What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal
RebornBuddy Forums

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

agent.exe something I found

N

NSZWoW

New Member
Joined
Mar 21, 2011
Messages
21
I was downloading d3 beta today while downloading it I decided to turn the bot on, and farm some honor for the start of the new season.

When I turned HB on my malware bytes blocked an attempt to a potentially malicious site with the process agent.exe

I decided to google agent.exe nothing off the start then I googled warcraft agent.exe and found that this is a process for d3 that monitors for 3rd party applications. considered it just happened I doubt anything would happen to my account for at least a few hours or days, regardless should we hold off on botting while d3 is installed?
 
NetRange: 98.142.240.0 - 98.142.255.255
CIDR: 98.142.240.0/20
OriginAS: AS30407
NetName: VELCOM
NetHandle: NET-98-142-240-0-1
Parent: NET-98-0-0-0-0
NetType: Direct Allocation
RegDate: 2009-04-28
Updated: 2009-04-28
Ref: http://whois.arin.net/rest/net/NET-98-142-240-0-1

OrgName: Rcp.net
OrgId: RCPNE
Address: 50 Delta Park Blvd., Unit 4
City: Brampton
StateProv: ON
PostalCode: L6T-5E8
Country: CA
RegDate: 2003-06-02
Updated: 2011-04-29
Comment: ====================================================
Comment: - Contact [email protected] in case of any Hacks, -
Comment: - Illegal Activity, Violation, Scans, Probes, Spam -
Comment: ====================================================
Ref: http://whois.arin.net/rest/org/RCPNE

ReferralServer: rwhois://rwhois.velcom.com:4321

OrgAbuseHandle: ABUSE1200-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-416-800-7551
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1200-ARIN

OrgTechHandle: NETWO548-ARIN
OrgTechName: Network Administrator
OrgTechPhone: +1-416-800-7551
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.net/rest/poc/NETWO548-ARIN

RAbuseHandle: ABUSE1200-ARIN
RAbuseName: Abuse
RAbusePhone: +1-416-800-7551
RAbuseEmail: [email protected]
RAbuseRef: http://whois.arin.net/rest/poc/ABUSE1200-ARIN

RTechHandle: NETWO548-ARIN
RTechName: Network Administrator
RTechPhone: +1-416-800-7551
RTechEmail: [email protected]
RTechRef: http://whois.arin.net/rest/poc/NETWO548-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#


%rwhois V-1.5:003eff:00 rwhois.velcom.com (by Network Solutions, Inc. V-1.5.9.5)
network:Auth-Area:98.142.240.0/20
network:Class-Name:network
network:ID:NET-98-142-251-0-24
network:Network-Name:Velcom DSL (Dynamic Pool)
network:IP-Network:98.142.251.0/24
network:Org-Name:VELCOM
network:Street-Address:50 Delta Park Blvd., Unit 4
network:City:Brampton
network:State:ON
network:Postal-Code:L6T-5E8
network:Country-Code:CA
network:Tech-Contact;I:[email protected]
network:Updated:2011-04-26
network:Updated-By:[email protected]

network:Auth-Area:98.142.240.0/20
network:Class-Name:network
network:ID:NET-98-142-240-0-20
network:Network-Name:Velcom.com IP Pool
network:IP-Network:98.142.240.0/20
network:Org-Name:VELCOM.COM
network:Street-Address:50 Delta Park Blvd., Unit 4
network:City:Brampton
network:State:ON
network:Postal-Code:L6T-5E8
network:Country-Code:CA
network:Tech-Contact;I:[email protected]
network:Updated:2011-04-26
network:Updated-By:[email protected]

%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
 
Call me stupid but what is D3? if you're using an unofficial version of honorbuddy, the application might have been binded with a malicious file, otherwise I don't see there being a 3rd party program monitoring your data as that would be a retarded method by blizzard as botters wouldn't bot when they saw that process and a simple if statement could be made apon opening honorbuddy to protect against that.
 
Last edited:
Kink said:
Call me stupid but what is D3? if you're using an unofficial version of honorbuddy, the application might have been binded with a malicious file, otherwise I don't see there being a 3rd party program monitoring your data as that would be a retarded method by blizzard as botters wouldn't bot when they saw that process and a simple if statement could be made apon opening honorbuddy to protect against that.
Click to expand...

I use official HB, d3 is Diablo 3, and yes the process is there now in beta however I'm sure it will be hidden at a later date.
 
IP-BLOCK 218.10.254.67 (Type: outgoing, Port: 6881, Process: agent.exe)
IP-BLOCK 218.10.254.67 (Type: outgoing, Port: 6881, Process: agent.exe)
IP-BLOCK 218.10.254.67 (Type: outgoing, Port: 63210, Process: agent.exe)
IP-BLOCK 98.142.251.68 (Type: outgoing, Port: 6881, Process: agent.exe)
IP-BLOCK 98.142.251.68 (Type: outgoing, Port: 6881, Process: agent.exe)

just a random posting from the logs.
 
do you think it would be possible to reverse engineer the agent.exe to possibly get an understanding of warden?
 
Warden is not like this agent.exe
And warden is already taken care of/precautions in place.
 
You must log in or register to reply here.
Back
Top