Conquer Online Multi+9

[drbetamax]

Heres the goods.

*Edit by a1blaster, Link removed, see post below*

[bone-you]

"Goods" that don't exist o.o cool.

[kkaosbudbud]

first off ... what the hell is this

[kkaosbudbud]

Antivir: Nothing found
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
ClamAV: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found


Scanned by

[thekiller99]

doesn't work

[phoenix01134]

I really don't get those stupid virus scan posts, its false reassurance for all the noobs.Anyone can just fake a virus report, therefore none of those reports mean a thing, you have to scan the file yourself.

No such thing as a multi client +9 exists either. From what i know, the "+" system is used for game trainers, showing how many functions a trainer has. I don't see why you would embed 9 extra functions into a multi-client when its better practice to just make 9 separate standalone programs, since its a mmo.

In my humble opinion, I'd say its some form of malware .

[high6]

A mod please close and ban this guy. It tis a virus.

[warlord2080]

yea its the same guy who post conquer killer only changed the name

[a1blaster]

Here's the scan I got>>>

Quote:

Antivirus;Version;Last Update;Result
AhnLab-V3;2007.9.22.0;2007.09.24;-
AntiVir;7.6.0.15;2007.09.26;HEUR/Crypted
Authentium;4.93.8;2007.09.26;-
Avast;4.7.1043.0;2007.09.26;-
AVG;7.5.0.488;2007.09.26;-
BitDefender;7.2;2007.09.26;-
CAT-QuickHeal;9.00;2007.09.26;-
ClamAV;0.91.2;2007.09.26;-
DrWeb;4.33;2007.09.26;-
eSafe;7.0.15.0;2007.09.23;-
eTrust-Vet;31.2.5167;2007.09.26;-
Ewido;4.0;2007.09.25;-
FileAdvisor;1;2007.09.26;-
Fortinet;3.11.0.0;2007.09.26;-
F-Prot;4.3.2.48;2007.09.26;-
F-Secure;6.70.13030.0;2007.09.26;-
Ikarus;T3.1.1.12;2007.09.26;MemScanBackdoor.VB.EV
Kaspersky;4.0.2.24;2007.09.26;-
McAfee;5128;2007.09.26;-
Microsoft;1.2803;2007.09.26;-
NOD32v2;2552;2007.09.26;-
Norman;5.80.02;2007.09.26;-
Panda;9.0.0.4;2007.09.26;-
Prevx1;V2;2007.09.26;Heuristic: Suspicious Self Modifying EXE
Rising;19.42.22.00;2007.09.26;-
Sophos;4.21.0;2007.09.26;-
Sunbelt;2.2.907.0;2007.09.26;VIPRE.Suspicious
Symantec;10;2007.09.26;-
TheHacker;6.2.6.071;2007.09.26;-
VBA32;3.12.2.4;2007.09.26;-
VirusBuster;4.3.26:9;2007.09.26;-
Webwasher-Gateway;6.0.1;2007.09.26;Heuristic.Crypted

Additional information
File size: 1548288 bytes
MD5: b16c0ed9d6496dfe7893b8dc6a20a3f5
SHA1: 90f586202746538d1db8ab3ce44cbeb1aafe8e6d
packers: Themida
Prevx info:
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Here's a Spanish translation of what MemScanBackdoor.VB.EV is>>>

Quote:

> INFORMATION
This one troyano does not propagate by itself. It can arrive at the computer via manual copy in the system, or at the unloaded being intentionally or by means of deceits of some malicious site, or networks of interchange of archives P2P, disguised generally like an application.


> CHARACTERISTIC
A malintencionado user, also could massively send the troyano to his victim in an individual electronic message or by means of Spam to other users.

When executing itself he opens a back door that allows a remote user to take the total control from the infected equipment.

He uses ports TCP/1040, 1041 and 1043 by defect, but he can form itself to use others.

He can create several archives in the folder of the system of Windows, some with attributes of single reading (+R), system (+S) and hidden (+H). Some examples:

c:windowssystem32Explorer.exe
c:windowssystem32ravmond.exe
c:windowssystem32Svch0st.exe
c:windowssystem32Winlogon.exe

It creates some of the following entrances in the registry to autoejecutar itself in each resumption of Windows:

HKCU Software Microsoft Windows CurrentVersion Run
[name] = [name and way of feasible]

HKCU Software Microsoft Windows NT CurrentVersion Windows
run = [name and way of feasible]

HKLM SOFTWARE Microsoft Windows CurrentVersion Run
[name] = [name and way of feasible]

HKLM SOFTWARE Microsoft Windows CurrentVersion RunServices
[name] = [name and way of feasible]

Where [name] can be a value of the following ones (among others):

ravmond
svchost
system
winlogon
[name of feasible]

The troyano allows the following actions, among others:

To accede to the archives of the infected equipment.
It activates and it deactivates the equipment, it suspends it or it extinguishes.
Flock archives and formatea the hard disk.
Capture information of the configuration of the servant and the workstations.
Capture keys digitadas by the user.
To also capture screens and video (if webcam exists one).
Control of Remote Access of the archives and programs of the attacked systems.
It controls peripheral like mouse, CD/DVD drivers, monitor, etc.
To quiet unload, to install and to execute other programs.
It sends mail messages from the equipment infected through bookstores MAPI.
To listen by the microphone of the system.
To modify the configurations by defect of the Internet Explorer.
It can send commandos through Chat.
It robs keys of access and numbers of credit cards.

> INSTRUCTIONS TO ELIMINATE IT
1. Deactivate the automatic restoration in Windows XP/ME.

2. Reinitiate on approval in Way of failures.

3. Execute an updated antivirus and you take note from the archives infected before eliminating them.

4. Eliminate under the column “Name”, (s) the entrance (s) which they make reference to of the names written down in step 3, in the following keys of the registry:

HKCU Software Microsoft
Windows CurrentVersion
Run

Now I also find it funny that the person (alaa_a, 0 posts) giving the thanks is a new member, singed up the same day as drbetamax. Also the only other post made by (drbetamax, 2 posts) had the same scan as this one did. That thread was closed too. Now if you looked at his profile you would find that there was posted another program in his siggy that comes up even dirtier then the two programs in two threads.

Both people BANNED now!
#Closed!