Hi,
cause the "Flux problem" becomes more and more public in diffrent boards we decided to create a little thread about that relativly new nastie.
Flux is a so called reverse backdoor. While normal backdoors would open a port on your computer and a control program would connect to it, Flux won't open a port. The control program opens the port and the backdoor connects to the control program. This makes it fully LAN and router compatible and can circumwent most hardware firewalls.
Flux uses quite a stealthy technique to run on a victims computer. Instead of creating an own process for himself or injecting a DLL to a third party process Flux uses code injection techniques. That means it injects code (NOT a DLL) to a third party process and runs it within it.
That makes Flux currently undetectable in memory by most anti malware products cause they only scans the modules of a process (which means the EXE file and all loaded DLLs) and allows Flux to bypass several software firewalls.
We at Emsi Software GmbH were prepared for the case of the appearance of such a backdoor and already developed an enhanced memory scan to detect such trojans for a² v2. We didn't think such a backdoor would appear that soon so we decided to backport the detection techniques to the current v1 releases. What does that mean?
Well, a² is currently the only program offering a reliable detection of Flux in memory so a² users are already protected and you don't have to worry about Flux:
For people not using a² we offer a little stand alone tool that detects and deactivates Flux in memory so you can clean the Flux loader by hand or using your favorite anti malware program. You can find the tool here:
http://forum.emsisoft.com/viewtopic.php?p=11077Or for direct download:
http://download1.emsisoft.com/fluxscan.exehttp://download2.emsisoft.com/fluxscan.exe