ichsuger //former//
CS mod at this site handed each of you a hackpack that claimed to be undetected. Seems he decieved many of you, by adding a trojan that uploaded your important information. This is a problem here.
Heres the documentation,
followed by how you can fix your system, in order to clean his infected trojan from your computer.:
Quote:
Seems you are adding a program to each of the undetected hack folders. You have downloaded three currently Undetected cheats, added to a RAR, but added on program to each of the three folders.
Code: antivacsystemso.exe
The three cheats you added, two of them are from my site at MP-Hacks. So I have major interest here. Lets begin:
Downloading your cheatpack from your supplied link gives us antivacsystemso.rar. Funny name to call a 'gathered cheat pack'. ANYWAYS.. when we download it, our antivirus program goes haywire... it could be a false positive, maybe it's a trojan.
Lets investigate your hack pack and find out:
Uploading it to anibus shows us invaluable information. Here's the results
As you see, it modifies users registry and creates and monitors keys. This should not even be in a "antivac" program. But lets continue..
Seems your trojan also connects to the internet, creates a file that has the following information:
- Internet explorer usernames/ passwords
- Mozilla Firefox usernames/passwords
- Steam usernames/passwords
- MSN, Yahoo, GoogleTalk ( Pidgin & Trillian ) usernames/passwords
It creates a file in temp folder
Code: \Temp\u16event.html
and even calls on
Code: C:\WINDOWS\system32\services.exe
Lets view the file in Olly:
- GetProcAddress LoadLibraryA ( Standard )
- GetComputerNameA ( why are you calling this? )
- FindCloseUrlCache FindNextUrlCacheEntry FindFirstUrlCacheEntry ( what??! why )
- FtpPutFile InternetConnect InternetOpen ( so, your antivac program puts all the assembled information into a file, opens the users internet connection, then connects to your FTP server and gives the file to you.
to be continued..
|
To remove this infection from your system, you will need to locate the antivacsystemso.exe and delete it fully from your computer. Next you will have to locate u16event.html from you temp file folder and remove that as well, fully and completely from your system. Clean your computer next fully with HIjackThis ( use their help forum to find any other problems that could have come with this trojan ). Then use a updated AntiVirus program to scan your entire system.
Then I suggest you change all your passwords. Every single one of them.
Sorry to see this has happened, but children with a bit of power..
. 
Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 70000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community!
03-09-2009, 08:12 PM
from me.
Linear Mode
Similar Threads 
