[Virus Alert] In Address Logger++

**SNIPdetta** · 04-30-2012

The member Polymorphism published a dll that promises to update the addresses of hacks for combat arms.

URL: http://www.mpgh.net/forum/207-combat...ss-logger.html

While many have the grateful and used the logger.
Received a virus as a gift.

Today I thought I'd use this logger out of curiosity and found the following information:

In the logger he added a function to download a file that contains virus.

This is the analysis of the file that is downloaded by the logger:

winlogonn.exe - Jotti's malware scan

https://www.virustotal.com/file/d9ca...is/1335836694/

The address used to download this file infected is a known member of the forum by the name of Faith, I can not say it was the same as posted intentionally because your forum seems to have been hacked.

**[MPGH]Dave84311** · 04-30-2012

I will investigate it.

Originally Posted by SNIPdetta

I can not say it was the same as posted intentionally because your forum seems to have been hacked.

What do you mean by that...

**SNIPdetta** · 04-30-2012

Originally Posted by Dave84311

I will investigate it.

What do you mean by that...

Thanks, is because Faith stopped posting hacks for CA a long time ago and the forum of Faith is being redirected to another location.

**supercarz1991** · 05-01-2012

I didn't get that after running the logger...

**Departure** · 05-01-2012

Well if the logger is auto updating and using the common "URLDownloadToFile" or similar API of-cause its going to be detected as a Trojan as this is what most basic noob trojans use and abuse.. also he must a be real noob is downloading a file called "Winlogonn.exe" and has a detection ratio of over 60%. surly no one is stupid enough to think that he would actually infect anyone with a detection rate of over 60%

**steven1578** · 05-01-2012

I did neither got this file :O?
Where should this file be located to?

**[MPGH]flameswor10** · 05-01-2012

Your antivirus should automatically delete it.

---------- Post added at 10:30 PM ---------- Previous post was at 10:29 PM ----------

/stuck for the time being.

**Reflex-** · 05-01-2012

Originally Posted by steven1578

I did neither got this file :O?
Where should this file be located to?

If you can't find the Location then open "Windows Task Bar", Then click Processes. After that Scroll Down until you see the Name. if you don't see it you should be fine

**TokolocoSK** · 05-01-2012

When it is injected,is open window ms dos

**gotter** · 05-01-2012

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

**supercarz1991** · 05-01-2012

i don't get this in my processes

i watched my processes from the start of injection to the finish, no exe by this name

**teehee15** · 05-01-2012

Originally Posted by gotter

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

Lol, winlogon.exe is a process run by windows. If you end that process you'll screw up you comp until you restart.

**gotter** · 05-01-2012

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

**supercarz1991** · 05-02-2012

Originally Posted by gotter:5988752

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

Your not supposed to lol

And there's no virus in the address logger ++

**Departure** · 05-02-2012

he said in his first post the the process was "winlogonn.exe" with 2 n's so its obvious it is a fake process trying to look like the real winlogon.exe

Thread: [Virus Alert] In Address Logger++

Thread Tools

Display

[Virus Alert] In Address Logger++

The Following 2 Users Say Thank You to SNIPdetta For This Useful Post:

The Following User Says Thank You to Dave84311 For This Useful Post:

Similar Threads

[Info] *** Virus Alert

Virus Alert!!! PLEASE READ MPGH

Address Logger?

Fake Virus Alert--- PLEASE READ.

anyone got a address logger?