Hi i found this on a russian site this week ( was looking for a serial key lol )
any way seems to be for any unreal engine based game . so far i have only tested on 1.0 with skins. i will test more but for now i decided to share. :smoke:

Do not open, this is a virus.


AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found BackDoor.Bifrost.11, not a virus Tool.Info2Ftp
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found Sandbox: W32/Malware; [ General information ]

* Anti debug/emulation code present.
* **Locates window "NULL [class Shell_TrayWnd]" on desktop.
* File length: 261888 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\plugin1.dat.
* Deletes file C:\WINDOWS\svchost.exe.
* Creates file C:\WINDOWS\svchost.exe.

[ Changes to registry ]
* Creates value "startkey"="C:\WINDOWS\svchost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "startkey"="C:\WINDOWS\svchost.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates key "HKLM\Software\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}".
* Sets value "stubpath"="C:\WINDOWS\svchost.exe s" in key "HKLM\Software\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}".
* Creates key "HKCU\Software\Microsoft\Active Setup\Installed Components".
* Creates key "HKLM\Software\Wget".
* Sets value "nck"="ç@T"^Y`´<*^34r" in key "HKLM\Software\Wget".
* Creates key "HKCU\Software\Wget".
* Sets value "klg"="
" in key "HKCU\Software\Wget".

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
UNA Found nothing
VBA32 Found nothing

Found BackDoor.Bifrost.11, not a virus Tool.Info2Ftp
Found probably unknown NewHeur_PE (probable variant)
Found Sandbox: W32/Malware; [ General information ]



STOP POSTING THIS EVERYWHERE!

my kaspersky found a sandbox[whatever that is} and quarantined it,so i figured id wait to see what others had to say about it thnx predator

yah i also found nothing. but then i get that when i use drunken cheatas stealth injector for dll's and my computer has run fine for a few days since i first used the bot.
also most of parkers injectors show up with this "backdoor.dragonbot.d " in bitdefender also a fake positive Drunken cheata explained it once but i didnt understand . i guess maybe this uses somthing like it with its PB blocker . but then im just guessing .

i removed the attatchment untill i can get some one to check it over good. i hope its fake positive like parkers and DC's injectors. or ill have to reformat.

Hank is a fruit hes posted this on sevral forums

*XC *MPC
and sevral other forums using another name

actually it shows as a non virus but as a sand box and key logger. you need to read close . also go to this link
http://www.mpcforum.com/showthread.php?t=41714&highlight=H%40TKEYSH%40%40K
and read as to why it shows like this . i cant send you to the link about drunken cheatahs injector becuase its been deleted. but basicaly his also showed a false positive.
also parkers JO d3d8 injector showed up as a false positive for dragonbot trojan dropper.
and now you flip have proven ur self to be a liar more then once here are 2
1 i never posted it on "5" forums
2 no one has detected it as a virus. re read the log and you will see "NON VIRUS"
so why do you even try to act like you know jack? you and your childish name calling lol and now you look like a jerk. mean while the hack works awsome and i will just share it threw PMS i guess. after all this forum is about public hacks not flaming right?

You posted this on XC and it got you banned (I am a moderator theyr and I was one of them who helped bann u and remove ur virus)

You also posted it on sevral other forums using another name.


I am warning everyone, Do no accept this hack from hank it is a virus.

Hank, you were banned from other forums under the name Limon, a former tpg member. This Is a virus, there should be no reason why it would delete your svchost and then create a new one.

Retlock.zip
Status: INFECTED/MALWARE (Note: only non-destructive malware has been found. Considering the non-destructive nature of samples like these - although they can be a pain -, results will not be stored in the database.)
MD5 ddb89a222b1de837cd35679856324e7c
Packers detected: PE_PATCH.ULTRAPROTECT, ULTRAPROTECT, PE_PATCH
Scanner results
AntiVir Found nothing
ArcaVir Found Trojan.Keylogger.Hatkeys.M04.A2
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found not a virus Tool.GameCrack, not a virus Tool.Info2Ftp, BackDoor.Bifrost.11
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found not-a-virus:CrackTool.Win32.HotHook
NOD32 Found Win32/Keylogger.HotKeysHook.A, probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found Sandbox: W32/Malware; [ General information ]

* Anti debug/emulation code present.
* **Locates window "NULL [class Shell_TrayWnd]" on desktop.
* File length: 261888 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\plugin1.dat.
* Deletes file C:\WINDOWS\svchost.exe.
* Creates file C:\WINDOWS\svchost.exe.

[ Changes to registry ]
* Creates value "startkey"="C:\WINDOWS\svchost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "startkey"="C:\WINDOWS\svchost.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates key "HKLM\Software\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}".
* Sets value "stubpath"="C:\WINDOWS\svchost.exe s" in key "HKLM\Software\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}".
* Creates key "HKCU\Software\Microsoft\Active Setup\Installed Components".
* Creates key "HKLM\Software\Wget".
* Sets value "nck"="ç@T"^Y`´<*^34r" in key "HKLM\Software\Wget".
* Creates key "HKCU\Software\Wget".
* Sets value "klg"="
" in key "HKCU\Software\Wget".

[ Process/window information ]
* Will automatically restart after boot (I'll be back...).
* Enumerates running processes.
* Modifies other process memory.
* Creates a remote thread.
UNA Found Trojan.PSW.Win32.HotKeysHook
VBA32 Found nothing


And watch how you speak to Flip, hes a good friend of mine and a forum helper. Show some respect to him, and everyone else here in the forums. Thank you have a great day :)

Also: Those false positives were something completely different. Your "zip file" has 2 dlls and an Injector. You should not need either of these for this type of program that you claim it to be.

EDIT: This taken from a post made by Lionheart5358 at an alternate forum.
little research shows that this may have been a malicious act. the thread he posted talks about fake reports of key loggers coming from trainer maker kit. hated sent me the rar of what he wanted to post and it contained 2 dll's and an exe... one dll was named swathook and the other was named injecter. last time i checked trainers dont use dll's, hooks nor injections, and the concept of using a dll to inject another dll (injecter.dll) seems a little stupid if its real. something to keep in mind.

Warned for posting a virus.
Next time you're permanently banned.

Closed.