Etheria & Aetheria

[Redconer]

I just noticed that Rotondo made the two links in the OP direct to the forum index

[Ad Bot]

[Maxxi]

Maybe it was a programming error?
Maybe it was part of the game?

so it would hide files and make folders such as "ytmp" and "afolder" to be part of this "game" and duplicate files and stuff
if its so harmless run it yourself and wait 24 hours, I'm not because i got hit with a rat before and im not loving with it because this seemingly one has the same looks as the one i got hit with.

Ok so
say I had been ratted.
clearly there will be network traffic between my comp and starfish's comp, right?
So I have a network logger built into AVG
if comm was happening then could I find it in the network traffic logger? If so, how, if not, why tf not

yes if you are ratted network traffic would be incoming and outcoming

[AutoBahn]

The only way to know if the duplicated files were malicious is to know what the code for them was / a log of actions taken by them.

[McZealot]

Maybe it was a programming error?
Maybe it was part of the game?

When contacted the host of the conversion website said that an error in the code caused software to pick it up as malicious. I've posted the entire source code in my drama: it's not malicious in any way.

[Torin0101]

darksaber created a RAT to steal your YTPMV's.

[King of the Bill]

So uh, if this stuff is ratted, how do I tell? Theres a whole buncha stuff making network requests n stuff...

[AutoBahn]

So uh, if this stuff is ratted, how do I tell? Theres a whole buncha stuff making network requests n stuff...

What all is running on your system?

[Ipquarx]

So uh, if this stuff is ratted, how do I tell? Theres a whole buncha stuff making network requests n stuff...

It's completely normal for windows to make network requests
it's just how windows works. idk how to explain it

But really, all signs point to the file being a false positive, which is unfortunate for OP because he got the brunt of it.

[King of the Bill]

As far as I can tell it didn't actually install a rat on my computer.
This isn't the first time that this sort of false positive has come up in my face, so.
Apparently darkkomet usually produces some sort of process that can be sought out and i see no processes out of the ordinary, nor do i really see any processes doing anything out of the ordinary.

[erifpsiW]

I downloaded the music through chrome using the developer tools, oh god.

[KillerCop311]

just in case it's DarkComet (skimmed through posts), and I don't know if this'll work or not, but here:
https://phrozensoft.com/processdl_5.html

it's a darkcomet removal tool

[Outpacte]

Why was Darksaber revoked+banned but Paperclip wasnt? He spread a virus/RAT on my computer, and attempted to do so on others.

[Blockaium]

is visiting the sites themselves harmful?

[King of the Bill]

Why was Darksaber revoked+banned but Paperclip wasnt? He spread a virus/RAT on my computer, and attempted to do so on others.

i'd probably guess that paperclip didn't post a link to his publicly on the forums.
also his was designed solely and exclusively to delete your blhack so there's also that.

just in case it's DarkComet (skimmed through posts), and I don't know if this'll work or not, but here:
https://phrozensoft.com/processdl_5.html

it's a darkcomet removal tool

i took a long look at that, too. tweaked stuff around, I'm 99% sure i'm not ratted with darkcomet.

I downloaded the music through chrome using the developer tools, oh god.

you're fine, those two mp3 files aren't exactly going to go installing keyloggers or anything.

is visiting the sites themselves harmful?

no, you're fine.

[Blockaium]

what if someone downloaded the zip but never opened or ran anything in it? is that fine too?