Project Throwback - Come check us out.

11/30/2012 23:54 _DreadNought_#76
Quote:
Originally Posted by SkyTearZz View Post
Maybe his hobby is to fuck up shitty servers. Especially a server like this where the owners have put in botnet clients in the game client to ddos other servers.
Not to mention the PayPal donation scam they did before shutting down true classic two days later.
For fuck sake, was that implemented into this client too? Because if I'm botnetted I truly mean bibi Project Throwback.

#edit
Their AutoPatch.exe is clean so unless it was implemented into conquer.exe or a DLL that conquer.exe already loads (Autopatcher does no injection) the client is clean & shiny.

If the installer was an install not a rar extraction(I can't remember) it could've added something somewhere else gets executed on system startup.. my startup appears clean.
11/30/2012 23:59 SkyTearZz#77
Idk. When they ran true classic they used it to ddos bladestears and l2h when it was starting up. Theres a thread on it on epvp somewhere about the whole fiasco.
12/01/2012 00:02 _DreadNought_#78
Quote:
Originally Posted by SkyTearZz View Post
Idk. When they ran true classic they used it to ddos bladestears and l2h when it was starting up. Theres a thread on it on epvp somewhere about the whole fiasco.
link?
12/01/2012 00:10 SkyTearZz#79
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
12/01/2012 00:28 _DreadNought_#80
Thanks.

I may be wrong but I have reason to believe if you run this client you are botnetted with an exe binded to conquer.exe as there are two connections coming from conquer.exe 1 to the server and 1 to [Only registered and activated users can see links. Click Here To Register...] and it appears as two conquer.exe's from netstat and only one active in taskmgr.

I say this because no other of my conquer.exe's make two connections, I also at one point saw this co.exe have a message SYN_Sent in netstat and the 2nd connection is also offline.

Thread will follow up if my assumption is confirmed.

#edit
Confirmed you are botnetted.

The 2nd IP from their conquer.exe belongs to a minecraft server(explains weird port).. [Only registered and activated users can see links. Click Here To Register...]
12/01/2012 00:36 SkyTearZz#81
I wonder what mine craft would be doing with a co exe.....
12/01/2012 00:40 _DreadNought_#82
The owner probably got banned from a server and decided to ddos them.

#edit
They changed target using a redirect to mask the IP... oh look at that "%ERROR:201: access denied for /96.44.128.138
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying."

I don't remember ever going to that or seeing it in my life.

#edit2
The conquer.exe has been proven to infect you by going to a URL that without an antivirus steals info from ur pc one of the ips it takes u to is "173.255.217.235" if u google that u'll see trojan, honeypot etc.

/running antivirus now.
12/01/2012 02:17 SkyTearZz#83
Uh oh here we go, turn up the radio.
That explains the recent ddos attacks on servers.
12/01/2012 02:47 a7xfan06#84
Alright, well been awhile since I really looked at epvp, My apologies for that as I've been pretty busy here lately with the holidays and such.

Quote:
Originally Posted by ×Holo View Post
Message for the owners of the server, I need a fast reply to [Only registered and activated users can see links. Click Here To Register...]. Because that may go to [Only registered and activated users can see links. Click Here To Register...].
I don't see how anything related to another server has to do with this one. As far as the claims they aren't true, I'd be glad to prove that to you. Thanks.

Quote:
Originally Posted by _DreadNought_ View Post
For fuck sake, was that implemented into this client too? Because if I'm botnetted I truly mean bibi Project Throwback.

#edit
Their AutoPatch.exe is clean so unless it was implemented into conquer.exe or a DLL that conquer.exe already loads (Autopatcher does no injection) the client is clean & shiny.

If the installer was an install not a rar extraction(I can't remember) it could've added something somewhere else gets executed on system startup.. my startup appears clean.
Thanks for the review and sharing your opinion on the server.

If you'd like I can show you the source code to the autopatcher.exe as it contains nothing of the sort, and as far as the "Conquer.exe" goes, It was downloaded from fangs post along with the client. The only thing that's been modified was the allowance of 4 clients to be opened and the fps to be raised. Nothing else has been changed, I'm sure there are many, many ways to test that.

Quote:
Originally Posted by SkyTearZz View Post
Uh oh here we go, turn up the radio.
That explains the recent ddos attacks on L2H.
We have in no way preceded to attack L2H nor do we have an interest in doing so.

Though we have had our difficulties with each other in the past, that in no way effects anything to this day, as it's all been moved past that and it is the 'past' for a reason.

Further more, you and I both know there's easy ways of tracking where the attacks are coming from. Before you start pointing fingers and who's doing this or who's doing that, I think you should have some solidified proof, as I'm getting sick of all these accusations.

Thanks,
12/01/2012 02:52 SkyTearZz#85
You need to address the other post by dread about the IP.
12/01/2012 02:58 a7xfan06#86
Quote:
Originally Posted by SkyTearZz View Post
You need to address the other post by dread about the IP.
Which IP? I've seen a few, neither of which have to do with me nor project throwback.

--Edit

In order to pull something like that off, you'd require ASM knowledge. Something our staff, and myself know very little to nothing of. So how anyone would accuse us of putting a (minecraft? wtf?) botnet into the .exe is beyond me, as I said.. I downloaded it from fangs download post. If it's in our EXE it's in that public 5017 client, anything else i'd be glad to let anyone with some knowledge take a look.
12/01/2012 03:12 _DreadNought_#87
Back from reinstalling windows to make sure it was gone.

Lies lies... stupid people everywhere! I know for a fact and even prooved to one of your PM's that conquer.exe at least makes connections to other IPs and proven to him(he saw it for himself on his own computer) that it downloads malware... I know I saw myself a DoS taking place from my Conquer.exe.... I know myself I got infected with some shit from using your Conquer.exe don't even try to hide it. As I said I can confirm 2 connections coming from your conquer.exe "netstat -nbt" and I am sure SkyTearz will confirm this for me too when he gets a chance, and the 2nd connection taking u to bad things.

*stealing quote* I don't forgive so don't forget expect us.

I'm coming for you ;)

#edit
I quote from the PM "we'll probably update the conquer.exe and then make a news post about it telling people" you claim it was fangs conquer.exe? Oh really, Change your version to 1009 and update... new conquer.exe gets put in place.. why show me the autopatcher source? I've reflected it anyways.

Please, don't feed us your bullshit you've done it before you've done it again just more smartly.
12/01/2012 03:18 a7xfan06#88
Quote:
Originally Posted by _DreadNought_ View Post
Back from reinstalling windows to make sure it was gone.

Lies lies... stupid people everywhere! I know for a fact and even prooved to one of your PM's that conquer.exe at least makes connections to other IPs and proven to him(he saw it for himself on his own computer) that it downloads malware... I know I saw myself a DoS taking place from my Conquer.exe.... I know myself I got infected with some shit from using your Conquer.exe don't even try to hide it. As I said I can confirm 2 connections coming from your conquer.exe "netstat -nbt" and I am sure SkyTearz will confirm this for me too when he gets a chance, and the 2nd connection taking u to bad things.

*stealing quote* I don't forgive so don't forget expect us.

I'm coming for you ;)

#edit
I quote from the PM "we'll probably update the conquer.exe and then make a news post about it telling people" you claim it was fangs conquer.exe? Oh really, Change your version to 1009 and update... new conquer.exe gets put in place.. why show me the autopatcher source? I've reflected it anyways.

Please, don't feed us your bullshit you've done it before you've done it again just more smartly.
Alright, Well enjoy then. Apparently I'm speaking to a wall.

Thanks,
12/01/2012 03:21 _DreadNought_#89
Quote:
Originally Posted by a7xfan06 View Post
Alright, Well enjoy then. Apparently I'm speaking to a wall.

Thanks,
Your PM has seen proof over TeamViewer and then confirmed it on his own machine, idiot.


@Your edited post:
I'm unsure how you've done it but if it's possible I believe you have binded an exe with Conquer.exe.. no asm knowledge needed there :)
12/01/2012 03:35 SkyTearZz#90
Chris has done it for you once and he probably did it again. It doesn't require asm knowledge. Probably some program using virtualization. I can confirm it too. L2H starting massively lagging and I started up the Throwback client and look what I see.
[Only registered and activated users can see links. Click Here To Register...]