about sv

ok im not saying that anantasia is a hacker cuz im sure she didnt put this in here, but the unpacked version hosted in her thread has detected viruses that the one from 9net9 does not have... PWS appears in both versions. but the one anant posted seems WAY more infected.

Scan from Anant's:

Complete scanning result of "ScriptVessel-4339.rar", received in VirusTotal at 03.19.2007, 01:13:42 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.18.2007 no virus found
Authentium 4.93.8 03.17.2007 could be a corrupted executable file <------------
Avast 4.7.936.0 03.19.2007 no virus found
AVG 7.5.0.447 03.18.2007 no virus found
BitDefender 7.2 03.19.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan<--------------------------
ClamAV 0.90.1 03.19.2007 no virus found
DrWeb 4.33 03.18.2007 Trojan.PWS.Lenmir.30 <------------------------------------
eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm <----------------------------
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 no virus found
FileAdvisor 1 03.19.2007 no virus found
Fortinet 2.85.0.0 03.18.2007 suspicious <--------------------------------------------
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.18.2007 no virus found
Ikarus T3.1.1.3 03.18.2007 Backdoor.Win32.Agent.JL <---------------------------
Kaspersky 4.0.2.24 03.19.2007 no virus found
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.18.2007 no virus found
NOD32v2 2125 03.18.2007 no virus found
Norman 5.80.02 03.16.2007 no virus found
Panda 9.0.0.4 03.18.2007 no virus found
Prevx1 V2 03.19.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious <----------------------------------
Symantec 10 03.18.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 Trojan.PWS.Lenmir.30 <----------------------------------
VirusBuster 4.3.7:9 03.18.2007 no virus found


Aditional Information
File size: 648011 bytes
MD5: b6155f498a6e2a3786f3918431b1809d
SHA1: 60bb2ac1dceae36a5f331600a0616b0a670f14ad
packers: Aspack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


And straight from 9net9:

Complete scanning result of "SV-V0301-4339.rar", received in VirusTotal at 03.19.2007, 01:20:09 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.3.17.0 03.16.2007 no virus found
AntiVir 7.3.1.43 03.18.2007 no virus found
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.19.2007 no virus found
AVG 7.5.0.447 03.18.2007 no virus found
BitDefender 7.2 03.19.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found
ClamAV 0.90.1 03.19.2007 no virus found
DrWeb 4.33 03.18.2007 no virus found
eSafe 7.0.14.0 03.16.2007 no virus found
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 no virus found
FileAdvisor 1 03.19.2007 Not analyzed yet
Fortinet 2.85.0.0 03.18.2007 suspicious<--------------------------------
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.18.2007 no virus found
Ikarus T3.1.1.3 03.18.2007 Trojan-PWS.Lenmir.30<-------------------
Kaspersky 4.0.2.24 03.19.2007 no virus found
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.18.2007 no virus found
NOD32v2 2125 03.18.2007 no virus found
Norman 5.80.02 03.16.2007 no virus found
Panda 9.0.0.4 03.18.2007 no virus found
Prevx1 V2 03.19.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.18.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 no virus found
VirusBuster 4.3.7:9 03.18.2007 no virus found


Aditional Information
File size: 844133 bytes
MD5: ccfdb1c76b241b005bf3721c43f5408b
SHA1: 527d9b90780c35389bb5a328cf7b021ca3abdd29
Bit9 info: [Only registered and activated users can see links. Click Here To Register...]


big diff huh?

i recieved original version from 9net9 and after unpacking with stripper its in there too... so it was there :rolleyes: anantasia didnt do anything to it

What thread and post did those come from?

Quote:

Originally posted by a1blaster@Mar 19 2007, 01:59 What thread and post did those come from?

the first one was from anantasia "guide for 4339" and the second is the one recieved straight from 9net9. i think i will just cough up the 4 bucks lol. too many shady ppl puttin bogus shit in files :)

this is the link for anants thread: [Only registered and activated users can see links. Click Here To Register...]

pay money get your SV unpack it with stripper and holly shit its the same :eek:
hehe my friend payed it so i know it :rolleyes:
or just get mr.rattlz version of SV... no PSW stealer and it still works ;)

rattlz wont come off of it...

Hi all,

Sorry for bother all of you.

As i said in thread that file is infect with trojan and new version of SV from creator is still infect with that. Please use as your own risk.

Anyway when i got that file on that time. I try check with virustotal it's only appear PWS.trojan but with new version virus scanner(03/18/2007) it's appear new backdoor.

I suggest you download SV 0301 and try standalone version for at this moment.

If u want new version and new function. You must stand for challenge of changing.

OK here's the scans for unpacked ScriptVessel-4339.rar

ASPacked - countrymakeinUS.dll>>>

Quote:

Complete scanning result of "countrymakeinUS.dll", received in VirusTotal at 03.19.2007, 02:19:34 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.17.0 03.16.2007* no virus found AntiVir 7.3.1.43 03.18.2007* no virus found Authentium 4.93.8 03.17.2007* no virus found Avast 4.7.936.0 03.19.2007* no virus found AVG 7.5.0.447 03.18.2007* no virus found BitDefender 7.2 03.19.2007* no virus found CAT-QuickHeal 9.00 03.15.2007* no virus found ClamAV 0.90.1 03.19.2007* no virus found DrWeb 4.33 03.18.2007* no virus found eSafe 7.0.14.0 03.16.2007* no virus found eTrust-Vet 30.6.3486 03.16.2007* no virus found Ewido 4.0 03.18.2007* no virus found FileAdvisor 1 03.19.2007* no virus found Fortinet 2.85.0.0 03.18.2007* no virus found F-Prot 4.3.1.45 03.17.2007* no virus found F-Secure 6.70.13030.0 03.18.2007* no virus found Ikarus T3.1.1.3 03.18.2007 Backdoor.Win32.Agent.JL Kaspersky 4.0.2.24 03.19.2007* no virus found McAfee 4986 03.16.2007* no virus found Microsoft 1.2306 03.18.2007* no virus found NOD32v2 2125 03.18.2007* no virus found Norman 5.80.02 03.16.2007* no virus found Panda 9.0.0.4 03.18.2007* no virus found Prevx1 V2 03.19.2007* no virus found Sophos 4.15.0 03.13.2007* no virus found Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious Symantec 10 03.19.2007* no virus found TheHacker 6.1.6.076 03.15.2007* no virus found UNA 1.83 03.16.2007* no virus found VBA32 3.11.2 03.18.2007* no virus found VirusBuster 4.3.7:9 03.18.2007 no virus found Aditional Information File size: 178176 bytes MD5: b95921ccdac7afc6484d5429b160338a SHA1: 54b9f1a62f09a3e74aeccd1a5b0935ccb51f609d packers: Aspack Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Now watch how the scan changes.
Stripped - _countrymakeinUS.dll>>>

Quote:

Complete scanning result of "_countrymakeinUS.dll", received in VirusTotal at 03.19.2007, 02:19:14 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.17.0 03.16.2007* no virus found AntiVir 7.3.1.43 03.18.2007* no virus found Authentium 4.93.8 03.17.2007* no virus found Avast 4.7.936.0 03.19.2007* no virus found AVG 7.5.0.447 03.18.2007* no virus found BitDefender 7.2 03.19.2007* no virus found CAT-QuickHeal 9.00 03.15.2007* no virus found ClamAV 0.90.1 03.19.2007* no virus found DrWeb 4.33 03.18.2007 Trojan.PWS.Lenmir.30 eSafe 7.0.14.0 03.16.2007 Win32.Polipos.sus eTrust-Vet 30.6.3486 03.16.2007* no virus found Ewido 4.0 03.18.2007* no virus found FileAdvisor 1 03.19.2007* No threat detected Fortinet 2.85.0.0 03.18.2007 suspicious F-Prot 4.3.1.45 03.17.2007* no virus found F-Secure 6.70.13030.0 03.18.2007* no virus found Ikarus T3.1.1.3 03.18.2007 Trojan-PWS.Lenmir.30 Kaspersky 4.0.2.24 03.19.2007* no virus found McAfee 4986 03.16.2007* no virus found Microsoft 1.2306 03.18.2007* no virus found NOD32v2 2125 03.18.2007* no virus found Norman 5.80.02 03.16.2007* no virus found Panda 9.0.0.4 03.18.2007* no virus found Prevx1 V2 03.19.2007* no virus found Sophos 4.15.0 03.13.2007* no virus found Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious Symantec 10 03.19.2007* no virus found TheHacker 6.1.6.076 03.15.2007* no virus found UNA 1.83 03.16.2007* no virus found VBA32 3.11.2 03.18.2007 Trojan.PWS.Lenmir.30 VirusBuster 4.3.7:9 03.18.2007 no virus found Aditional Information File size: 280576 bytes MD5: 18b66c66238db6eb26029802f7a112aa SHA1: f0f7299f3d8268a1265daa89d4acb931d6d85f9b Bit9 info: [Only registered and activated users can see links. Click Here To Register...] Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

ASProtected - scriptvessel.exe>>>

Quote:

Complete scanning result of "scriptvessel.exe", received in VirusTotal at 03.19.2007, 02:20:16 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.17.0 03.16.2007* no virus found AntiVir 7.3.1.43 03.18.2007* no virus found Authentium 4.93.8 03.17.2007* no virus found Avast 4.7.936.0 03.19.2007* no virus found AVG 7.5.0.447 03.18.2007* no virus found BitDefender 7.2 03.19.2007* no virus found CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan ClamAV 0.90.1 03.19.2007* no virus found DrWeb 4.33 03.18.2007* no virus found eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm eTrust-Vet 30.6.3486 03.16.2007* no virus found Ewido 4.0 03.18.2007* no virus found FileAdvisor 1 03.19.2007* no virus found Fortinet 2.85.0.0 03.18.2007* no virus found F-Prot 4.3.1.45 03.17.2007* no virus found F-Secure 6.70.13030.0 03.18.2007* no virus found Ikarus T3.1.1.3 03.18.2007 Backdoor.Win32.Agent.JL Kaspersky 4.0.2.24 03.19.2007* no virus found McAfee 4986 03.16.2007* no virus found Microsoft 1.2306 03.18.2007* no virus found NOD32v2 2125 03.18.2007* no virus found Norman 5.80.02 03.16.2007* no virus found Panda 9.0.0.4 03.18.2007* no virus found Prevx1 V2 03.19.2007* no virus found Sophos 4.15.0 03.13.2007* no virus found Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious Symantec 10 03.19.2007* no virus found TheHacker 6.1.6.076 03.15.2007* no virus found UNA 1.83 03.16.2007* no virus found VBA32 3.11.2 03.18.2007* no virus found VirusBuster 4.3.7:9 03.18.2007 no virus found Aditional Information File size: 184320 bytes MD5: 36e5f174cd3c69219bf85ee27d5e8d3a SHA1: dfc0a463c1fb19683b4cee2b0be2697a01dee824 packers: Aspack Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Now see the difference again when unprotected.
Stripped - _scriptvessel.exe>>>

Quote:

Complete scanning result of "_scriptvessel.exe", received in VirusTotal at 03.19.2007, 02:19:57 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.17.0 03.16.2007* no virus found AntiVir 7.3.1.43 03.18.2007* no virus found Authentium 4.93.8 03.17.2007* no virus found Avast 4.7.936.0 03.19.2007* no virus found AVG 7.5.0.447 03.18.2007* no virus found BitDefender 7.2 03.19.2007* no virus found CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan ClamAV 0.90.1 03.19.2007* no virus found DrWeb 4.33 03.18.2007* no virus found eSafe 7.0.14.0 03.16.2007 Win32.Polipos.sus eTrust-Vet 30.6.3486 03.16.2007* no virus found Ewido 4.0 03.18.2007* no virus found FileAdvisor 1 03.19.2007* no virus found Fortinet 2.85.0.0 03.18.2007* no virus found F-Prot 4.3.1.45 03.17.2007* no virus found F-Secure 6.70.13030.0 03.18.2007* no virus found Ikarus T3.1.1.3 03.18.2007* no virus found Kaspersky 4.0.2.24 03.19.2007* no virus found McAfee 4986 03.16.2007* no virus found Microsoft 1.2306 03.18.2007* no virus found NOD32v2 2125 03.18.2007* no virus found Norman 5.80.02 03.16.2007* no virus found Panda 9.0.0.4 03.18.2007* no virus found Prevx1 V2 03.19.2007* no virus found Sophos 4.15.0 03.13.2007* no virus found Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious Symantec 10 03.19.2007* no virus found TheHacker 6.1.6.076 03.15.2007* no virus found UNA 1.83 03.16.2007* no virus found VBA32 3.11.2 03.18.2007* no virus found VirusBuster 4.3.7:9 03.18.2007 no virus found Aditional Information File size: 326656 bytes MD5: e07ac9713df389951e7d068216f1e81b SHA1: a93f9202217928035df21a6bfb15c34bd09604f3 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Now I'm not saying there safe but unpacking stuff does change how the scans turn out.
Also this file she has posted in her thread came from Botter2daMax's thread ScriptVessel Updated (3/01/07), From SV Creator in the CO2 Guides & Templates section. This download is 2 versions old now too. There's one more, then the newest one that you have 301.

I'm not saying anymore then use at your own risk.

Because I also was hacked Saturday morning. Just like some other people here have been lately.
Even with all the scans and decompiling I do to check things over. Funny thing is I got to talk to the hacker using chat from one of my other accounts. Said he was a good hacker if you can believe that. But a couple of hours later he did give my account back. With all equipments intact. Told me he just wanted to take my character out for a spin. But warned me to reformat my comp because I wouldn't find anything on my comp as to how he hacked me. I think it's a backdoor somewhere though because he also warned me not to keep my passwords in a text file, that I should write them down on paper instead. The other reason he told me to reformat was because his friend wants to wipe my comp clean so I loose everything.

So in closing it's something that I have tested here in the past that made it through my defences. I even have hardware and software firewalls installed, plus Anti-Virus software.

Hope that doesn't scare you to much. LOL

}^~^{

juste three word Oh My God ! , do you have any anti virus???

Yes I do.
I edited my post above, I forgot the anti in front of virus near the end of post. I scaned my Comp and found nothing. Buttoned down my firewall another noch too. Also changed all passwords on 40 accounts too.

I think that if we want to continue using SV, someone needs to explain to us how to make our own standalone bot that doesn't connect to anything so no one can steal our accounts. Just my two cents thought.