Results 1 to 13 of 13
  1. #1
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2

    Is this file safe or infected?

    https://www.virustotal.com/file/7fcc...2087/analysis/
    http://virusscan.jotti.org/en/scanre...90614da1c06957

    File names (max. 25)
    1. WallHack.dll
    2. Gamer_Wall.dll
    3. file-4827043_dll
    4. BS_Simple.dll
    5. BS0wned-WH.dll
    6. BlackShotWallhack.dll
    7. [Updated]WeAreLegion.dll

    F-Prot packer identifier
    Enigma

    Please help me, is this file safe or harmful?

    Approve @Dave84311
    <b>Downloadable Files</b> Downloadable Files
    Last edited by Psychosis; 01-07-2013 at 04:40 AM. Reason: Added second virus scan

  2. The Following User Says Thank You to Psychosis For This Useful Post:

    huzai1234 (01-17-2013)

  3. #2
    uhZylon's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Location
    192.168.1.1
    Posts
    809
    Reputation
    39
    Thanks
    364
    My Mood
    Amused
    I'm not sure how virus total works so just download them and scan them with any antivirus, If they're a big threat, it will say its a high threat, this could be a bad thing though as some could be false positives.
    See what others say

  4. #3
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2
    This was already posted on MPGH. I would like a proper confirmation from sources, such as Dave. I know he's very busy lately, but those are a lot of false positive.. Especially for a simple .dll that is 1MB. On top of that, it's packed by Enigma.

  5. #4
    DєfKOniK's Avatar
    Join Date
    Apr 2012
    Gender
    male
    Location
    Ottawa
    Posts
    3,222
    Reputation
    234
    Thanks
    414
    My Mood
    Cynical
    @Dave84311 would love to become a dude who tests shit for viruses lol.


    anyways i cant really test it cause its not approved.

  6. #5
    eLohith's Avatar
    Join Date
    May 2012
    Gender
    male
    Posts
    78
    Reputation
    19
    Thanks
    4
    My Mood
    Cool
    Infected Not Safe, it is encrypted with a crypter to make it undetectable
    My Game Store Link :- http://www.mpgh.net/forum/124-selling-accounts-keys-items/473331-steam-gifts-ap-payza-libertyreserve-paypal-mb-starting-5-a.html

    ◥★◤ Steam Gifts ◥★◤ AP ( Payza ), Libertyreserve, Paypal, MB ◥★◤ Starting from 5$ ◥★◤ Any Game from Steam ◥★◤

  7. #6
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2
    This file was approved by T o p, now all of a sudden. The original thread that contain this file is gone. Does that mean, countless people got infected?

    When this thread's attachment is approved. I would appreciate if any member help me test it and let me know.. I think many people got infected on this site or it was may be a false positive.. but that doesn't explain, why the original thread was deleted.
    Last edited by Psychosis; 01-07-2013 at 03:07 PM.

  8. #7
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,855
    Reputation
    3541
    Thanks
    36,154
    My Mood
    Devilish
    That file is definitely packed. I highly doubt your bank information was stolen unless you have it in a text file or entered it in during the time of *possible* infection. I'd change all my passwords if I were you (especially cc/bank accounts - even though there is virtually nothing serious they can do).

    Link me to the original so I can check why it was deleted (check your history). If it was an infected file I will unpack it and test it to see what it does. My guess is it was deleted for advertising as most files are checked if they are safe or not, sometimes advertising gets through though.





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  9. The Following User Says Thank You to Dave84311 For This Useful Post:

    Psychosis (01-08-2013)

  10. #8
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2
    @Dave84311 I wish I could link you to the original thread. However, I did a clean sweep of my entire computer. Indeed I have personal private information on text files.. That is why I had to bother you, at a time like this. I know you are a very busy person, but I had no one to turn to.. The original thread was created in this section - Mission Against Terror Hacks - MPGH - MultiPlayer Game Hacking & Cheats - Hacks, Cheats, Downloads, Trainers, Games and original thread starter was ElitMaster2. The above file in the attachment is the same original file. I just changed the name from WallHack.dll to Help.dll

    The jotti virus scan is the same, except re-scanned. I added the virustotal scan. I would appreciate it so much, if you could un-pack it for me and find out what's going on. If it's serious, you should also warn the other members that downloaded this particular file. Thank you.

    I think T o p approved and then deleted the original thread. Not sure if that helps or not..
    Last edited by Psychosis; 01-08-2013 at 12:23 AM.

  11. #9
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,855
    Reputation
    3541
    Thanks
    36,154
    My Mood
    Devilish
    "Reason: same vs"

    Pretty sure it was deleted because it had no virus scans.





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  12. #10
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2
    Quote Originally Posted by Dave84311 View Post
    "Reason: same vs"

    Pretty sure it was deleted because it had no virus scans.
    @Dave84311 If you look at my second virus scan. (virus total) That is the virus scan that was not added into the original thread. I still think there is something suspicious with this file. It's a .dll that supposedly has 1 function (wall hack) Instead, it does not work and Avast,Nod32 both consider the file to be PuP and harmful to the computer and the total size is 1.04MB.

    https://www.virustotal.com/file/7fcc...2087/analysis/

  13. #11
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,855
    Reputation
    3541
    Thanks
    36,154
    My Mood
    Devilish
    Quote Originally Posted by MATLover View Post
    @Dave84311 If you look at my second virus scan. (virus total) That is the virus scan that was not added into the original thread. I still think there is something suspicious with this file. It's a .dll that supposedly has 1 function (wall hack) Instead, it does not work and Avast,Nod32 both consider the file to be PuP and harmful to the computer and the total size is 1.04MB.

    https://www.virustotal.com/file/7fcc...2087/analysis/
    If that was the file you posted, the reason for those scans is that it is packedpted. If you have a firewall, I wouldn't worry.





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  14. #12
    abuckau907's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Location
    other side of the wire
    Posts
    1,344
    Reputation
    162
    Thanks
    239
    My Mood
    Cold
    Not sure what I'm looking at, maybe some else has a comment or two? Ran the "Help.dll" through IDA disassembler, it is packed. I assume it's the orig as author says --> virustotal shows checksums? hard w/o orig. thread, wasn't here. - Might work on un-packing it later.



    ^^internet?


    "... the reason for those scans is that it is packed/ encrypted. If you have a firewall, I wouldn't worry."

    ^^true vv
    If the file is packed, 95% of AV can't detect that it's a virus. All the av can see is 'jibberish bytecode' instead of asm instructions.

    ^^and if you 'pack' the .exe cleverly enough, maybe change IAT/region propeties, you can maybe even get disassemblers like IDA to bug and run bytecode.

    Someone more knowledgeable, please help
    Last edited by abuckau907; 01-09-2013 at 09:37 AM.
    'Some things that can be counted, don't matter. And some things that matter, can't be counted' - A.E.
    --
     

    My posts have some inaccuracies/are wrong/wrong keyword(s) used.
    They're (maybe) pretty close, and I hope they helped you, not created confusion. Take with grain of salt.

    -if you give rep, please leave a comment, else it means less.

  15. #13
    Psychosis's Avatar
    Join Date
    Oct 2012
    Gender
    male
    Posts
    25
    Reputation
    10
    Thanks
    2
    @Dave84311 - Regarding this file
    @abuckau907 - Regarding your previous post

    Files Detected:
    C:\Users\Computer Name\AppData\Local\Temp\wnct\tn.dll (Trojan.Scar) -> Quarantined and deleted successfully.

    Registry Item Data Detected:
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.Scar) -> Bad: (C:\Users\Computer Name\AppData\Local\Temp\wnct\tn.dll) Good: () -> Quarantined and repaired successfully.

Similar Threads

  1. Help : Can anyone tell if if this file is safe?
    By fireou12312 in forum General
    Replies: 16
    Last Post: 09-18-2012, 01:30 AM
  2. Replies: 12
    Last Post: 09-10-2009, 10:33 PM
  3. How do you fix: "You don't have permission to open this file" error?
    By soupppo in forum CrossFire Hacks & Cheats
    Replies: 8
    Last Post: 05-08-2009, 09:18 PM
  4. Does this look Safe to you?(Flam=Inmature)
    By snagg57 in forum Combat Arms Hacks & Cheats
    Replies: 1
    Last Post: 03-06-2009, 02:01 PM
  5. How bad is this file ?
    By TheBlueMax in forum WarRock - International Hacks
    Replies: 16
    Last Post: 10-21-2007, 01:21 PM