L2 EmPOweR Beta (official Server) NEW

got here a new program
:

Here New Tool/Bot for L2 Interlude official server

screens included
readme included


link:


LINKS DELETED



dont forget 2 say thanks..

hope u can enjoy


ps: nice comunity here =) like it

if i would know i dont try it.. just got and wanted to put it in here perhaps somebody wanna use it =)

So, You can't Give Us an explanation about How that Works ?

too bad :s

Something in my head screams "trojan"

Didn't d/l it and not gonna do so.

Post screenshots.

i dont know my antivirus said nothing..

pls check up

Nah..Is Clean For Me...Later I will Post The Scan Results.

It's not complete. Several files are missing.

Quote:

BitDefender 7.2 06.01.2007 GenPack:Backdoor.Bifrose.ZTH Fortinet 2.85.0.0 06.01.2007 suspicious

rest found nothing.

Well there might be a bifrost server which is stealthed with themida or something similar attached.

Do whatever you want, I don't trust that stuff.

@veXz what u mean ?

but i promise i didnt do something i will ask the guy which send it 2 me

Quote:

Originally posted by MindPrinters@Jun 1 2007, 15:50 @veXz what u mean ? but i promise i didnt do something i will ask the guy which send it 2 me

Ok I just ran it on my virtual machine and IT IS A TROJAN. Bifrost 1.1 or 1.2, also known as bifrose.

Those who ran the file and got the 1 or 2 faked errors ARE INFECTED.

His IP address was 213.209.96.216 on June 1 at 20:42 gmt +1 summer time.

IP whois:

Quote:

IP Address : 213.209.96.216 [ pop5-215.catv.wtnet.de ] ISP : Tigernet GmbH Organization : wilhelm.tel GmbH Location : DE DE, Germany City : Norderstedt, 10 - Latitude : 53°70'00" North Longitude : 10°01'67" East % This is the RIPE Whois query server #1. % The objects are in RPSL format. % % Rights restricted by copyright. % See [Only registered and activated users can see links. Click Here To Register...] % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '213.209.96.0 - 213.209.99.255' inetnum: 213.209.96.0 - 213.209.99.255 netname: WILHELM_TEL-NET descr: Customers POP 5 descr: wilhelm.tel GmbH descr: Heidbergstrasse 101-111 descr: D-22846 Norderstedt country: de admin-c: HL1317-RIPE tech-c: WN136-RIPE status: ASSIGNED PA mnt-by: NORDERSTEDT-MNT source: RIPE # Filtered role: WTNET NCC address: wilhelm.tel GmbH address: Heidbergstrasse 101-111 address: D-22846 Norderstedt address: Germany phone: +49 40 52104 0 fax-no: +49 40 52104 329 e-mail: [Only registered and activated users can see links. Click Here To Register...] admin-c: HL1317-RIPE tech-c: TK1367-RIPE tech-c: MR2894-RIPE tech-c: FC1251-RIPE nic-hdl: WN136-RIPE mnt-by: NORDERSTEDT-MNT source: RIPE # Filtered person: Heiko Liebscher address: wilhelm.tel GmbH address: Heidbergstrasse 101-111 address: D-22486 Norderstedt address: Germany phone: +49 40 52104 0 fax-no: +49 40 52104 329 e-mail: [Only registered and activated users can see links. Click Here To Register...] mnt-by: NORDERSTEDT-MNT nic-hdl: HL1317-RIPE source: RIPE # Filtered % Information related to '213.209.64.0/18AS15943' route: 213.209.64.0/18 descr: wilhelm.tel GmbH origin: AS15943 mnt-by: NORDERSTEDT-MNT mnt-lower: NORDERSTEDT-MNT source: RIPE # Filtered

wtnet seems to be his isp

Abuse mails to the ISP have been sent.



2 more things:

Who the fuck downloads and runs shi from someone who joined 1 DAY BEFORE?

Why the fuck do you give karma to trojan spreaders Godofaden? And why the fuck do you say that a file is clean if you didn't even test it PROPERLY.


WTF you guys make me go berzerk

<hr>Append on Jun 1 2007, 21:37<hr> [Only registered and activated users can see links. Click Here To Register...]

blub.exe is the bifrost server.

//locked
//links Deleted
//Threadstarter Warned For 2nd time.