L2 EmPOweR Beta (official Server) NEW

[MindPrinters]

got here a new program
:

Here New Tool/Bot for L2 Interlude official server

screens included
readme included


link:


LINKS DELETED



dont forget 2 say thanks..

hope u can enjoy


ps: nice comunity here =) like it

[MindPrinters]

if i would know i dont try it.. just got and wanted to put it in here perhaps somebody wanna use it =)

[GoDofAdeN]

So, You can't Give Us an explanation about How that Works ?

too bad :s

[VeXz']

Something in my head screams "trojan"

Didn't d/l it and not gonna do so.

Post screenshots.

[MindPrinters]

i dont know my antivirus said nothing..

pls check up

[GoDofAdeN]

Nah..Is Clean For Me...Later I will Post The Scan Results.

[Jack's Broken Heart]

It's not complete. Several files are missing.

[VeXz']

Quote:

BitDefender 7.2 06.01.2007 GenPack:Backdoor.Bifrose.ZTH
Fortinet 2.85.0.0 06.01.2007 suspicious

rest found nothing.

Well there might be a bifrost server which is stealthed with themida or something similar attached.

Do whatever you want, I don't trust that stuff.

[MindPrinters]

@veXz what u mean ?

but i promise i didnt do something i will ask the guy which send it 2 me

[VeXz']

Quote:

Originally posted by MindPrinters@Jun 1 2007, 15:50
@veXz what u mean ?

but i promise i didnt do something i will ask the guy which send it 2 me

Ok I just ran it on my virtual machine and IT IS A TROJAN. Bifrost 1.1 or 1.2, also known as bifrose.

Those who ran the file and got the 1 or 2 faked errors ARE INFECTED.

His IP address was 213.209.96.216 on June 1 at 20:42 gmt +1 summer time.

IP whois:

Quote:

IP Address : 213.209.96.216 [ pop5-215.catv.wtnet.de ]
ISP : Tigernet GmbH
Organization : wilhelm.tel GmbH
Location : DE DE, Germany
City : Norderstedt, 10 -
Latitude : 53°70'00" North
Longitude : 10°01'67" East

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '213.209.96.0 - 213.209.99.255'

inetnum: 213.209.96.0 - 213.209.99.255
netname: WILHELM_TEL-NET
descr: Customers POP 5
descr: wilhelm.tel GmbH
descr: Heidbergstrasse 101-111
descr: D-22846 Norderstedt
country: de
admin-c: HL1317-RIPE
tech-c: WN136-RIPE
status: ASSIGNED PA
mnt-by: NORDERSTEDT-MNT
source: RIPE # Filtered

role: WTNET NCC
address: wilhelm.tel GmbH
address: Heidbergstrasse 101-111
address: D-22846 Norderstedt
address: Germany
phone: +49 40 52104 0
fax-no: +49 40 52104 329
e-mail:
admin-c: HL1317-RIPE
tech-c: TK1367-RIPE
tech-c: MR2894-RIPE
tech-c: FC1251-RIPE
nic-hdl: WN136-RIPE
mnt-by: NORDERSTEDT-MNT
source: RIPE # Filtered

person: Heiko Liebscher
address: wilhelm.tel GmbH
address: Heidbergstrasse 101-111
address: D-22486 Norderstedt
address: Germany
phone: +49 40 52104 0
fax-no: +49 40 52104 329
e-mail:
mnt-by: NORDERSTEDT-MNT
nic-hdl: HL1317-RIPE
source: RIPE # Filtered

% Information related to '213.209.64.0/18AS15943'

route: 213.209.64.0/18
descr: wilhelm.tel GmbH
origin: AS15943
mnt-by: NORDERSTEDT-MNT
mnt-lower: NORDERSTEDT-MNT
source: RIPE # Filtered

wtnet seems to be his isp

Abuse mails to the ISP have been sent.



2 more things:

Who the fuck downloads and runs shi from someone who joined 1 DAY BEFORE?

Why the fuck do you give karma to trojan spreaders Godofaden? And why the fuck do you say that a file is clean if you didn't even test it PROPERLY.


WTF you guys make me go berzerk

<hr>Append on Jun 1 2007, 21:37<hr>

blub.exe is the bifrost server.

[GoDofAdeN]

//locked
//links Deleted
//Threadstarter Warned For 2nd time.