[RELEASE] IE-Title-Editor

[tbdawg]

//IE-Title-Editor ver 1.0.0.1 by tbdawg//

*Allows the user to customize their Internet Explorer browser window title.

*May also be used to reset to the default IE browser window title.This may be useful as some programs will change this in the process of using them.

*Will make a backup of the IE MAIN key in the form of MAIN.reg. This file will be checked for and saved to the directory that the IE-Title-Editor.exe is run from. Double clicking this file can restore this reg key to the state it was prior to ever run this program in the case something goes horribly wrong, but will probably never actually be needed.

HAVE FUN & ENJOY!!!!

tbdawg

*Changelog:
ver 1.0.0.1
Added Commandline usage.
To use open IE-Title-Editor in CMD with the /? help switch for info.

This should work with XP, Vista, and Windows 7 with Internet Explorer 6, 7, or 8 (maybe other versions too).

Please see below for download link

[leofelix]

Welcome aboard,
the link you provided is rated as dangerous by WOT

sendspace.com | WOT Security Scorecard | WOT Web of Trust

So do not download that file is INFECTED

http://www.virustotal.com/it/analisi...428-1245637585


<table border="1"><tbody><tr><td colspan="4">File IE-Title-Editor_v1.0.0.1.zip ricevuto il 2009.06.22 02:26:25 (UTC)</td></tr><tr><td>Antivirus</td><td>Versione</td><td>Ultimo aggiornamento</td><td>Risultato</td></tr><tr><td>a-squared</td><td>4.5.0.18</td><td>2009.06.22</td><td>-</td></tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.06.20</td><td>-</td></tr><tr><td>AntiVir</td><td>7.9.0.193</td><td>2009.06.21</td><td>-</td></tr><tr><td>Antiy-AVL</td><td>2.0.3.1</td><td>2009.06.19</td><td>-</td></tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.06.22</td><td style="color: red;">W32/Trojan-Gypikon-based.NC!Maximus</td></tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.06.21</td><td>-</td></tr><tr><td>AVG</td><td>8.5.0.339</td><td>2009.06.22</td><td style="color: red;">Dropper.Generic.AKAK</td></tr><tr><td>BitDefender</td><td>7.2</td><td>2009.06.22</td><td style="color: red;">Gen:Trojan.Heur.E0D4B5A0D0</td></tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.06.19</td><td>-</td></tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.06.22</td><td>-</td></tr><tr><td>Comodo</td><td>1387</td><td>2009.06.22</td><td>-</td></tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.06.22</td><td>-</td></tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.06.18</td><td style="color: red;">Suspicious File</td></tr><tr><td>eTrust-Vet</td><td>31.6.6570</td><td>2009.06.19</td><td>-</td></tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.06.22</td><td style="color: red;">W32/Trojan-Gypikon-based.NC!Maximus</td></tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.06.21</td><td style="color: red;">Trojan-Downloader:W32/Banload.FXD</td></tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.06.21</td><td>-</td></tr><tr><td>GData</td><td>19</td><td>2009.06.22</td><td style="color: red;">Gen:Trojan.Heur.E0D4B5A0D0</td></tr><tr><td>Ikarus</td><td>T3.1.1.59.0</td><td>2009.06.22</td><td style="color: red;">HackTool.Win32.Jakuz</td></tr><tr><td>Jiangmin</td><td>11.0.706</td><td>2009.06.21</td><td style="color: red;">HackTool.Jakuz.c</td></tr><tr><td>K7AntiVirus</td><td>7.10.768</td><td>2009.06.19</td><td>-</td></tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.06.22</td><td>-</td></tr><tr><td>McAfee</td><td>5653</td><td>2009.06.21</td><td>-</td></tr><tr><td>McAfee+Artemis</td><td>5653</td><td>2009.06.21</td><td>-</td></tr><tr><td>McAfee-GW-Edition</td><td>6.7.6</td><td>2009.06.21</td><td>-</td></tr><tr><td>Microsoft</td><td>1.4803</td><td>2009.06.21</td><td>-</td></tr><tr><td>NOD32</td><td>4175</td><td>2009.06.21</td><td>-</td></tr><tr><td>Norman</td><td>6.01.09</td><td>2009.06.19</td><td>-</td></tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.06.21</td><td>-</td></tr><tr><td>Panda</td><td>10.0.0.16</td><td>2009.06.21</td><td>-</td></tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.06.22</td><td>-</td></tr><tr><td>Prevx</td><td>3.0</td><td>2009.06.22</td><td>-</td></tr><tr><td>Rising</td><td>21.34.63.00</td><td>2009.06.21</td><td>-</td></tr><tr><td>Sophos</td><td>4.42.0</td><td>2009.06.21</td><td>-</td></tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.06.21</td><td>-</td></tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.06.22</td><td>-</td></tr><tr><td>TheHacker</td><td>6.3.4.3.350</td><td>2009.06.20</td><td>-</td></tr><tr><td>TrendMicro</td><td>8.950.0.1094</td><td>2009.06.20</td><td>-</td></tr><tr><td>VBA32</td><td>3.12.10.7</td><td>2009.06.22</td><td style="color: red;">Trojan.BAT.KillAV.mh</td></tr><tr><td>ViRobot</td><td>2009.6.19.1796</td><td>2009.06.19</td><td>-</td></tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.06.21</td><td>-</td></tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Informazioni addizionali</td></tr><tr><td colspan="4">File size: 209080 bytes</td></tr><tr><td colspan="4">MD5...: 8b2e86d95bed8e963c8356fda7112364</td></tr><tr><td colspan="4">SHA1..: cf14af3bbc3ad5f371adea15144289cbc0e13461</td></tr><tr><td colspan="4">SHA256: 3101c898b983589528a5ec3def6f8e20bc6db4f47797b8cad4 6074e34786e428</td></tr><tr><td colspan="4">ssdeep: 6144:9TCQzKLyPLXJSFj7C46SW+3+4WjIEyd1bEz2s71nhfG:v KLyPEGSp+rjIEy
d167LG
</td></tr><tr><td colspan="4">PEiD..: -</td></tr><tr><td colspan="4">TrID..: File type identification
ZIP compressed archive (99.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)</td></tr><tr><td colspan="4">PEInfo: -</td></tr><tr><td colspan="4">PDFiD.: -</td></tr><tr><td colspan="4">RDS...: NSRL Reference Data Set
-</td></tr><tr><td colspan="4">packers (Kaspersky): PE_Patch.UPX, UPX, WScript</td></tr><tr><td colspan="4">packers (F-Prot): UPX</td></tr></tbody></table>

[HappyAndyK]

Thanks leo. Infected file's link has been removed.

@tbdawg : If it is indeed a genuine software, please PM me its download link. I will test it and then insert it in the post. Till then locking up thread.

Thank you for understanding.

UPDATE:

The file which was sent to me is clean and has been uploaded to our TWC server. The app lets you change the title of your Internet Explorer browser window title, just the way our UWT lets you.

[leofelix]

Is it clean?

Maybe it's only considered as an hacking tool
However I extracted zip archive and uploaded exe file to virustotal again

Now there are 12/41antivirus which detect it as malware

Virustotal. MD5: 798ae74f9a5a9a49415990b0586ec05f Trojan-Downloader:W32/Banload.FXD Gen:Trojan.Heur.E0D4B5A0D0 HackTool.Win32.Jakuz!IK


I think Microsoft can suggest a very good and simple alternative method


How to Change the Internet Explorer Window Title

[HappyAndyK]

The file which he sent was checked by my NOD32 to be clean. That is the one I have uploaded. But yes in your virustotal scan NOD32 & KAV show it as OK but others as infected.

Jotti scan shows it as infected too.

Maybe we should wait for Corrine's inputs. Best to remove link till then!

[seti]

I think there are too many questions and not enough answers for this to be safe at the moment.. Just my personal view

[tbdawg]

After some more testing, it seems to be something with the compiling of the source that is giving off these false hits. I have sent the source to HappyAndyK and a link to theprogram used to compile it. If you check the source files themselves with (right click edit) you'll easily see that there is no malicious code written. You can also likewise send them through Virustotal (since the source is a .bat and .png file) and check as they will both come back as 100% clean. (I checked). Sending the .exe for the compiler installer itself (Exescript) gave me 2 hits outta 41. So I'm pretty sure that it is the compiler that is causing the hits with VirusTotal. HappyAndyK should have copies of all the mentioned files and should be able to confirm what I have said. Sorry about all the worry with my app. I am fairly new to any type of coding. I really only know CMD so far (been doing it for about 1 1/2 yrs). I am trying to learn more about C, C++, C# and VB, but time is limited. Thanks for understanding.

EDIT: Decided to just release it as the batch file and send a complaint to Exescript about all the hits as a Virus after being compiled with there tool. The .bat will work exactly the same way as the .exe did.

Here you can see that it is clean.
IE-Title-Editor_v1.0.0.1_SRC.zip@VirusTotal

IE-Title-Editor_v1.0.0.1_SRC.zip

[leofelix]

no worries tbdawg
I suspected that some antivirus softwares didn't like the compilation program you used, 'cause antivirus are not always able to distinguish between what is bad and what is good.
There are many free security tool like Combofix or Avenger which are detected as malware by some antivirus but only because they can gain Direct Disk Access or install hidden drivers, they are false positive, of course.

However, as our administrator stated, I think is better to wait for Corrine's response.

Thank you all

[tbdawg]

Thanks, I went ahead and released it as the Original batch (see my previous post) file also. Maybe after they see that it is the compiler causing the issue they can put the link back up for the exe as well. I really only compiled it in the first place so that others don't go opening it up and changing it and then calling it there own, but that isn't as important to me as people realizing that I'm NOT out to attack thier computers with stupid Viruses. After all this is a pretty cheezy little app anyhow. No worries.

[leofelix]

You're welcome tbdawg

I downloaded the new file you provided..
but I think you forgot to include IE-Title-Editor.exe into the new zip archive