• Visit Rebornbuddy
  • Watch out for fake public profiles with tracking trojans!

    Discussion in 'Honorbuddy Forum' started by glenni83, Sep 4, 2015.

    1. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      I did notice something. Some of the profiles i find in here got tracking trojans. And alot of em in the fishing and pvp profiles on the last check i did. Others are plugins with .dll files that has nothing to do with the pluggin at all. The most active trojans and scripts with this is the trojan Kazy, and now i start wondering who and why.. As a good man on the field.. i know that this is a virus that is alot used by experts, becouse Kazy easily avoids the detection by anti-virus software. Gen.Variant.Kazy overwrites critical Windows files with itself or replaces other Trojan files on them which is terrible to the corrupted PC system. Gen.Variant.Kazy hides deep in the system background and its files in System Restore are protected to prevent any applications changing those files, so it is not easy to eliminate it.

      To make the short story of it.. when you open that plugin or profile, u make a .dll file /virus to melt in to the windows core. Making antivirus and windows belive that the file is somthing windows from day 1 had when it was installed. Then it makes a addres to main server, that give the other one in the end 100% logging opertunity to log whats going on in to ur computer. Second thing it does, it tracks ur ip, the same ip that matches up against what you use on ur battlenet.

      My speculation is if this has anything to do with the ban-waves... I checked out how and what it does. Just from random downloads today in here.. i found 13 tracking trojans in profiles and plugins. So admins, start looking around abit.

      so when you download profiles/plugins, check with a PAYED antivirus that works and spyhunter/spybot.
      Becouse there are profiles that infects ur systems and start logging ur actions.

      I did get vpn today, and it is free.. That will atleast protect my IP with encryption if i get logged. This is profiles i used same month before my ban couple of month ago, and my bitdefender found em later on.

      x:\backup\hb2\UseBaitWoD_630693666.dll Gen:Variant.Kazy.663109 Last one i found

      Hope you guys double check ur profiles/plugins.. and happy boting from som advise to protect u guys.
       
      Last edited: Sep 5, 2015
    2. frosticus

      frosticus Community Developer

      Joined:
      Oct 19, 2012
      Messages:
      2,930
      Likes Received:
      58
      Trophy Points:
      48
      you have opened our eyes about plugins and profiles that contain dll's but you failed to list the offenders.

      second, your vpn program looks effective but i wouldnt recommend downloading anything from softonic, cnet, or techspot. these sites are notorious for adding junkware to their 'free' products.

      its good practice to be aware of one's activities on the net, but your post is very vague and has little to no information that is useful to the average user.

      im curious, the service claims my ip will be replaced with one of my choosing. does this mean i can just choose a jumbled mess of numbers resembling an ip, or do i have to choose from a list. if i have to choose from a list, i may be sharing an ip with other nefarious users and that just isnt safe. and in the end, a vpn really does nothing to hide you from blizzard, there are just too many other ways to track a botter.
       
    3. Pasterke

      Pasterke Well-Known Member Buddy Store Developer

      Joined:
      Dec 12, 2011
      Messages:
      1,228
      Likes Received:
      48
      Trophy Points:
      48
      Maybe the posters of those plugins or profiles have the virus on their computer whithout their knowledge. Many virusses add theirself to archivers when you make a zip file. The rules on the forum are, that you may not post profiles/plugins/combatroutines
      with .dll's in it.
       
    4. Nightcrawler12

      Nightcrawler12 New Member

      Joined:
      Mar 18, 2012
      Messages:
      765
      Likes Received:
      11
      Trophy Points:
      0
      I'm very interested to see these profiles/plugins with malware/trojans in them; can you post links so we can have them removed?
       
    5. Aion

      Aion Well-Known Member Buddy Store Developer

      Joined:
      Jan 18, 2011
      Messages:
      3,907
      Likes Received:
      105
      Trophy Points:
      63
      The forum rules forbid the download of compiled files. No Dlls, Exes, etc.

      If you find links to such in any forum thread here, your first move should be to report the offending thread.

      But the vpn service advertise is not allowed too, if im not wrong! So editing it out is a good idea.
       
    6. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      Well, i checked the files.. and it is positive for tracking trojan. first of all, its not my job to clean stuff up in here. but now i know there is alot of files going on with trojans. im going to look more into it.. i want to see where it comes from, and what users. try to find and match from the archive of plugins and profiles i have. all is downloaded from this site. .dll files had 2 purposes. 1 or 2 that made the plugin work.. 3th look alike had a windows trojan kazy that had nothing to do with the plugin at all. il edit the vpn. its just the best free one. and it is verry usefull.. becouse its encrypted and changes ur ip, so u cant get reached. for the question on top. use automatic changes everytime u reboot computer. and soft. cnet blalbla.. true.. they have a home site u can use. :)
       
      Last edited: Sep 5, 2015
    7. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      The reason of little information yet, is becouse i was in bed.. when a kazy attack to my computer happened from one of the plugins. I got a notification, and i made a warning post. And i will look into it when i get home from work. Im a grayhat, and one of the first to break down the security systems of Simens. So i know what im talking of. its not a troll, or stop boting thing.. im just warning other boters to scan files, and check what they have on there computer.. becouse kazy is nasty little bitch to the computer. And if u find anything.. post it. im intrested in pulling som strings :) Its personal suddenly when u attack my computer. And i know where it comes from.. and the user on this site now.
       
      Last edited: Sep 5, 2015
      Frayman likes this.
    8. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      Ive sent the private message to one of the admins now, with user and files. So.. just for the rest of u.. be abit aware..
       
    9. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      Its edited.
       
    10. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      It is sent in a privat message to admins with files, plugins, user and all
       
    11. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      The script used her was to melt core when serten files where used. So it was not somthing that usere where not aware of.
       
    12. nooblet

      nooblet Active Member

      Joined:
      May 4, 2012
      Messages:
      1,419
      Likes Received:
      12
      Trophy Points:
      38
      ZoneAlarm has never picked up anything.
       
    13. messycan

      messycan Member

      Joined:
      Sep 6, 2012
      Messages:
      259
      Likes Received:
      0
      Trophy Points:
      16

      thank you again GLenni.. scanning my system now to se if real time scan missed it
       
    14. frosticus

      frosticus Community Developer

      Joined:
      Oct 19, 2012
      Messages:
      2,930
      Likes Received:
      58
      Trophy Points:
      48
      why all the secrecy? if the files hidden in the plugins are so dangerous then why not make them public?
       
    15. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      its not us as users that does the call.. and spread crap. admins sort it thems selfs. if somthing nesesary to do, they will handle it.
       
    16. Tarathiel2

      Tarathiel2 New Member

      Joined:
      Nov 12, 2013
      Messages:
      289
      Likes Received:
      7
      Trophy Points:
      0
      Troll alert. Why all the secrecy? Why don't you tell us where you found this trojan so we can check for ourselves instead of posting cryptic shit? At this point I'm more inclined to believe you're only trying to spread FUD, or that your computer was already infected from another source and you're trying to blame HB.
       
    17. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      Np.. the funny thing, is that my antivirus did not notice it for 4-5 months.. that i had it. until the attack was made. And i had to manualy scan each directory to find it. even zip files. and then i found it from the user and the zip. So the plugin was active all the time. but then again.. kazy is a virus/trojan that is known to be slippy to notice.
       
    18. Frayman

      Frayman Member Legendary

      Joined:
      Apr 5, 2013
      Messages:
      817
      Likes Received:
      16
      Trophy Points:
      18

      yeah it will keep the drama down .let the admins handle it
       
    19. glenni83

      glenni83 New Member

      Joined:
      Dec 21, 2011
      Messages:
      61
      Likes Received:
      1
      Trophy Points:
      0
      where does it say im trying to harm or blame em? i gave em the info they needed to check it out due private messeges. warned the other users to check there systems. said its wise to use an vpn to to hide&crypt ur selfs against attacks. Same if u get home from a resturant and u get diaria.. whould u like to spread who it was all over the place if u knew who it was? or tell ur friends that u where with.. and send a message to the boss telling him.. hey.. yesterday i got salmonella from ur resturant. or be an ass.. hey this user gave us this shit. and OMFG telling everyone.. never eat there again blablabla..

      Ive not been playing wow, if it was not for these guys.. So that is why i handle it this way
       
      Last edited: Sep 5, 2015
    20. DrStrider

      DrStrider New Member

      Joined:
      Dec 22, 2014
      Messages:
      68
      Likes Received:
      1
      Trophy Points:
      0

      it's also free for the 4,000 other people using it to bot. I use a paid service for downloading torrents and I would never use it for WoW. It's like walking into a bank with a mask on. Using a free service is account suicide.

      ever heard of a false positive? I'm just going to assume that's what is going on here until you provide some actual proof. This isn't a normal forum where moderators are going to get fussy for calling someone out. If you know someone is doing something bad, say so. Otherwise this is a waste of our time.
       
      Last edited: Sep 5, 2015

    Share This Page