i found this page with cheats

link removed by moderator
the only thing is after i downloaded them, i noticed they were all the file size, and all were .exe files
i scanned them and they came up clean, but is there anyone that can tell me if these are cd key stealers?

do they work?

i found this page with cheats

http://www.redrival.com/b3stch3ats/projetx/id9.html
the only thing is after i downloaded them, i noticed they were all the file size, and all were .exe files
i scanned them and they came up clean, but is there anyone that can tell me if these are cd key stealers?

Don't use them,

I wouldn't even take a chance with that lol.

lol BAn ...

266 , ko for all file ??? hmmm nice back door 0o

ravenshield jetpack?! hahah wtf?

lol i wonder how many people have lost their cd keys to that bs

THATS BS look at size off them all, 266 ==> cd key stealer

the cdkey stealer your sending through msn!

damn shame didn't even have to disasm. Just got this much through string looking =]

I'll break it down in parts


fƒ ? žƒ $? Þƒ 4? *„ H? ’„ `? °„ h? ~? –? ®? Æ? â? ð? ‚ ‚ ‚ 0‚ B‚ X‚ h‚ z‚ ˆ‚ œ‚ ª‚ ¶‚ Ò‚ ä‚ ô‚ ƒ ƒ ƒ .ƒ <ƒ Jƒ Xƒ rƒ „ƒ ’ƒ ¬ƒ Àƒ Ѓ ìƒ úƒ „ „ 8„ P„ f„ t„ €„ ž„ ¼„ kernel32.dll DeleteCriticalSection LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetCurrentThreadId GetStartupInfoA GetModuleFileNameA GetLastError GetCommandLineA FreeLibrary CreateDirectoryA ExitProcess WriteFile UnhandledExceptionFilter SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle user32.dll GetKeyboardType MessageBoxA CharNextA advapi32.dll RegQueryValueExA RegOpenKeyExA RegCloseKey kernel32.dll TlsSetValue TlsGetValue LocalAlloc GetModuleHandleA kernel32.dll GetWindowsDirectoryA GetSystemDirectoryA DeleteFileA CopyFileA CompareStringA user32.dll CharUpperBuffA shell32.dll ShellExecuteA ?@ ?@ øf@  @  (
0





lol DUR if you don't know what this is then your an ***** =] (for any *****s It's the hooked functions that the program is calling)


   Œ3@ X5@    D+@ ÿÿÿÿ”9@ `5@
¬4@ ÿÿ ƒ€
¼@ ÿÿÿÿÌ;@ $À@ h5@  ÿÿ
€
¼!@ ÿÿÿÿD@ p5@  Ø4@ ÿÿ € p@ ÿÿÿÿH@@ pÀ@ |5@  ÿÿ
€
`%@ ÿÿÿÿÔ=@ „5@  45@ ÿÿ ƒ€
@ ÿÿÿÿH@@ ”À@ Œ5@  ÿÿ
€
` z B k u I n p X9@ d9@ ) L [ l t9@ |9@ ˆ9@ L s m c Y k f ( ' = 6 _ _ 0 7 * 6 T ( m o n i 9 d m f ( ' b & ! ! = } h ÀC@ ÔC@ èC@ j I { j f ( = 1 & L [ - 8 1 ¸=@ X9@ È=@ taskmon Form1 Module1 clsRegistry Module2 Form2 Module3 h S o f t w a r e \ M i c r o s o f t \ A c t i v e S e t u p \ I n s t a l l e d C o m p o n e n t s L { Z 3 5 2 B 9 S N - Y R B V - I 0 T C - U 6 K M - K 2 A C 5 0 E 4 Q 9 0 4 } L { W 2 7 8 N 0 A 4 - M O P L - H 7 F K - X 9 G D - S 5 G H 1 6 J B D 6 3 7 } y2SB?lS¾êr,Ý})iä}fGŽ¦KO”;ÂR"{paýMªãÄõn²p´D<×(Lj™M¶XAeý D·úN*3™fÏ· ª `Ó“chkModified .=ûüú h§8 +3qµC:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB VB 7@  7@ P7@ ôÄ@ p chkCreated O*3™fÏ· ª `Ó“List1 âN*3™fÏ· ª `Ó“Text1 *O*3™fÏ· ª `Ó“Timer1 Text5 Text6 Text2 Text4 Text3 :O*3™fÏ· ª `Ó“Form chkAccessed  user32
GetWindow __vbaExitProc 8@ ,8@  øÄ@ ¡ Å@
ÀtÿàhH8@ ¸ @ ÿÐÿà
GetParent 8@ €8@  Å@ ¡Å@
ÀtÿàhŒ8@ ¸ @ ÿÐÿà  GetWindowTextLengthA 8@ Ä8@  Å@ ¡Å@
ÀtÿàhÜ8@ ¸ @ ÿÐÿà  GetWindowTextA 8@ 9@  Å@ ¡$Å@
Àtÿàh$9@ ¸ @ ÿÐÿà CheckTrue LoadTaskList Stay ChangeTD ChangeTD2  p
4  O*3™fÏ· ª `Ó“áN*3™fÏ· ª `Ó“ kernel32  GetCurrentProcessId  S c a t o r È9@ Ø9@  (Å@ ¡0Å@
Àtÿàh :@ ¸ @ ÿÐÿà  GetCurrentProcess È9@ 8:@  4Å@ ¡<Å@
ÀtÿàhL:@ ¸ @ ÿÐÿà  RegisterServiceProcess È9@ „:@  @Å@ ¡HÅ@
Àtÿàhœ:@ ¸ @ ÿÐÿà  shell32.dll  ShellExecuteA Ô:@ ä:@  LÅ@ ¡TÅ@
Àtÿàhô:@ ¸ @ ÿÐÿà  FindWindowA 8@ ,;@  XÅ@ ¡`Å@
Àtÿàh8;@ ¸ @ ÿÐÿà
PostMessageA 8@ p;@  dÅ@ ¡lÅ@
Àtÿàh€;@ ¸ @ ÿÐÿà  E 4 4 6 l f h j , 0  






(

ƒ  t a s k m o n .rõVA®‰N¥Á–™ ²Ùèè±E‘¹mC²ä]kHrÁ5ª´@‹N¹?Gëx[M“,Q§ßº:K³ï‘%ÌüJ    $ $ 
advapi32.dll  OpenSCManagerA p<@ „<@  pÅ@ ¡xÅ@
Àtÿàh”<@ ¸ @ ÿÐÿà  EnumServicesStatusA p<@ Ì<@  |Å@ ¡„Å@
Àtÿàhà<@ ¸ @ ÿÐÿà  CloseServiceHandle p<@ =@  ˆÅ@ ¡?Å@
Àtÿàh,=@ ¸ @ ÿÐÿà
kernel32.dll lstrcpyA d=@ x=@  ”Å@ ¡œÅ@
Àtÿàh„=@ ¸ @ ÿÐÿà StripTerminator StopService  \ #=ûüú h§8 +3qµ"=ûüú h§8 +3qµ à=@ ð=@ yO*3™fÏ· ª `Ó“ )O*3™fÏ· ª `Ó“ . e x e , C : \ w i n d o w s \ s d g h 3 5 5 . e x e 0 C : \ w i n d o w s \ a v u p d 7 8 9 0 . e x e  C : \ t e s t . e x e  RegOpenKeyExA p<@ Ô>@  Å@ ¡¨Å@
Àtÿàhä>@ ¸ @ ÿÐÿà  RegCloseKey  A V p r o t p<@ ?@  ¬Å@ ¡´Å@
Àtÿàh<?@ ¸ @ ÿÐÿà  RegCreateKeyExA p<@ t?@  ¸Å@ ¡ÀÅ@
Àtÿàh„?@ ¸ @ ÿÐÿà  RegDeleteKeyA p<@ ¼?@  ÄÅ@ ¡ÌÅ@
ÀtÿàhÌ?@ ¸ @ ÿÐÿà  RegSetValueExA p<@ @@  ÐÅ@ ¡ØÅ@
Àtÿàh@@ ¸ @ ÿÐÿà   +=ûüú h§8 +3qµW4—[múE¹É¨öc‘9H*=ûüú h§8 +3qµmëK?Ÿ‰C?¹ˆÅ¡wÞ!=ûüú h§8 +3qµClass !JTê-ÈÑ£ä É
ê‚C:\WINDOWS\System32\msvbvm60.dll\3 VBRUN ¬@@  ¼@@ à@@ ÜÅ@ p        RtlMoveMemory È9@ ,A@  àÅ@ ¡èÅ@
Àtÿàh<A@ ¸ @ ÿÐÿà  ExpandEnvironmentStringsA È9@ tA@  ìÅ@ ¡ôÅ@
Àtÿàh?A@ ¸ @ ÿÐÿà  RegQueryValueExA p<@ ÈA@  øÅ@ ¡ Æ@
ÀtÿàhÜA@ ¸ @ ÿÐÿà advapi32 B@ @@  Æ@ ¡Æ@
Àtÿàh B@ ¸ @ ÿÐÿà B@ t?@  Æ@ ¡Æ@
ÀtÿàhTB@ ¸ @ ÿÐÿà  RegEnumKeyExA
S h e l l p<@ ŒB@  Æ@ ¡$Æ@
Àtÿàh°B@ ¸ @ ÿÐÿà  RegEnumValueA p<@ èB@  (Æ@ ¡0Æ@
ÀtÿàhøB@ ¸ @ ÿÐÿà  RegDeleteValueA p<@ 0C@  4Æ@ ¡<Æ@
Àtÿàh@C@ ¸ @ ÿÐÿà  RegQueryInfoKeyA p<@ xC@  @Æ@ ¡HÆ@
ÀtÿàhŒC@ ¸ @ ÿÐÿà SetRegistryValue GetRegistryValue DeleteRegistryValueOrKey  @ j S O F T W A R E \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ W i n l o g o n F E x p l o r e r . e x e C : \ w i n d o w s \ s d g h 3 5 5 . e x e Z S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n  E s x i b i t b S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n O n c e  M S O f f i c e b a r r S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n S e r v i c e s O n c e  I E x p l o r e r 0 0 7 r S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ P o l i c i e s \ S y s t e m ( D i s a b l e R e g i s t r y T o o l s  1  Š Š     SetFileTime È9@ (G@  LÆ@ ¡TÆ@
Àtÿàh4G@ ¸ @ ÿÐÿà  GetFileTime È9@ lG@  XÆ@ ¡`Æ@
ÀtÿàhxG@ ¸ @ ÿÐÿà  FileTimeToLocalFileTime È9@ °G@  dÆ@ ¡lÆ@
ÀtÿàhÈG@ ¸ @ ÿÐÿà  FileTimeToSystemTime VBA6.DLL È9@ H@  pÆ@ ¡xÆ@
Àtÿàh(H@ ¸ @ ÿÐÿà  SystemTimeToFileTime È9@ `H@  |Æ@ ¡„Æ@
ÀtÿàhxH@ ¸ @ ÿÐÿà  LocalFileTimeToFileTime È9@ °H@  ˆÆ@ ¡?Æ@
ÀtÿàhÈH@ ¸ @ ÿÐÿà OpenFile È9@ I@  ”Æ@ ¡œÆ@
ÀtÿàhI@ ¸ @ ÿÐÿà  CloseHandle È9@ DI@  Æ@ ¡¨Æ@
ÀtÿàhPI@ ¸ @ ÿÐÿà ùN*3™fÏ· ª `Ó“ 2 0 0 3  8  2 1  1 4  3 8  2 5 __vbaI2Str __vbaI4Str __vbaStrCopy __vbaStrCat __vbaEnd à=@ ¬Æ@ __vbaObjSetAddref __vbaStrCmp __vbaLenBstr __vbaFreeStr __vbaStrToUnicode µ²NŒÄÂD?I;¡œµÈiñýÑ Û(M«Ü»j¿Ï__vbaStrMove __vbaNew2 __vbaErrorOverflow __vbaFreeVar __vbaFreeStrList __vbaSetSystemError __vbaVarTstGt ‰Ä ?äÃA‚²jÚ°»¿__vbaStrToAnsi __vbaFreeVarList __vbaFreeObjList __vbaI2I4 __vbaInStrVar __vbaFreeObj __vbaHresultCheckObj __vbaObjSet __vbaOnError __vbaVarMove __vbaRedimPreserve __vbaVarCopy __vbaRedim __vbaAryDestruct __vbaAryUnlock __vbaGenerateBoundsError __vbaAryLock __vbaLbound __vbaUbound __vbaVar2Vec __vbaAryMove " C : \ w i n d o w s \ s y s t e m __vbaStrVarCopy __vbaI4Var __vbaVarDup  \  S t u b P a t h Z S o f t W a r e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n  I E x p l o r e r _ C8N¾çI†È²
ÈÃü›öóOõ[O©Ú·²\”É_ñ9F?-ÙƒF¡Nd?q4H ¸fĤŸI»x ª 8<»0 A l l r e g i s t e r e d s e r v i c e s : 


hooked functions and what they're stealing =]
Also few other things (since this is a trojan as well as reg stealer)
There is more, Like the moron even left in his build location on his desktop that says "Edit Server/Project1.dsp" lol. He didn't obfuscate shit or compress anything. Pretty generic and pretty useless.

looks like a rBot tweak and a poor one at that.

Here is the log if anyone wants it.

also every single file on that website is the same.

why did u name it speedhack? some noob is just gonna see that and think he stumbled across something good =) guess i answered my own question

why did u name it speedhack? some noob is just gonna see that and think he stumbled across something good =) guess i answered my own question


uhh because if you look at the trojan's exe you would notice that it was named the same as the txt file with the strings in it.

Someone trying to pass off a trojan as cheats on the site posted above that a mod or admin removed the link to.

I'm not downloading that...lol