[Virus Alert] In Address Logger++

The member Polymorphism published a dll that promises to update the addresses of hacks for combat arms.

URL: http://www.mpgh.net/forum/207-combat...ss-logger.html

While many have the grateful and used the logger.
Received a virus as a gift.

Today I thought I'd use this logger out of curiosity and found the following information:

In the logger he added a function to download a file that contains virus.

This is the analysis of the file that is downloaded by the logger:

winlogonn.exe - Jotti's malware scan

https://www.virustotal.com/file/d9ca...is/1335836694/

The address used to download this file infected is a known member of the forum by the name of Faith, I can not say it was the same as posted intentionally because your forum seems to have been hacked.

I will investigate it.

Originally Posted by SNIPdetta

I can not say it was the same as posted intentionally because your forum seems to have been hacked.

What do you mean by that...

Originally Posted by Dave84311

I will investigate it.

What do you mean by that...

Thanks, is because Faith stopped posting hacks for CA a long time ago and the forum of Faith is being redirected to another location.

I didn't get that after running the logger...

Well if the logger is auto updating and using the common "URLDownloadToFile" or similar API of-cause its going to be detected as a Trojan as this is what most basic noob trojans use and abuse.. also he must a be real noob is downloading a file called "Winlogonn.exe" and has a detection ratio of over 60%. surly no one is stupid enough to think that he would actually infect anyone with a detection rate of over 60%

I did neither got this file :O?
Where should this file be located to?

Your antivirus should automatically delete it.

---------- Post added at 10:30 PM ---------- Previous post was at 10:29 PM ----------

/stuck for the time being.

Originally Posted by steven1578

I did neither got this file :O?
Where should this file be located to?

If you can't find the Location then open "Windows Task Bar", Then click Processes. After that Scroll Down until you see the Name. if you don't see it you should be fine

When it is injected,is open window ms dos

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

i don't get this in my processes

i watched my processes from the start of injection to the finish, no exe by this name

Originally Posted by gotter

is the process winlogon.exe or winlogonn.exe ?
cause i have winlogon.exe but not with 2 "n"

Lol, winlogon.exe is a process run by windows. If you end that process you'll screw up you comp until you restart.

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

Originally Posted by gotter:5988752

oh okay... anyway i cant stop the winlogon one...
thats why i was wondering

Your not supposed to lol

And there's no virus in the address logger ++

he said in his first post the the process was "winlogonn.exe" with 2 n's so its obvious it is a fake process trying to look like the real winlogon.exe

[Virus Alert] In Address Logger++

Post a Reply

Similar Threads

Tags for this Thread