UCO NonDC Speed Hack ~ 5071+

my antivirus detected a trojan :(

Quote:

Hmm, Thats rather odd although it may be the .NET Protector which just stops my file being decompiled so its harmless.

It's a .NET Protector that we use to protect our programs so they don't get leeched.

Quote:

Originally Posted by tanelipe It's a .NET Protector that we use to protect our programs so they don't get leeched.

and we need to trust your word?
trojan.win32.delf.cxi

Well noone has complained about anything bad happening so far, and hopefully you do trust us considering we have helped provide for this community for quite some time.

Quote:

Originally Posted by Djago160 and we need to trust your word? trojan.win32.delf.cxi

I dunno.. He is a Mod, Think hes trustworthy?
Btw.. Aussie Ftw, k?

thanks alot mate

Quote:

Originally Posted by leavemealone Well noone has complained about anything bad happening so far, and hopefully you do trust us considering we have helped provide for this community for quite some time.

I trust you but my antiviruse doesn't and i don't want to turn it off everytime and i can't add it as a exeption cause it's a trojan

aight thx for the info ill just unload my antivirus when i use

its have a trogan take care

Did it show false positives in the virus scanner before you updated it? Mine shows the same thing troj/troj etc,.

If it didn't show before that means you didn't add the .net protector, that also means people could of downloaded it already and decompiled before, why add the .net protector now lol
(this is assuming that is the thing causing it, and it was not in the previous versions)

Requirements:
- Microsoft .NET Framework 2.0

because i download it and it didnt work on my comp
the microsoft .net framework 2.0 said some thing was blocking it
i cheaked the firewall and all but still it doesnt work
it said my framework from 1.1 did not let it pass though my computer

soo if u can make one of these with the
Requirements i got:
- Microsoft .NET Framework 1.1

thx you if u do make one

i always get trojan >.<

nice works and clean +k +a

The requested URL [Only registered and activated users can see links. Click Here To Register...] is infected with Trojan.Win32.Delf.cxi virus

Security Risk Description
Trojan-Spy.Pophot.FT Trojan-Spy.Pophot.FT is a threat that registers itself as a system service and collects certain essential information from the system.


Attention! The following threat category was identified:
Threat Category Description
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system




File System Modifications

The following files were created in the system:
# Filename(s) File Size File MD5 Alias
1 %Profiles%\LocalService\Favorites\Desktop.ini 122 bytes 0xFC2BF37169C033A08C1FD7680193CCE2 (not available)
2 %System%\RpcS.dll 135,168 bytes 0x58A1B347EB4CB768D11DE4311ACC5E22 Backdoor.Win32.Delf.ash [Kaspersky Lab]
Backdoor.Trojan [Symantec]
BackDoor-CXI [McAfee]
TROJ_SHEUR.FIJ [Trend Micro]
3 %System%\RpcS.exe
[file and pathname of the sample #1] 440,832 bytes 0x86FCE8F87CB043FDAD626CAAC4E86620 (not available)


Notes:
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following directories were created:
%Profiles%\LocalService\Favorites
%Profiles%\LocalService\Favorites\Links


Memory Modifications

There were new processes created in the system:
Process Name Process Filename Main Module Size
RpcS.exe %System%\rpcs.exe 770,048 bytes
[filename of the sample #1] [file and pathname of the sample #1] 770,048 bytes


The following module was loaded into the address space of other process(es):
Module Name Module Filename Address Space Details
RpcS.dll %System%\RpcS.dll Process name: IEXPLORE.EXE
Process filename: %ProgramFiles%\internet explorer\iexplore.exe
Address space: 0x1C20000 - 0x1C45000


Notes:
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
There was a new service created in the system:
Service Name Display Name Status Service Filename
RpcS Remote Procedure Call System(RPCS) "Running" %System%\RpcS.exe




Registry Modifications

The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS\Enum
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\CabinetState
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\RunMRU
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Ext
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Ext\Stats
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "RpcS"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS\0000]
Service = "RpcS"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Remote Procedure Call System(RPCS)"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY_RPCS]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS\Enum]
0 = "Root\LEGACY_RPCS\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcS]
Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%System%\RpcS.exe"
DisplayName = "Remote Procedure Call System(RPCS)"
ObjectName = "LocalSystem"
Description = "���������RPCï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï ¿½Ý¿â¡£By:HACKLL QQ:8824965"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "RpcS"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS\0000]
Service = "RpcS"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "Remote Procedure Call System(RPCS)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\R oot\LEGACY_RPCS]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS\Enum]
0 = "Root\LEGACY_RPCS\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RpcS]
Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%System%\RpcS.exe"
DisplayName = "Remote Procedure Call System(RPCS)"
ObjectName = "LocalSystem"
Description = "���������RPCï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï ¿½Ý¿â¡£By:HACKLL QQ:8824965"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar]
Locked = 0x00000001
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\CabinetState]
Settings = 0C 00 02 00 0A 01 F8 75 60 00 00 00
FullPath = 0x00000000
The following Registry Values were modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Cache\Paths]
Directory = "%Profiles%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Cache\Paths\path1]
CachePath = "%Profiles%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Cache\Paths\path2]
CachePath = "%Profiles%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Cache\Paths\path3]
CachePath = "%Profiles%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\Cache\Paths\path4]
CachePath = "%Profiles%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Se rviceCurrent]
(Default) = 0x0000000B
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\ServiceCurrent]
(Default) = 0x0000000B
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Explorer\Shell Folders]
Cookies = "%Profiles%\LocalService\Cookies"
Favorites = "%Profiles%\LocalService\Favorites"
Cache = "%Profiles%\LocalService\Local Settings\Temporary Internet Files"
History = "%Profiles%\LocalService\Local Settings\History"



COOOL HACKTOOL

Hey, I didn't extract it or anything, I scanned the .rar and when I saw virus I deleted it, after seeing your post and you getting me worried as hell I searched through registry for those values, the only one i saw was Explorer/MRU

Can it infect you if you don't extract and run it?