[Virus Alert] In Address Logger++

[SNIPdetta]

The member Polymorphism published a dll that promises to update the addresses of hacks for combat arms.

URL: https://www.mpgh.net/forum/207-combat...ss-logger.html

While many have the grateful and used the logger.
Received a virus as a gift.

Today I thought I'd use this logger out of curiosity and found the following information:

In the logger he added a function to download a file that contains virus.

This is the analysis of the file that is downloaded by the logger:

winlogonn.exe - Jotti's malware scan

https://www.virustotal.com/file/d9ca...is/1335836694/

The address used to download this file infected is a known member of the forum by the name of Faith, I can not say it was the same as posted intentionally because your forum seems to have been hacked.

[[MPGH]Dave84311]

I will investigate it.

I can not say it was the same as posted intentionally because your forum seems to have been hacked.

What do you mean by that...

[SNIPdetta]

I will investigate it.



What do you mean by that...

Thanks, is because Faith stopped posting hacks for CA a long time ago and the forum of Faith is being redirected to another location.

[supercarz1991]

I didn't get that after running the logger...

[Departure]

Well if the logger is auto updating and using the common "URLDownloadToFile" or similar API of-cause its going to be detected as a Trojan as this is what most basic noob trojans use and abuse.. also he must a be real noob is downloading a file called "Winlogonn.exe" and has a detection ratio of over 60%. surly no one is stupid enough to think that he would actually infect anyone with a detection rate of over 60%

[steven1578]

I did neither got this file :O?
Where should this file be located to?

[flameswor10]

Your antivirus should automatically delete it.

---------- Post added at 10:30 PM ---------- Previous post was at 10:29 PM ----------

/stuck for the time being.

[Reflex-]

I did neither got this file :O?
Where should this file be located to?

If you can't find the Location then open "Windows Task Bar", Then click Processes. After that Scroll Down until you see the Name. if you don't see it you should be fine

[TokolocoSK]

When it is injected,is open window ms dos

[gotter]

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

[supercarz1991]

i don't get this in my processes



i watched my processes from the start of injection to the finish, no exe by this name

[teehee15]

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

Lol, winlogon.exe is a process run by windows. If you end that process you'll screw up you comp until you restart.

[gotter]

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

[supercarz1991]

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

Your not supposed to lol

And there's no virus in the address logger ++

[Departure]

he said in his first post the the process was "winlogonn.exe" with 2 n's so its obvious it is a fake process trying to look like the real winlogon.exe