|
You last visited: Today at 22:45
Advertisement
[Discussion] Why would Elitepvpers allow this?
Discussion on [Discussion] Why would Elitepvpers allow this? within the SRO Private Server forum part of the Silkroad Online category.
02/09/2016, 11:35
|
#1
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
[Discussion] Why would Elitepvpers allow this?
Hello,
I've downloaded Dymer Online client and they are using Torque with his "HWID" system and .dll, I was suspicious about the .dll, so I ran it on virus total:
26 / 54 detection's claiming it's a virus:
"Variant.Kazy"
I'm quoting from
"The Kazy Trojan is a malware threat that first surfaced in 2010. According to ESG PC security analysts, the Kazy Trojan has been associated with a variety of different criminal activities, including keyloggers, phishing scams and data theft. The Kazy Trojan is only as strong as its payload. This is because the Kazy Trojan is a dropper Trojan, designed to install malware onto infected computer systems. Criminals can use the Kazy Trojan to install practically any kind of malware onto their victim's computer, including but not limited to spyware, adware, remote access tools, keyloggers, rogue security programs, rootkits and scareware of all kinds."
This .dll is even more infected then the heaviest infected sro_client.exe I've ever seen and yet, it's still allowed.
At the moment this servers are using same .dll:
Dymer.dll
Titan.dll
Conflict.dll
VictorSRO.dll
With this much detection it must be some kind of malware in that .dll or there must be some really outdated coding that would cause detection, this is absurd and in my opinion all threads/servers using this .dll should be closed instantly.
I would request a moderator to take a look on this, I warn players that play on this servers to get a virus scan done or re-format their windows and change all their password from a clean machine.
Thanks.
|
|
|
02/09/2016, 11:52
|
#2
|
elite*gold: 0
Join Date: Feb 2008
Posts: 961
Received Thanks: 648
|
This is false-positive due to Packing software (I use a cracked packing software which is widely used by other people who spread malware, so it is read as a positive because of these people).
This is the virustotal scan for the "unpacked" DLL :
Not bad, tho. Keep trying, son.
|
|
|
02/09/2016, 11:53
|
#3
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by magicanoo
This is the virustotal scan for the "unpacked" DLL :
Not bad, tho. Keep trying, son.
|
Seems like someone switched .dll after a while?
|
|
|
02/09/2016, 11:54
|
#4
|
elite*gold: 60
Join Date: Feb 2012
Posts: 3,942
Received Thanks: 6,475
|
What kind of bs is this ? You are clearly referring to Torque which I have seen the source code itself and the detection is just because of the heavy packing. Quit the **** and gtfo nobody cares about your 1337 experience.
|
|
|
02/09/2016, 11:56
|
#5
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by LastThief*
What kind of bs is this ? You are clearly referring to Torque which I have seen the source code itself and the detection is just because of the heavy packing. Quit the **** and gtfo nobody cares about your 1337 experience.
|
The excuse is that your .dll is packed.
Alright, this is also packed:
You do not get 26 detection(s) by encrypting your software, that's just pure bullshit.
:Also:
If you encrypted a software you would get detected for " confusion" or " suspicious" behavior, not for having a " Trojan.Kazy"
:And:
I believe your .dll is coded in C++ and not C#, why would you have to encrypt / pack it?
|
|
|
02/09/2016, 12:05
|
#6
|
elite*gold: 0
Join Date: Feb 2008
Posts: 961
Received Thanks: 648
|
Quote:
Originally Posted by Goofie
Seems like someone switched .dll after a while?
|
I uploaded both even though they're the same from the same "Release" folder in the visual studio project. Also, virustotal wouldn't put them together if they weren't identical.
Quote:
Originally Posted by Goofie
The excuse is that your .dll is packed.
Alright, this is also packed:
You do not get 26 detection(s) by encrypting your software, that's just pure bullshit.
:Also:
If you encrypted a software you would get detected for " confusion" or " suspicious" behavior, not for having a " Trojan.Kazy"
:And:
I believe your .dll is coded in C++ and not C#, why would you have to encrypt it?
|
Confuser is a .NET packer you idiot. You can get all false-positive if you're using an old and cracked packing program which is flagged due to the abuse of other people. I pack it to protect the strings and prevent debuggers/virtual machine usage.
|
|
|
02/09/2016, 12:07
|
#7
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by magicanoo
Confuser is a .NET packer you idiot. You can get all false-positive if you're using an old and cracked packing program which is flagged due to the abuse of other people. I pack it to protect the strings and prevent debuggers/virtual machine usage.
|
I rest my case, even if you pack something it will not give you 26 detection(s). Plain and simple.
I'm glad that I scanned that .dll before running it on my PC.
|
|
|
02/09/2016, 12:09
|
#8
|
elite*gold: 500
Join Date: Jul 2009
Posts: 262
Received Thanks: 541
|
Now this thread is really ridiculous
You must be really mad that your SUPER**** hwid "feature" isnt even close to torques..
The fact is that you released plenty of databases, backstabbing your customers, changed your name few times cause your bad reputation while magicanoo has never done such a thing.
I knew you are an idiot but this move went beyond stupidity
|
|
|
02/09/2016, 12:11
|
#9
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by Bizzyyyyy
Now this thread is really ridiculous
You must be really mad that your SUPER**** hwid "feature" isnt even close to torques..
The fact is that you released plenty of databases, backstabbing your customers, changed your name few times cause your bad reputation while magicanoo has never done such a thing.
I knew you are an idiot but this move went beyond stupidity
|
If you wanna shoot yourself in the foot, then go ahead and do that. I would not personally play on servers that has that heavy detected files.
This has nothing to do about my features, this is about the Silkroad community and the few players that actually remains.
|
|
|
02/09/2016, 12:13
|
#10
|
elite*gold: 0
Join Date: Feb 2008
Posts: 961
Received Thanks: 648
|
Quote:
Originally Posted by Goofie
I rest my case, even if you pack something it will not give you 26 detection(s). Plain and simple.
I'm glad that I scanned that .dll before running it on my PC.
|
You wanted to run it on your PC to try and steal the **** inside? you should've just asked me for the packet, son.
|
|
|
02/09/2016, 12:13
|
#11
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by magicanoo
You can get all false-positive if you're using an old and cracked packing program which is flagged due to the abuse of other people.
|
You know that all created files has it own md5/sha right?
And if your statement was even close to being "right" then my SUPERMIKE.exe would be even more detected because I use a cracked packer.
So ConfusserEx v0.3.0 gives a lot of infections you say, then how come your Torque .exe's isn't even as infected as your .dll?
:Oh yeah:
Off-topic, I de-compiled parts of your code.
Quote:
Originally Posted by magicanoo
You wanted to run it on your PC to try and steal the shit inside? you should've just asked me for the packet, son.
|
Actually wanted to test a few stuff on the Torque protection, but when I saw that infected .dll I removed the client from my PC.
|
|
|
02/09/2016, 12:18
|
#12
|
elite*gold: 0
Join Date: Feb 2008
Posts: 961
Received Thanks: 648
|
Quote:
Originally Posted by Goofie
You know that all created files has it own md5/sha right?
And if your statement was even close to being "right" then my SUPERMIKE.exe would be even more detected because I use a cracked packer.
Actually wanted to test a few stuff on the Torque protection, but when I saw that infected .dll I removed the client from my PC.
|
There is something called "Packer signature" which is changeable among different packing programs.
I'm glad that you deleted it from your PC, you shouldn't play with fire you know
|
|
|
02/09/2016, 12:21
|
#13
|
elite*gold: 0
Join Date: Apr 2015
Posts: 1,444
Received Thanks: 1,371
|
Quote:
Originally Posted by magicanoo
There is something called "Packer signature" which is changeable among different packing programs.
I'm glad that you deleted it from your PC, you shouldn't play with fire you know
|
So you mean that someone choose your packet signature of all packet signatures out there? Seems legit.
Weird that nobody used my packet signature yet then, even do my Filter have been existing longer then your hwid.dll. That's really "strange/odd" to me.
|
|
|
02/09/2016, 12:27
|
#14
|
Chat Killer In Duty
elite*gold: 5
Join Date: May 2008
Posts: 16,311
Received Thanks: 6,470
|
First off, this dll is totally optional(that doent make it right, though but ill get on that in a sec)
Since we have NOTHING to trust the exe, im gonma ask this once and only once.
As for a routine check, send me an unpacked dll as a PM, and ill check
Why im asking this? If the file's infection is due to this, then an unpacked spftware will be safe
As a safe proof regarding this request, if i do not receive the unpacked dll within reasonable amount of days, since i have no other source to trust, ill apply the general malware rule and remove the thread
As for this thread, it is title alone is enough to bait spammers
#closed
|
|
|
Similar Threads
|
[DISCUSSION]elitepvpers own PUB hack for psf
08/05/2010 - Soldier Front Philippines - 8 Replies
wala po.
bang magaling na coder ang elitepvper
nakayang pantayan ang ibang site na my PUB ?
or VIp
.
para kasing nakakainis
yung mga hacks ng ibang site
halos dito nag lalabasan.
anu toh? copy ,paste na lang tayu?
|
[Discussion]RAN Private Server Of Elitepvpers
07/04/2010 - Private Server Advertising - 3 Replies
Can i Make A RAN Private Server Of Elitepvpers
But I need the Following Stuff
Game Developer
Web Designer
Graphic Designer
Game Moderator
Forum Moderator
|
All times are GMT +2. The time now is 22:45.
|
|