Trojan/Warrior Lvl Bot (unpatchable)

Quote:

Originally posted by DarkMessiah@Jan 16 2007, 02:39 This is a well made pixel based attack bot for trojans and warriors. It will: kill any monster pick up mets and dbs pick up gold (if no monsters present) use pots use xp skills It will not: pick up all items auto log off [Only registered and activated users can see links. Click Here To Register...] <-- CAREFULL !!! maybe contain trojan ...

not mean to flame but carefull all .. this quick macro program may contain trojan -_-#

Quote:

AntiVir no virus found Authentium no virus found Avast no virus found AVG no virus found BitDefender no virus found CAT-QuickHeal no virus found ClamAV no virus found DrWeb no virus found eSafe no virus found eTrust-InoculateIT no virus found eTrust-Vet no virus found Ewido no virus found Fortinet no virus found F-Prot no virus found F-Prot4 no virus found Ikarus Trojan-Downloader.Win32.IstBar.IS Kaspersky no virus found McAfee no virus found Microsoft no virus found NOD32v2 no virus found Norman no virus found Panda no virus found Prevx1 no virus found Sophos no virus found Sunbelt no virus found TheHacker no virus found UNA no virus found VBA32 no virus found VirusBuster no virus found

scan on : virustotal

<hr>Append on Jan 17 2007, 08:23<hr> here is that trojan definition :

Quote:

Name Troj/Istbar-IS Type * Trojan How it spreads * Web browsing Affected operating systems * Windows Side effects * Modifies data on the computer * Drops more malware * Downloads code from the internet * Reduces system security Aliases * Trojan-Downloader.Win32.Istbar.is

source : [Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally posted by gentonk+Jan 17 2007, 08:10--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (gentonk @ Jan 17 2007, 08:10)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--DarkMessiah@Jan 16 2007, 02:39 This is a well made pixel based attack bot for trojans and warriors. It will: kill any monster pick up mets and dbs pick up gold (if no monsters present) use pots use xp skills It will not: pick up all items auto log off [Only registered and activated users can see links. Click Here To Register...] <-- CAREFULL !!! maybe contain trojan ...

not mean to flame but carefull all .. this quick macro program may contain trojan -_-#

Quote:

AntiVir no virus found Authentium no virus found Avast no virus found AVG no virus found BitDefender no virus found CAT-QuickHeal no virus found ClamAV no virus found DrWeb no virus found eSafe no virus found eTrust-InoculateIT no virus found eTrust-Vet no virus found Ewido no virus found Fortinet no virus found F-Prot no virus found F-Prot4 no virus found Ikarus Trojan-Downloader.Win32.IstBar.IS Kaspersky no virus found McAfee no virus found Microsoft no virus found NOD32v2 no virus found Norman no virus found Panda no virus found Prevx1 no virus found Sophos no virus found Sunbelt no virus found TheHacker no virus found UNA no virus found VBA32 no virus found VirusBuster no virus found

scan on : virustotal

<hr>Append on Jan 17 2007, 08:23<hr> here is that trojan definition :

Quote:

Name Troj/Istbar-IS Type * Trojan How it spreads * Web browsing Affected operating systems * Windows Side effects * Modifies data on the computer * Drops more malware * Downloads code from the internet * Reduces system security Aliases * Trojan-Downloader.Win32.Istbar.is

source : [Only registered and activated users can see links. Click Here To Register...] [/b][/quote]
it doesnt have a trojan, it always says that, no matter where u get it from :rolleyes:

nice i will try it out when im at home

Yeah im getting the same thing, its stops now with = correctly, but when you start it it just keeps walking to the top left corner, wont do anything else. Any ideas?

uhm w00t teh fu like cant download the macro

lol this work or no ?

<hr>Append on Jan 17 2007, 17:39<hr> i dont dl this have trojans =P

This bot is clean. the trojan in the actual software is really just what makes it pop up its homepage every time you open quick macro until you register.

I moved around some stuff and changed some commands. still works perfect for me. If he randomly starts running up, plz post a ss of it (press f12 before you quit)
and pm me it so theres no problems with char names or anything. or you can cross that stuff out and post it here. i just need to see whats screwin you guys up.
anyway, here's the newest version.

Some tested it yet ?

is there anyway to make it work in window mode?

Complete scanning result of "quickmacro.rar", received in VirusTotal at 01.18.2007, 03:08:45 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.17.2007 no virus found
Authentium 4.93.8 01.17.2007 no virus found
Avast 4.7.936.0 01.17.2007 no virus found
AVG 386 01.17.2007 no virus found
BitDefender 7.2 01.17.2007 no virus found
CAT-QuickHeal 9.00 01.17.2007 no virus found
ClamAV devel-20060426 01.17.2007 no virus found
DrWeb 4.33 01.17.2007 no virus found
eSafe 7.0.14.0 01.17.2007 no virus found
eTrust-InoculateIT 23.73.116 01.18.2007 no virus found
eTrust-Vet 30.3.3332 01.17.2007 no virus found
Ewido 4.0 01.17.2007 no virus found
Fortinet 2.82.0.0 01.17.2007 no virus found
F-Prot 3.16f 01.17.2007 no virus found
F-Prot4 4.2.1.29 01.17.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 Trojan-Downloader.Win32.IstBar.IS<<<<<<<<
Kaspersky 4.0.2.24 01.18.2007 no virus found
McAfee 4941 01.17.2007 no virus found
Microsoft 1.1904 01.18.2007 no virus found
NOD32v2 1985 01.17.2007 no virus found
Norman 5.80.02 01.17.2007 no virus found
Panda 9.0.0.4 01.17.2007 no virus found
Prevx1 V2 01.18.2007 no virus found
Sophos 4.13.0 01.17.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.148 01.14.2007 no virus found
UNA 1.83 01.17.2007 no virus found
VBA32 3.11.2 01.17.2007 no virus found
VirusBuster 4.3.19:9 01.17.2007 no virus found

Aditional Information
File size: 994793 bytes
MD5: c65c98f73fad9600f189db14c04a7259
SHA1: 160cbab36b3af308dd1f87bb9db241dfcad58525
packers: BINARYRES, UPX, PEBUNDLE, PEBUNDLE, PEBUNDLE, PEBUNDLE, PEBUNDLE, UPX, UPX

thank you dragon fire for posting something that has already been posted. as the other guy said, all virus scans will give a false positive on it right there.

@jvl
unless i can restrict the search for pixel command to a certain window size, no. cause right now it searches the whole screen for a color. if you run it in window, itll start crazily clicking the screen and pressing f1 because the hp bars and stuff dont match up.

lol prob is whenever the bot starts after pressing "-", the CO cursor goes to the top left...so the bot keeps clicking

i dont quite understand what you're saying, but try 1024x768 fullscreen with no red armor, and no texture edits.

Hi,

I did a search on Quick Macro to ensure the download link is ok.
I found the file at

[Only registered and activated users can see links. Click Here To Register...]

I did a compare between the file on the rapidshare and the one at download.com.

The result as below.

I guess I had answered the query of suspicious trojan.

DM

nice work dude