ROAP Reposted

10/09/2009 14:34 ExTNT#1

If you guys didnt know what is ROAP, it is Ragnarok Online Advanced Proxy. Known to use to spam skills (function like wpe). Well, figured it yourself, I already quit RO for years. This tool is made by CyRuSTheViRuS.

Maybe infected, I'm not sure. But ever since I used it, it's safe. Mod, you may validate this file safety and is upon your approval.

I think CyRuS do leave his source code for this tool. I just compiled it.

File Info

Report generated: 9.10.2009 at 14.32.41 (GMT 1)
Filename: ROAP.exe
File size: 1061069
MD5 Hash: c3c71a94956d8510a4723a5a72962f10
SHA1 Hash: DFCE917D0EE97A8AB6FBD14A7157FE443F9C5B33
Self-Extract Archive: Nothing found
Binder Detector: File is possible binded with malware
Detection rate: 1 on 23

Detections

a-squared - -
Avira AntiVir - TR/Dropper.Gen
Avast - -
AVG - -
BitDefender - -
ClamAV - -
Comodo - -
Dr.Web - -
Ewido - -
F-PROT6 - -
Ikarus T3 - -
Kaspersky - -
McAfee - -
NOD32 v3 - -
Norman - -
Panda - -
QuickHeal - -
Solo Antivirus - -
Sophos - -
TrendMicro - -
VBA32 - -
VirusBuster - -
ZonerAntivirus - -

Scan report generated by
[Only registered and activated users can see links. Click Here To Register...]

For VirusTotal scan, you can view here: [Only registered and activated users can see links. Click Here To Register...]

Check the HASH and Checksum.

10/16/2009 08:42 Silence010#2

is this working in onlines? or for privates only?

10/17/2009 02:34 gelior#3

as it says .. my avira is truly detecting a dropper.gen

complete scan

6/41 (14.64%)

a-squared 4.5.0.41 2009.10.16 -
AhnLab-V3 5.0.0.2 2009.10.16 -
AntiVir 7.9.1.35 2009.10.16 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.16 -
BitDefender 7.2 2009.10.17 -
CAT-QuickHeal 10.00 2009.10.16 -
ClamAV 0.94.1 2009.10.16 Trojan.Dropper.Bancos.E.1
Comodo 2625 2009.10.17 -
DrWeb 5.0.0.12182 2009.10.17 -
eSafe 7.0.17.0 2009.10.15 -
eTrust-Vet 35.1.7072 2009.10.16 -
F-Prot 4.5.1.85 2009.10.16 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.17 -
Ikarus T3.1.1.72.0 2009.10.16 Trojan-Dropper
Jiangmin 11.0.800 2009.10.16 Heur:Backdoor/Huigezi
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.17 -
McAfee 5773 2009.10.16 -
McAfee+Artemis 5773 2009.10.16 Artemis!C3C71A94956D
McAfee-GW-Edition 6.8.5 2009.10.16 Trojan.Dropper.Gen
Microsoft 1.5101 2009.10.16 -
NOD32 4516 2009.10.17 -
Norman 6.03.02 2009.10.16 -
nProtect 2009.1.8.0 2009.10.15 -
Panda 10.0.2.2 2009.10.16 -
PCTools 4.4.2.0 2009.10.16 -
Prevx 3.0 2009.10.17 -
Rising 21.51.44.00 2009.10.16 -
Sophos 4.46.0 2009.10.17 -
Sunbelt 3.2.1858.2 2009.10.16 -
Symantec 1.4.4.12 2009.10.17 -
TheHacker 6.5.0.2.044 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.16 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.16.1988 2009.10.16 -
VirusBuster 4.6.5.0 2009.10.16 -

EDIT:
I started it guys.. it told me that an OCX component is missing ..
it creates a .crssrs.exe which will be created in localsetting/User/...my avira said
which is a dropper.gen again

i would say, dont download this guys until you have a recovery cd and 5 antivir programms installed

10/17/2009 16:17 CapFlint#4

This is new virus signature, generate process in autorun crscs.exe and ddos IP 115.135.126.128 port 80 and 71

11/20/2009 07:28 chucks11#5

this shit is not working :)

11/22/2009 04:55 DJanzok#6

not working on my server :(