aloken server files with silkbotter client.

Page 6 of 6

09/16/2009 16:04 ~Kakkarot~#76

you hacked, and they banned you, HOW DARE THEY ...lol, and yes to me 9dragons is a cheap imitation of dekaron/2moons

EDIT: and yes we can play 2moons, i played it the whole time beacuse dekaron has autoban so it was slower for me to lvl there

09/17/2009 13:01 Dekaron Legendz#77

2moons will get aloken on 24th not close ^^

09/17/2009 13:04 ~Kakkarot~#78

xD oh boy oh boy, 2moons will NOT EXSIST ON SEPTEMBER 24, it will be added as a new server group on global dekaron

09/17/2009 23:27 !Haroon!#79

2moons is basiclly Siz.. so it does technichally excist but it also dosen't if that makes sence. Helion is Dekaron europe and Rondow is a new server... Yes a complete new start. Thats most likely where im going to kick back and enjoy the game.

09/17/2009 23:45 ~Kakkarot~#80

how can 2moons "tehnicly" exsist after sep 24 if acclaim will be no more and 2moons will not be called 2moons and there wont be a 2moons client or a game called 2moons, only global dekaron

09/18/2009 02:15 Decima#81

this server is officially a virus, which takes the DB info and sends it to here:

gtss.3322.org using port number 5006

i have logged the outgoing traffic thru my router and since i tried this server i get this, and today someone jumped on and made a character named [DEKARON] , which was a neat trick because i have no registration page, the only way to make an account or a character is thru the DB, so this guy needs to be banned, and this thread needs to be closed, and if you have used this with ur current DB settings i suggest that you wipe your machine and change the password.

09/18/2009 02:55 bullet21.#82

oh yea and dont forgett to delete all those links they were posted here

09/18/2009 03:36 Decima#83

dont mean to spam but i got some info on the domain name the info was being sent to:

[Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

and here is the name of the trojan that has been the source of 'pain in my ass' :

TROJ_GEN.0Z0313S
&
PE_CORELINK.C-1

its tried several ports incoming and outgoing, these are the favorites :

5006
1433
21
12200
80
8080
8008
8018

and now i am getting it from this ip address (before it jumped around a few random ip address, now that i have blocked all the other ports thru my router, its steady from this address):

213.218.154.210

seems to be an apache server setup, i guess trying to get thru other ports to retrieve its information

and i still see this guy posting in other threads, and avoiding this one . . .

09/18/2009 10:01 ~Kakkarot~#84

so i belive its time for this guy to go ban ban

09/18/2009 14:40 !Haroon!#85

Quote:

Originally Posted by ~Kakkarot~

how can 2moons "tehnicly" exsist after sep 24 if acclaim will be no more and 2moons will not be called 2moons and there wont be a 2moons client or a game called 2moons, only global dekaron

There will be no official 2moons anymore but the player base will be in Siz thats what i meant.

09/18/2009 15:12 trane.#86

#Thread finally edited and closed.

But I can't request ban for him since I can't scann that big files with web-scanners.

Page 6 of 6

« First