Post Reply Home » Forums » MMO Forums » World of Warcraft » World of Warcraft Nerfed Info

WOW Hacks - Safe Walljump Tool : World of Warcraft Nerfed Info

Posted: July 16th, 2007
User avatar
Total Posts:1974 Joined:2006
christ, did anyone actually scan this with more than one scanner?

DO NOT USE THIS UNTIL FURTHER NOTICE

from Register to unlock hidden link

Code: Register to unlock hidden link

 File:  	 Jumping_jack.rar
Status: 	
INFECTED/MALWARE
MD5: 	9613f53d95658163f33db8e41a59555d
Packers detected: 	
ARMADILLO
Bit9 reports: 	Not analyzed yet (more info)
Scanner results
Scan taken on 16 Jul 2007 19:25:45 (GMT)
A-Squared 	
Found nothing
AntiVir 	
Found nothing
ArcaVir 	
Found nothing
Avast 	
Found nothing
AVG Antivirus 	
Found BackDoor.Generic7.IRB
BitDefender 	
Found Backdoor.Vb.BCO
ClamAV 	
Found nothing
Dr.Web 	
Found nothing
F-Prot Antivirus 	
Found nothing
F-Secure Anti-Virus 	
Found nothing
Fortinet 	
Found nothing
Kaspersky Anti-Virus 	
Found nothing
NOD32 	
Found nothing
Norman Virus Control 	
Found nothing
Panda Antivirus 	
Found nothing
Rising Antivirus 	
Found nothing
Sophos Antivirus 	
Found nothing
VirusBuster 	
Found nothing
VBA32 	
Found nothing
from Register to unlock hidden link

Code: Register to unlock hidden link

Antivirus 	Version 	Last Update 	Result
AhnLab-V3	2007.7.14.0	2007.07.16	no virus found
AntiVir	7.4.0.42	2007.07.16	no virus found
Authentium	4.93.8	2007.07.13	no virus found
Avast	4.7.997.0	2007.07.16	Win32:VB-EHP
AVG	7.5.0.476	2007.07.16	BackDoor.Generic7.IRB
BitDefender	7.2	2007.07.16	Backdoor.Vb.BCO
CAT-QuickHeal	9.00	2007.07.16	no virus found
ClamAV	devel-20070416	2007.07.16	no virus found
DrWeb	4.33	2007.07.16	no virus found
eSafe	7.0.15.0	2007.07.16	no virus found
eTrust-Vet	30.8.3787	2007.07.16	no virus found
Ewido	4.0	2007.07.16	no virus found
FileAdvisor	1	2007.07.16	no virus found
Fortinet	2.91.0.0	2007.07.16	no virus found
F-Prot	4.3.2.48	2007.07.13	no virus found
Ikarus	T3.1.1.8	2007.07.16	Backdoor.VB.BCO
Kaspersky	4.0.2.24	2007.07.16	no virus found
McAfee	5075	2007.07.16	no virus found
Microsoft	1.2704	2007.07.16	no virus found
NOD32v2	2400	2007.07.16	no virus found
Norman	5.80.02	2007.07.16	no virus found
Panda	9.0.0.4	2007.07.16	Suspicious file
Sophos	4.19.0	2007.07.16	no virus found
Sunbelt	2.2.907.0	2007.07.14	no virus found
Symantec	10	2007.07.16	Backdoor.Trojan
TheHacker	6.1.6.147	2007.07.16	no virus found
VBA32	3.12.0.2	2007.07.16	no virus found
VirusBuster	4.3.23:9	2007.07.16	no virus found
Webwasher-Gateway	6.0.1	2007.07.16	Virus.Win32.FileInfector.gen (suspicious)
Aditional information
File size: 728451 bytes
MD5: 9613f53d95658163f33db8e41a59555d
SHA1: e1b3b58f82b13a065bdc9ee82638f7a5b9f91824
packers: Armadillo
packers: Armadillo
i repeat DO NOT USE THIS UNTIL FURTHER NOTICE

_________________
EX-TU member. For my own reasons, I will no longer play a role as an active member. Goodbye.


RIP kourath. 5/21/08
Posted: July 16th, 2007
vgagent1993
what the hell dose ti evren do..
Posted: July 17th, 2007
User avatar
administrator
Total Posts:29891 Joined:2002
Lets you jump up walls.
Posted: July 17th, 2007
User avatar
Total Posts:297 Joined:2006
I've been checking the file "Jumping Jack.exe" and this is what I've come up with.

First off, with the help of a file analyser I found out that the files original name is stub.shark.exe , and that its product name is projekt1.

Not knowing what this was I decided to google it and found this:
Register to unlock hidden link

This is a report for a process called "winddl32.exe". Apparently this files original name is stub.shark.exe too and has the same product name as well. In order to find out more I decided to go one step further and google the file"winddl32.exe".

After doing a little searching I found out that the file "winddl32.exe" is not a normal Windows file and most likely a form of spyware. However I came upon this thread:
Register to unlock hidden link

The main poster in that thread explained how a program called "projekt1" was trying to communicate with a remote computer on port 555. Another user pointed out the process "winddl32.exe" as the source of this annomaly.

It is therefore my conclusion that the file "Jumping Jack" is infact a trojan, aka Shark.F / VB-EHP .

Now I'm not sure if the main poster of this thread changed the file with a trojan, but if you've already tried to run the file then I suggest you follow these steps to remove the trojan that the file may have placed onto your pc.

===============Recovering==============

1. Please download The Avenger by Swandog46 to your Desktop.
Register to unlock hidden link
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:

Code: Register to unlock hidden link

 Files to delete:
C:\Windows\System32\winddl32.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

I'm not going to try and run the program, but I seriously suggest removing it from TU. Besides, hacks like these are usually easially detectable by the warden.
Posted: July 17th, 2007
User avatar
Total Posts:1974 Joined:2006
antareus wrote:I've been checking the file "Jumping Jack.exe" and this is what I've come up with.

First off..... (continued)
WOW! Nice work! I'm impressed. Seriously.

_________________
EX-TU member. For my own reasons, I will no longer play a role as an active member. Goodbye.


RIP kourath. 5/21/08
Posted: July 19th, 2007
User avatar
administrator
Total Posts:29891 Joined:2002
moving to nerfed
Posted: July 20th, 2007
User avatar
Total Posts:297 Joined:2006
kourath wrote:
antareus wrote:I've been checking the file "Jumping Jack.exe" and this is what I've come up with.

First off..... (continued)
WOW! Nice work! I'm impressed. Seriously.
Thanks :). Tbh I just get really annoyed when I see someone post a possible virus/trojan on these forums, and it's that which drives me to look further into the issue.
Ready to join the community? Click here and see all of the benefits!
blue large dotWho is online
Users browsing this forum: No registered users and 12 guests
Post Reply