What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal

Watch out for fake public profiles with tracking trojans!

DrStrider said:
it's also free for the 4,000 other people using it to bot. I use a paid service for downloading torrents and I would never use it for WoW. It's like walking into a bank with a mask on. Using a free service is account suicide.


ever heard of a false positive? I'm just going to assume that's what is going on here until you provide some actual proof. This isn't a normal forum where moderators are going to get fussy for calling someone out. If you know someone is doing something bad, say so. Otherwise this is a waste of our time.
Click to expand...

i use it for Bot, popcorntime, torrents and stuff like that. allways encrypt my self and mask my self.

I do know the false positive. but this one had a scritp to the plugin with use of the file to track me. If it was not for that. i whould have had my mouth shut :)
 
glenni83 said:
I do know the false positive. but this one had a scritp to the plugin with use of the file to track me. If it was not for that. i whould have had my mouth shut :)
Click to expand...

Proof or GTFO. Stop running your mouth.
 
glenni83 said:
i use it for Bot, popcorntime, torrents and stuff like that. allways encrypt my self and mask my self.

I do know the false positive. but this one had a scritp to the plugin with use of the file to track me. If it was not for that. i whould have had my mouth shut :)
Click to expand...

I almost spilled my drink reading your msg.
1) Best way how to catch malware to your PC is using torrents (Imho there is not better way how to spread malware)
2) If you are not using VPN to 3rd world countries, you are not masked in any way. Free VPN providers almost always disclose information about clients If you ask them nicely (something like that their IP was doing bad thing in timeframe XYZ-ZYX)
3) If you downloaded unknown dll and just run it, you are not smart enough to use internet, sorry :)


Also your path to "virus"
Code: 
x:\backup\hb2\UseBaitWoD_630693666.dll
is not dll downloaded from Buddy forum, but dll compiled by HB itself (from .cs file in plugin folder)
There is this plugin with same name (UseBaitWoD) https://www.thebuddyforum.com/honor...ait-wod-fire-ammonite-bait-autoangler2-4.html and I checked its source code and everything is ok and plugin dont include any form of trojan.
Based on "virus" name provided by you (Gen.Variant.Kazy) I must say that 99.999% it is false positive. When AV give you anything "Gen.Variant" it means that AV is not sure what it is, but It "can" be something..
 
Last edited:
Trixiap said:
I almost spilled my drink reading your msg.
1) Best way how to catch malware to your PC is using torrents (Imho there is not better way how to spread malware)
2) If you are not using VPN to 3rd world countries, you are not masked in any way. Free VPN providers almost always disclose information about clients If you ask them nicely (something like that their IP was doing bad thing in timeframe XYZ-ZYX)
3) If you downloaded unknown dll and just run it, you are not smart enough to use internet, sorry :)


Also your path to "virus"
Code: 
x:backuphb2UseBaitWoD_630693666.dll
is not dll downloaded from Buddy forum, but dll compiled by HB itself (from .cs file in plugin folder)
There is this plugin with same name (UseBaitWoD) https://www.thebuddyforum.com/honor...ait-wod-fire-ammonite-bait-autoangler2-4.html and I checked its source code and everything is ok and plugin dont include any form of trojan.
Based on "virus" name provided by you (Gen.Variant.Kazy) I must say that 99.999% it is false positive. When AV give you anything "Gen.Variant" it means that AV is not sure what it is, but It "can" be something..
Click to expand...

i checked that package to. And its not the same u find there now. and that is explained. I got a .rar package from a user. and that one is gone now from there. checked that to this morning. And that package was around april-15

Gen:Variant.Kazy is a NEW type of Trojan infection containing malevolent codes, which is utilized by cyber crooks to carry out abnormal symptoms on affected computer for illicit activities. In computers, Gen:Variant.Kazy is designed as a specific malware program that cannot fulfill self-replication. Determined by the nature of the virus, Gen:Variant.Kazy, often derives from certain software applications that can be downloaded manually. When installed, this type of Trojan virus will hide its components deeply in system and change the names of its files all the time so as to bypass the full detection from antivirus software or other security utilities. Meanwhile, by means of making modification in default system configuration, Gen:Variant.Kazy, threat could be loaded up and executed automatically on every Windows boot.

Similar as other Trojan virus, Gen:Variant.Kazy. may often decrease the overall PC performance speed by technically occupying high computing resources. It may directly result in 100% CPU utilization in system. Serves as a tricky infection, Gen:Variant.Kazy is often bundled with a class of additional PC threats such as Trojan, worm, rookit or other unknown subjects that are capable of doing further harm on compromised machine. Security experts has classified Gen:Variant.Kazy.27215 as a high-danger threat, due to its destructive attributes which may open a backdoor for remote hackers. On account of the existence of a backdoor, Gen:Variant.Kazy. may obtain unauthorized access for hackers and thus potentially lead to further compromise by other attackers. In that circumstance, not only your computer but also your privacy and logging will be at extremely risk that should pay attention to.
 
Please don't post "virus definition" from very suspicious sites. I can find this by myself, but I dont see point in reading it.

I would like to ask you, to upload dll that was marked as virus to https://mega.nz/ (preferably in .rar/.zip with password) and send me link in PM.

I have some knowledge about malware analysis and I would like too take a look why it is marked as virus.

That you very much.


Ps. Reason why I see this little bit suspicious is because Kazy is malware from 2008 so in IT business it is something like ancient piece of technology.
 
Last edited:
Trixiap said:
Please don't post "virus definition" from very suspicious sites. I can find this by myself, but I dont see point in reading it.

I would like to ask you, to upload dll that was marked as virus to https://mega.nz/ (preferably in .rar/.zip with password) and send me link in PM.

I have some knowledge about malware analysis and I would like too take a look why it is marked as virus.

That you very much.


Ps. Reason why I see this little bit suspicious is because Kazy is malware from 2008 so in IT business it is something like ancient piece of technology.[/QUOTE

Abit to late now mate. i know this virus goes deeply into the system. I did delete it once with the bitdefender, rebooted, and a new one was born again... so was thinking of doing a manual stop to it due regedit. but i did not know where the file ended up afterwards. it manuplited names, and had a different letters in the .dll that spawn on each reboot. So i did an recovery to the laptop to be safe. been couple of hours earlier, i could have given you the files and the whole package as it was with my password. You been suprised aswell. becouse it was a cleaver move. You are right about the 2008 when it was discovered. but there are many new of the same type.
Click to expand...
 
wel i never use any other fake profiles only then kicks they all in xml so. never got a trojan from this site
 
Sorry i dont know where you Download your Profiles, Plugins etc. i NEVER found a Infected File here on the HB Forum (and i own a lot of the Stuff here on my Local Disks).

Please give us some example links to infected files, otherwise please stop talking and i hope a Mod will close this useless Thread.

P.S. UseBaitWoD for Example is only available via here: https://www.thebuddyforum.com/honor...te-bait-autoangler2.html?highlight=UseBaitWoD
And this Archiv dont own any DLL.
glenni83 said:
i checked that package to. And its not the same u find there now. and that is explained. I got a .rar package from a user. and that one is gone now from there. checked that to this morning. And that package was around april-15
Click to expand...
lol someone send you a link to a package (was it hosted on HB forum or on another side?), you downloaded it and now you're wondering why own this trojan?
 
Last edited:
glenni83 said:
i checked that package to. And its not the same u find there now. and that is explained. I got a .rar package from a user. and that one is gone now from there. checked that to this morning. And that package was around april-15
Click to expand...

Post with download was edited last time in "20.11.2014 at 01:45." there is no way how you could download another rar from that topic in April 2015.

Also I laughted when I read
glenni83 said:
Im a grayhat, and one of the first to break down the security systems of Simens. So i know what im talking of. its not a troll, or stop boting thing..
Click to expand...
Sorry but I don't believe you, because saying "Im greyhat" is stupid thing :) (and you also mistyped it as"grayhat" which is wrong) It is something like saying "Hi, Im stealing in shop when I get bored". You would know that it is better to call yourself Whitehat.
There is no way how any security specialist can make such horrible decision as using free VPN and saying "Hey I'm untraceable!". You can be very easily tracked behind anything including VPN or TOR if you have malware in your PC.
Next thing is that you were more worried about "tracking" than worrying about your data and infected PC.


Im sorry, but I must say that you are pure troll.
 
Last edited:
You must log in or register to reply here.
Back
Top