after much observation here are things i learned . . .


it randomly adds itself on startup, i don't know what determines this behavior but

it seems like a random function . . .


after it installs itself on startup it then erases the startup entry, a good ploy

to hide its presence in the registry . . . but not before it has run . . .

meaning it installs then run its payload then deletes its values in the said Key

Local Machine>Software>Microsoft>Windows>Current Version>Run


that is the reason why most of you don't see it anymore but trust me, this is the

key it install itself to . . .



this is the behavior i have seen so far . . . as i've posted before, my drives are

frozen therefore immune to startup changes . . .




I'll keep you guys posted as soon as i see sumthin else . . .

i am keeping the version of Hitbreaker as a specimen . . .

any request for it will not be entertained, this will be kept for observation

purposes only . . .











Peace!

nice job bro.... im just a 1st year stud of IT and does not know much of that things... i learned from my mistakes... i got hack! but im just learning on your teachings..... keep it up bro!!!

man i cant find the system32 folder all i can find is the system folder and i cant find the rundl32.exe.. the good thing is i deleted all filenames having a rundl32 using search program and find in the regedit.. am i safe now? or it is still running? thanx man!

here how to remove it...

run windows in safemode..

then go to windows\system32

find rundl32...

delete that file..

man i cant find the system32 folder all i can find is the system folder and i cant find the rundl32.exe.. the good thing is i deleted all filenames having a rundl32 using search program and find in the regedit.. am i safe now? or it is still running? thanx man!



u must type at the link

thnx man.. deleted it...

my only observation when i run hitbreaker that i dl from ruben is that it sets my time to 12:00am then suddenly is restarts. i'll try to observe it more this morning and post my observations

i can't delete 2 files of rundl32

how to run windows in safe mode?? i forgot all about that stuff.. :wacko:

me too LOL :))
how to do it dude

me too LOL :))
how to do it dude


when u start the computer press f5 or f6 or f7 or f8 or f9.. hehe not sure..

press f8

my clock changes to 12:00
the program that i downloaded is in winrar form. is it the same format with u guys?
and it did not ask me it i would put it in the startup.

what file should i be looking for? rundl.exe or rundll.exe?

it really won't ask if you don't have anything that filters entry to your registry . . .

that is Windows™ by default,

but if you have SpySweeper or SpyBots S&D you would see that Rundl32.exe is trying to

add itself to your startup





rundl32.exe is the file you should look for only if you've run the hitbreaker which was posted here before . . .














Peace!

ei drey, just wana clarify things... so this ardamax is a real keylogger? and this KL will only be activated if the Hitbreaker will be open? so im only in danger by that time? hehe.... sori for the noob question... its just that im kinda a confuse... :)

ei drey, just wana clarify things... so this ardamax is a real keylogger? and this KL will only be activated if the Hitbreaker will be open? so im only in danger by that time? hehe.... sori for the noob question... its just that im kinda a confuse... :)


no.. once you run the program that has ardamax KL it automaticaly installs it in your PC..

ur right guys, hitbreaker is a keylogger, i've run it yesterday and now my keylogger killer detected it on startup. Ad-Aware, Spybot & AVG cannot detect it, as stated in this thread, the only way to kill this thing is in windows safe mode under C:\WINDOWS\SYSTEM - these are the files i deleted:

rundl32
rundl32.001
rundl32.002
rundl32.006
rundl32.007

and in the system registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

RUNDL32

hope these helps, thanks.....

I don't have the link but I want to observe that too. If someone kindly please send it to me at my mail: chykun@gmail.com. Anyway, if it works and has a virus at the sametime, you can do this to prevent being hacked.

1) Don't enter your username and password manually. Get a notepad, write there your username and password and save it to your harddisk. When you want to play RO, copy-paste both of that things to RO Login.

Why? Ardamax retrieves the program info and your typed text and email it to an email account every n seconds.

E.g.

Program: Ragnarok Online
Text: user11111 pass232323 /nc may elu ka pa?

Analysing the example, Ardamax successfully retrieves the Title of the program you are using and everything you typed afterwards in that program. In example, Ardamax retrieved your username, password, and chat messages.

2a) Familiarized your Windows Processess. Press Ctrl+Alt+Del to show End Task Programs. (For WinXP, Ctrl+Alt+Del->Processes Tab). After you've familiarized that, always check if there will be new process. Chances are, if you have run malicious programs, a new process will be added there. End it to stop it.

Note: Some programs has an ability to hide itself in End Task (in Win 98). If your using WinXP, you can see everything.

Use it also to remove spywares manually. 95% of internet users doesn't know they have *ALOT* spywares in their PCs. You don't want to be one of them, don't you?

2b) Removing malicious programs that starts everytime you start windows. Not on your Startup folder but on your Registry. If your using Windows XP, run Regedit, then go to:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\Curr entVersion\RUN

You should have familiarized everything and follow STEP 2a by checking everytime if a malicious program has been added. Windows 98 users can do that too, although the Registry Directory might be somehow different that I've stated from above.

[WinXP Users only] Note: Hard to follow, eh? Then there's an easy alternative way to access that startup items w/o going to your registry. On Run, type MSCONFIG.EXE. At System Configuration Utiiity, go to Startup. There you can disable/enable startup programs there. Use it to disable unnecessary startup programs that you don't use to speed up your computer and free more computer memory.

3) Update your Antivirus There's nothing to lose by updating your Antivirus everyday.

4) Enjoy the game. I'll add more if i've come up w/ more ideas.

I don't have the link but I want to observe that too. If someone kindly please send it to me at my mail: chykun@gmail.com. Anyway, if it works and has a virus at the sametime, you can do this to prevent being hacked.

1) Don't enter your username and password manually. Get a notepad, write there your username and password and save it to your harddisk. When you want to play RO, copy-paste both of that things to RO Login.

Why? Ardamax retrieves the program info and your typed text and email it to an email account every n seconds.

E.g.

Program: Ragnarok Online
Text: user11111 pass232323 /nc may elu ka pa?

Analysing the example, Ardamax successfully retrieves the Title of the program you are using and everything you typed afterwards in that program. In example, Ardamax retrieved your username, password, and chat messages.

2a) Familiarized your Windows Processess. Press Ctrl+Alt+Del to show End Task Programs. (For WinXP, Ctrl+Alt+Del->Processes Tab). After you've familiarized that, always check if there will be new process. Chances are, if you have run malicious programs, a new process will be added there. End it to stop it.

Note: Some programs has an ability to hide itself in End Task (in Win 98). If your using WinXP, you can see everything.

Use it also to remove spywares manually. 95% of internet users doesn't know they have *ALOT* spywares in their PCs. You don't want to be one of them, don't you?

2b) Removing malicious programs that starts everytime you start windows. Not on your Startup folder but on your Registry. If your using Windows XP, run Regedit, then go to:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\Curr entVersion\RUN

You should have familiarized everything and follow STEP 2a by checking everytime if a malicious program has been added. Windows 98 users can do that too, although the Registry Directory might be somehow different that I've stated from above.

[WinXP Users only] Note: Hard to follow, eh? Then there's an easy alternative way to access that startup items w/o going to your registry. On Run, type MSCONFIG.EXE. At System Configuration Utiiity, go to Startup. There you can disable/enable startup programs there. Use it to disable unnecessary startup programs that you don't use to speed up your computer and free more computer memory.

3) Update your Antivirus There's nothing to lose by updating your Antivirus everyday.

4) Enjoy the game. I'll add more if i've come up w/ more ideas.



ns but some KL records what you copy and paste.. considering this as new.. i think it does too..

i can't delete 2 files of rundl32

Bcoz it's running on your windows. You can't delete a program that is running. Try renaming the file, then delete it afterwards. It works for me everytime I delete a spyware.

Please send me that file so I can observe it too (chykun@gmail.com).

ns but some KL records what you copy and paste.. considering this as new.. i think it does too..

/heh. Then increase the security of your username and password manually.

For example,

Real Username: MyUsername
Real Password: MyPassword

1) Save it to your notepad as Faked Username and Faked Password:

Faked Username: MyXUserVname
Fakes Password: MyLovelyPasswordNow

2) Copy-paste that both to your RO Login

3) Perform War-A-Move!™ to revert to your real username and password. (Don't mind my term /heh)

At Username, press Home->Right Arrow(x2)->Delete->RightArrow(x4)->Delete
At Password, press Home->Right Arrow(x2)->Delete(6)->End->Backspace(x3)

Note: Hackers are intelligent but we can outwit them by knowing them. Know your enemies. How? Do what they do. It's the only way to protect ourselves against them.

ur right guys, hitbreaker is a keylogger, i've run it yesterday and now my keylogger killer detected it on startup. Ad-Aware, Spybot & AVG cannot detect it, as stated in this thread, the only way to kill this thing is in windows safe mode under C:\WINDOWS\SYSTEM - these are the files i deleted:

rundl32
rundl32.001
rundl32.002
rundl32.006
rundl32.007

and in the system registry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

RUNDL32

hope these helps, thanks..... I can't find those files in C:\WINDOWS\SYSTEM btw I'm using WinXp and I've installed ZoneAlarm Pro in my pc, it's a firewall. Can that firewall helps me from being hacked???

I can't find those files in C:\WINDOWS\SYSTEM btw I'm using WinXp and I've installed ZoneAlarm Pro in my pc, it's a firewall. Can that firewall helps me from being hacked???


well.. u can find it in C:\WINDOWS\SYSTEM32 u need to type the location manualy..

Hey Ruben, can you send me the HitBreaker you have coz I think mine is older version and not working on pRO. Don't worry about my pc, i can handle the keylogger.

http://img.photobucket.com/albums/v390/chykun07/hb.jpg

a firewall works only if you know how to use it, otherwise it will just be a process sitting in

your memory . . .


regarding ardamax, i recall a time when i copy then pasted sumthin . . .

the moment i recalled the item in the notepad it got deleted . . .

i think it also stores items in the memory . . .









>_<

Hey Ruben, can you send me the HitBreaker you have coz I think mine is older version and not working on pRO. Don't worry about my pc, i can handle the keylogger.

http://img.photobucket.com/albums/v390/chykun07/hb.jpg



sory i just dont want other people computer to be mesed up..

sory i just dont want other people computer to be mesed up..

Darn, then don't problem mine. Cmon, I've just graduated comsci so don't worry about me or my computer. For your informaton, I've always messed w/ my computer and I love to mess w/ it. And this I'll mess it more. This is the only way you can learn how to protect your computer more..

Now don't keep that cheat to yourself. There's nothing to lose in your side if you'll just give it to me unless... there's something fishy going on around here and you and/or others decided to keep it to yourselves... /hmm

Don't be selfish guyz...

Now if I got warn from this, I'm just telling my side. It's just a freedom of expression about something is not right.

Just another word, don't worry about me... I'm not like others who'll whine about having hacked just bcoz of their foolishness and ignorance. Don't look down on me like that again.

mr drey .. what files should i delete ? dr are many roundl files..

if you are using WinXP or even Win98, all Rundl32.exe files are not needed just be

sure you are not deleting Rundll32.exe . . . read other threads above if you really wanna rid

yourself of the whole thing . . .







Peace!

ahh.. ic .. Thank You ^_^

I managed to remove the keylogger using Spyware Doctor. Luckily I've installed a firewall before emails of my keystrokes where were sent out because my firewall blocks it, then I installed Spyware Doctor and scaned my PC then it found Ardamax Keylogger then I just simply removed it from my system /swt

@keith15

Can you send me that HitBreaker (the one w/c is infected w/ Ardamax) or pm me it's link coz some stupid childish 14 yr. old kid here wouldn't want to share that program. On the otherhand, I can trade my self modified ModKore (KillSteal enabled) for that HitBreaker. What do you say?

My email add is chykun@gmail.com.

to rubentan and chyros...bro can i ask the program about "hitbreake"...can you pls send me a copy of your program about "hitbreaker"...send to my email naojrhey@yahoo.com thx bro...

@keith15

Can you send me that HitBreaker (the one w/c is infected w/ Ardamax) or pm me it's link coz some stupid childish 14 yr. old kid here wouldn't want to share that program. On the otherhand, I can trade my self modified ModKore (KillSteal enabled) for that HitBreaker. What do you say?

My email add is chykun@gmail.com.

Sorry, chyros, but I've already deleted my hitbreaker after knowing that it has a keylogger on it because I don't want something like that sitting in my pc. It's nice to have your KS enabled modKore but I have nothing to give you in return so I guess its sorry for me also. Try to ask those people who complains and asks how to remove Ardamax. They complain because they once have hitbreaker or still have hitbreaker.

di pala keylogger yan hitbreaker na yan ha!

i think we should thank drey for informing us that this proggie is a KL...

:tnpe:

to rubentan and chyros...bro can i ask the program about "hitbreake"...can you pls send me a copy of your program about "hitbreaker"...send to my email naojrhey@yahoo.com thx bro...



im sory.. didnt you hear that that file has a keylogger?? thats why i cant send it to you..

yeah that thing is a KL... i got hack by it! BTW i just thinking of making it in use... is it posible 2 DL ita again.. then we know that is a KL then imediately before using we delete the Keyloger stuff? is it posible to do?

lolx hitbreaker isn't a keylogger(tho i'm not really sure)..
its juz a useless proggy tat simulates d success rate of ur upgrade :P

Hitbreaker DO have a KL. Once you've open it scan your pc with an anti-spyware software then you'll see that it DOES have a KL.

@rubentan

Why don't you give it to chyros dude? It won't be your fault if he get hacked anyway? So why don't you give it to him or post it here? Unless there is something fishy going on. Look, people here can take care of their own PC's 'coz I think a lot of people already knows that it has a KL. Those who want to use it, that fine as long as they know how to protect their pc's of that KL and for those who don't well..... Its their fault and not yours. I think I made a point here so why don't you give it to those who want it or post it here in MPC?

@ ruben tan

but we all have scan it at a first place...well tricky prog we have..hit breaker messes up everything when you turned it on..and when you start the proggie you will see rundll32.exe is running...quite obvious now

@ ruben tan

but we all have scan it at a first place...well tricky prog we have..hit breaker messes up everything when you turned it on..and when you start the proggie you will see rundll32.exe is running...quite obvious now



yes.. even i sscaned it through jottis malware scannerr.. and no bad results.. i think this is a new type of kL that the anti virus companies didnt update yet...

This seems like a set-up for all of us..

Keylogger? hehehe...

It would be great if we could try it by ourselves right?

No more blah blah blah about keylogger and hack stuff..

Show the real stuff dude. Peace out.
:cool:

Hitbreaker DO have a KL. Once you've open it scan your pc with an anti-spyware software then you'll see that it DOES have a KL.

@rubentan

Why don't you give it to chyros dude? It won't be your fault if he get hacked anyway? So why don't you give it to him or post it here? Unless there is something fishy going on. Look, people here can take care of their own PC's 'coz I think a lot of people already knows that it has a KL. Those who want to use it, that fine as long as they know how to protect their pc's of that KL and for those who don't well..... Its their fault and not yours. I think I made a point here so why don't you give it to those who want it or post it here in MPC?

I agree. Well it will just mean that he's not a *true* MPC Helper. It's only a title for fame I think.

@keith15

Can you send me that HitBreaker (the one w/c is infected w/ Ardamax) or pm me it's link coz some stupid childish 14 yr. old kid here wouldn't want to share that program. On the otherhand, I can trade my self modified ModKore (KillSteal enabled) for that HitBreaker. What do you say?

My email add is chykun@gmail.com.

do you have the hitbreaker chyros?? if not ill send it to you but can i ask something else in return. it's ok with me if u don't send that ksbot. ill just tell what im asking for when i send my email w/ an attached file of the hitbreaker.

to those who keep on asking for the hitbreaker prog just DL it in the net.... go to yahoo and type the hitbreaker word then click on the site where the writing is in arabic form (i think thats arabic...) then there u go u have ur useless prog on ur pc....

Bob_Marly01 is ryt... try searching for hitbreaker on any search engine it'll show you lotsa link on it. I got my hitbreaker by trying on every link... and I'm proud to say it doesn't have a keylogger /gg

I agree. Well it will just mean that he's not a *true* MPC Helper. It's only a title for fame I think.



well.. i dont care what you say about me.. im still not sending it or posting it here..

do you have the hitbreaker chyros?? if not ill send it to you but can i ask something else in return. it's ok with me if u don't send that ksbot. ill just tell what im asking for when i send my email w/ an attached file of the hitbreaker.

read your pm box.

how does it work?
is it just timing when it says success?
then quickly press the enter to the RO on the dialog ox to CLNG CLNG? =)

pls scan it

Read the posts above, as we've discovered it has Ardamax Keylogger . . .



we've warned you about this . . .




thread now closed, please read the thread if you want to remove Ardamax on your system . . .


future requests to have hitbreaker sent to anyone's email will be ignored


. . .