Item Search
     
BG-Wiki Search
+ Reply to Thread
Page 1 of 10 1 2 3 ... LastLast
Results 1 to 20 of 195
  1. #1
    Puppetmaster
    Join Date
    Sep 2009
    Posts
    51
    BG Level
    2
    FFXI Server
    Carbuncle

    Warning to remaining wizbot users

    hi.

    I'm sevourn on ffxiah, i don't usually post here much, but in this case, i'd like to warn as many people as possible and i would very much appreciate it if anyone with wizbot could confirm or deny this

    i've got what i think is some pretty demonstrable evidence that wizbot is now actively installing viruses on your computer, and opening backdoors for wiz.

    i am reposting this at the request of someone on the Xiclaim boards who is worried about retaliation from wiz.

    Quote Originally Posted by anonsource
    I tried making a free public account and sent coder a PM about this and he instantly banned my forum name. I decided to try out his latest version and I got a whole bunch of weird activity from his bot. So in my effort to try to warn others im posting here.

    Recently I got a bunch of infections detected of a fake svhost.exe infected with the Win32.Trojan.Cosmu/M virus. I removed these infections and I was wondering where the hell did I get infected from. We all know what stuff gives your viruses p2p etc n I dont do any of it. Well after downloading the latest version of Elite-XI bot I get a weird message saying the program is having problems accing c:\svhost.exe and it is not a valid program.

    So im like wtf, So I goto my c:\ and omg there it is, a fake svhost.exe file! I delete it and decided to retest.
    Elite-XI bot closed, no svhost.exe in my c:\, so I run the bot.

    Same message, In fact it even creates the svhost.exe file in my c:\
    I know I don't have any problems with my svhost.exe I hopen up TaskMgr and there are plenty legit ones running for networks etc.

    So now im like ok, let me contact coder and see why the bot is trying to access and creating a svhost.exe file thats marked as a virus signature. BANNED so umm am I the first to catch this?
    screenshot evidence:

    http://i24.photobucket.com/albums/c3...xiviruspic.jpg


    follow up post

    Quote Originally Posted by source
    come to find out it has the potential to launch many diffrent trojans if the first one doesn't work
    it was auctually able to get some threw avast and ad-aware

    no matter what the files are registered in the /user name/ roaming / folders

    it has also created
    shellexe
    conhostexe

    conhostexe was auctually running even with ad-ware and avast enabled and my firewall started going crazy on outbound connection attempts

    it has two states when i looked at it in task manager one can be closed but will be reopened by the mirror when you try to close the mirror it will cause you computer to blue screen

    i did a scan with ad-aware and it marked it as a trojan again but when ad-aware tried to remove the fiel it would cause the blue screen i had to boot into safe mode find the files and manually delete them restarted no problem and clean

    now it's starting to seem like every time i open up elite-xi bot it creates a new infection

    after i read about what's all going on it seems like coder is infecting his bot with trojans that will allow empty connections to this site plus other various activity

    since this post he averages about 3 new bans a day with about 30 people banned so far for no reason at all
    it seems like whem more people are on his forum and use his bot the more this site gets flooded with fake connections

    i have included a zip file of the 3 virus files it created if any tech savy people want to disect them they are in a zip file with a password of virus just for added protection of accidental launch

    if these are created by the bot only on certain users i doubt the trojan knows if ffxi or elite-xi bot is running or not when making communication attampts to the remorte clients waiting for incomming commands

    after manually unloading them out of memory avast and ad-aware are recognizzing all three of them now when they are hit by a scan

    shell.exe recognized as win32:kryptik-ano[trj]
    svhost.exe reports as win32:lockscreen-ac[trj]
    conhost.exe had virus information but the logs were trashed when it caused the blue screen
    if you scan the file alone it shows as no virus

    if you are willing to take the flamming for posing this for me it would be greatly appreciatedcome to find out it has the potential to launch many diffrent trojans if the first one doesn't work
    it was auctually able to get some threw avast and ad-aware


    no matter what the files are registered in the /user name/ roaming / folders

    it has also created
    shellexe
    conhostexe

    conhostexe was actually running even with ad-ware and avast enabled and my firewall started going crazy on outbound connection attempts

    it has two states when i looked at it in task manager one can be closed but will be reopened by the mirror when you try to close the mirror it will cause you computer to blue screen

    i did a scan with ad-aware and it marked it as a trojan again but when ad-aware tried to remove the file it would cause the blue screen i had to boot into safe mode find the files and manually delete them restarted no problem and clean

    now it's starting to seem like every time i open up elite-xi bot it creates a new infection

    after i read about what's all going on it seems like coder is infecting his bot with trojans that will allow empty connections to this site plus other various activity

    since this post he averages about 3 new bans a day with about 30 people banned so far for no reason at all
    it seems like whem more people are on his forum and use his bot the more this site gets flooded with fake connections

    i have included a zip file of the 3 virus files it created if any tech savy people want to disect them they are in a zip file with a password of virus just for added protection of accidental launch

    if these are created by the bot only on certain users i doubt the trojan knows if ffxi or elite-xi bot is running or not when making communication attampts to the remorte clients waiting for incomming commands

    after manually unloading them out of memory avast and ad-aware are recognizzing all three of them now when they are hit by a scan

    shell.exe recognized as win32:kryptik-ano[trj]
    svhost.exe reports as win32:lockscreen-ac[trj]
    conhost.exe had virus information but the logs were trashed when it caused the blue screen
    if you scan the file alone it shows as no virus

    if you are willing to take the flaming for posing this for me it would be greatly appreciated
    it's also worth noting that the bot will spam offensive shouts to ffxi if a user accesses the xiclaim site.


    tl;dr elitexi/wizbot is installing backdoors and malware on your computer, and if you are still using this software for some ungodly reason, please stop. i've independently verified these processes with another user on this site.


    from what i've been told, wizbot needs to be actively running for you to catch the processes. just doing a scan with wizbot down isn't going to catch anything.

  2. #2
    Relic Shield
    Join Date
    Oct 2006
    Posts
    1,600
    BG Level
    6
    FFXI Server
    Odin

    it's also worth noting that the bot will spam offensive shouts to ffxi if a user accesses the xiclaim site.
    i found this pretty amazing...

    also i'd like to note that my authentication server was under a recent ddos attack which prompted me to just distribute my server executable out to my users.

    I believe xiclaim was recently ddos'd too

    Why is he trying so hard? Botting days of ffxi are over.

  3. #3
    Puppetmaster
    Join Date
    Sep 2009
    Posts
    51
    BG Level
    2
    FFXI Server
    Carbuncle

    he's carried out an extended ddos attack on xiclaim, and ffevo as well. at one point, ffevo briefly redirected to elitexi. i have no idea why he is trying so hard at this point in the game.

  4. #4
    Relic Shield
    Join Date
    Oct 2006
    Posts
    1,600
    BG Level
    6
    FFXI Server
    Odin

    Quote Originally Posted by nervous View Post
    he's carried out an extended ddos attack on xiclaim, and ffevo as well. at one point, ffevo briefly redirected to elitexi. i have no idea why he is trying so hard at this point in the game.
    he used 4 gigs of bandwidth on my shell account before i noticed, when normally my monthly usage is 1.5gigs...

    maybe hes hoping more people pick up his bot after the merge or something? bad publicity like this won't help his cause.

    I know he kills people with server move fees when merges happen, that should've been the first sign of bad business.

  5. #5
    E. Body
    Join Date
    Sep 2007
    Posts
    2,021
    BG Level
    7
    FFXI Server
    Fenrir

    Quote Originally Posted by nervous View Post
    hi.
    it's also worth noting that the bot will spam offensive shouts to ffxi if a user accesses the xiclaim site.


    tl;dr elitexi/wizbot is installing backdoors and malware on your computer, and if you are still using this software for some ungodly reason, please stop. i've independently verified these processes with another user on this site.


    from what i've been told, wizbot needs to be actively running for you to catch the processes. just doing a scan with wizbot down isn't going to catch anything.
    Proof of the shouts? Any additional proof to the virus? Please keep me in the loop.

  6. #6

    Quote Originally Posted by nitsuj View Post
    Proof of the shouts? Any additional proof to the virus? Please keep me in the loop.
    I could test the shout thing now if someone could give me url for xiclaim tried googling it and and every combination of xiclaim.whatever i could think of couldn't find it lol

  7. #7
    The Syrup To Waffles's Waffle
    Join Date
    Jun 2007
    Posts
    5,053
    BG Level
    8
    FFXIV Character
    Cair Bear
    FFXIV Server
    Excalibur
    FFXI Server
    Fenrir

    It's eli/ temmonetwork. (Apparently that's technically not supposed to be here, idk).

    I've seen this same claim by additional sources, I'm going to assume it's legit. He's mad because errbody else is so established.

  8. #8

    just went there and no shouts

    but i checked my task manager and thows processes arent there for me so maybe they have to be there for it to shout?

    EDIT:also after the last update windows security essentials started detecting worm labled Ainslot.A and removed it and now that ive looked closer at it it removed the files listed in the OP

  9. #9
    Sandworm Swallows
    Join Date
    Dec 2006
    Posts
    7,329
    BG Level
    8

    Wait... people still bot? For the love of god, why?

  10. #10
    New Odin
    Join Date
    Jul 2006
    Posts
    8,664
    BG Level
    8
    FFXIV Character
    Sparthia Abysseant
    FFXIV Server
    Excalibur
    FFXI Server
    Lakshmi

    Quote Originally Posted by ringthree View Post
    Wait... people still bot? For the love of god, why?
    Gotta still prove you're leet somehow.

  11. #11
    Pens win! Pens Win!!! PENS WIN!!!!!
    Join Date
    Dec 2005
    Posts
    8,127
    BG Level
    8
    FFXI Server
    Odin

    Shit son, it's been awhile since we've had bot wars. Mafai can't wait till you hit up Odin.

  12. #12
    Puppetmaster
    Join Date
    Feb 2009
    Posts
    64
    BG Level
    2
    FFXI Server
    Unicorn

    If this stuff is happening the way I understand it (your bot is actively infecting your computer) why on Earth do you:

    A) Still use the fucking thing
    B) Give this retard your money?

    It's like your paying someone to keep slapping you in the face.

  13. #13
    Can you spare some gil?
    Join Date
    Feb 2009
    Posts
    8,577
    BG Level
    8

    -_- I had this conhost shit on my PC when using it for fish botting, fucked my PC up badly to the point where I couldn't quad box normally, shits reformatted and haven't redownloaded bot yet, gonna go change all my Password and purchase some new security tokens I think.

  14. #14
    Relic Shield
    Join Date
    Jul 2007
    Posts
    1,664
    BG Level
    6
    FFXIV Character
    Issah Grimes
    FFXIV Server
    Balmung
    FFXI Server
    Phoenix

    I still dont get why people pay for this stuff when 3 free programs do the same thing as this one.

  15. #15
    Blue Magic is Best Magic
    Join Date
    Jul 2007
    Posts
    8,213
    BG Level
    8

    People still play w/o security token?

  16. #16
    Relic Shield
    Join Date
    Oct 2006
    Posts
    1,600
    BG Level
    6
    FFXI Server
    Odin

    Quote Originally Posted by vagus View Post
    Shit son, it's been awhile since we've had bot wars. Mafai can't wait till you hit up Odin.
    Theres no one using my bot on ifrit except me, and i only camps kings if a friend needs a black belt item...

    There is a group that still does them, but I'm pretty sure its free claims for them.

  17. #17
    Sea Torques
    Join Date
    Jun 2007
    Posts
    539
    BG Level
    5
    FFXI Server
    Titan

    how i see it

  18. #18
    Banned.

    Join Date
    Jan 2009
    Posts
    3,876
    BG Level
    7
    FFXI Server
    Shiva
    WoW Realm
    Kil'jaeden

    Quote Originally Posted by ringthree View Post
    Wait... people still bot? For the love of god, why?
    bots are only used for claiming, you're one smart mother fucker by stating they're obsolete now. damn you're smart

  19. #19
    Puppetmaster
    Join Date
    Sep 2009
    Posts
    51
    BG Level
    2
    FFXI Server
    Carbuncle

    Quote Originally Posted by nitsuj View Post
    Proof of the shouts? Any additional proof to the virus? Please keep me in the loop.
    roger, here are some additional links

    Additional information from RZN of ffevo

    and from nitsuj of windower.net


    Quote Originally Posted by Unicorn.Nitsuj
    This information has been reposted on windower.net:
    http://forums.windower.net/topic/192...rd-party-bots/


    and our twitter account: http://twitter.com/#!/windower/status/45886011728871425

    If this is valid, then it's definitely not cool. But to reiterate to the author of the bot, I'm willing to take a look at the source code and verify that this bot isn't containing any viruses and I'll remove the post and issue an apology. He can contact me on any of these verified FFXI websites.
    there are also multiple posts by users who have found infections on the ffxiah thread here: http://www.ffxiah.com/forum/topic/19...izbot-warning/

  20. #20
    Puppetmaster
    Join Date
    Sep 2009
    Posts
    51
    BG Level
    2
    FFXI Server
    Carbuncle

    as for the shouts, i've got a problem. there are several people on the xiclaim forums who say it has happened to them, but they don't want their names revealed. i've also gotten some PMs on ffxiah by people who don't want their names revealed.

    to a degree, i understand their concern. they aren't concerned about admitting they bot, but they figure if wiz has put trojans on thier computers, he may have bank info, passwords, etc. and they are worried about retaliation.

+ Reply to Thread
Page 1 of 10 1 2 3 ... LastLast

Similar Threads

  1. A warning to ANYBODY on Bahamut: Rushh.
    By Belkin in forum FFXI: Everything
    Replies: 413
    Last Post: 2007-10-16, 21:42
  2. To harass PS2 users or not?
    By baudelaire in forum FFXI: Everything
    Replies: 506
    Last Post: 2007-08-03, 08:15
  3. Warning to Bahamut's endgame community
    By D-rod in forum FFXI: Everything
    Replies: 166
    Last Post: 2007-06-08, 18:39
  4. Warning to "Friends" of Dann on Bahamut
    By Belkin in forum FFXI: Everything
    Replies: 57
    Last Post: 2006-12-15, 20:19
  5. warning to the fags
    By danielwerner in forum FFXI: Everything
    Replies: 16
    Last Post: 2006-08-10, 21:36
  6. A Warning to Remora Server.
    By Lokimika in forum FFXI: Everything
    Replies: 60
    Last Post: 2005-06-20, 06:52