Infected by Private Circle Undetectable Virus

Discussion in 'other security issues & news' started by Cauhauna, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. Cauhauna

    Cauhauna Registered Member

    Jun 30, 2010
    Let me preface by saying I'm not a newb.
    Virus came from one of three very private "mods":

    All files scanned clean initially with!! -- except one of the injectors -- it had 3 hits, and after googling i found on a few security websites that it is usually a false for "game hacks" -- im guessing due to the injection of the .DLL (or maybe not, in retrospect, lol)
    No Change in HJT log
    No strange looking services in "msconfig"
    Not detected by Malware Bytes AntiMalware
    Completely bypassed ProcessGuard
    Completely bypassed Firewall

    System that was infiltrated was running:

    I recently acquired 3 very, very private circle "mods" for an online computer game. Such "hacks" are tight knight as to avoid "WARDEN", the anti-cheat system. All of them function correctly and perfectly as intended. One of them contains a keylogger.

    2 of the "mods" are similar in nature. They contain, in a .rar archive:
    1) a .dLL -- the "code" of the "mod" that hooks into the running process
    2) an .exe -- injects the .dLL into the running process (game.exe)
    3) several .cfg files that allow you to control variables in the .dll

    The third "mod" is a .mpq file that is placed in the directory of the game. .MPQ is a format used by Diablo 2. You replace the original file, and certain modifications occur in the game after doing so.

    How should I look at these files to analyze which one is dirty?

    I still have all 3 files. 2 laptops are powered down currently but still infected. If someone wants to check it out with teamviewer or something, post, and we'll set something up. I am completely out of ideas.

    I know for a 100% fact my computer was compromised -- all accounts were logged into/stripped/tampered with, and my cdkeys (all 10) were in use by someone.

    I keep a VERY tight system, and this was a well planned attack -- the system was infected for over a month without my knowledge. Attacker was very, very patient, as he knew the keylogger was undetectable.

  2. JRViejo

    JRViejo Global Moderator

    Jul 9, 2008
    Cauhauna, seems like you will need focused and dedicated help, much more than we can provide here at Wilders.

    Please review If you are currently infected and try to seek assistance at any of the sites listed there. Best of luck!
Thread Status:
Not open for further replies.