Poll

Which theria is your favorite?

Aetheria
30 (34.1%)
Etheria
58 (65.9%)

Total Members Voted: 88

Author Topic: Etheria & Aetheria  (Read 30222 times)

again the scans are coming up clean
All this confusion hurts my head
according to the virustotal brown townysis here: https://www.virustotal.com/en/file/a8ff1e82b45d5a0048e75be255eebbdc73b463bcd8d201ae1cb197539be1eb5a/brown townysis/1420253104/
malwarebytes never picked it up.

it was an arg and there was the surprise at the end
guess the surprise wasn't good

also ipquarx if you can dig any deeper and see if this was a rat id appreciate it
yeah im getting worried as forget but i have not noticed anything and i really dont want to clear my hard drive


also ipquarx if you can dig any deeper and see if this was a rat id appreciate it
king
i seriously do not know how to tell you
it is a rat, it is a .exe stub made by dark comet, SENT TO YOU, to create more files to store itself in your temp folder
this is what every rat does, it is a rat. i am trying to tell you and help you but you are ignoring every answer i give you which are the facts.
yeah im getting worried as forget but i have not noticed anything and i really dont want to clear my hard drive
see the above

king
i seriously do not know how to tell you
it is a rat, it is a .exe stub made by dark comet, SENT TO YOU, to create more files to store itself in your temp folder
this is what every rat does, it is a rat. i am trying to tell you and help you but you are ignoring every answer i give you which are the facts.see the above
also, malwarebytes as seen in the virus total DOES NOT pick up this exe file.

Well, so far all signs point to it just being an exe made with something called "Advanced BAT to EXE Converter," so it really all depends if that itself is a virus or not.

king
i seriously do not know how to tell you
it is a rat, it is a .exe stub made by dark comet, SENT TO YOU, to create more files to store itself in your temp folder
Maxx you have no idea what the forget you're talking about.
The only files it makes are a bat file with harmless code in it to decrypt a special file format into hex and an exe file with the text "RCHELICOPTERSFTW" in it. That's confirmed by the scan.

also, malwarebytes as seen in the virus total DOES NOT pick up this exe file.
what part of "I want someone to corroborate this" dont you understand

king
i seriously do not know how to tell you
it is a rat, it is a .exe stub made by dark comet, SENT TO YOU, to create more files to store itself in your temp folder
this is what every rat does, it is a rat. i am trying to tell you and help you but you are ignoring every answer i give you which are the facts
are you sure? because i havent seen the "ytemp" folder come back.


The only files it makes are a bat file with harmless code in it to decrypt a special file format into hex and an exe file with the text "RCHELICOPTERSFTW" in it. That's confirmed by the scan.
so i have absolutely nothing to worry about? i'm just being fearmongered

so i have absolutely nothing to worry about? i'm just being fearmongered
I don't know if it modifies any files, just that it doesn't create any malicious ones. Or maybe it doesn't modify files at all, IDK, I'm not a master reverse engineerer, I just look at the evidence given.

i still have my doubts it's actually a rat

if the scan comes up clean i'm calling it a day. the batch file was simple enough, and the only things weird about it was the first few lines where it called out a couple directories or something but that's really it.

kinda odd how it was stored under a ytmp folder under %temp% though. and the folder was hidden, but that could possibly just be the doings of the advanced bat to exe converter thing

My best guess (shoddy atm) is that one of the scanners linked the file creation method to the one darkcomet uses
considering going online and monitoring net traffic or something
crispy how did you access local settings

Carbon (or Darksaber) is a close friend of mine on Steam and I know he wouldn't do this. He sent me a message a few moments ago.

Quote
ChewyBird: so fuk
ChewyBird: I got revoked
McZealot: for what lol
ChewyBird: accidentally posted a virus on the forums
McZealot: nice
McZealot: heh
ChewyBird: I used a program to change a .bat into a .exe
McZealot: i posted a screenshot of myself using blhack one time
McZealot: got revoked
ChewyBird: but the program unknownst to me injected it with a RAT
McZealot: link me
ChewyBird: http://forum.blockland.us/index.php?topic=272581.150
McZealot: lol its my arg post
ChewyBird: yea

I don't have any evidence, but I'm pretty sure it was an accident. He's a nice user.

the only thing that came up was a stupid "SearchProtect installer" that i thought i got rid of a few weeks ago because of my sister's ineptitude with computers.