Infected by Private Circle Undetectable Virus

Discussion in 'other security issues & news' started by Cauhauna, Jun 30, 2010.

Thread Status:
Not open for further replies.
  1. Cauhauna

    Cauhauna Registered Member

    Joined:
    Jun 30, 2010
    Posts:
    1
    Hello,
    Let me preface by saying I'm not a newb.
    Virus came from one of three very private "mods":

    All files scanned clean initially with virustotal.com!! -- except one of the injectors -- it had 3 hits, and after googling i found on a few security websites that it is usually a false for "game hacks" -- im guessing due to the injection of the .DLL (or maybe not, in retrospect, lol)
    No Change in HJT log
    No strange looking services in "msconfig"
    Not detected by Malware Bytes AntiMalware
    Completely bypassed ProcessGuard
    Completely bypassed Firewall

    System that was infiltrated was running:
    ProcessGuard
    Avira
    Comodo


    I recently acquired 3 very, very private circle "mods" for an online computer game. Such "hacks" are tight knight as to avoid "WARDEN", the anti-cheat system. All of them function correctly and perfectly as intended. One of them contains a keylogger.

    2 of the "mods" are similar in nature. They contain, in a .rar archive:
    1) a .dLL -- the "code" of the "mod" that hooks into the running process
    2) an .exe -- injects the .dLL into the running process (game.exe)
    3) several .cfg files that allow you to control variables in the .dll


    The third "mod" is a .mpq file that is placed in the directory of the game. .MPQ is a format used by Diablo 2. You replace the original file, and certain modifications occur in the game after doing so.

    How should I look at these files to analyze which one is dirty?

    I still have all 3 files. 2 laptops are powered down currently but still infected. If someone wants to check it out with teamviewer or something, post, and we'll set something up. I am completely out of ideas.

    I know for a 100% fact my computer was compromised -- all accounts were logged into/stripped/tampered with, and my cdkeys (all 10) were in use by someone.

    I keep a VERY tight system, and this was a well planned attack -- the system was infected for over a month without my knowledge. Attacker was very, very patient, as he knew the keylogger was undetectable.




    __________________
     
    Cauhauna, Jun 30, 2010
    #1
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    28,038
    Location:
    U.S.A.
    Cauhauna, seems like you will need focused and dedicated help, much more than we can provide here at Wilders.

    Please review If you are currently infected and try to seek assistance at any of the sites listed there. Best of luck!
     
    JRViejo, Jul 1, 2010
    #2
Loading...
Similar Threads
  1. ronjor

    Windows and Linux Kodi users infected with cryptomining malware

    ronjor, Sep 13, 2018
    Replies:
    1
    Views:
    350
    itman
    Sep 13, 2018
  2. mood

    Thousands of 3D printers may be leaking private product designs online

    mood, Sep 4, 2018
    Replies:
    0
    Views:
    173
    mood
    Sep 4, 2018
  3. Minimalist

    Google Chrome Bug Opens Access to Private Facebook Information

    Minimalist, Aug 16, 2018
    Replies:
    0
    Views:
    241
    Minimalist
    Aug 16, 2018
  4. mood

    Massive Coinhive Cryptojacking Campaign Infects 170,000 MikroTik Routers

    mood, Aug 2, 2018
    Replies:
    6
    Views:
    907
    itman
    Oct 12, 2018 at 3:05 PM
  5. Minimalist

    Exfiltrating private keys from air-gapped cold wallets

    Minimalist, Apr 24, 2018
    Replies:
    1
    Views:
    279
    Palancar
    Apr 27, 2018
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...