13.2 ModSelector (Hexed)

[maat7043]

If it's just Dr. Web being dumb, why didn't droppy say "it's just Dr. Web being dumb?"

He said that every file was tested individually and no viruses were found. Well, guess what - that was a lie, and that in itself is extremely fishy. Why would he lie if there was nothing to hide?

You think anyone appreciates being lied to? Think again.

Every file was scanned for viruses at 13.0 by ME. The only changes since then have been to the .swf which has been hexed.
I can assure you there is no lies here.
Good try though...

---------- Post added at 10:57 AM ---------- Previous post was at 10:49 AM ----------

If it's just Dr. Web being dumb, why didn't droppy say "it's just Dr. Web being dumb?"

He said that every file was tested individually and no viruses were found. Well, guess what - that was a lie, and that in itself is extremely fishy. Why would he lie if there was nothing to hide?

You think anyone appreciates being lied to? Think again.

Every file was scanned for viruses at 13.0 by ME. The only changes since then have been to the .swf which has been hexed.
I can assure you there is no lies here.
Good try though...

Read this link:
Packed files detected as trojans - false positives?

[Milky Way]

Every file was scanned for viruses at 13.0 by ME. The only changes since then have been to the .swf which has been hexed.
I can assure you there is no lies here.
Good try though...

Then what is that?

abcexport.exe - Jotti's malware scan

It's one of the files from the .zip file from the OP. One of the scanners indicates a virus.

If you had really scanned the files, you would've got the same results.

Hence, if anyone says (and the OP said that) that he scanned each file individually, and got no detections, the guy is lying. It's that simple. Otherwise, I'd be able to do the same thing (scan each file individually) and get no detections for any of them.

Therefore, what the OP said, which is

PS: Dr. Web is only detecting a Trojan.Packed.196 because it is a .zip file.

is nothing but a lie. He's obviously trying to trick people into installing a trojan, and you're apparently here to help him.

Even if the detection is a false positive, which I doubt, the undeniable fact remains that the OP lied to us, and I find it very suspicious.

[maat7043]

He didnt lie... Check your undeniable logic again
quote from him:

I'm not sure, but every file was tested individually and no virus was detected. Just appreciate that you have a client

See the bolded word there. He never said HE checked every single file because he did not. Me and a nice guy named Netbiatch went through the files to see what the deal was. I also sent a report to Dr.WEB and had them check to see what is throwing the false positive.

Also if you think for two secs how would I even manage to attach a virus to a preexisting .exe that is not open source and manage have it still work for every single person... I would have to first decompile the exe probably very hard. add in a quick Trojan virus or whatever then recompile it as a binary again and make sure it is still working... If there was a virus it would be attached to the client where you type in your username or password, or as a hidden folder that I zipped up. Your reasoning makes no sense at all.

I am very curious about what is throwing the false positive as well and I will let you know what Dr.WEB says back to me about it.
In the future things could go like "Hey do you know why there is a detection on Dr.WEB? That seems weird, someone should check this out"

[liquidgalaxy]

Then what is that?

abcexport.exe - Jotti's malware scan

It's one of the files from the .zip file from the OP. One of the scanners indicates a virus.

If you had really scanned the files, you would've got the same results.

Hence, if anyone says (and the OP said that) that he scanned each file individually, and got no detections, the guy is lying. It's that simple. Otherwise, I'd be able to do the same thing (scan each file individually) and get no detections for any of them.

Therefore, what the OP said, which is



is nothing but a lie. He's obviously trying to trick people into installing a trojan, and you're apparently here to help him.

Even if the detection is a false positive, which I doubt, the undeniable fact remains that the OP lied to us, and I find it very suspicious.

Please troll elsewhere.

[Milky Way]

See the bolded word there. He never said HE checked [the files] (...)

It doesn't matter who did the checking, what matters is that the results were misrepresented. He could've said something like "well, Dr. Web is indicating there's a trojan where there isn't one, so disregard it" but instead he said that there were no detections for any of the files scanned individually which is BS because there must've been a detection for one of the files which I've shown already.

Add to that the fact he said that the false positive was due to the file from the OP being an archive (lol!) and you have to admit it doesn't look very good. Whether there is a trojan here or not, the OP certainly made every effort possible (if involuntarily) to make it look like there is one indeed...

Please troll elsewhere.

Please be daft elsewhere.

[Tomeno]

Retards like this hurt. Seriously, you don't even know what abcexport.exe does? All it does is unpack .swf files into .abc files which can be exported by RABCDAsm and then edited, which allows hacked clients to exist... If it did not, you would have to use terrible proxies like oryxdomination which were discontinued ages ago... The process of hacking with them was terribly overcomplicated, because it had to catch all packets which referred to walls and replace them with pass-throughable object packets... Be happy you have this.

[maat7043]

Please troll elsewhere.

People ask me all the time "how come you never release stuff anymore?"

^^^^This guy

[Milky Way]

All it does is (...)

Yeah, that's all it normally does... until someone modifies it in order to do a number of other things such as, I don't know, adding a little keylogger to my client perhaps?

Trusting a file just because its name is familiar doesn't sound like a very smart thing to do in 2013. Call me paranoid if you want.

[Tomeno]

Ok, tell me how you want to modify a packed file.
kkthxbai

[maat7043]

It doesn't matter who did the checking, what matters is that the results were misrepresented. He could've said something like "well, Dr. Web is indicating there's a trojan where there isn't one, so disregard it" but instead he said that there were no detections for any of the files scanned individually which is BS because there must've been a detection for one of the files which I've shown already.

Add to that the fact he said that the false positive was due to the file from the OP being an archive (lol!) and you have to admit it doesn't look very good. Whether there is a trojan here or not, the OP certainly made every effort possible (if involuntarily) to make it look like there is one indeed...


Please be daft elsewhere.

He isnt trying to hide anything.
he posted two virus scans both showing that Dr.WEB found a trojan.

---------- Post added at 12:30 PM ---------- Previous post was at 12:28 PM ----------

Yeah, that's all it normally does... until someone modifies it in order to do a number of other things such as, I don't know, adding a little keylogger to my client perhaps?

Trusting a file just because its name is familiar doesn't sound like a very smart thing to do in 2013. Call me paranoid if you want.

You are an idiot. If you are paranoid. Saw that there was two detections.

Why on earth did you download the file and decompress it??
Makes no sense at all lol

[Milky Way]

He isnt trying to hide anything.
he posted two virus scans both showing that Dr.WEB found a trojan.

You are an idiot. If you are paranoid. Saw that there was two detections.

Why on earth did you download the file and decompress it??
Makes no sense at all lol

Yes, he posted the scans and then said that the detection was due to the fact that the file had a .zip extension. A very interesting explanation, you have to admit.

And since you've asked: I obviously downloaded the file to my sandbox PC (that's what I do with any even remotely suspicious file), because I was curious to see what was going on. Turns out there isn't a whole lot to see here, but you never know until you see for yourself.

[maat7043]

Yes, he posted the scans and then said that the detection was due to the fact that the file had a .zip extension. A very interesting explanation, you have to admit.

And since you've asked: I obviously downloaded the file to my sandbox PC (that's what I do with any even remotely suspicious file), because I was curious to see what was going on. Turns out there isn't a whole lot to see here, but you never know until you see for yourself.

So rather that being like this, highly unproductive. You could have:
Hey guys I ran this on my sandbox PC to check to see whats up with this detection. It turns out there is not a whole lot to see here.
Thanks for spending 20+ hrs on this release OP

[Milky Way]

Thanks for spending 20+ hrs on this matt

Look, I appreciate your work, OK? I probably wouldn't even bother doing the virus scans if it wasn't for the OP and his sketchy explanations. Why couldn't he just admit there's a false positive instead of trying to conceal it (by saying that scanned individually, none of the files showed anything suspicious) and/or blame it on something completely unrelated (such as the file being a .zip)?

[IDontCareX]

i wonder why it keeps saying rotmg is off i did switch on connect to production server and bunch of others then build the .cmd told me Finished!

[maat7043]

Scroll up and you will see that it did not find the fresh client and applied no changes.
The new client is still the old one. You did something wrong