A-Designs - PaxGFX

[desiredphoenix]

PM me asap, you know who it is.
I require you for a new Pserver project.
The task ahead is long
I cannot design the **** myself
PM me asap or unblock my skype
I.G. Sydney

[desiredphoenix]

This isn't him. But why do you say that? I've done nothing

P.s. reported for the unnecessary language

[Super Aids]

Because wtf is this retarded thread supposed to accomplish?

Use ******* PM, if the person blocked you don't post a thread here. This ain't some personal messageboard.

[desiredphoenix]

Because he us a designer and works with pservers. That is obvious what I am trying to accomplish. If you have nothing nice to say, why say it at all? Your only gonna get infracted

It relates to Pservers as he is working with pservers and I have already received an infraction for this so just shutup

[Super Aids]

[desiredphoenix]

**** no wonder I got infracted.... Request to close because I cant close for some reason.......

I will repost later.
Thanks..
Just next time
You don't win friends with salad lol

[Spirited]

Quote:

Originally Posted by desiredphoenix

PM me asap, you know who it is.
I require you for a new Pserver project.
The task ahead is long
I cannot design the **** myself
PM me asap or unblock my skype
I.G. Sydney

You got infected for when I reported this, and you reposted? Really?

[desiredphoenix]

I got infracted for the post. And no I meant in that particular section and not for a specific person... and I didn't make a second post intentionally. My phone spazzed and it double posted and I couldn't type in the fields for some reason (its been doing that) So I used Auto fill data from another post ("I need help") I had to close it but I was catching a train and didnt change the title. But for some reason I cant close threads... because I tried to close it.. oh and I just noticed that the mobile version doesnt filter foul language D:

[Spirited]

I don't care. You need to not be so verbose in your posts. Nobody cares about all of these weird details. And it's not as complicated as you're making it. You wanted to PM someone, and so you made a thread rather than PMing them. And you accidentally made two. Simple. Your other thread: you reported our executable to Microsoft, they told you it's a virus because it is. Simple.

[desiredphoenix]

What? It's not a virus lol. Believe what you want. You are not too bright. No wonder why you were banned so many times. Can't shut your trap

[Best Coder 2014]

Quote:

Originally Posted by desiredphoenix

What? It's not a virus lol. Believe what you want. You are not too bright. No wonder why you were banned so many times. Can't shut your trap

Pretty much every heuristic analysis is going to disagree with you on this one ... which is why your "loader" gets flagged.
It does malicious stuff (injecting code into other processes and whatnot), therefore it is, like, by definition malicious.
Detecting and flagging your loader is the expected behavior of any decent anti-virus.

[pro4never]

Quote:

Originally Posted by desiredphoenix

What? It's not a virus lol. Believe what you want. You are not too bright. No wonder why you were banned so many times. Can't shut your trap

Of course it's a virus/malware. Does not mean it's bad or does anything besides what you want it to do though. It modifies a running process to hijack its network functions and re-route them to connect to a different server.

It's a wanted program but it's malicious non the less in its actual functions. It will be detected by any competent anti virus software.

Loaders are by definition going to hijack and re-route network and client functionality which is behavior not permitted by most AV software and for good reason.

[desiredphoenix]

Well to be honest dude, a lot of AVs are letting it through now. McAfee doesn't unless permitted, however I know AVG does, Trend Micro, Kspersky and Malwarebytes

Just got my ventrilo server up last night

And wtf is with netdragon and converting standard swf files to .dat files lol

Malware is malicious, if its not acting as spyware/adware or a virus then I wouldnt consider it malicious. Even if it is accessing a backdoor to bypass the autopatcher and whatnot

Analysis as of todays date


Antivirus Result Update
AegisLab Troj.W32.Refroso.cugt!c 20161119
AhnLab-V3 Trojan/Win32.Refroso.C154843 20161118
Avast Win32:Evo-gen [Susp] 20161119
Avira (no cloud) TR/Refroso.cugt 20161118
Baidu Win32.Trojan.Refroso.a 20161118
ClamAV Win.Trojan.Refroso-12557 20161119
Comodo TrojWare.Win32.Refroso.cugt 20161118
DrWeb BackDoor.Bifrost.24709 20161119
ESET-NOD32 Win32/GameHack.FO potentially unsafe 20161119
Fortinet W32/GameHack.DS 20161119
Ikarus Virus.Win32.Qlod 20161118
Jiangmin Trojan/Refroso.ozj 20161119
K7AntiVirus Backdoor ( 04c502cc1 ) 20161119
K7GW Backdoor ( 04c502cc1 ) 20161119
Kingsoft Win32.Troj.Refroso.(kcloud) 20161119
McAfee RDN/Generic PUP.x 20161119
McAfee-GW-Edition RDN/Generic PUP.x 20161119
Microsoft VirTool:Win32/Qlod.A 20161119
NANO-Antivirus Trojan.Win32.Refroso.dkrol 20161119
Panda Trj/CI.A 20161118
Qihoo-360 Win32/Trojan.ae3 20161119
Rising Trojan.Generic-HwkL4aO4yLT (cloud) 20161119
TheHacker Trojan/Refroso.cugt 20161117
TrendMicro-HouseCall TSPY_REFROSO_BK082CC3.TOMC 20161119
VBA32 Malware-Cryptor.Inject.gen 20161118
VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious) 20161119
ViRobot Trojan.Win32.A.Refroso.9728.B[h] 20161119
Yandex Trojan.Refroso!pAfFMPccnwY 20161118
Zillya Trojan.Refroso.Win32.56657 20161118
nProtect Trojan/W32.Small.9728.EK 20161119
ALYac 20161119
AVG 20161119
AVware 20161119
Ad-Aware 20161119
Alibaba 20161118
Antiy-AVL 20161119
Arcabit 20161119
BitDefender 20161119
Bkav 20161117
CAT-QuickHeal 20161118
CMC 20161119
CrowdStrike Falcon (ML) 20161024
Cyren 20161119
Emsisoft 20161119
F-Prot 20161119
F-Secure 20161119
GData 20161119
Invincea 20161018
Kaspersky 20161119
Malwarebytes 20161119
eScan 20161119
SUPERAntiSpyware 20161119
Sophos 20161119
Symantec 20161119
Tencent 20161119
TrendMicro 20161119
Zoner 20161119

From what I see, some of the best have accepted the file as not malicious

And as far as rewriting it in a way where its not detected like that, is not as easy as I thought..

TrendMicro TSPY_REFROSO_BK082CC3.TOMC 20160322

For example that was from 8 months ago when someone else did a virus total report

Quote:

Originally Posted by Best Coder 2014

Pretty much every heuristic analysis is going to disagree with you on this one ... which is why your "loader" gets flagged.
It does malicious stuff (injecting code into other processes and whatnot), therefore it is, like, by definition malicious.
Detecting and flagging your loader is the expected behavior of any decent anti-virus.

I wouldnt have spent 8 hours on the phone if I wasn't going to have the shit removed. Most AVs accept it. Win defender is just a dick

[pro4never]

good lord stop wasting your time and just accept that loaders are not (and have never been) the right way to do things for a publicly hosted server.

[Arby]

#closed