What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal

Watch out for fake public profiles with tracking trojans!

G

glenni83

New Member
Joined
Dec 21, 2011
Messages
61
Reaction score
1
I did notice something. Some of the profiles i find in here got tracking trojans. And alot of em in the fishing and pvp profiles on the last check i did. Others are plugins with .dll files that has nothing to do with the pluggin at all. The most active trojans and scripts with this is the trojan Kazy, and now i start wondering who and why.. As a good man on the field.. i know that this is a virus that is alot used by experts, becouse Kazy easily avoids the detection by anti-virus software. Gen.Variant.Kazy overwrites critical Windows files with itself or replaces other Trojan files on them which is terrible to the corrupted PC system. Gen.Variant.Kazy hides deep in the system background and its files in System Restore are protected to prevent any applications changing those files, so it is not easy to eliminate it.

To make the short story of it.. when you open that plugin or profile, u make a .dll file /virus to melt in to the windows core. Making antivirus and windows belive that the file is somthing windows from day 1 had when it was installed. Then it makes a addres to main server, that give the other one in the end 100% logging opertunity to log whats going on in to ur computer. Second thing it does, it tracks ur ip, the same ip that matches up against what you use on ur battlenet.

My speculation is if this has anything to do with the ban-waves... I checked out how and what it does. Just from random downloads today in here.. i found 13 tracking trojans in profiles and plugins. So admins, start looking around abit.

so when you download profiles/plugins, check with a PAYED antivirus that works and spyhunter/spybot.
Becouse there are profiles that infects ur systems and start logging ur actions.

I did get vpn today, and it is free.. That will atleast protect my IP with encryption if i get logged. This is profiles i used same month before my ban couple of month ago, and my bitdefender found em later on.

x:\backup\hb2\UseBaitWoD_630693666.dll Gen:Variant.Kazy.663109 Last one i found

Hope you guys double check ur profiles/plugins.. and happy boting from som advise to protect u guys.
 
Last edited:
you have opened our eyes about plugins and profiles that contain dll's but you failed to list the offenders.

second, your vpn program looks effective but i wouldnt recommend downloading anything from softonic, cnet, or techspot. these sites are notorious for adding junkware to their 'free' products.

its good practice to be aware of one's activities on the net, but your post is very vague and has little to no information that is useful to the average user.

im curious, the service claims my ip will be replaced with one of my choosing. does this mean i can just choose a jumbled mess of numbers resembling an ip, or do i have to choose from a list. if i have to choose from a list, i may be sharing an ip with other nefarious users and that just isnt safe. and in the end, a vpn really does nothing to hide you from blizzard, there are just too many other ways to track a botter.
 
Maybe the posters of those plugins or profiles have the virus on their computer whithout their knowledge. Many virusses add theirself to archivers when you make a zip file. The rules on the forum are, that you may not post profiles/plugins/combatroutines
with .dll's in it.
 
I'm very interested to see these profiles/plugins with malware/trojans in them; can you post links so we can have them removed?
 
The forum rules forbid the download of compiled files. No Dlls, Exes, etc.

If you find links to such in any forum thread here, your first move should be to report the offending thread.

But the vpn service advertise is not allowed too, if im not wrong! So editing it out is a good idea.
 
Well, i checked the files.. and it is positive for tracking trojan. first of all, its not my job to clean stuff up in here. but now i know there is alot of files going on with trojans. im going to look more into it.. i want to see where it comes from, and what users. try to find and match from the archive of plugins and profiles i have. all is downloaded from this site. .dll files had 2 purposes. 1 or 2 that made the plugin work.. 3th look alike had a windows trojan kazy that had nothing to do with the plugin at all. il edit the vpn. its just the best free one. and it is verry usefull.. becouse its encrypted and changes ur ip, so u cant get reached. for the question on top. use automatic changes everytime u reboot computer. and soft. cnet blalbla.. true.. they have a home site u can use. :)
 
Last edited:
The reason of little information yet, is becouse i was in bed.. when a kazy attack to my computer happened from one of the plugins. I got a notification, and i made a warning post. And i will look into it when i get home from work. Im a grayhat, and one of the first to break down the security systems of Simens. So i know what im talking of. its not a troll, or stop boting thing.. im just warning other boters to scan files, and check what they have on there computer.. becouse kazy is nasty little bitch to the computer. And if u find anything.. post it. im intrested in pulling som strings :) Its personal suddenly when u attack my computer. And i know where it comes from.. and the user on this site now.
 
Last edited:
Ive sent the private message to one of the admins now, with user and files. So.. just for the rest of u.. be abit aware..
 
Aion said:
The forum rules forbid the download of compiled files. No Dlls, Exes, etc.

If you find links to such in any forum thread here, your first move should be to report the offending thread.

But the vpn service advertise is not allowed too, if im not wrong! So editing it out is a good idea.
Click to expand...

Its edited.
 
Pasterke said:
Maybe the posters of those plugins or profiles have the virus on their computer whithout their knowledge. Many virusses add theirself to archivers when you make a zip file. The rules on the forum are, that you may not post profiles/plugins/combatroutines
with .dll's in it.
Click to expand...

The script used her was to melt core when serten files where used. So it was not somthing that usere where not aware of.
 
why all the secrecy? if the files hidden in the plugins are so dangerous then why not make them public?
 
frosticus said:
why all the secrecy? if the files hidden in the plugins are so dangerous then why not make them public?
Click to expand...

its not us as users that does the call.. and spread crap. admins sort it thems selfs. if somthing nesesary to do, they will handle it.
 
Im a grayhat, and one of the first to break down the security systems of Simens. So i know what im talking of.
Click to expand...

Troll alert. Why all the secrecy? Why don't you tell us where you found this trojan so we can check for ourselves instead of posting cryptic shit? At this point I'm more inclined to believe you're only trying to spread FUD, or that your computer was already infected from another source and you're trying to blame HB.
 
messycan said:
thank you again GLenni.. scanning my system now to se if real time scan missed it
Click to expand...

Np.. the funny thing, is that my antivirus did not notice it for 4-5 months.. that i had it. until the attack was made. And i had to manualy scan each directory to find it. even zip files. and then i found it from the user and the zip. So the plugin was active all the time. but then again.. kazy is a virus/trojan that is known to be slippy to notice.
 
glenni83 said:
its not us as users that does the call.. and spread crap. admins sort it thems selfs. if somthing nesesary to do, they will handle it.
Click to expand...


yeah it will keep the drama down .let the admins handle it
 
Tarathiel2 said:
Troll alert. Why all the secrecy? Why don't you tell us where you found this trojan so we can check for ourselves instead of posting cryptic shit? At this point I'm more inclined to believe you're only trying to spread FUD, or that your computer was already infected from another source and you're trying to blame HB.
Click to expand...

where does it say im trying to harm or blame em? i gave em the info they needed to check it out due private messeges. warned the other users to check there systems. said its wise to use an vpn to to hide&crypt ur selfs against attacks. Same if u get home from a resturant and u get diaria.. whould u like to spread who it was all over the place if u knew who it was? or tell ur friends that u where with.. and send a message to the boss telling him.. hey.. yesterday i got salmonella from ur resturant. or be an ass.. hey this user gave us this shit. and OMFG telling everyone.. never eat there again blablabla..

Ive not been playing wow, if it was not for these guys.. So that is why i handle it this way
 
Last edited:
glenni83 said:
I did get vpn today, and it is free..
Click to expand...


it's also free for the 4,000 other people using it to bot. I use a paid service for downloading torrents and I would never use it for WoW. It's like walking into a bank with a mask on. Using a free service is account suicide.

glenni83 said:
Well, i checked the files.. and it is positive for tracking trojan.
Click to expand...

ever heard of a false positive? I'm just going to assume that's what is going on here until you provide some actual proof. This isn't a normal forum where moderators are going to get fussy for calling someone out. If you know someone is doing something bad, say so. Otherwise this is a waste of our time.
 
Last edited:
You must log in or register to reply here.
Back
Top