• Guy says he took control of my Network?
    63 replies, posted
[QUOTE=MUFC2007;20948472]You were infected with a backdoor trojan, most likely Turkojan or Prorat, get searchin' in that registry.[/QUOTE] Go into thread and white night for me? Alright, this guy installed a program onto MY computer without MY permision and used to to steal MY information. I should fuck this guy over with the law.
[QUOTE=RedBlade2021;20948550]Go into thread and white night for me? Alright, this guy installed a program onto MY computer without MY permision. I should fuck this guy over with the law.[/QUOTE] I'm planning a scheme where I send him some music that I said he wanted before. And I'm putting gay porn and goatse in it.
ok so what do i do to completely delete his keylogger and his overall presence? just pass the scan with malwarebytes and thats it? I only clicked the guy's link, which crashed my computer and forced me to reboot, then after nothing really happened.
[QUOTE=ProgramFiles;20948625]ok so what do i do to completely delete his keylogger and his overall presence? just pass the scan with malwarebytes and thats it? I only clicked the guy's link, which crashed my computer and forced me to reboot, then after nothing really happened.[/QUOTE] No idea PF, I'm not a pro with a computer.
Hope MUFC2007 is :v:[URL="http://www.facepunch.com/member.php?u=108200"] [/URL]
[QUOTE=RedBlade2021;20948550]Go into thread and white night for me? Alright, this guy installed a program onto MY computer without MY permision and used to to steal MY information. I should fuck this guy over with the law.[/QUOTE] Are you serious? Do you think, that credit card fraudsters and black hats, [I]really[/I] care about the law? Anyway, I've given a few brownie points to anyone that can give me information, though it seems your account is in the hands of a complete unknown due to the fact your details were listed. The member that claimed to purchase the account was bluffing. [B]Kill processes:[/B] akl.exe, akv.exe, nsk.exe [B]Delete registry values:[/B] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ardamax Keylogger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NSK HKEY_CURRENT_USER\Software\Ardamax Keylogger Lite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\App Paths\akl.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardamax Keylogger [B]Delete files:[/B] akl.exe, akv.exe, nsk.exe, il.dll, kh.dll, akv.ini, settings.ini [B]Delete directories:[/B] C:\Program Files\Ardamax Keylogger C:\Program Files\NSK
Ionica was bluffing? About the other thing, I was just making a point that I could take legal action, and I do have proof of the events, and I'm sure the Fuzz could get the where-abouts of this person in co-operation with Valve.
when i asked on steam if it was the real blade or a buyer, the answer was "look at the HF forum"
[QUOTE=RedBlade2021;20948802]Ionica was bluffing? About the other thing, I was just making a point that I could take legal action, and I do have proof of the events, and I'm sure the Fuzz could get the where-abouts of this person in co-operation with Valve.[/QUOTE] 99.9% impossible. Go for it, you'll be wasting your own time though.
[QUOTE=ProgramFiles;20948817]when i asked on steam if it was the real blade or a buyer, the answer was "look at the HF forum"[/QUOTE] Lol. :smith:
hope you get your account back:hfive:
Is it normal i have none of the files MUFC2007 showed, but the link I went to did exactly what it was suppose to do. aka crashing all process and forcing reboot? Sorry redblade, i really hope you get your account back, as much as i hope i will keep mine.
[QUOTE=MUFC2007;20948731][B]Kill processes:[/B] akl.exe, akv.exe, nsk.exe [B]Delete registry values:[/B] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ardamax Keylogger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NSK HKEY_CURRENT_USER\Software\Ardamax Keylogger Lite HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\App Paths\akl.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardamax Keylogger [B]Delete files:[/B] akl.exe, akv.exe, nsk.exe, il.dll, kh.dll, akv.ini, settings.ini [B]Delete directories:[/B] C:\Program Files\Ardamax Keylogger C:\Program Files\NSK[/QUOTE] I couldn't find any of those, should I keep scanning or am I ok?
[QUOTE=Luxo;20948994]I couldn't find any of those, should I keep scanning or am I ok?[/QUOTE] Almost done scanning,I'll show my result for comparison
Remove any suspicious entries from startup in msconfig. Use google, you've either been infected with Cerberus or Ardamax (entries evident on scan)
Right. I'm the idiot who posted this same problem on GD. I actually got it from RedBlade's hacker. I'm on full detail on what's going on. I ran the scan on the program redblade gave me, deleted some trojan keyloggers and malware. About 29 objects in total. I did it all in safe mode. Should I be safe now? (Not counting the fact that my loaded steam account is in someone elses hands, I already filed to steam.) [editline]02:32AM[/editline] Now running my shitty AVG to double check, hasn't found anything foul yet.
the only thing "suspicious" may i say is something called: jtccOBcyLaHZ, made by dYZQnNG, located at c:/user/[my username]/appdata/roaming/windows/boot.exe :v: been scanning since 1 hour and 22 minutes, 1/3 of it is for c:/windows
My scan said boot.exe or something inside it was dangerous and it was removed.
Still scanning nothing yet ... I am reminded that I should probably delete my garrys mod folder, god that's a lot of crap.
out of 185000 files, 26 was infected, but i was before c:/windows was being scanned. Still scanning...
You guys all have the same thing? [editline]02:42AM[/editline] At least you still have your steam account ;P [editline]02:43AM[/editline] I need the word of a professional, is it safe to go onto any private sites example: facebook
[QUOTE=Teh Soviet;20949440]You guys all have the same thing? [editline]02:42AM[/editline] At least you still have your steam account ;P [editline]02:43AM[/editline] I need the word of a professional, is it safe to go onto any private sites example: facebook[/QUOTE] I have no suspicious files, process, or startup process in my computer, i am wondering if i really have that keylogger
The backdoor server that was installed on your systems is most likely FUD'd, will be undetectable by anti virus software. Keyword: Use HJT instead.
[QUOTE=MUFC2007;20949514]The backdoor server that was installed on your systems is most likely FUD'd, will be undetectable by anti virus software.[/QUOTE] So...now what?
Oh my god, it's still scanning garrys mod. :gonk:
[QUOTE=ProgramFiles;20949524]So...now what?[/QUOTE] Post #45. Line two. Read.
[QUOTE=MUFC2007;20949514]The backdoor server that was installed on your systems is most likely FUD'd, will be undetectable by anti virus software. Keyword: Use HJT instead.[/QUOTE] So, what am I supposed to do about it?
[QUOTE=MUFC2007;20949540]Post #45. Line two. Read.[/QUOTE] Thanks for pointing my own stupidity. [QUOTE=MUFC2007;20949514]The backdoor server that was installed on your systems is most likely FUD'd, will be undetectable by anti virus software. Keyword: Use HJT instead.[/QUOTE] well, was quick, now i have a huge log file with lot of text, but nothing about that is directly related to something called Cerberus or Ardamax
If you ran the first malware scan, it should've removed both infections. Just did some serious searching.
[QUOTE=Teh Soviet;20949885]If you ran the first malware scan, it should've removed both infections. Just did some serious searching.[/QUOTE] Source? I just want to read it by my own. Oh and redblade, i just remembered one of my RL friend is a respected user in hackforum, i may get some info from him. [editline]09:24PM[/editline] Deep scan complete, seems to have nothing dangerous compared to redblade [quote]Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 28 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\ProgramData\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. Files Infected: C:\Program Files (x86)\VideoEgg\Loader\2663\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Users\Yvon\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Yvon\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot. C:\Program Files (x86)\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. [/quote]
Sorry, you need to Log In to post a reply to this thread.