street_21 (05-23-2012),TokolocoSK (05-01-2012)
The member Polymorphism published a dll that promises to update the addresses of hacks for combat arms.
URL: https://www.mpgh.net/forum/207-combat...ss-logger.html
While many have the grateful and used the logger.
Received a virus as a gift.
Today I thought I'd use this logger out of curiosity and found the following information:
In the logger he added a function to download a file that contains virus.
This is the analysis of the file that is downloaded by the logger:
winlogonn.exe - Jotti's malware scan
https://www.virustotal.com/file/d9ca...is/1335836694/
The address used to download this file infected is a known member of the forum by the name of Faith, I can not say it was the same as posted intentionally because your forum seems to have been hacked.
street_21 (05-23-2012),TokolocoSK (05-01-2012)
THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE
"First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311
HAVING VIRTUAL DETOX
AtomicStone (05-11-2012)
I didn't get that after running the logger...
commando: You're probably the best non-coder coder I know LOL
Well if the logger is auto updating and using the common "URLDownloadToFile" or similar API of-cause its going to be detected as a Trojan as this is what most basic noob trojans use and abuse.. also he must a be real noob is downloading a file called "Winlogonn.exe" and has a detection ratio of over 60%. surly no one is stupid enough to think that he would actually infect anyone with a detection rate of over 60%
I did neither got this file :O?
Where should this file be located to?
R.I.P Grandma! 3-17-2012
Your antivirus should automatically delete it.
---------- Post added at 10:30 PM ---------- Previous post was at 10:29 PM ----------
/stuck for the time being.
No I do not make game hacks anymore, please stop asking.
When it is injected,is open window ms dos
is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"
Last edited by gotter; 05-01-2012 at 03:57 PM.
i don't get this in my processes
i watched my processes from the start of injection to the finish, no exe by this name
commando: You're probably the best non-coder coder I know LOL
oh okay... anyway i cant stop the winlogon one...
thats why i was wondering
Your not supposed to lolOriginally Posted by gotter:5988752
And there's no virus in the address logger ++
commando: You're probably the best non-coder coder I know LOL
he said in his first post the the process was "winlogonn.exe" with 2 n's so its obvious it is a fake process trying to look like the real winlogon.exe