 6.0x (exe) 32bit / MS c++ v8 fake pe signature , unpack: ollydbg script?! - it's Not C++ v8! )

But after I found this story on Shareactor about my page that I not carefully scan emule mods for trojans, viruses before publishing, which get not more out of my brain in combination with Trojans. I ask me what about the most wide spread eMule mod Applejuice. Up to the latest Version with autostart the embedded Webbroser and Ads tracking cookie. As soon the mod start the tracing cookie is active. We all know click-streaming and the way cookies can behave. 3 and more different Advertiser Companies in the back of thousands of users of this Mod. The Mod is published in the public since years in its actual Versions on the biggest traffic sites such as: , , , , hundreds maybe thousands more... ( Google alone shows 41.800 Search results for emule applejuice. Yahoo Search 99,600 results for emule applejuice, another 19.500 by Live Search )
Applejuice Mod have all Xtreme features + tons of Leecher features. With the right setting undetectable. More than 40.000 Downloads per Version on just a few high traffic Software sites on Toplevel domains in all possible Languages.