The new drophack is a trojan!

This is a discussion on The new drophack is a trojan! within the Warcraft 3 forum board part of the Hot Games category; Okay as the title says 1.24e drophack DONT EXIST! (atleast not in public) If you find any 1.24e with the ...

Results 1 to 7 of 7
  1. #1
    Ginzo's Avatar
    Ginzo is offline Premium Member
    Array
    Join Date
    Mar 2007
    Posts
    215
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    107

    Exclamation The new drophack is a trojan!

    Okay as the title says 1.24e drophack DONT EXIST! (atleast not in public)
    If you find any 1.24e with the "simple" visual basic form icon dont run it.
    While i was slacking..i joined on channel 123 in bnet and i saw a bot with the name sex-clown spamming the "new public drophack" i had nothing to afraid.. and i downloaded ... i tested and i found that:

    *** Wc3- Drophack 1.24e by Lunix and Yeta.exe infected with BackDoor.Bifrost.7509 ***

    Category Backdoor
    Discovered 4/23/2007 12:01:00 PM
    Modified 11/25/2009 4:42:20 PM
    Threat Level Critical ****** ( the * means how much infected is)


    Category Description

    A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.



    If you are MOFO and you already run this programe here is some tips how to remove it , i hope it works or then QQ..

    The following Registry Entries were created:

    • ..\Software\Microsoft\ACTIVE SETUP\INSTALLED COMPONENTS\{9B71D88C-C598-4935-C5D1-43AA4DB90836}\"STUBPATH"\"%WIN%\BIFROST\SERVER.EXE S"
    • ..\Software\Microsoft\Windows\CurrentVersion\Run\\ "SERVER.EXE"\" 43 3A 5C 57 49 4E 44 4F 57 53 5C 53 79 73 74 65 6D 33 32 5C 73 65 72 76 65 72 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 0"
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AoYun.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Discovery.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe
    • ..\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe

    Name Version Publisher Signature (MD5) File Size (in K
    ..\52383DFD.EXE 7.9.0.1678 Stap 75181dedabc6a0483d4b01a2ba5d2e7d 143741
    ..\TEMP\CPORTS.EXE 1.0.7.0 NIRSOFT beda8b9ae8c69d161a438e8fe00c06db 38912
    ..\F928AB56.EXE 1.0.0.1001 Avira GmbH be95550c0d833283d6a4fd7cb1e04d10 125618
    ..\ED398FAB.EXE 1.0.0.1001 Avira GmbH fe0e95d8f949ca58eaac4dbdd3cfebfc 125614
    ..\FBF0E8C5.EXE 1.0.0.1001 360???? 586bdbdd7fd31eb1118e338574386b44 126794
    ..\bifrost\svchost.exe 1.0.0.0 . 817efbe2e700fe6975606999ff6105d3 160697
    ..\bifrost\server.exe 734090eaec0c46a632e81b0b17e85536 101488
    ..\FC897F65.EXE 8e9343f25dab5170fef568e88d6c39d6 25201
    ..\EDF8B817.EXE 528be12e748542b83f66ab63c4e12697 15424
    ..\F063D7C7.EXE 40658dae4f87b71e8858a340dae1c435 26733
    ..\EDF8B817.EXE 15424
    ..\F063D7C7.EXE 26733
    ..\EC4A169A.EXE 9949aaeb89d492a3ddf854fe7a4c27b2 24204
    ..\FC9A447C.DLL 14940
    ..\EC4A169A.EXE 24204
    ..\FCDC75AD.EXE 540541ae4bfe7329e6a6ba02acf14d26 113483
    ..\E3E0DB2F.EXE 219b78054d9873b87564f9d2d2d29c7c 65702
    ..\E22F9FC1.EXE 3697c02b3f30d6d7e7287204d8316b11 67284
    ..\Bifrost\sjdkfd.exe 219b78054d9873b87564f9d2d2d29c7c 65702
    ..\r32il.exe f29ae9b2852b76bd76e36a955b1b7ac2 33389
    ..\D81F5B55.EXE efef7c84c8d93d0663d38b7657d0b741 356462
    ..\2A7E8D9C.EXE e160fb15b3659637fd2dfb076b406cd8 307524
    ..\turko.exe 737afb855f1bcf3e7fabffd74e01bfb1 115200
    ..\D81F5B55.EXE 356462
    ..\2A7E8D9C.EXE 307524
    ..\r32il.exe 33389
    ..\turko.exe 115200

    Go to the following paths and delete them.
    if you dont know how right click > create > shortcut > regedit

    regards,
    Last edited by Ginzo; 03-18-2010 at 04:12 PM.

  2. The Following 5 Users Say Thank You to Ginzo For This Useful Post:


  3. #2
    Mahoney is offline Wannabe Member
    Array
    Join Date
    Mar 2010
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Most cheating programs aren't clean anyways.

  4. #3
    Daniel999's Avatar
    Daniel999 is offline bla

    Array
    Join Date
    Apr 2009
    Location
    Germany
    Posts
    2,182
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    15
    Reputation
    1083
    Quote Originally Posted by Mahoney View Post
    Most cheating programs aren't clean anyways.
    Our forum requires scans and most programms will get tested by mods. Our hacks should be clean (still on your own risk). It's up to you if you trust a file or not but we are trustable .

  5. The Following User Says Thank You to Daniel999 For This Useful Post:


  6. #4
    Tracky's Avatar
    Tracky is offline Administrator

    Array
    Join Date
    Dec 2007
    Location
    Germany
    Posts
    9,854
    Mentioned
    158 Post(s)
    Tagged
    2 Thread(s)
    Rep Power
    42
    Reputation
    5606
    So far, 100% of what I approved was Virus -FREE!
    So, you can trust the scans of our moderators

  7. #5
    LayA's Avatar
    LayA is offline Advanced Hacker

    Array
    Join Date
    Mar 2010
    Location
    Sydney, Australia
    Posts
    401
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    128
    Yea, the bot still seems too be in the channel, i wonder who owns it?

    we should report too blizzard about this matter.

  8. #6
    Tracky's Avatar
    Tracky is offline Administrator

    Array
    Join Date
    Dec 2007
    Location
    Germany
    Posts
    9,854
    Mentioned
    158 Post(s)
    Tagged
    2 Thread(s)
    Rep Power
    42
    Reputation
    5606
    Quote Originally Posted by LayA View Post
    Yea, the bot still seems too be in the channel, i wonder who owns it?

    we should report too blizzard about this matter.
    I don't think they care even a bit about it

  9. #7
    Devic3's Avatar
    Devic3 is offline Master Hacker
    Array
    Join Date
    Dec 2009
    Location
    Germany
    Posts
    717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    235
    Quote Originally Posted by Tracky View Post
    I don't think they care even a bit about it
    Me neither. Blizzard dont give a damn to their Warcraft III community. That's why it's so easy to hack in Warcraft III.

Similar Threads

  1. Trojan Remover 6.8
    By AlexanderTheGreat in forum Operating Systems
    Replies: 2
    Last Post: 08-08-2009, 01:55 PM
  2. Trojan Section
    By beebee in forum Entertainment
    Replies: 9
    Last Post: 12-31-2008, 05:29 PM
  3. Trojan in CE!
    By freshfish in forum Entertainment
    Replies: 18
    Last Post: 01-02-2008, 11:48 PM
  4. Trojan help fats PLEASE!
    By Range in forum Entertainment
    Replies: 9
    Last Post: 06-28-2007, 12:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •