Someone is infecting people on this site..

W

Wrath

New Member
May 13, 2017
6
0
I know this is actually the first time I've posted but I've never had anything useful to say. I know my stuff, and based on timing this is the ONLY place the aforementioned infection could have taken place. I can't say where exactly it took place but if anyone happened to run any of the following exe's from here I suggest checking your shit.

Quick checkup:
Run task manager (as admin) if injxcservice.exe is running from appdata/temp (constantly, without ever killing itself), kill it, delete it, remove reg entries, and either run a scan with ESET, or Kaspersky. (MBAM doesn't seem to have the injected files registered as of this post.)

Comes from one or more of the followin games:
Leaf on Fire 0.0.09 (my best assumption)
Chloe18 v4
Superpowered 0.20
A new dawn 0.8
 
Jim Webb

Jim Webb

Active Member
Jun 23, 2017
578
1,238
Interesting, the only game I have played from that list is Superpowered and I have received no infection from that. Others should check to make sure there's is safe.
 
E

eosar

Active Member
Aug 11, 2016
846
1,185
Ads are usually the culprits, either here or from the mirror sites. Also, sites that mine your pc unprotected might give it aids.
 
F95

F95

Administrator
Staff member
Administrator
Jul 21, 2016
623
5,483
Tested all those games with different AV's and they are safe.
Our ads are safe.

Which host do you use to download games? (FilesUpload, GoFile, UpToBox etc)
 
  • Like
Reactions: Horse197 and sirbajo
reaper6689

reaper6689

Member
Oct 24, 2017
109
26
Wrath said:
I know this is actually the first time I've posted but I've never had anything useful to say. I know my stuff, and based on timing this is the ONLY place the aforementioned infection could have taken place. I can't say where exactly it took place but if anyone happened to run any of the following exe's from here I suggest checking your shit.

Quick checkup:
Run task manager (as admin) if injxcservice.exe is running from appdata/temp (constantly, without ever killing itself), kill it, delete it, remove reg entries, and either run a scan with ESET, or Kaspersky. (MBAM doesn't seem to have the injected files registered as of this post.)

Comes from one or more of the followin games:
Leaf on Fire 0.0.09 (my best assumption)
Chloe18 v4
Superpowered 0.20
A new dawn 0.8
Click to expand...
i had lefy on fire comodo didnt pick up anything or malwarebytes tho i used mega if possible

if someone not tec savy deletes reg keys it could break windows completely just wanted to point that out
 
E

Eye-switcher

Well-Known Member
Jun 30, 2017
1,410
949
I got something too after downloading a skunked version of a game, now i dont Believe its the person that "skunked it" that infected my computer, but it was one hell of a pain to get rid of. every time i Went in to a new game thread the page would start to load a Movie , it said it was the person that skunked´s Movie, it was ,i think funny stuff, like cats and cartoons, but it stopped me from viewing any game thread, i had to close the browser, run a couple of ant-virus program and they found a trojan and adware, which i finally got rid of. Once again, im not blaming the fine person that skunked the game i downloaded im just telling it was there.This was like 3 weeks- a month ago, cant remember the game though...
 
Cyan

Cyan

Member
Jul 25, 2017
126
551
Eye-switcher said:
I got something too after downloading a skunked version of a game, now i dont Believe its the person that "skunked it" that infected my computer, but it was one hell of a pain to get rid of. every time i Went in to a new game thread the page would start to load a Movie , it said it was the person that skunked´s Movie, it was ,i think funny stuff, like cats and cartoons, but it stopped me from viewing any game thread, i had to close the browser, run a couple of ant-virus program and they found a trojan and adware, which i finally got rid of. Once again, im not blaming the fine person that skunked the game i downloaded im just telling it was there.This was like 3 weeks- a month ago, cant remember the game though...
Click to expand...
Which game? Would be helpful if you knew what it was, so the mods/others can look into it.

I run everything in a sandbox environment just because I'm paranoid.
 
W

Wrath

New Member
May 13, 2017
6
0
F95 said:
Tested all those games with different AV's and they are safe.
Our ads are safe.

Which host do you use to download games? (FilesUpload, GoFile, UpToBox etc)
Click to expand...
I usually use mega desktop, but in that time frame I used nopy, workupload, and uptobox.
 
reaper6689

reaper6689

Member
Oct 24, 2017
109
26
Cyan said:
Which game? Would be helpful if you knew what it was, so the mods/others can look into it.

I run everything in a sandbox environment just because I'm paranoid.
Click to expand...
thats a good thing using a sandbox to isolate it from the main system
 
  • Like
Reactions: Cyan
E

Eye-switcher

Well-Known Member
Jun 30, 2017
1,410
949
Cyan said:
Which game? Would be helpful if you knew what it was, so the mods/others can look into it.

I run everything in a sandbox environment just because I'm paranoid.
Click to expand...
Ok i have checked it must have been either "Anna exciting Affection" or "A wife and a Mother"
 
reaper6689

reaper6689

Member
Oct 24, 2017
109
26
i would love to test it on one of my vm see wot it does the file injxcservice.exe or even decompile it to see wot makes it tick
 
Last edited:
W

Wrath

New Member
May 13, 2017
6
0
reaper6689 said:
wot did the av report it as ?
Click to expand...
A generic trojan, which means it can be anything from an active keylogger, RAT, or any other bot that's constantly spying on something. And someone did try getting into my gmail last monday as well, not a day later I found this.
 
W

Wrath

New Member
May 13, 2017
6
0
So just a quick update since I was an idiot and forgot something, luckily I removed the files themselves and this wouldn't have had any effect but did help confirm the following...

To check for infection simply open task manager and look for injxcservice.exe or run msconfig and look for same file running out of appdata/local/roaming under your startup items.

This is also confirmed for me that...

1.) The executable was bound directly to a download, this infection doesn't come from an ad (seemed unlikely to begin with as I have 3 different ad blockers.).
Now I'm not saying that a user here did this although it's a possibility, back when I messed around this shit for malicious purposes, creating a download site that would bind infectious exe's to safe user uploaded files was a safe bet if you could get the traffic.

2.) It is something that's constantly going to monitor your PC (passwords, or in the case of a bot, maintain the connection for them to do shit to you.)

If all those have been tested it's possible I downloaded something else, I was loaded when I D/L'd shit off here last weekend and that's when it happened. It's also possible, it's one of the hosts because I couldn't find mega links.
 
Last edited:
You must log in or register to reply here.
Top Bottom