Pixelbot Warning ! Virus detected ! [IMPORTANT]

Page 1 of 3 1 23
07/08/2013 13:26 DjCedrics#1
I have downloaded FlutterShy's pixelbot 1-2 month ago. Since that date, my PC becomes slower. I was searching the reason of it then I remembered I have Pixelbot ( Flutter-bot ) on my desktop. I scanned that on Virustotal.com and got these results: (28/47)

[Only registered and activated users can see links. Click Here To Register...]

I downloaded the bot again today from FlutterShy's website ( Cuz he deleted the download link from his topic: [Only registered and activated users can see links. Click Here To Register...] ) and scanned again. Got the same results...

If you want to download Pixelbot from his website scan that again, you can use this link

[Only registered and activated users can see links. Click Here To Register...]

I scanned the bot with ESET Smart Security 5 and it said it is clean. But I sent the bot for scan to ESET and they said me it is a malware. Because of it is crypted, most of the Antiviruses cannot find it.

He has bended his bot with his RAT server(virus), and crypted 'em. He says he has crypted the bot for its source codes. But i think this isn't true, of course :). If you run his bot, your computer will be added to his RAT client list, and he can do everything to your computer; keylogging, stealing your accs, learning your stored passwords, watching your webcam and desktop etc. etc. He takes all the users for a fool. :mad:

He always says "Trusted members checked my source codes and have found no problem.". Yeah, I'm agree with that. There may be no problem with source code. Bot works very fine. Cuz the RAT doesn't effect bot's functions.

I saw that other Trusted(!) members supporting him: The blind leading the blind :)

So, I want to warn e*pvp family not to use Pixelbot(Flutter-bot). Or use at your own risk.



07/08/2013 13:27 Requi#2
FlutterShy is trusted. I know the source.

There is nothing awful in it. So stop telling shit and look what you download. Maybe you downloaded any fake crack.
07/08/2013 13:33 DjCedrics#3
Quote:
Originally Posted by Requi View Post
FlutterShy is trusted. I know the source.

There is nothing awful in it. So stop telling shit and look what you download. Maybe you downloaded any fake crack.
No I have downloaded the bot from his website, haven't downloaded anything else like fake crack etc. And we talked about it with him, I sent the Virustotal results to him he scanned that again and he says It's not a virus I have the source codes trusted members have checked that and there is no problem.


I don't say anything to his bot. The bot works fine, it's source code may have no problem, but when it is working, on the other hand you are setting up the RAT to your computer. Download that and scan that on Virustotal. Please see the results.
07/08/2013 13:37 Requi#4
Quote:
but when it is working, on the other hand you are setting up the RAT to your computer.
The RAT doesn't come from the bot. I am 100% sure.
07/08/2013 13:39 DjCedrics#5
Quote:
Originally Posted by Requi View Post
The RAT doesn't come from the bot. I am 100% sure.
If you are sure, download Pixelbot from that Trusted member's website and scan that on Virustotal. RAT is binded with the bot. And they are crypted to be FUD.
07/08/2013 13:42 Requi#6
.rar:
[Only registered and activated users can see links. Click Here To Register...]
.exe bot:
[Only registered and activated users can see links. Click Here To Register...]
.exe updater:
[Only registered and activated users can see links. Click Here To Register...]

I am sure, it's from the packer. But I'll talk with him, if he is online.

Also, I googled the type of virus. It's seems to be like adware. Maybe he put something like a hidden adfly bot, to earn cash with ads.
If you would make a Bot, I think you want money too, or? :)
07/08/2013 13:46 yakuzas#7
[Only registered and activated users can see links. Click Here To Register...]
same result
07/08/2013 13:49 DjCedrics#8
Quote:
Originally Posted by Requi View Post
.rar:
[Only registered and activated users can see links. Click Here To Register...]
.exe bot:
[Only registered and activated users can see links. Click Here To Register...]
.exe updater:
[Only registered and activated users can see links. Click Here To Register...]

I am sure, it's from the packer. But I'll talk with him, if he is online.

Also, I googled the type of virus. It's seems to be like adware. Maybe he put something like a hidden adfly bot, to earn cash with ads.
If you would make a Bot, I think you want money too, or? :)
But he must warn the users before download. Cuz an adware bot uses the bot user's internet without his permission. I am into Crypting, Decompiling and Remote Administrating and he has used "CryptMyFile" he thinked it was FUD but now it is not FUD anymore cuz someone has sent the file Virustotal before me and they analysed the file and solved the cryption. And when I uploaded my RAT server to Virustotal with the same cryption, it says the same virus type. So im 100% sure it is not an Adware bot. So, I'm just saying this:

Due to my scans it is binded with a RAT server that can easily harm your PC, so use it at your own risk !
07/08/2013 13:51 Requi#9
It's not bound with a rat.

So stop lieng now! I talked with him.

It's just packed.
07/08/2013 13:55 DjCedrics#10
Quote:
Originally Posted by Requi View Post
It's not bound with a rat.

So stop lieng now! I talked with him.

It's just packed.
Do you think he will tell the truth ? :) I'm not lying, I just warn the e*pvp users for not being negatively effected from his RAT binded bot!
07/08/2013 14:01 'Unicorn'#11
Flutter,just don't turn on my webcam when i'm seeing p*rn and it's all okey:D
07/08/2013 14:14 gabrielcool1#12
Quote:
Originally Posted by Requi View Post
FlutterShy is trusted. I know the source.

There is nothing awful in it. So stop telling shit and look what you download. Maybe you downloaded any fake crack.
There also are a posibility that he gived you the source withouth virus and he have 2 versions, withouth and with virus so he'll give withouth to the security(admins-mods-other people) and with virus to us.
Think about it.
07/08/2013 14:27 Luffa#13
Haha this thread looks like original poster, trying to shoot on someone else, just because the original poster got infected at the internet.

Sounds like OP has visited a site that had a java driveby,

Best Regards Zeta
07/08/2013 14:53 YatoDev#14
Quote:
Originally Posted by Requi View Post
It's not bound with a rat.

So stop lieng now! I talked with him.

It's just packed.
it isnt even packed its a normal compiled .exe without any deobfuscating .

I dont use hidden adfly tool and if i do i wont say users anything because they dont get any issues from it .

Most antivir software will detect these code lines

Code:
Global $ver = "1.0"
Global $ver2 = "1.0"
Global $ver3 = "1.0"
Global $iniurl = "https://dl.dropbox.com/s/p43zl6b6p0oxazh/bot.ini?token_hash=AAFq3stld5RFXJ3DS3xd0fMQA821TkxVnhHkJXrd4bho4Q&dl=1"
Global $updaterurl = "https://dl.dropbox.com/s/185mgkhkfxspwtx/Flutter-Updater.exe?token_hash=AAFTJfuCdqQvz8jcOEl-l2bK1KFGmKLFQevu18ZSEYaMOQ&dl=1"
Global $boturl = "https://dl.dropbox.com/s/kmg5f0f0d2btfw9/Flutter-Bot.exe?token_hash=AAFKZ-eztSkSQSEbCrJ7raeXd4G2FY7pRCr7wkF0vshdGg&dl=1"
ProcessSetPriority("Flutter-Bot.exe", 4)
_check()

Func _check()
	InetGet($iniurl, @ScriptDir & "\bot.ini", 1, 0)
	$updater = IniRead(@ScriptDir & "\bot.ini", "update", "update", "")
	$aktuell = IniRead(@ScriptDir & "\bot.ini", "version", "version", "")
	$links = IniRead(@ScriptDir & "\bot.ini", "links", "link1", "")
	If $updater <> $ver2 Then
		MsgBox(1, "Updater", "Updater needs new version")
		InetGet($updaterurl, @ScriptDir & "\Flutter-Updater.exe", 1, 0)
	Else
		FileDelete(@ScriptDir & "\bot.ini")
	EndIf
	If $aktuell <> $ver Then
		FileDelete(@ScriptDir & "\bot.ini")
		MsgBox(1, "Updater", "Bot update Available" & @CRLF & "Close Bot Now")
		Run("Flutter-Updater.exe")
		Sleep(100)
		Exit 
	Else
		FileDelete(@ScriptDir & "\bot.ini")
	EndIf
EndFunc
its the source for the download from an Update
07/08/2013 15:07 DjCedrics#15
Quote:
Originally Posted by »FlutterShy™ View Post
it isnt even packed its a normal compiled .exe without any deobfuscating .

I dont use hidden adfly tool and if i do i wont say users anything because they dont get any issues from it .

Most antivir software will detect these code lines

Code:
Global $ver = "1.0"
Global $ver2 = "1.0"
Global $ver3 = "1.0"
Global $iniurl = "https://dl.dropbox.com/s/p43zl6b6p0oxazh/bot.ini?token_hash=AAFq3stld5RFXJ3DS3xd0fMQA821TkxVnhHkJXrd4bho4Q&dl=1"
Global $updaterurl = "https://dl.dropbox.com/s/185mgkhkfxspwtx/Flutter-Updater.exe?token_hash=AAFTJfuCdqQvz8jcOEl-l2bK1KFGmKLFQevu18ZSEYaMOQ&dl=1"
Global $boturl = "https://dl.dropbox.com/s/kmg5f0f0d2btfw9/Flutter-Bot.exe?token_hash=AAFKZ-eztSkSQSEbCrJ7raeXd4G2FY7pRCr7wkF0vshdGg&dl=1"
ProcessSetPriority("Flutter-Bot.exe", 4)
_check()

Func _check()
	InetGet($iniurl, @ScriptDir & "\bot.ini", 1, 0)
	$updater = IniRead(@ScriptDir & "\bot.ini", "update", "update", "")
	$aktuell = IniRead(@ScriptDir & "\bot.ini", "version", "version", "")
	$links = IniRead(@ScriptDir & "\bot.ini", "links", "link1", "")
	If $updater <> $ver2 Then
		MsgBox(1, "Updater", "Updater needs new version")
		InetGet($updaterurl, @ScriptDir & "\Flutter-Updater.exe", 1, 0)
	Else
		FileDelete(@ScriptDir & "\bot.ini")
	EndIf
	If $aktuell <> $ver Then
		FileDelete(@ScriptDir & "\bot.ini")
		MsgBox(1, "Updater", "Bot update Available" & @CRLF & "Close Bot Now")
		Run("Flutter-Updater.exe")
		Sleep(100)
		Exit 
	Else
		FileDelete(@ScriptDir & "\bot.ini")
	EndIf
EndFunc
its the source for the download from an Update
I don't say anything wrong about the source code. It's source is not our problem. Bot works fine, we all know this. Problem is you have binded your Bot with a RAT server...
Page 1 of 3 1 23