🚨 Proofcore WL Tool Flagged (49/72 VT + NanoCore)

[kizufx]

Hi,

Posting this as a warning and to see if anyone else had the same situation with proofcore.

I bought a cheat and it was supposed to be instant access after purchase (that’s what I expected when paying).
Instead, my account got flagged for a “whitelist / security check” with no prior notice, and I had to wait 2 days just to get a response. I sent multiple follow-ups during that time and nobody replied.

When I finally got an answer, I was told to run an HWID.exe tool to get whitelisted.

Problem is:

Windows Security immediately shows a red alert: Trojan:MSIL/Nanocore.SDSD!MTB (Severe).

VirusTotal shows 49/72 security vendors flagging it as malicious (trojan / dropper / backdoor).

The file is also labeled “lsass.exe” (a legit Windows process name), which is extremely suspicious.

VirusTotal report:


I understand loaders/injectors can sometimes trigger false positives, but 49/72 + a severe Microsoft detection is way beyond what I’m willing to run on my PC.

So:

I’m not running it.

I’ve requested a refund to the original payment method.

I’m asking for a clear explanation: why so many detections, and why wasn’t this whitelist step disclosed before purchase?

Has anyone else received the same HWID tool from proofcore / gone through this exact process?

File :
Other files :

[iTossedASalad]

I’ve been using proofcore for years. They wouldn’t send you any type of file that would harm your computer.

[kizufx]

NanoCore is basically the “someone’s sitting behind your keyboard” kind of malware.

In security terms, it’s a RAT (Remote Access Trojan). That means: once it’s on a machine, it can phone home to a command-and-control (C2) server and give an operator remote control / remote code execution on the infected device. Microsoft explicitly classifies NanoCore detections as a serious threat and notes it can perform actions chosen by a malicious actor.

And “actions” here aren’t cute. NanoCore has been documented for years with capabilities like:

keylogging (stealing what you type),
password/credential theft,
file download/exfiltration,

webcam tampering/viewing, screen locking, and more.
Trend Micro notes it was first seen around 2013 and was being sold on underground forums early on it’s not some random new label.
Now, in cheat/loader land, yes, false positives happen (injectors, obfuscation, anti-debug tricks… AVs love screaming).
But when you’ve got 49/72 vendors flagging it and Microsoft Defender throwing a Severe NanoCore detection, you’re not looking at “one sketchy heuristic”; you’re looking at a risk profile that’s way closer to “this behaves like a backdoor/dropper.”
Also: seeing a file present itself as “lsass.exe” is extra spicy in the worst way, because lsass.exe is a legitimate Windows security process name — and masquerading as legit system processes is a classic malware move to blend in. (Not proof by itself, but it’s a very common pattern.)

Quote:

Originally Posted by iTossedASalad

I’ve been using proofcore for years. They wouldn’t send you any type of file that would harm your computer.

Totally get what you’re saying, and I’m glad you’ve had a good experience with proofcore — I’m not here to “randomly hate.”

That said, my experience was the complete opposite:

I bought the cheat expecting instant access (or at least to be told upfront if there’s a WL step).

I was on my day off and basically paid to… wait.

Identity verification was already done, yet after the purchase (of course after, lol) my account got flagged and I had to wait 1 day for a reply even with multiple follow-ups, no answer.

Then the “HWID reset / whitelist” process they gave me was: run an executable.
And that’s where it went from “annoying” to “nope”:

Windows Defender threw a Severe trojan warning (NanoCore).

VirusTotal shows 49/72 detections on the same file.

I also had a cybersecurity professional look at the situation (VT + behavior indicators), and the advice was simple: don’t run it.
(Not claiming anything beyond that — just saying I’m not risking my machine for a whitelist.)

So yeah… maybe they’ve been clean for you for years, but being forced into a surprise WL delay + getting an EXE that triggers that many detections is the cherry on top in the worst way.

At this point I’m just asking for a refund, because I paid for access — not for a 2-day support ghost + a “trust me bro” executable.

If anyone else got the exact same HWID tool recently, I’d genuinely like to compare notes.

[QUOTE=gemigemo;40459042] [QUOTE=Tmang;40459631]

[Tmang]

I submitted a refund request on December 4th, and I haven't received any response since, and they have been ignoring my requests.I also found other people on Discord who were in the same situation as me; they had paid for a long time without any problems being resolved.

[witchnametaken]

Is this the same company that you provided your government ID too? lol

[kizufx]

Quote:

Originally Posted by Tmang

I submitted a refund request on December 4th, and I haven't received any response since, and they have been ignoring my requests.I also found other people on Discord who were in the same situation as me; they had paid for a long time without any problems being resolved.

Hey,
You’re not alone. I’m currently going through a very similar situation: long delays, shifting requirements, and requests to run additional executables that raised serious concerns on my end.

What bothered me most wasn’t just the delay, but the lack of clear communication and the feeling of being stalled rather than helped. Seeing multiple people report the same pattern definitely doesn’t inspire confidence.

Hope your situation gets resolved — but yeah, the handling so far is disappointing for a paid service.

[iTossedASalad]

When you first join, they have to manually add your hwid. I wasn't able to login right away and use it either after verification and all. If you ask, they will compensate. Their fortnite cheat has been down for months and yet my key is still active and have full access to the discord. (which is removed when you don't have an active key) I've had to run an exe from silverback before as well and yet I've never had anything happen to me from some "backdoor" or anything. Up to you to trust someone, I was just saying I've been with them since like 2019 and never had issues with anything that couldn't be fixed by their support.

[manlikeduckers]

lucky u didnt run this, nanocore is literally a rat thats posted on github lol

[UIDQuestionMark]

I will start by saying that the fact that proofcore dont go on here themselfs to clear this situation up. Nor takes proper care of its customers is ****** up.

But in terms of cheating and managing cheats it goes hand in hand with malware.
Many techniques are used to do both things. Alot of cheats do also have and use malicious features to protect themselfs against bad actors. Such as if someone wish to dump reverse crack and damage a brand. So just because its gets flagged for this or that doesnt mean that its used maliciously.

I think they also provide cheats for other games with a market with more aggresive competitors but aswell as that anti cheat devs.
Whom themselfs go trough deep lengths to **** around and **** you over.

But to know if or if not a provider uses these methods for good or for bad is not easy to tell for customers such as yourself. And to blindly trust any dev of any cheat is also stupid. I suggest to not play on your main machine if you cheat in all honesty.

But i would still from gut feeling agree with proofcore being up to no good just from the fact they treat you like garbage and dont go on here to answer and doesnt care about providing even half decent support to customers who pay premium for a half baked external.

But nanocore itself can be used in ways that is not meant with malicious intent. But anti virus does not care about intent or how its used. It see how its built and what it can do and obviously since open source and well known they know 110% hello nanocore.

This is not new to the world of cheats nor is it going to stop. But it's not acceptable to use nanocore in my personal opinion. Even if not meant for malicious intent.
Even if its common practise.

[Runabyte]

Quote:

Originally Posted by UIDQuestionMark

I suggest to not play on your main machine if you cheat in all honesty.

This should be the main slogan of cheaters everywhere and anywhere, no? Never access cheats on your main machine.

[SauceMachine]

Quote:

Originally Posted by UIDQuestionMark

But in terms of cheating and managing cheats it goes hand in hand with malware.
Many techniques are used to do both things. Alot of cheats do also have and use malicious features to protect themselfs against bad actors. Such as if someone wish to dump reverse crack and damage a brand. So just because its gets flagged for this or that doesnt mean that its used maliciously.

I came from the malware reversing scene (8-9 years) before i entered the gaming scene back in 2021 and I don't really agree that cheats and malware "go hand in hand." There's overlap in techniques (injection, obfuscation, anti-debug, kernel drivers), and a lot of cheat distribution is definitely malware-ridden, but a cheat isn't automatically malware just because it uses anti-analysis.

That said, adding "malicious features" that retaliate against the client (sabotage, persistence, spying, destructive actions, etc.) isn't "protection," it's malware. Defensive software protection should never intentionally harm the user's system, and the risk of false positives is exactly why this is bad practice.

[Drewfire]

Feedback belongs to the sellers thread.

#closed