Zenith files investigation [possible RAT?]

MyDooMJr · 09/27/2015, 19:54

Hello guys,

I would be careful with running ZenithSky client files, and so on.

I were investigating their files and I have found this:

See the Company? Katherina something? Ye. I googled that and I've did not found anything related to viruses or whatsoever in the first results, until I have found a result in the end of the first page leading to another hacking community forum.

I have also found some information about a program that allows to create RAT's or whatsoever here related to katherina walenski:

When scanning Zenith12sky.exe only few antivirus will report a false-positive (packed file, package, gen). Because it has been packed with a fishy packer I presume. Therefore antiviruses will not recognize malicious code if there is any.

I am just alerting people to be careful running their client nothing else, they always seem'd fishy to me. Doesn't matter if they are competitors of AE Sky or not.

Regards

HairyWizard · 09/27/2015, 21:44

I'd check the traffic from the launcher if I were you. Last time I checked, it sent a bunch of stuff that's not related to the game at all, whilst the game was running.

unknown1981 · 09/28/2015, 16:10

I created an account especially for you.
Sorry but you fail hardcore.

I can clearly see you got something against Zenith, and you probably are a fanboy of AE.
Now to come with facts on the table.

I did a bigger research on your post. The first link you gave, is redirecting you towards the original thread. In the original thread someone investigated that report and it all came back negative, so not malicious. He didn't do a full research because that will take pretty long. Your second link is not pointing to any RAT as well.

Stop hating competition and spread around half or incorrect information. Better come with real facts on the table, or stfu.

I checked my services, processes etc while I opened up AE, and I opened up Zenith.
Both have no trojans or RAT's running in the background. So nice try, but fail.

HairyWizard · 09/28/2015, 16:40

Quote:

Originally Posted by unknown1981

I created an account especially for you.
Sorry but you fail hardcore.

I can clearly see you got something against Zenith, and you probably are a fanboy of AE.
Now to come with facts on the table.

I did a bigger research on your post. The first link you gave, is redirecting you towards the original thread. In the original thread someone investigated that report and it all came back negative, so not malicious. He didn't do a full research because that will take pretty long. Your second link is not pointing to any RAT as well.

Stop hating competition and spread around half or incorrect information. Better come with real facts on the table, or stfu.

I checked my services, processes etc while I opened up AE, and I opened up Zenith.
Both have no trojans or RAT's running in the background. So nice try, but fail.

Check the network traffic coming from the launcher, or you clearly don't know how to do that. I'll release a launcher bypass for Zenith soon, so people can actually play it without that fishy **** launcher of theirs.

Also, that all virus scanners don't detect something as malicious, doesn't mean it isn't.

Let me elaborate a bit on the launcher, it pretty much functions as a relay server that relays game packets to the game server, for whatever reason, but those are not the only packets that it sends, which troubles me.

MyDooMJr · 09/28/2015, 18:14

About the second link google: xtreme3.6private-fixed.exe
or

Adios!

TheUnknownWarrior · 09/29/2015, 18:42

It is probably sending information of your credit cards to the end server but its ok right? haha

K.e.f.e · 09/29/2015, 19:05

i wanted to play NSG, but this is disgusting. why can not 2 servers? i do not understand a lot of negative advertising. u get level, full gear or more? this first NSG launcher

this okay ? it was not a new topic .

MyDooMJr · 09/29/2015, 19:24

Have you read the viruses?

Generic , ProcessPatcher.

VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious)

See if the current launcher has any viruses or weird **** going on the background. I thought so.

HairyWizard is right about the Zen launcher, something shady is going on. Might be nothing but who knows, I don't trust to much these chineses .

TheUnknownWarrior · 09/29/2015, 20:15

This guy with Virus Total is to funny.

dudle05 · 09/29/2015, 20:42

Quote:

Originally Posted by TheUnknownWarrior

It is probably sending information of your credit cards to the end server but its ok right? haha

Wrong.. they use Paypal as payment method so they can't steal our credit cards information.

Anyway you guys should stop this hate against Zenith... it's start to be childish and really annoying.

You had and have people on AE who abuse bugs and they don't get banned, atleast here bug/hackers get banned in few minutes. Anyway stop this hate against zenith.

HairyWizard · 09/29/2015, 21:01

Quote:

Originally Posted by dudle05

Wrong.. they use Paypal as payment method so they can't steal our credit cards information.

Anyway you guys should stop this hate against Zenith... it's start to be childish and really annoying.

You had and have people on AE who abuse bugs and they don't get banned, atleast here bug/hackers get banned in few minutes. Anyway stop this hate against zenith.

Atleast Anrinch Entertainment has the ability to fix bugs (and introduce new content). And don't be so sure about him banning in a few minutes, I have a character with duped cash from 3 days ago and it's still not banned. Not that I'm saying AE is the better alternative of the two, but I'm suspicious of Zeniths files (the network activity in particular) and his (DDoS) attacks towards AE in general. That's exactly the reason why I'm planning to release exploits for Zenith (in due time.. ).

dudle05 · 09/29/2015, 21:11

Quote:

Originally Posted by HairyWizard

Atleast Anrinch Entertainment has the ability to fix bugs (and introduce new content). And don't be so sure about him banning in a few minutes, I have a character with duped cash from 3 days ago and it's still not banned. Not that I'm saying AE is the better alternative of the two, but I'm suspicious of Zeniths files (the network activity in particular) and his (DDoS) attacks towards AE in general. That's exactly the reason why I'm planning to release exploits for Zenith (in due time.. ).

Zenith DDoS AE? Show us the proof. Don't say someone DDoS if you have 0 proof.

Got exploit? Show it.. prove it.. stop saying u got this and that without a bit of proof.

PS: Let's not forget duped items are not only available few mins or till u log off, so ur money and items are just for show.. not permanent... if u even know how to dupe

HairyWizard · 09/29/2015, 21:19

Quote:

Originally Posted by dudle05

Zenith DDoS AE? Show us the proof. Don't say someone DDoS if you have 0 proof.

As I've been told, there are strong assumptions that can not be ignored:

- The first time AE was ddosed was when Zenith first popped up.
- 2 weeks later, a supposed blackmailer had ddosed zenith and zenith agreed upon paying $800 and also ddosed AE, for a fee of $1000.
What the 'blackmailer' did not foresee is that his information could be traced easily and was traced to Zeniths hometown. This series of ddos attacks happened shortly after the official release.
- Zenith had no downtime from the supposed ddoser, as a matter of fact that one hour downtime he had was caused by something else. I'm not going into detail about this.

EDIT: Meet me at yongu blacksmith in 2 minutes @ zenith, and I'll show you.

dudle05 · 09/29/2015, 21:25

Quote:

Originally Posted by HairyWizard

As I've been told, there are strong assumptions that can not be ignored:

- The first time AE was ddosed was when Zenith first popped up.
- 2 weeks later, a supposed blackmailer had ddosed zenith and zenith agreed upon paying $800 and also ddosed AE, for a fee of $1000.
What the 'blackmailer' did not foresee is that his information could be traced easily and was traced to Zeniths hometown. This series of ddos attacks happened shortly after the official release.
- Zenith had no downtime from the supposed ddoser, as a matter of fact that one hour downtime he had was caused by something else. I'm not going into detail about this.

EDIT: Meet me at yongu blacksmith in 2 minutes @ zenith, and I'll show you.

Waiting for you at blacksmith

almar12 · 09/29/2015, 21:39

Quote:

Originally Posted by dudle05

Zenith DDoS AE? Show us the proof. Don't say someone DDoS if you have 0 proof.

Got exploit? Show it.. prove it.. stop saying u got this and that without a bit of proof.

PS: Let's not forget duped items are not only available few mins or till u log off, so ur money and items are just for show.. not permanent... if u even know how to dupe

In which fantasy world do you live?
Where did you get that from, the part of money and items just being for show lol?