[All Text Removed - Hiyoal]
New Speed Hack for patch 5116
03/29/2009 07:15
cocolimo#1
03/29/2009 19:29
gewoon#2
ARDAMAX KEYLOGGER DON'T DOWNLOAD
03/29/2009 19:31
cocolimo#3
false alarm, this program is clean.Quote:
ARDAMAX KEYLOGGER DON'T DOWNLOAD
may show auto.it in scan.
03/29/2009 20:07
high6#4
I will analyze this more in a bit guys. Speed hack seems safe...
03/29/2009 20:28
marcino16#5
Antivir: Nothing found
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found
[Only registered and activated users can see links. Click Here To Register...]
Scanned by [Only registered and activated users can see links. Click Here To Register...]
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found
[Only registered and activated users can see links. Click Here To Register...]
Scanned by [Only registered and activated users can see links. Click Here To Register...]
03/29/2009 20:28
marcino16#6
Antivir: Nothing found
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found
[Only registered and activated users can see links. Click Here To Register...]
Scanned by [Only registered and activated users can see links. Click Here To Register...]
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found
[Only registered and activated users can see links. Click Here To Register...]
Scanned by [Only registered and activated users can see links. Click Here To Register...]
03/29/2009 20:49
Sniguracka#7
Are u sure ? ..Quote:
File 90_NoDC-SpeedHack-XclusiveRelease received on 03.29.2009 20:42:25 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.29 Trojan-Spy.Win32.Ardamax!IK
AhnLab-V3 5.0.0.2 2009.03.29 -
AntiVir 7.9.0.129 2009.03.27 ADSPY/Dropper.Ardamax.Gen
Antiy-AVL 2.0.3.1 2009.03.29 -
Authentium 5.1.2.4 2009.03.28 W32/Ardamax.H
Avast 4.8.1335.0 2009.03.29 -
AVG 8.5.0.285 2009.03.28 PSW.Generic5.ZKD
BitDefender 7.2 2009.03.29 Trojan.Keylog.Ardamax.NAI
CAT-QuickHeal 10.00 2009.03.28 Trojan.Agent.IRC
ClamAV 0.94.1 2009.03.29 Trojan.Dropper-3246
Comodo 1089 2009.03.29 TrojWare.Win32.TrojanSpy.Ardamax.~L
DrWeb 4.44.0.09170 2009.03.29 Trojan.MulDrop.15072
eSafe 7.0.17.0 2009.03.27 -
eTrust-Vet 31.6.6421 2009.03.27 -
F-Prot 4.4.4.56 2009.03.28 W32/Ardamax.H
Fortinet 3.117.0.0 2009.03.29 Misc/BadJoke_Agent
GData 19 2009.03.29 Trojan.Keylog.Ardamax.NAI
Ikarus T3.1.1.48.0 2009.03.29 Trojan-Spy.Win32.Ardamax
K7AntiVirus 7.10.684 2009.03.28 Trojan-Spy.Win32.Ardamax.N
Kaspersky 7.0.0.125 2009.03.29 Trojan-Spy.Win32.Ardamax.n
McAfee 5568 2009.03.29 Spy-Agent.cv
McAfee+Artemis 5568 2009.03.29 Spy-Agent.cv
McAfee-GW-Edition 6.7.6 2009.03.29 Ad-Spyware.Dropper.Ardamax.Gen
Microsoft 1.4502 2009.03.29 TrojanSpy:Win32/Ardamax.A
NOD32 3972 2009.03.28 Win32/KeyLogger.Ardamax.NAP
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.29 -
Panda 10.0.0.10 2009.03.29 Suspicious file
PCTools 4.4.2.0 2009.03.29 -
Rising 21.22.62.00 2009.03.29 Trojan.Spy.Win32.Ardamax.n
Sophos 4.40.0 2009.03.29 Ardamax Installer
Sunbelt 3.2.1858.2 2009.03.29 Ardamax Keylogger
Symantec 1.4.4.12 2009.03.29 Suspicious.MH690.A
TheHacker 6.3.3.9.296 2009.03.29 -
TrendMicro 8.700.0.1004 2009.03.28 TSPY_ARDAMAX.GA
VBA32 3.12.10.1 2009.03.27 Trojan-Spy.Win32.Ardamax.n
ViRobot 2009.3.27.1666 2009.03.27 -
Request Ban , Edit and Close ! <3
03/29/2009 21:16
high6#8
I didn't see anything on the speedhack.
But yes the first download is a virus from what I see. A poorly written one too.
But yes the first download is a virus from what I see. A poorly written one too.
03/29/2009 21:18
high6#9
It extracts a ton of files to a folder (random numbers) in system32 and then executes some exes.
03/29/2009 22:19
3lawerkoko#10
the file is virased
03/29/2009 22:43
CampStaff#11
Malicious TROJAN Detected
When we run your Trojan in a Sandbox, the following is what happens:
First, this trojan createst the following files on the host computer:
And then it reads and/or modifies these files on the host computer:
Afterwhich, it modifies and adds these registry keys to the host computer:
Then it sends your data to his server/FTP mentioned above so he can take your passwords and information.
No sir, this is a keylogging Trojan, and as a Programmer, Im going to show to you how you are deceiving everyone.Quote:
When we log the network activiity of your 'cheat', we see it do the following:Quote:
File Info
Report generated: 29.3.2009 at 22.30.39 (GMT 1)
Filename: 01FirstConquerPatcher5105.exe.exe
File size: 745 KB
MD5 Hash: FD65C96F6291683B0B280717106D961C
SHA1 Hash: BDAACD496D9787D48DE7682479F8479CB3D9EBCF
Packer detected: Microsoft Visual C++ 6.0 [Overlay]
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
Detection rate: 18 on 24
Detections
a-squared - Nothing found!
Avira AntiVir - ADSPY/Dropper.Ardamax.Gen
Avast - Nothing found!
AVG - PSW.Generic5.ZKD
BitDefender - Trojan.Keylog.Ardamax.NAI
ClamAV - Trojan.Dropper-3246
Comodo - TrojWare.Win32.TrojanSpy.Ardamax.~L
Dr.Web - Trojan.MulDrop.15072
Ewido - Logger.Ardamax.n
F-PROT 6 - W32/Ardamax.H
G DATA - Trojan-Spy.Win32.Ardamax.n A
IkarusT3 - Trojan-Spy.Win32.Ardamax
Kaspersky - Trojan-Spy.Win32.Ardamax.n
McAfee - Spy-Agent.cv trojan
MHR (Malware Hash Registry) - Nothing found!
NOD32 v3 - Win32/KeyLogger.Ardamax.NAP
Norman - Nothing found!
Panda - Nothing found!
Quick Heal - Trojan.Agent.IRC
Solo Antivirus - Nothing found!
Sophos - Ardamax Installer
TrendMicro - TSPY_ARDAMAX.GA
VBA32 - Trojan-Spy.Win32.Ardamax.n
Virus Buster - Trojan.DR.Ardamax.Gen.3
Scan report generated by
[Only registered and activated users can see links. Click Here To Register...]
Quote:
Log to come, filtering out IP address and unneeded informationno from it
When we run your Trojan in a Sandbox, the following is what happens:
Code:
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.
Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web.
Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
Spawns Processes: The executable produces processes during the execution.
Performs Registry Activities: The executable reads and modifies register values. It also creates and monitors register keys.
Code:
C:\DOCUME~1\user\LOCALS~1\Temp\@1.tmp C:\DOCUME~1\user\LOCALS~1\Temp\@2.tmp C:\WINDOWS\system32\28463\ C:\WINDOWS\system32\28463\AKV.exe C:\WINDOWS\system32\28463\HDIO.001 C:\WINDOWS\system32\28463\HDIO.006 C:\WINDOWS\system32\28463\HDIO.007 C:\WINDOWS\system32\28463\HDIO.exe
Code:
C:\DOCUME~1\user\LOCALS~1\Temp\@2.tmp C:\Documents and Settings\All Users\Documents\desktop.ini C:\Documents and Settings\user\My Documents\desktop.ini C:\WINDOWS\Registration\R00000000000f.clb C:\WINDOWS\system32\28463\HDIO.exe C:\sample.exe PIPE\lsarpc PIPE\wkssvc
Code:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKLM\Software\Microsoft\Windows\CurrentVersion\Run [IMG]http://anubis.iseclab.org/?action=report_resource&version=3.1&resource=/images/info.gif[/IMG] HDIO Agent C:\WINDOWS\system32\28463\HDIO.exe
03/30/2009 01:48
coolkid1#12
i wanted it but for some reason i believe its a key logga
03/30/2009 03:13
mohamedtota#13
.....
03/30/2009 04:55
Jenks#14
my pc is lower for virus ardamax and etc...
03/30/2009 06:14
sivarak#15
how do i remove it?