|
You last visited: Today at 12:43
Advertisement
Conquer Online Multi+9
Discussion on Conquer Online Multi+9 within the Conquer Online 2 forum part of the MMORPGs category.
09/25/2007, 23:48
|
#1
|
elite*gold: 0
Join Date: Sep 2007
Posts: 2
Received Thanks: 1
|
Conquer Online Multi+9
Heres the goods.
*Edit by a1blaster, Link removed, see post below*
|
|
|
09/25/2007, 23:49
|
#2
|
elite*gold: 20
Join Date: Mar 2006
Posts: 1,491
Received Thanks: 536
|
"Goods" that don't exist o.o cool.
|
|
|
09/26/2007, 00:37
|
#3
|
elite*gold: 0
Join Date: Nov 2006
Posts: 544
Received Thanks: 25
|
first off ... what the hell is this
|
|
|
09/26/2007, 00:38
|
#4
|
elite*gold: 0
Join Date: Nov 2006
Posts: 544
Received Thanks: 25
|
Antivir: Nothing found
ArcaVir: Nothing found
Avast: Nothing found
AVG: Nothing found
BitDefender: Nothing found
ClamAV: Nothing found
F-Prot: Nothing found
Norman: Nothing found
Rising: Nothing found
VirusBlokAda32: Nothing found
VirusBuster: Nothing found
Scanned by
|
|
|
09/26/2007, 01:17
|
#5
|
elite*gold: 0
Join Date: Jan 2007
Posts: 358
Received Thanks: 86
|
doesn't work
|
|
|
09/26/2007, 02:02
|
#6
|
elite*gold: 0
Join Date: Jul 2005
Posts: 1,099
Received Thanks: 17
|
I really don't get those stupid virus scan posts, its false reassurance for all the noobs. Anyone can just fake a virus report, therefore none of those reports mean a thing, you have to scan the file yourself.
No such thing as a multi client +9 exists either. From what i know, the "+" system is used for game trainers, showing how many functions a trainer has. I don't see why you would embed 9 extra functions into a multi-client when its better practice to just make 9 separate standalone programs, since its a mmo.
In my humble opinion, I'd say its some form of malware .
|
|
|
09/26/2007, 02:24
|
#7
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
A mod please close and ban this guy. It tis a virus.
|
|
|
09/26/2007, 05:25
|
#8
|
elite*gold: 0
Join Date: May 2006
Posts: 263
Received Thanks: 8
|
yea its the same guy who post conquer killer only changed the name
|
|
|
09/26/2007, 23:27
|
#9
|
elite*gold: 0
Join Date: Jan 2006
Posts: 3,487
Received Thanks: 1,960
|
Trojan!
Here's the scan I got>>>
Quote:
Antivirus;Version;Last Update;Result
AhnLab-V3;2007.9.22.0;2007.09.24;-
AntiVir;7.6.0.15;2007.09.26;HEUR/Crypted
Authentium;4.93.8;2007.09.26;-
Avast;4.7.1043.0;2007.09.26;-
AVG;7.5.0.488;2007.09.26;-
BitDefender;7.2;2007.09.26;-
CAT-QuickHeal;9.00;2007.09.26;-
ClamAV;0.91.2;2007.09.26;-
DrWeb;4.33;2007.09.26;-
eSafe;7.0.15.0;2007.09.23;-
eTrust-Vet;31.2.5167;2007.09.26;-
Ewido;4.0;2007.09.25;-
FileAdvisor;1;2007.09.26;-
Fortinet;3.11.0.0;2007.09.26;-
F-Prot;4.3.2.48;2007.09.26;-
F-Secure;6.70.13030.0;2007.09.26;-
Ikarus;T3.1.1.12;2007.09.26;MemScanBackdoor.VB.EV
Kaspersky;4.0.2.24;2007.09.26;-
McAfee;5128;2007.09.26;-
Microsoft;1.2803;2007.09.26;-
NOD32v2;2552;2007.09.26;-
Norman;5.80.02;2007.09.26;-
Panda;9.0.0.4;2007.09.26;-
Prevx1;V2;2007.09.26;Heuristic: Suspicious Self Modifying EXE
Rising;19.42.22.00;2007.09.26;-
Sophos;4.21.0;2007.09.26;-
Sunbelt;2.2.907.0;2007.09.26;VIPRE.Suspicious
Symantec;10;2007.09.26;-
TheHacker;6.2.6.071;2007.09.26;-
VBA32;3.12.2.4;2007.09.26;-
VirusBuster;4.3.26:9;2007.09.26;-
Webwasher-Gateway;6.0.1;2007.09.26;Heuristic.Crypted
Additional information
File size: 1548288 bytes
MD5: b16c0ed9d6496dfe7893b8dc6a20a3f5
SHA1: 90f586202746538d1db8ab3ce44cbeb1aafe8e6d
packers: Themida
Prevx info:
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
|
Here's a Spanish translation of what MemScanBackdoor.VB.EV is>>>
Quote:
> INFORMATION
This one troyano does not propagate by itself. It can arrive at the computer via manual copy in the system, or at the unloaded being intentionally or by means of deceits of some malicious site, or networks of interchange of archives P2P, disguised generally like an application.
> CHARACTERISTIC
A malintencionado user, also could massively send the troyano to his victim in an individual electronic message or by means of Spam to other users.
When executing itself he opens a back door that allows a remote user to take the total control from the infected equipment.
He uses ports TCP/1040, 1041 and 1043 by defect, but he can form itself to use others.
He can create several archives in the folder of the system of Windows, some with attributes of single reading (+R), system (+S) and hidden (+H). Some examples:
c:windowssystem32Explorer.exe
c:windowssystem32ravmond.exe
c:windowssystem32Svch0st.exe
c:windowssystem32Winlogon.exe
It creates some of the following entrances in the registry to autoejecutar itself in each resumption of Windows:
HKCU Software Microsoft Windows CurrentVersion Run
[name] = [name and way of feasible]
HKCU Software Microsoft Windows NT CurrentVersion Windows
run = [name and way of feasible]
HKLM SOFTWARE Microsoft Windows CurrentVersion Run
[name] = [name and way of feasible]
HKLM SOFTWARE Microsoft Windows CurrentVersion RunServices
[name] = [name and way of feasible]
Where [name] can be a value of the following ones (among others):
ravmond
svchost
system
winlogon
[name of feasible]
The troyano allows the following actions, among others:
To accede to the archives of the infected equipment.
It activates and it deactivates the equipment, it suspends it or it extinguishes.
Flock archives and formatea the hard disk.
Capture information of the configuration of the servant and the workstations.
Capture keys digitadas by the user.
To also capture screens and video (if webcam exists one).
Control of Remote Access of the archives and programs of the attacked systems.
It controls peripheral like mouse, CD/DVD drivers, monitor, etc.
To quiet unload, to install and to execute other programs.
It sends mail messages from the equipment infected through bookstores MAPI.
To listen by the microphone of the system.
To modify the configurations by defect of the Internet Explorer.
It can send commandos through Chat.
It robs keys of access and numbers of credit cards.
> INSTRUCTIONS TO ELIMINATE IT
1. Deactivate the automatic restoration in Windows XP/ME.
2. Reinitiate on approval in Way of failures.
3. Execute an updated antivirus and you take note from the archives infected before eliminating them.
4. Eliminate under the column “Name”, (s) the entrance (s) which they make reference to of the names written down in step 3, in the following keys of the registry:
HKCU Software Microsoft
Windows CurrentVersion
Run
|
Now I also find it funny that the person (alaa_a, 0 posts) giving the thanks is a new member, singed up the same day as drbetamax. Also the only other post made by (drbetamax, 2 posts) had the same scan as this one did. That thread was closed too. Now if you looked at his profile you would find that there was posted another program in his siggy that comes up even dirtier then the two programs in two threads.
Both people BANNED now!
#Closed!
|
|
|
All times are GMT +2. The time now is 12:43.
|
|