TQ thead
Intern05:
Welcome to the Conquer Online Help Desk. You are speaking with Michael. How may I help you?
KP:
Hello Michael, after having examined your 91GameCheck file, and having seen what it is able to do, including keycapture, ftp upload, and examining the process list, I want to know if I am allowed to delete this file.
Intern05:
You'd better not, but anyway, you can delete it if you can promise that your account is safe.
-----------------------------------------------------------------------
This file located at C:\Program Files (x86)\Conquer 2.0\IsecPlus has quite a few things you people might want to know about. Firstly, this application will take a list of your process list, example of a decrypted plist.ini can be found here, .
After this list is taken it is then compared to (TQ server). As of now, there is little to fear about this, but this is the basic security against bots and proxies. However there are other things you should fear about this application, included below are some things it can do..
GetMenu...GetClientRect.W.SetForegroundWindow.!.Ge tKeyState...MapWindowPoints...PeekMessageA..<.GetM essagePos.=.GetMessageTime....DeleteUrlCacheEntry. &.FtpCreateDirectoryA.4.FtpPutFileA.i.InternetC los eHandle...InternetGetLastResponseInfoA..
And now for the commands it'll run on your pc without your consent.
netsh firewall add allowedprogram "%s" 91GameCheck ENABLE...netsh advfirewall firewall add rule name=91gamecheck dir=in program="%s" action=allow...SYSTEM\CurrentControlSet\Services\S haredAccess\Parameters\FirewallPolicy\DomainProfil e\AuthorizedApplication
This file is nothing short of a rootkit. Now you know.