If have read
then you better hope you haven't played 2Moons after you downloaded the trainer (I didn't ^.^)
michas91 posted the Trainer, however L.e.v.i.a.t.h.a.n (aka \/xWx\/) apparently says he made it
So in my opinion they should both be IP banned.
For those of you how downloaded the trainer...
Here are the malware removal instructions: (made quickly by me after I made sure that the trainer was responsible)
1. Delete the trainer and never run it again... (this is just common sense)
2. Press Ctrl+Alt+Delete to open Task Manager
(if you are using Vista select the last option wich is Task Manager)
3. You will see a proses named gadu-gadu.exe, so highlight it and click Delete on your keyboard to stop it
4. go to C:\Windows\system\svhost, at this moment you can open the pictures to look at those beautiful unknown shots of your computer that the progam has taken. (mine looked
)5. DELETE the shit out of that folder
6. Go to C:\Windows and run a program called regedit.exe
(Careful inside the registry, dont remove anything you are not sure about)
7. Go to Edit\Find... or click Ctrl+F to open the Find window
8. In the Find window write gadu-gadu and click Find Next
(to look for any traces of the progam on your computer
9. You may find a file that says gadu-gadu on the right box of the Registry Editor, so delete it if you do
10. to continue your search go to Edit\Find Next or press F3
11. one thing you will definitely find is a folder named Gadu-Gadu (if you look on the left box on the Registry Editor window)
12. Delete the entire Gadu-Gadu folder when you find it
After everything restart your computer and open the Task Manager again to check if gadu-gadu.exe started up again after the restart
if it still shows up do not play 2Moons and ask for more help
EZasπ (π is supposed to be "pie" but it doesn't come out right with this font -_-)
Good Luck, hopefully you won't need it
Ps. Is a mod able to change the tittle of this thread from MALWATE to MALWARE pls, lol
Edit:
here is a script to make this thread about 2Moons hacking, or just for fun...^.^
Code:
[ENABLE] alloc(MonsterRange,1024) label(ReturnMonsterRange) 0053A2F5: //89 54 24 48 8B 01 FF jmp MonsterRange nop ReturnMonsterRange: MonsterRange: mov [esp+48],edx mov [esp+30],00000000 mov [esp+4c],00000000 mov eax,[ecx] jmp ReturnMonsterRange [DISABLE] dealloc(MonsterRange) 0053A2F5: mov [esp+48],edx mov eax,[ecx]
