Warning about AceOfSpades2

[a1blaster]

Don't use the program being given out by AceOfSpades2!!!
It's infected!!!
Heres the scan of Mag_COPartLoader.exe from inside the paked file that was sent out>>>

Quote:

Complete scanning result of "Mag_COPartLoader.exe", received in VirusTotal at 04.23.2007, 06:38:37 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.21.0 04.23.2007 no virus found
AntiVir 7.3.1.53 04.22.2007 no virus found
Authentium 4.93.8 04.20.2007 no virus found
Avast 4.7.981.0 04.21.2007 no virus found
AVG 7.5.0.464 04.22.2007 no virus found
BitDefender 7.2 04.23.2007 Backdoor.Vb.BAL
CAT-QuickHeal 9.00 04.21.2007 no virus found
ClamAV devel-20070416 04.23.2007 no virus found
DrWeb 4.33 04.22.2007 no virus found
eSafe 7.0.15.0 04.22.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3585 04.21.2007 no virus found
Ewido 4.0 04.22.2007 no virus found
FileAdvisor 1 04.23.2007 no virus found
Fortinet 2.85.0.0 04.23.2007 no virus found
F-Prot 4.3.2.48 04.20.2007 no virus found
F-Secure 6.70.13030.0 04.23.2007 no virus found
Ikarus T3.1.1.5 04.23.2007 no virus found
Kaspersky 4.0.2.24 04.23.2007 no virus found
McAfee 5014 04.20.2007 no virus found
Microsoft 1.2405 04.23.2007 no virus found
NOD32v2 2210 04.22.2007 probably a variant of Win32/Genetik
Norman 5.80.02 04.21.2007 no virus found
Panda 9.0.0.4 04.22.2007 no virus found
Prevx1 V2 04.23.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.23.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.21.2007 BackDoor.Generic.1548
VirusBuster 4.3.7:9 04.22.2007 no virus found
Webwasher-Gateway 6.0.1 04.23.2007 no virus found


Aditional Information
File size: 455315 bytes
MD5: 8c72c4478268c1d7bccf9b329fa87eba
SHA1: 2ff48801abc590853c964f96255703d7f8e6c589
packers: BINARYRES

If you have used this program it also installed these files services.exe, srsver.dll, winsyst32.exe when you ran Mag_COPartLoader.exe file.

Do a anti-virus scan of your comp!

[GrimReaper91]

Isnt services.exe windows thingie?

[a1blaster]

Yes services.exe is in the windows\system32 folder.

Running the Mag_COPartLoader.exe which is a sfx file will over right it with infected copy of services.exe.

[jaymehta2511]

u wanna say magcopartloader is infected?

[KatsuAkimoto]

Aha, why do people do this. It's too obvious to send something in a pm and not expect something like this to happen. Especially if he targeted you a1, being a mod and all.
Thanks for the warning though.

[knitz]

There should be more replies to this topic.... I don't use CoPartner anyway, but still....

[a1blaster]

@jaymehta2511 > No not all of them, just the one that AceOfSpades2 was sending out by PMing people with the file.

@KatsuAkimoto > No it wasn't sent to me directly. One of the members used the Report this PM function, to report that AceOfSpades2 was send out CoPartner. When I check out the file in link that was given in PM I found out that it was dirty. AceOfSpades2 has been banned already for doing this.

[kiom]

They put **** in sunny version ?
Althought i have sunny version which is clean all the way and ratz version too.
EDIT: im not sure about ratz version that is it clean cos jotti shows me some **** in it but anyways, i cant think of ratz putting keyloggers etc in it.

[Tw3ak]

Quote:

Originally posted by kiom@Apr 23 2007, 16:52
They put **** in sunny version ?
Althought i have sunny version which is clean all the way and ratz version too.
EDIT: im not sure about ratz version that is it clean cos jotti shows me some **** in it but anyways, i cant think of ratz putting keyloggers etc in it.

well i don't use rattlz SV but considering his +K and everything he has done for epvp i'd have to vouche and say his version is clean and fallenstars co-part are clean also the only way they would be dirty is if ya get them from a 3rd party that has attached something else to it ( like this guy supposedly did ).SO be careful who you take files from that give you false idea they just wanna share somthing with everyone because half the noob members with less then 10 post that attach sunny or a cracked SV 20 times a week that get removed and claim they just wanna help and give it to everyone usually have other motives then just being nice.

Also i have said it many times before in posts jotti is the most rinkydink scanner i have ever seen i still dunno why anyone uses that false **** it is total garbage 99% of the time with everything it says.

I can make a simple java applet and scan it with jotti and it will say it's a virus in at least 3 results lol it's just a shady scanner.
It does a better job of making people paranoid then it does actually finding a true infected file.

[SuicideKings]

Lol, what do you expect when you have tons of people going "I WANT THE BOT" in the SV thread? Far as you guys should be concerned I'm just cleaning this forum of your garbage. Besides, it's really only a scare tactic at best, I'm using a shareware version that ALERTS you when you've been infected (by my choice) and even shows the icon in the system tray. Geesh, honestly if people can't figure it out at that point... they should just get up from their computer and walk away.

By the way, your bans suck.

<hr>Append on Apr 23 2007, 19:51<hr> Pst, by the way, AceOfSpades = CODeath = any other name I wanna come up with.

[bone-you]

Quote:

Originally posted by SuicideKings@Apr 23 2007, 13:50
Lol, what do you expect when you have tons of people going "I WANT THE BOT" in the SV thread? Far as you guys should be concerned I'm just cleaning this forum of your garbage. Besides, it's really only a scare tactic at best, I'm using a shareware version that ALERTS you when you've been infected (by my choice) and even shows the icon in the system tray. Geesh, honestly if people can't figure it out at that point... they should just get up from their computer and walk away.

By the way, your bans suck.

<hr>Append on Apr 23 2007, 19:51<hr> Pst, by the way, AceOfSpades = CODeath = any other name I wanna come up with.

OLOLOLOL ur kewl. not really, but yea. Botters suck, so do those who take advantage of the weak :P

[SuicideKings]

Quote:

Originally posted by bone-you@Apr 23 2007, 19:54

OLOLOLOL ur kewl. not really, but yea. Botters suck, so do those who take advantage of the weak :P

Meh, I wouldn't really call them weak so much as I'd call them ignorant/lazy. Everybody has it very easy, all they need to do is go to a simple website, upload the program, and within minutes it'll tell you if you've got a keylogger. But even then, you'd be surprised how many just don't do it.

[~RuinatioN~]

**Edit - removed by DM*

<hr>Append on Apr 23 2007, 21:38<hr> Scanned my file:

Antivirus Version Update Result
AhnLab-V3 2007.4.24.0 04.23.2007 no virus found
AntiVir 7.4.0.14 04.23.2007 no virus found
Authentium 4.93.8 04.23.2007 no virus found
Avast 4.7.981.0 04.23.2007 no virus found
AVG 7.5.0.464 04.23.2007 no virus found
BitDefender 7.2 04.23.2007 no virus found
CAT-QuickHeal 9.00 04.23.2007 no virus found
ClamAV devel-20070416 04.23.2007 no virus found
DrWeb 4.33 04.23.2007 no virus found
eSafe 7.0.15.0 04.23.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3589 04.23.2007 no virus found
Ewido 4.0 04.23.2007 no virus found
FileAdvisor 1 04.23.2007 Not analyzed yet
Fortinet 2.85.0.0 04.23.2007 suspicious
F-Prot 4.3.2.48 04.23.2007 no virus found
F-Secure 6.70.13030.0 04.23.2007 no virus found
Ikarus T3.1.1.5 04.23.2007 no virus found
Kaspersky 4.0.2.24 04.23.2007 no virus found
McAfee 5015 04.23.2007 no virus found
Microsoft 1.2405 04.23.2007 no virus found
NOD32v2 2213 04.23.2007 no virus found
Norman 5.80.02 04.23.2007 no virus found
Panda 9.0.0.4 04.23.2007 no virus found
Prevx1 V2 04.23.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.23.2007 no virus found
TheHacker 6.1.6.088 04.09.2007 no virus found
VBA32 3.11.4 04.23.2007 no virus found
VirusBuster 4.3.7:9 04.23.2007 no virus found
Webwasher-Gateway 6.0.1 04.23.2007 Win32.Malware.gen#ASPack (suspicious)


My AC hasnt detected anything...