I think I have just installed a virus

Chris D

Chris D

Administrator
Staff member
Joined
Jul 1, 2003
Messages
11,927
Reaction score
231
:| Yeah, well, I just installed this program. I've just installed what I was told was an aimbot for CS:Source. I was going to test it to see if it was indeed an aimbot (I didn't want to be sending Valve gay porn or disgusting images or anything). Naturally I was wary at first so I performed three different virus scans on it and they turned up nothing so I assumed it was safe.

However, when it installed, I noticed that it replaced a quite large quantity of system files in my system32 folder ;(

There is an uninstall file, but I'm guessing that will only uninstall a .exe file it put on my system.

The following is part of the install log:
ACTION: RegKey: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion", "SharedDLLs"

ACTION: SystemFile: "C:\WINDOWS\system32\VB6STKIT.DLL"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\COMCAT.DLL"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\MSVCRT40.DLL"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\stdole2.tlb"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\asycfilt.dll"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\olepro32.dll"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\oleaut32.dll"
(File currently on disk was already up to date)

ACTION: SystemFile: "C:\WINDOWS\system32\msvbvm60.dll"
(File currently on disk was already up to date)

ACTION: DllSelfRegister: "C:\WINDOWS\SYSTEM32\COMCAT.DLL"

ACTION: TLBRegister: "C:\WINDOWS\SYSTEM32\stdole2.tlb"

ACTION: DllSelfRegister: "C:\WINDOWS\SYSTEM32\olepro32.dll"

ACTION: DllSelfRegister: "C:\WINDOWS\SYSTEM32\oleaut32.dll"

ACTION: DllSelfRegister: "C:\WINDOWS\SYSTEM32\msvbvm60.dll"
Click to expand...
Am I ****ed or is this fixable? :|
 
Ouch..oh well at least hackers will get what they deserve when they try to download an aimbot.
 
CHEATER!!!! Just kidding. I dunno, have you tried running the virus scans again to see if they can find any malicious code or viruses. If they do you can try to fix it, other than that I have no idea besides reformatting lol.
 
serves you right. And your an admin.
I hope you learned your lesson.
God I hate hackers.
 
blackeye said:
serves you right. And your an admin.
I hope you learned your lesson.
God I hate hackers.
Click to expand...

He was testing it to report it to valve. Think before you post.
 
Pressure said:
He was testing it to report it to valve. Think before you post.
Click to expand...

Why bother testing, it could have done more than just replace a few system files.
 
Kyo said:
Why bother testing, it could have done more than just replace a few system files.
Click to expand...

Chris_D said:
I didn't want to be sending Valve gay porn or disgusting images or anything
Click to expand...

Did you even bother reading either?
 
You could download the dll files to try and fix it: http://www.dll-files.com/ thats solved one or two problems for me before, but I dont think this would be a good idea on such a large scale withought researching each dll.

If I was you i would just do an 'upgrade' install of winXP to refresh the files. Actually wait till someone replies who knows more about this :p
 
None of those are crucial system files..

And it's not the virus blahblahblah just linked to.

I don't see the problem, it updated/replaced those DLLs because the program needs those to run. A few are VB Runtime files, which most people don't have right off the bat.
 
Dont test aimbots even if you are doing it for a good cause. It just will piss the people of that you are testing it against.
 
blackeye said:
Dont test aimbots even if you are doing it for a good cause. It just will piss the people of that you are testing it against.
Click to expand...
I was going to test it in a private server, actually. I was going to ask Kadayi Polokov to help me test it who notified me of the file but didn't want to test it himself.
 
yes...all one person that u shoot, im sure he'll notice ur using an aimbot.
 
guinny said:
yes...all one person that u shoot, im sure he'll notice ur using an aimbot.
Click to expand...
I think I'd notice if I was using an aimbot though wouldn't I?
 
jsut fix it with system restore then. and if that deosnt hlep just download the dll's or repair windows.
 
Was it an aimbot?

I agree with Shuzer, its not a virus. I misread the description.
 
blackeye said:
jsut fix it with system restore then. and if that deosnt hlep just download the dll's or repair windows.
Click to expand...
No system restore point was made which is suspicious as it should make one with every install. I've downloaded a few of the dlls, but it's looking as though it isn't a virus.
 
Those all look like standard VB6 runtime files to me... which brings the question to mind: Can something as complex as an aimbot program really be written in VB6??? I can't imagine that it would be the development environment of choice for something like that. Moreover, would someone skilled enough to write an aimbot ever be caught dead using VB6?

Somehow I doubt it...

It might not be a virus, but it could still be malicious. Check your windows startup registry keys (software/microsoft/windows/currentversion/run in both CURRENTUSER and LOCALMACHINE)

Also, you haven't said much about the install itself... does it seem that an actual application was even installed?
 
DreamThrall said:
Those all look like standard VB6 runtime files to me... which brings the question to mind: Can something as complex as an aimbot program really be written in VB6??? I can't imagine that it would be the development environment of choice for something like that. Moreover, would someone skilled enough to write an aimbot ever be caught dead using VB6?

Somehow I doubt it...

It might not be a virus, but it could still be malicious. Check your windows startup registry keys (software/microsoft/windows/currentversion/run in both CURRENTUSER and LOCALMACHINE)

Also, you haven't said much about the install itself... does it seem that an actual application was even installed?
Click to expand...
I'll check the reg, yep an actual file was installed called notepad.exe but I didn't run it...

This wasn't overwriting my Windows Notepad but was installed in a folder in Program Files
 
most all server admins hack its nuthing new... if they get caught (they wont cause VAC is useless) they can just make the server insecure and keep on cheatting... ne ways valve proably dousent want your help or any of ower help... thare not even in the anti cheat bussiness!! I vote valve should use punk buster... ban ONSITE and not 3 months later (im 1.5 cheater) and i used hacks on secure servers in 1.5 for months and i dint get caught...

~slaps chris_D for doing something 5-6 months ago~

Hey i think you should just reformat!
 
Trinityxero said:
most all server admins hack its nuthing new... if they get caught (they wont cause VAC is useless) they can just make the server insecure and keep on cheatting... ne ways valve proably dousent want your help or any of ower help... thare not even in the anti cheat bussiness!! I vote valve should use punk buster... ban ONSITE and not 3 months later (im 1.5 cheater) and i used hacks on secure servers in 1.5 for months and i dint get caught...

~slaps chris_D for doing something 5-6 months ago~

Hey i think you should just reformat!
Click to expand...

Translation: English is my second language. I love you Chris_D.
 
You must log in or register to reply here.

Similar threads

bbson john
Hi everyone. I am new to this forum!
Replies
11
Views
6K
Tollbooth Willie
Tollbooth Willie
B
From Warren Spector to Arkane Studios: Half-Life 2's cancelled Ravenholm episode
Replies
2
Views
10K
Clan Wolf 2
Clan Wolf 2
MFL
Fascinating look at the ongoing psychological evolution of flat hieirarchies.
Replies
2
Views
2K
Tollbooth Willie
Tollbooth Willie
B
Never-before-seen Half-Life development documents
Replies
0
Views
23K
Barnz
B
B
Marc Laidlaw releases Half-Life 2: Episode Three's plot
Replies
32
Views
39K
BabyHeadCrab
BabyHeadCrab
Back
Top