ESRO Client really clean?

08/21/2011 21:13 ownedbydark#1
Hi guys two of my friends complained that they may got problems due to playing esro with their online banking.
I checked the connections which is esro opening, because this was the only programm they installed the last days.
First of all is the sro_client already detected by different anti virus tools as trojan.
I checked which connections the sro_client.exe opens and interessting is its opening a http connection ( Port 80) to this ip Address:58.64.28.172.
The regular sro_client is not doing that as far as i know.
Maybe its just their item mal which is poping up ingame or what ever.
But maybe here is someone more experienced user who can give us a little more details about that,

thanks in advance and best regards
ownedbydark
08/21/2011 21:30 Kape7#2
What client are you talking about? My client or the ones that the admin uploaded after I left?
08/21/2011 21:46 ownedbydark#3
I dont know which one he downloaded but i guess its the same or did you upload any other Client than the client from sro.vn?
08/21/2011 22:11 Kape7#4
When I left the team he uploaded another client with esro5 included on the launcher and the links to my capacity page removed, that client was 100mb bigger than my client. I dont know what he modified there, so is for make sure if you are using the client he uploaded or mines.
08/21/2011 22:36 zeteris#5
Quote:
Originally Posted by ownedbydark View Post
Hi guys two of my friends complained that they may got problems due to playing esro with their online banking.
I checked the connections which is esro opening, because this was the only programm they installed the last days.
First of all is the sro_client already detected by different anti virus tools as trojan.
I checked which connections the sro_client.exe opens and interessting is its opening a http connection ( Port 80) to this ip Address:58.64.28.172.
The regular sro_client is not doing that as far as i know.
Maybe its just their item mal which is poping up ingame or what ever.
But maybe here is someone more experienced user who can give us a little more details about that,

thanks in advance and best regards
ownedbydark
It's one of thSro (BlackRogue) ip. I think GameGuard uses this connection.
08/21/2011 23:26 ownedbydark#6
I tried to catch any packets sent to that ip during the silkroad client is opened but there wasnt any packet. But i just started catching them after i was already logged in.
The connection was all the time alive.
That gameguard is a possibilty, i also saw that then connection is opening after choosing the character and entering the game not on the log on screen
@Synx7 my client including the Server 5 and was downloaded from their page :)
08/22/2011 00:58 zeteris#7
I really think that client or GameGuard connects to thSro. Cause the ip u gave is very ( very means VERY ) simmilar to thSro GatewayServer.
08/22/2011 04:07 Kape7#8
[Only registered and activated users can see links. Click Here To Register...]

I think that IP is the ones from the Crest server (the ones with the guild marks). As far as I know the admin is still using the official crest server.