Infected by Private Circle Undetectable Virus

Discussion in 'other security issues & news' started by Cauhauna, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. Cauhauna

    Cauhauna Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    1
    Hello,
    Let me preface by saying I'm not a newb.
    Virus came from one of three very private "mods":

    All files scanned clean initially with virustotal.com!! -- except one of the injectors -- it had 3 hits, and after googling i found on a few security websites that it is usually a false for "game hacks" -- im guessing due to the injection of the .DLL (or maybe not, in retrospect, lol)
    No Change in HJT log
    No strange looking services in "msconfig"
    Not detected by Malware Bytes AntiMalware
    Completely bypassed ProcessGuard
    Completely bypassed Firewall

    System that was infiltrated was running:
    ProcessGuard
    Avira
    Comodo


    I recently acquired 3 very, very private circle "mods" for an online computer game. Such "hacks" are tight knight as to avoid "WARDEN", the anti-cheat system. All of them function correctly and perfectly as intended. One of them contains a keylogger.

    2 of the "mods" are similar in nature. They contain, in a .rar archive:
    1) a .dLL -- the "code" of the "mod" that hooks into the running process
    2) an .exe -- injects the .dLL into the running process (game.exe)
    3) several .cfg files that allow you to control variables in the .dll


    The third "mod" is a .mpq file that is placed in the directory of the game. .MPQ is a format used by Diablo 2. You replace the original file, and certain modifications occur in the game after doing so.

    How should I look at these files to analyze which one is dirty?

    I still have all 3 files. 2 laptops are powered down currently but still infected. If someone wants to check it out with teamviewer or something, post, and we'll set something up. I am completely out of ideas.

    I know for a 100% fact my computer was compromised -- all accounts were logged into/stripped/tampered with, and my cdkeys (all 10) were in use by someone.

    I keep a VERY tight system, and this was a well planned attack -- the system was infected for over a month without my knowledge. Attacker was very, very patient, as he knew the keylogger was undetectable.




    __________________
     
    Cauhauna, Jun 30, 2010
    #1
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,009
    Location:
    U.S.A.
    Cauhauna, seems like you will need focused and dedicated help, much more than we can provide here at Wilders.

    Please review If you are currently infected and try to seek assistance at any of the sites listed there. Best of luck!
     
    JRViejo, Jul 1, 2010
    #2
Loading...
Similar Threads
  1. Minimalist

    Exfiltrating private keys from air-gapped cold wallets

    Minimalist, Apr 24, 2018
    Replies:
    1
    Views:
    264
    Palancar
    Apr 27, 2018
  2. hawki

    Boeing hit by WannaCry virus, fears it could cripple some jet production

    hawki, Mar 28, 2018
    Replies:
    8
    Views:
    495
    zapjb
    Mar 29, 2018
  3. Minimalist

    23,000 HTTPS certs will be axed in next 24 hours after private keys leak

    Minimalist, Mar 1, 2018
    Replies:
    5
    Views:
    442
    Minimalist
    Mar 26, 2018
  4. ronjor

    Researchers Propose Improved Private Web Browsing System

    ronjor, Feb 26, 2018
    Replies:
    0
    Views:
    142
    ronjor
    Feb 26, 2018
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...