Etheria & Aetheria

[King of the Bill]

what if someone downloaded the zip but never opened or ran anything in it? is that fine too?

yes that's also fine. the rats that we're looking at are related to running the exe and apparently a side effect of a stuffty converter program that writes files in a rather bizarre manner. the zip is safe; it's the exe that was linked in the readme that you'd want to be cautious about.

[Ad Bot]

[Maxxi]

what if someone downloaded the zip but never opened or ran anything in it? is that fine too?

yes
if you never executed the file you are completely fine

[erifpsiW]

So did we ever finish the ARG?

[Maxxi]

So did we ever finish the ARG?

i guess it'll remain unsolved.

[Flame]

bummer :(

also, the batch file only created directories and set the reference to some place in my documents.. if i remember correctly. i might be wrong, but i'm siding with ipquarx here, i don't think it's ratted, only the tool used to create the file was.

[Quote Story]

So did we ever finish the ARG?

the arg was an elaborate scheme to get people to get the rat
op, knowing blf has the unquenchable desire to solve args, he knew he would infect some people

[Flame]

noedit: also maxx, the link to hackforums appears when you search "aRCheliFUN."

it's to a batch random number generated someone made. i'm sure that person just used the same program to write the .bat to an .exe file

[Torin0101]

So are ARG's going to be bannable now or something

[Operator¹]

So are ARG's going to be bannable now or something

when malicious software or criminal acts are involved yes

[Torin0101]

when malicious software or criminal acts are involved yes

I mean if badspot isn't going to allow us doing them since this happened

[Frankie²]

I mean if badspot isn't going to allow us doing them since this happened

when malicious software or criminal acts are involved yes

[Ipquarx]

I mean if badspot isn't going to allow us doing them since this happened

As long as it doesn't create any suspicious files, I don't see why he wouldn't allow them. I can see tons of ways to make an arg where even decoding the exe file doesn't affect it at all, and following the clues is the easiest way to solve the arg.

[Cca^n]

Reminds me of when Outpact was spreading RATs with BLHack.exe

[King of the Bill]

So I don't think we were actually ratted. This isn't the first time Badspot has had to make snap judgements. I'll probably back up and reformat at some point anyway but in the meantime it appears that I'm in the clear or something. No processes displaying suspicious activity, no out-of-the-ordinary firewall requests (that being said, my computer spams a certain command to the firewall that gets blocked and logged on a minutely basis and it's been doing that for a long time, i need to look into that). I'm not 100% but I'm pretty close.

[SeventhSandwich]

So I don't think we were actually ratted. This isn't the first time Badspot has had to make snap judgements. I'll probably back up and reformat at some point anyway but in the meantime it appears that I'm in the clear or something. No processes displaying suspicious activity, no out-of-the-ordinary firewall requests (that being said, my computer spams a certain command to the firewall that gets blocked and logged on a minutely basis and it's been doing that for a long time, i need to look into that). I'm not 100% but I'm pretty close.

you're gonna get all your stuff stolen within a week.