Combat Arms Full Bright (Works on NA/EU)

[SupraAli]

[IMG]https://img.photobucke*****m/albums/v209/pureownage/fullbrightreadme.png[/IMG]

Screenshot:

[IMG]https://img.photobucke*****m/albums/v209/pureownage/Combat-Arms_04.jpg[/IMG]

Download:

~ Attached

p.s. FB.dll is Themida'd. If you get false positives with an AV scan, that is why.

Virus Scans
https://www.virustotal.com/analisis/4...f4f-1257032556
https://virscan.org/report/9f1bf6d389...a456dc06b.html
https://virusscan.jotti.org/en/scanre...112a1b89afdda7

[Dominic95]

Sean.. what are u doing here? xD

Guys, SupraAli is Sean.

[SupraAli]

Sean.. what are u doing here? xD

Guys, SupraAli is Sean.

trying to get some publicity for my site.

all I seem to get is randoms saying I post viruses.

[Dominic95]

trying to get some publicity for my site.

all I seem to get is randoms saying I post viruses.

oic... well goodluck

[Chingon69]

Ikarus T3.1.1.72.0 2009.10.31 Backdoor.Win32.IRCBot

[soosick]

Backdoor.Win32.IRCBot (also known as W32/Poebot-JT, W32/Backdoor.NYG, Win32/IRCBot.TS, and W32/Gaobot.worm.gen.e[1]) is a backdoor computer worm that is spread through MSN Messenger and Windows Live Messenger by downloading photo album.zip from someone.[2] Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.[3]
ARE you Fucking retarded?

[SupraAli]

Backdoor.Win32.IRCBot (also known as W32/Poebot-JT, W32/Backdoor.NYG, Win32/IRCBot.TS, and W32/Gaobot.worm.gen.e[1]) is a backdoor computer worm that is spread through MSN Messenger and Windows Live Messenger by downloading photo album.zip from someone.[2] Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.[3]
ARE you Fucking retarded?

Shut the fuck up ******.

You can run your virus scans all you want, they are meaningless.

[electrocurse]

approve plz mods

[zlavik]

Ok guy's I just came on recently and noticed people talking about the hack Se4n hacks released, Well I looked at the Virus scan and noticed 2 thing's that caught my eye immediatly, For those who are german, Spike from ******(VIP Support) said to look at this.
HijackThis - bebilderte Anleitung

1)Backdoor.Win32.IRCBot:is a backdoor computer worm , Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.[3]

2)This worm drops copies of itself.
It creates a registry entry to enable its automatic execution at every system startup.
It disables the DCOM protocol and restricts anonymous access to the affected system.
It propagates via network shares by dropping copies of itself in a certain network shared folder.
It steals information by presenting a fake login page. It does its information theft routine by monitoring the Internet Explorer title bar.



There the same thing but under different aliases,here are some thing's I suggest using to try and remove it.

1)Scan with your current Anti-Virus do a Full System Scan, Note the path and file name of all files detected as WORM_SDBOT.GAV.
2)This procedure terminates the running malware process.

* You will need the name(s) of the file(s) detected earlier.

* In the list of running programs*, locate the malware file(s) detected earlier.

* Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.

* Do the same for all detected malware files in the list of running processes.

* To check if the malware process has been terminated, close Task Manager, and then open it again.

* Close Task Manager.



Removing Autostart Entries from the Registry
This solution deletes the registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.

* Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:

* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run

* In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.

* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services

* Still in the left panel, locate and delete the following key:

Removendo Tudo...

Restoring EnableDCOM and RestrictAnonymous Registry Entries
This malware modifies EnableDCOM and RestrictAnonymous registry entries to a certain value. To restore these entries to their original values, perform the steps below:
To restore this entry to its default value, please perform the following instructions:

* Still in the Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Ole

* In the right panel, locate the entry:
EnableDCOM = "N"

* Right-click on the value name and choose Modify. Change the value data of this entry to:
Y

* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSet>
Control>Lsa

* In the right panel, locate the entry:
Restrictanonymous = "1"

* Right-click on the value name and choose Modify. Change the value data of this entry according to your preference. Note that this entry does not exist in the registry by default. Refer to the following Microsoft articles as guides in editing the RestrictAnonymous registry:

* RestrictAnonymous Registry

* Restricting information available to anonymous logon users

* Close Registry Editor.


Deleting the Malware File(s)

* Right-click Start then click Search... or Find..., depending on the version of Windows you are running.

* In the Named input box, type:
%System%\MEGATROM.ini
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

* In the Look In drop-down list, select My Computer, then press Enter.

* Once located, select the file then press SHIFT+DELETE.

* Repeat steps 2 to 4 to delete the following file:

* %Windows%\ponto.dll

* %System%\PLUG.SYS

* %Windows%\Gbuster


(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

Important Windows Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).

Scan computer again with you'r current Anti-Virus and use malwarebytes

You can get malwarebytes here:Malwarebytes.org

[ROUGHS3X]

I just looked for all of that and none of it exists on my system. Either you guys have some infected version or you got it somewhere else and those are false pos. IDK. I'll post the ss of my MBam results.

[SupraAli]

They are just copy pasting some random mod's post on another website. A mod that basically looked at 1 virus scan and saw some random AV named "Ikarus" said the file was infected with an IRCBot. So the dumbass takes that as fact and googles what it means. Then he simply copy pasted a definition.

[ROUGHS3X]

They are just copy pasting some random mod's post on another website. A mod that basically looked at 1 virus scan and saw some random AV named "Ikarus" said the file was infected with an IRCBot. So the dumbass takes that as fact and googles what it means. Then he simply copy pasted a definition.

I seen the post on the site you refer to. More or less my response was the same there. Grant it things take time but the registry addresses would be written already and I couldn't find them. And MBam is pretty consistent.

[electrocurse]

Ok guy's I just came on recently and noticed people talking about the hack Se4n hacks released, Well I looked at the Virus scan and noticed 2 thing's that caught my eye immediatly, For those who are german, Spike from ******(VIP Support) said to look at this.
HijackThis - bebilderte Anleitung

1)Backdoor.Win32.IRCBot:is a backdoor computer worm , Once installed on a PC, the worm copies itself into a Windows system folder, creates a new file displayed as "Windows Genuine Advantage Validation Notification" and becomes part of the computer's automatic startup.[2] It provides a backdoor server and allows a remote intruder to gain access and control over the computer via an Internet Relay Chat channel.[1] This allows for confidential information to be transmitted to a hacker.[3]

2)This worm drops copies of itself.
It creates a registry entry to enable its automatic execution at every system startup.
It disables the DCOM protocol and restricts anonymous access to the affected system.
It propagates via network shares by dropping copies of itself in a certain network shared folder.
It steals information by presenting a fake login page. It does its information theft routine by monitoring the Internet Explorer title bar.



There the same thing but under different aliases,here are some thing's I suggest using to try and remove it.

1)Scan with your current Anti-Virus do a Full System Scan, Note the path and file name of all files detected as WORM_SDBOT.GAV.
2)This procedure terminates the running malware process.

* You will need the name(s) of the file(s) detected earlier.

* In the list of running programs*, locate the malware file(s) detected earlier.

* Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your computer.

* Do the same for all detected malware files in the list of running processes.

* To check if the malware process has been terminated, close Task Manager, and then open it again.

* Close Task Manager.



Removing Autostart Entries from the Registry
This solution deletes the registry entry added by this malware. Before performing the steps below, make sure you know how to back up the registry and how to restore it if a problem occurs. Refer to this Microsoft article for more information about modifying your computer's registry.

* Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:

* HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run

* In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file(s) detected earlier.

* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>
Services

* Still in the left panel, locate and delete the following key:

Removendo Tudo...

Restoring EnableDCOM and RestrictAnonymous Registry Entries
This malware modifies EnableDCOM and RestrictAnonymous registry entries to a certain value. To restore these entries to their original values, perform the steps below:
To restore this entry to its default value, please perform the following instructions:

* Still in the Registry Editor, in the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Ole

* In the right panel, locate the entry:
EnableDCOM = "N"

* Right-click on the value name and choose Modify. Change the value data of this entry to:
Y

* In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>System>CurrentControlSet>
Control>Lsa

* In the right panel, locate the entry:
Restrictanonymous = "1"

* Right-click on the value name and choose Modify. Change the value data of this entry according to your preference. Note that this entry does not exist in the registry by default. Refer to the following Microsoft articles as guides in editing the RestrictAnonymous registry:

* RestrictAnonymous Registry

* Restricting information available to anonymous logon users

* Close Registry Editor.


Deleting the Malware File(s)

* Right-click Start then click Search... or Find..., depending on the version of Windows you are running.

* In the Named input box, type:
%System%\MEGATROM.ini
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

* In the Look In drop-down list, select My Computer, then press Enter.

* Once located, select the file then press SHIFT+DELETE.

* Repeat steps 2 to 4 to delete the following file:

* %Windows%\ponto.dll

* %System%\PLUG.SYS

* %Windows%\Gbuster


(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

Important Windows Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected computers.
Users running other Windows versions can proceed with the succeeding solution set(s).

Scan computer again with you'r current Anti-Virus and use malwarebytes

You can get malwarebytes here:Malwarebytes.org

you just foking confused me

[ROUGHS3X]

I just noticed I needed to update my MBAM so for any non believers I'll post that result as well after a full scan.

[intact]

Sean's hacks are completely virus-free and always 100% working. He would never do something to hurt someone's PC. I would know, I'm a buyer of his hacks and have been for about 1-2 years. lol.

[ROUGHS3X]

Sean's hacks are completely virus-free and always 100% working. He would never do something to hurt someone's PC. I would know, I'm a buyer of his hacks and have been for about 1-2 years. lol.

So far I'm :30 into my scan and 110,000 objects and 0 infected. Nothing.