Page 1 of 3 123 LastLast
Results 1 to 15 of 41
  1. #1
    NormenJaydenFBI's Avatar
    Join Date
    Sep 2011
    Gender
    male
    Location
    Canterlot, Equestria
    Posts
    12,213
    Reputation
    1021
    Thanks
    3,215

    Viral Content Warning: "BlackOps XProject [v1.1]"

    If you downloaded the attachment from the, "BlackOps XProject [v1.1]" thread and ran it you may have been infected and had several of your passwords stolen.
    After analyzing the file the following things have been observed:
    • Logs your PC and IP.
    • File goes for your Firefox, Google Chrome, and Opera logins and possibly history.
    • Goes for some of your Steam user info and configurations files, this may allow them to automatically login to your Steam account but I'm not sure so don't quote me on it. It looks for these Steam files in particular, there may be more.
      \config\config.vdf
      \config\loginusers.vdf
      \config\SteamAppData.vdf
    • The file starts itself whenever you turn on your computer under a different name, "sR.exe"
    • The file may block the Task Manger from being opened.
    • It may mess with your mouse movements and or lock the mouse.


    @Liz @arunforce @Dave84311
    If you can pull the list of all the users who downloaded the file please mention them here.

    Manual Fix:
    • It may block the task manager from being opened but if it doesn't, start the task manager then end the program it should be named whatever you ran it as. By default: xPirat BlackOps XProject.exe
    • Navigate to this folder: C:\Users\<YOUR USERNAME>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    • Delete sR.exe
    • Install MalwareBytes and Avira, make sure to run full scans with both.
    • Check the task manager for both instances of the virus which should be, "xPirat BlackOps XProject.exe" and "sR.exe"
    • Once you're sure no instances of the file are running, you can leave your Skype below and I'll double check, change ALL of your passwords and clear all of your web browser(s') history and stored passwords. Passwords should never be stored because of how easily malicious programs can just grab them, it's a good habit to start memorizing them instead of storing them.
    • If you are scared to perform these steps because you're afraid you'll mess up your computer, just leave your Skype below and I'll do it for you.
      Major credits to @master131 for most of the analyzing.

    If you have downloaded and ran the file please leave your Skype here so I can contact you and help you. At MPGH user safety is our number one concern and we're sorry this file managed to slip through, we apologize.
    Sincerely,
    ~The MPGH Staff Force.
    Last edited by NormenJaydenFBI; 07-26-2015 at 10:29 PM.


    MPGH Staff History:
    Minion: 02-12-2013 - 6-28-2013
    Former Staff: 6-28-2013 - 7-14-2014
    Minion: 7-14-2014 - 1-3-2015
    Minion+: 1-3-2015 - 6-1-2015
    Moderator: 6-1-2015 - 10-2-2016
    Global Moderator: 10-2-2016 - Current

    Current Sections:
    DayZ Mod & Standalone Hacks & Cheats
    BattleOn Games Hacks, Cheats & Trainers
    Minecraft Hacks
    Other Semi-Popular First Person Shooter Hacks
    Blackshot Hacks & Cheats
    Need For Speed World Hacks
    Other First Person Shooter Hacks
    CounterStrike: Global Offensive Hacks
    Garry's Mod Hacks & Cheats


    Donating:
    If you want to donate money to me I take Bitcoin & Paypal, PM me for either of these if you're interested and thanks.
    Top Donators: (Awesome People)
    FanticSteal $75.00
    smurf_master $58.00 <- Best DayZ Gear Seller
    Fujiyama $25.00
    [MPGH]Black $10.00
    [MPGH]Hova $10.00
    xJudgez $4.54
    [MPGH]Normen's Sheep $3.50
    eminemlover $1.50


    Brony?
    http://www.mpgh.net/forum/groups/1728-mpgh-bronies.html

  2. The Following 14 Users Say Thank You to NormenJaydenFBI For This Useful Post:

    baptiste28 (07-27-2015),BatmanSucks (08-14-2015),Chinelinho (08-10-2015),DadDelta (07-26-2015),Dave's Mexican (07-26-2015),[MPGH]Eithan1231 (07-26-2015),GabezAwesome (07-27-2015),gabriex555 (07-26-2015),IDKZAL (07-26-2015),It'sOGHere (07-26-2015),[MPGH]Jorndel (07-26-2015),[MPGH]Mayion (07-26-2015),TonyMane() (07-27-2015),xSteen11 (08-10-2015)

  3. #2
    [NEWACCOUNT]Yano's Avatar
    Join Date
    Dec 2014
    Gender
    male
    Location
    CL_WritePacket();
    Posts
    329
    Reputation
    13
    Thanks
    3,446
    My Mood
    Relaxed
    Wondering why it got approved then
    Code:
    __asm mov [RecoilVec], 0

  4. The Following User Says Thank You to [NEWACCOUNT]Yano For This Useful Post:

    [MPGH]Eithan1231 (07-26-2015)

  5. #3
    Gab's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Qc, Canada
    Posts
    6,658
    Reputation
    1498
    Thanks
    1,466
    Quote Originally Posted by [NEWACCOUNT]Yano View Post
    Wondering why it got approved then
    Cuz @NormenJaydenFBI can't moderate properly

  6. The Following 4 Users Say Thank You to Gab For This Useful Post:

    Dave's Mexican (07-27-2015),[MPGH]Eithan1231 (07-26-2015),[MPGH]T-Bone (07-26-2015),ThisKillcam3 (10-20-2016)

  7. #4
    NormenJaydenFBI's Avatar
    Join Date
    Sep 2011
    Gender
    male
    Location
    Canterlot, Equestria
    Posts
    12,213
    Reputation
    1021
    Thanks
    3,215
    Quote Originally Posted by Gab View Post


    Cuz @NormenJaydenFBI can't moderate properly
    I don't even have this section.


    MPGH Staff History:
    Minion: 02-12-2013 - 6-28-2013
    Former Staff: 6-28-2013 - 7-14-2014
    Minion: 7-14-2014 - 1-3-2015
    Minion+: 1-3-2015 - 6-1-2015
    Moderator: 6-1-2015 - 10-2-2016
    Global Moderator: 10-2-2016 - Current

    Current Sections:
    DayZ Mod & Standalone Hacks & Cheats
    BattleOn Games Hacks, Cheats & Trainers
    Minecraft Hacks
    Other Semi-Popular First Person Shooter Hacks
    Blackshot Hacks & Cheats
    Need For Speed World Hacks
    Other First Person Shooter Hacks
    CounterStrike: Global Offensive Hacks
    Garry's Mod Hacks & Cheats


    Donating:
    If you want to donate money to me I take Bitcoin & Paypal, PM me for either of these if you're interested and thanks.
    Top Donators: (Awesome People)
    FanticSteal $75.00
    smurf_master $58.00 <- Best DayZ Gear Seller
    Fujiyama $25.00
    [MPGH]Black $10.00
    [MPGH]Hova $10.00
    xJudgez $4.54
    [MPGH]Normen's Sheep $3.50
    eminemlover $1.50


    Brony?
    http://www.mpgh.net/forum/groups/1728-mpgh-bronies.html

  8. #5
    Gab's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Qc, Canada
    Posts
    6,658
    Reputation
    1498
    Thanks
    1,466
    Quote Originally Posted by NormenJaydenFBI View Post

    I don't even have this section.
    Stop with the excuses you toasthole

  9. #6
    baptiste28's Avatar
    Join Date
    Dec 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    Hello,

    I'm french, sorry for my bad english. I use Google Translate.

    I got the Dave message that I had been infected.
    I have launched the infected file, July 14. But the application had planted at startup. All that I could find, they are 3 text files and a screenshot of my Windows desktop in my Windows temporary folder. These three files contained my passwords stored in my browser Opera, Chrome and Firefox. As for the screenshot, it was taken automatically launch the malicious program.

    I looked in my Windows logs, and I saw only errors in the program. Nothing else suspicious since.

    Do you think my passwords have been sent? How to know?
    I already did a scan with MalwareBytes, by checking out the box "Rootkit", and I have found nothing.

    I am planning to do a scan with Avira, I'll let you know.

    Thank you for your kindness to members, I'm stupid not to have tested the software in a virtual machine before.

  10. #7
    Minnesota Dabs's Avatar
    Join Date
    Nov 2013
    Gender
    male
    Location
    VOTE TRUMP
    Posts
    4,209
    Reputation
    615
    Thanks
    1,069
    My Mood
    Relaxed
    Thanks for the credits Normen.

    /s

  11. #8
    NormenJaydenFBI's Avatar
    Join Date
    Sep 2011
    Gender
    male
    Location
    Canterlot, Equestria
    Posts
    12,213
    Reputation
    1021
    Thanks
    3,215
    Quote Originally Posted by baptiste28 View Post
    Hello,

    I'm french, sorry for my bad english. I use Google Translate.

    I got the Dave message that I had been infected.
    I have launched the infected file, July 14. But the application had planted at startup. All that I could find, they are 3 text files and a screenshot of my Windows desktop in my Windows temporary folder. These three files contained my passwords stored in my browser Opera, Chrome and Firefox. As for the screenshot, it was taken automatically launch the malicious program.

    I looked in my Windows logs, and I saw only errors in the program. Nothing else suspicious since.

    Do you think my passwords have been sent? How to know?
    I already did a scan with MalwareBytes, by checking out the box "Rootkit", and I have found nothing.

    I am planning to do a scan with Avira, I'll let you know.

    Thank you for your kindness to members, I'm stupid not to have tested the software in a virtual machine before.
    Please post your Skype here if you can.


    MPGH Staff History:
    Minion: 02-12-2013 - 6-28-2013
    Former Staff: 6-28-2013 - 7-14-2014
    Minion: 7-14-2014 - 1-3-2015
    Minion+: 1-3-2015 - 6-1-2015
    Moderator: 6-1-2015 - 10-2-2016
    Global Moderator: 10-2-2016 - Current

    Current Sections:
    DayZ Mod & Standalone Hacks & Cheats
    BattleOn Games Hacks, Cheats & Trainers
    Minecraft Hacks
    Other Semi-Popular First Person Shooter Hacks
    Blackshot Hacks & Cheats
    Need For Speed World Hacks
    Other First Person Shooter Hacks
    CounterStrike: Global Offensive Hacks
    Garry's Mod Hacks & Cheats


    Donating:
    If you want to donate money to me I take Bitcoin & Paypal, PM me for either of these if you're interested and thanks.
    Top Donators: (Awesome People)
    FanticSteal $75.00
    smurf_master $58.00 <- Best DayZ Gear Seller
    Fujiyama $25.00
    [MPGH]Black $10.00
    [MPGH]Hova $10.00
    xJudgez $4.54
    [MPGH]Normen's Sheep $3.50
    eminemlover $1.50


    Brony?
    http://www.mpgh.net/forum/groups/1728-mpgh-bronies.html

  12. #9
    baptiste28's Avatar
    Join Date
    Dec 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    My Skype is :
    baptiste28000
    Last edited by baptiste28; 07-26-2015 at 11:08 PM.

  13. #10
    Skullkill17's Avatar
    Join Date
    Feb 2015
    Gender
    male
    Posts
    207
    Reputation
    25
    Thanks
    33
    My Mood
    Aggressive
    Skull-was-killed ((

  14. The Following User Says Thank You to Skullkill17 For This Useful Post:

    TonyMane() (08-04-2015)

  15. #11
    baptiste28's Avatar
    Join Date
    Dec 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    Oh, you download too the file :'(

    I have finish my Avira scan, and no virus.

    Normen, i'm ready

  16. #12
    Mamadank's Avatar
    Join Date
    Jun 2015
    Gender
    female
    Posts
    2
    Reputation
    10
    Thanks
    0
    Downloaded it and ran it a few days ago, checked Temp folder, checked Task Manager, ran scans on Avira and MB and AVG, all clear changing my passwords just in case though

  17. #13
    wassabi_person's Avatar
    Join Date
    Aug 2013
    Gender
    male
    Posts
    1
    Reputation
    10
    Thanks
    0
    I downloaded the file... I can PM you my skype if needed, im not sure if i ran it though. But better safe then sorry :/

  18. #14
    baptiste28's Avatar
    Join Date
    Dec 2011
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    Thx to NormenJaydenFBI for help, my PC is OK

  19. #15
    X DeTh x JaKeX's Avatar
    Join Date
    Jan 2013
    Gender
    male
    Posts
    2
    Reputation
    10
    Thanks
    0
    Yeah I can verify it takes the steam passwords. It stole my steam account of 171 games, but I got access back to it. Wasn't sure what was going on but I'm at ease now. Running every antivirus I can find tomorrow and also manually checking to make 100% sure that it's fixed. Thanks you guys for letting me know what's going on.

Page 1 of 3 123 LastLast

Similar Threads

  1. [Info] Viral Content Warning: "Soldier Front Hack V3.5 Wallhack/No Spread/ Sp & XP hack"
    By NormenJaydenFBI in forum Soldier Front Hacks
    Replies: 2
    Last Post: 07-29-2015, 11:02 PM
  2. [Release] WARNING GRAPIC CONTENT! May Bother People!
    By TheBFH in forum Combat Arms Mods & Rez Modding
    Replies: 44
    Last Post: 03-13-2010, 08:12 AM
  3. Replies: 14
    Last Post: 04-26-2009, 06:39 AM