Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    SNIPdetta's Avatar
    Join Date
    Oct 2010
    Gender
    male
    Posts
    121
    Reputation
    21
    Thanks
    96

    [Virus Alert] In Address Logger++

    The member Polymorphism published a dll that promises to update the addresses of hacks for combat arms.

    URL: http://www.mpgh.net/forum/207-combat...ss-logger.html

    While many have the grateful and used the logger.
    Received a virus as a gift.

    Today I thought I'd use this logger out of curiosity and found the following information:

    In the logger he added a function to download a file that contains virus.

    This is the analysis of the file that is downloaded by the logger:

    winlogonn.exe - Jotti's malware scan

    https://www.virustotal.com/file/d9ca...is/1335836694/

    The address used to download this file infected is a known member of the forum by the name of Faith, I can not say it was the same as posted intentionally because your forum seems to have been hacked.

  2. The Following 2 Users Say Thank You to SNIPdetta For This Useful Post:

    street_21 (05-23-2012),TokolocoSK (05-01-2012)

  3. #2
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,853
    Reputation
    3541
    Thanks
    36,152
    My Mood
    Devilish
    I will investigate it.

    Quote Originally Posted by SNIPdetta View Post
    I can not say it was the same as posted intentionally because your forum seems to have been hacked.
    What do you mean by that...





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  4. The Following User Says Thank You to Dave84311 For This Useful Post:

    AtomicStone (05-11-2012)

  5. #3
    SNIPdetta's Avatar
    Join Date
    Oct 2010
    Gender
    male
    Posts
    121
    Reputation
    21
    Thanks
    96
    Quote Originally Posted by Dave84311 View Post
    I will investigate it.



    What do you mean by that...
    Thanks, is because Faith stopped posting hacks for CA a long time ago and the forum of Faith is being redirected to another location.

  6. #4
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,067
    Reputation
    323
    Thanks
    3,321
    My Mood
    Doh
    I didn't get that after running the logger...

    commando: You're probably the best non-coder coder I know LOL


  7. #5
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    Well if the logger is auto updating and using the common "URLDownloadToFile" or similar API of-cause its going to be detected as a Trojan as this is what most basic noob trojans use and abuse.. also he must a be real noob is downloading a file called "Winlogonn.exe" and has a detection ratio of over 60%. surly no one is stupid enough to think that he would actually infect anyone with a detection rate of over 60%

  8. #6
    steven1578's Avatar
    Join Date
    Aug 2008
    Gender
    male
    Location
    CShell.dll
    Posts
    684
    Reputation
    1
    Thanks
    936
    My Mood
    Busy
    I did neither got this file :O?
    Where should this file be located to?
    R.I.P Grandma! 3-17-2012

  9. #7
    flameswor10's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    12,528
    Reputation
    981
    Thanks
    10,404
    My Mood
    In Love
    Your antivirus should automatically delete it.

    ---------- Post added at 10:30 PM ---------- Previous post was at 10:29 PM ----------

    /stuck for the time being.
    No I do not make game hacks anymore, please stop asking.


    Been MPGH Minion: 6 July 2011 - 1 August 2012

  10. #8
    Reflex-'s Avatar
    Join Date
    Mar 2011
    Gender
    male
    Location
    192.168.1.01
    Posts
    6,633
    Reputation
    584
    Thanks
    2,261
    My Mood
    Dead
    Quote Originally Posted by steven1578 View Post
    I did neither got this file :O?
    Where should this file be located to?
    If you can't find the Location then open "Windows Task Bar", Then click Processes. After that Scroll Down until you see the Name. if you don't see it you should be fine

  11. #9
    TokolocoSK's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    Comendo Peru Pato Frango Búrguer.
    Posts
    2,874
    Reputation
    65
    Thanks
    6,785
    My Mood
    Yeehaw
    When it is injected,is open window ms dos



  12. #10
    gotter's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    Minecraft snowy Biome
    Posts
    360
    Reputation
    6
    Thanks
    151
    is the process winlogon.exe or winlogonn.exe ?
    cause i have winlogon.exe but not with 2 "n"
    Last edited by gotter; 05-01-2012 at 04:57 PM.

  13. #11
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,067
    Reputation
    323
    Thanks
    3,321
    My Mood
    Doh
    i don't get this in my processes



    i watched my processes from the start of injection to the finish, no exe by this name

    commando: You're probably the best non-coder coder I know LOL


  14. #12
    teehee15's Avatar
    Join Date
    Aug 2011
    Gender
    male
    Posts
    334
    Reputation
    52
    Thanks
    109
    Quote Originally Posted by gotter View Post
    is the process winlogon.exe or winlogonn.exe ?
    cause i have winlogon.exe but not with 2 "n"
    Lol, winlogon.exe is a process run by windows. If you end that process you'll screw up you comp until you restart.

  15. #13
    gotter's Avatar
    Join Date
    Mar 2008
    Gender
    male
    Location
    Minecraft snowy Biome
    Posts
    360
    Reputation
    6
    Thanks
    151
    oh okay... anyway i cant stop the winlogon one...
    thats why i was wondering

  16. #14
    supercarz1991's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    North of Hell, South of Heaven
    Posts
    6,067
    Reputation
    323
    Thanks
    3,321
    My Mood
    Doh
    Quote Originally Posted by gotter:5988752
    oh okay... anyway i cant stop the winlogon one...
    thats why i was wondering
    Your not supposed to lol

    And there's no virus in the address logger ++

    commando: You're probably the best non-coder coder I know LOL


  17. #15
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    he said in his first post the the process was "winlogonn.exe" with 2 n's so its obvious it is a fake process trying to look like the real winlogon.exe

Page 1 of 2 12 LastLast

Similar Threads

  1. [Info] MPH Virus Alert
    By Bombsaway707 in forum Combat Arms Hacks & Cheats
    Replies: 25
    Last Post: 09-19-2009, 10:58 AM
  2. Virus Alert!!! PLEASE READ MPGH
    By Zhhot in forum Combat Arms Discussions
    Replies: 19
    Last Post: 09-07-2009, 08:17 AM
  3. Address Logger?
    By Zhhot in forum C++/C Programming
    Replies: 33
    Last Post: 09-05-2009, 09:14 PM
  4. Fake Virus Alert--- PLEASE READ.
    By Mouzie in forum Combat Arms Hacks & Cheats
    Replies: 14
    Last Post: 04-06-2009, 03:19 PM
  5. anyone got a address logger?
    By bldymarien in forum Combat Arms Hacks & Cheats
    Replies: 3
    Last Post: 08-30-2008, 09:44 PM