New Hack from the creators for Conquer Partner 4+

JavierXAngel · 10/17/2005, 19:47

[/QUOTE]Backdoor.Win32.Delf.vb[QUOTE]

This Trojan program provides a remote malicious user with full control over the infected machine. The Trojan itself is a Windows PE EXE file, written in Borland Delphi and packed using ASPack. The packed file is approximately 293KB in size, and the unpacked file is approximately 795KB in size.

Once launched, the program creates a file called ?glduid.dll? in the Windows system directory:

%System%\glduid.dll

The program functions either as a standard application, or, if the victim machine is running Windows NT/2000/XP, as a service called ?Network Host Controller?.

If it is running as a service, the program will create the following registry branch:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Services\nethost]

If the victim machine is running Windows 95.98.ME, the Trojan will create the following registry value:

[HKCU\Software\Microsoft\Windows&#09 2;CurrentVersion\Run]
Network Host Controller

This ensures that the backdoor will be executed each time Windows is rebooted.

The backdoor connects to an IRC server via TCP port 3195 in order to receive commands from the remote malicious user.

Once the program has established a connection to an IRC server, the remote malicious user can cause the Trojan to scan other computers for open network resources, and for unpatched common vulnerabilities such as LSASS, DCOM, Microsoft IIS Extended Unicode Traversal vulnerability. The Trojan will be able to install itself on vulnerable machines.

The remote malicious user is able to download and install new versions of the Trojan, launch UDP, SYN and ICMP attacks on the infected computer, download, launch and delete files, terminate processes and access information about the infected computer and its users.

legolia · 10/17/2005, 19:48

you have to pay to use it? theres no free verison or trial? wtf >

JavierXAngel · 10/17/2005, 19:52

Im guessing this guy must of modified the virus around and named .MZ at end to make people think its something about Met Zone.

JavierXAngel · 10/17/2005, 19:58

That first virus is not a virus its a redirect server

LOD Global Redirect Server - [ Translate this page ]
... SK.3, PMS/Ainder.B, PMS/Hcktl.VB.Q, PMS/ST.20.A, PMS/Topo.12, TR/Click.Agent.AG.
1, TR/Click.Agent.AG.2, TR/Click.VB.DZ, TR/Dldr.VB.FL, ---->TR/Drop.MultiJ.13.B<-----, TR ...
lod.no-ip.org/ - 23k - Supplemental Result - Cached - Similar pages

I googled it and couldnt get on the webpage...

anticlownn · 10/17/2005, 23:36

wow that guy really knows how to protect himself from free-users and patchers ._. **** I dun even see windows have that sort of protection lol
btw, this virus won't destroy your computer :P

ChEaT · 10/17/2005, 23:59

Ok, so this is nt a save file.

ChEaT · 10/18/2005, 00:00

Sorry for posting the again, but the last post was suppose to be a question and i accidently put a period.

anticlownn · 10/18/2005, 00:51

It is safe to use and I really doubt it will harm your computer.

Karosso · 10/18/2005, 02:48

Plz make some crack to this program.. then i can use it for more than 20 minutes

whiro · 10/18/2005, 06:07

if it does harm ur computer how can i remove it?

Darkadrian · 10/18/2005, 06:22

Quote:

Originally posted by whiro@Oct 18 2005, 06:07
if it does harm ur computer how can i remove it?

it dont harm ur computer the virus is just used to read a server...

Saxasolt · 10/18/2005, 07:06

Quote:

Originally posted by JavierXAngel@Oct 17 2005, 19:47
This Trojan program provides a remote malicious user with full control over the infected machine.
The remote malicious user is able to download and install new versions of the Trojan, launch UDP, SYN and ICMP attacks on the infected computer, download, launch and delete files, terminate processes and access information about the infected computer and its users.

sounds harmful to me :?

Saxasolt · 10/18/2005, 07:50

omg omg omg..this thing rocks...GUYS PLEASE PATCH!! its the ULTIMATE pvp bot for tao..and its pretty good for fb..just do wat the picture ses and hav it in pk mode..now all u gotta do is jump..and itll zap for u

kovington · 10/18/2005, 09:35

This program sounds way too good to be true. ill try it in a month or so after more ppl have tried it. dont realy feel like taking a chance getting my account stollen.

Saxasolt · 10/18/2005, 09:39

heh..dude..so did bjx..and a month on..i still hav my 900mill of items bought with bjx gems...and my account..not hacked...