Me and Cody (Byt3) have found many of the ways a lot of the members have been getting infected. I will be writing a guide on how to stay protected.

1. Go ahead and install a free antivirus. It is better then nothing. I recommend avast its a great antivirus. Located at this website http://www.avast.com/en-us/index

2. The ways UAE DM team have been infecting members is through a Java Drive By (AKA: JDB). What a java drive by is, is a java message will pop up on your screen looking like this: http://www.f-secure.com/weblog/archives/google_attachment.PNG if you push "Run" it will install a rat on your computer. RAT's is a tool that allows the person to have full control of your computer. NOTE: All things that look like the popup above is NOT a rat. For example when playing the game runescape it will pop up. Those are safe, but if someone sends you a random site, and that pops up DONT push run. It will infect you, which is how multiple of our members have gotten infected.

3. One quick tool to use is this http://download.bshades.eu/download.php?file=bs_maldetect.torrent
It was made by a company that creates malware, but this tool detects any rats on your computer, yes it is created by someone that creates malware, but they also made a tool to detect any malware on your computer, dont worry it is 100% safe.



Me and Cody have been looking into this for a while, we have traced the IP's of which the RAT's are resolving to enabling us to match them up on the forums, all members found ratting people will be found, banned and most likely reported. If anyone suspects themself of being infected, PLEASE feel free to contact me or Cody, we would like to take the program and reverse engineer it to trace the IP.

PS:
To get rid of a very common RAT going around SARP type this in

By the way, if you think you were infected by this virus, run this command. It will remove this RAT, I've examined it quite closely.


taskkill /f /im "msdcsc.exe" & del %UserProfile%\Documents\MSDCSC\msdcsc.exe

PSS:
Another good tip only IF YOU KNOW WHAT YOU'RE DOING!!

Another way to check you have one is to open Task Manager, hit "View" and "Select Colums" and make sure "PID" is showing.
http://i.imgur.com/O19kY46.png
http://i.imgur.com/nK06uIe.png

Then open command prompt (Start > cmd.exe) and type in:

netstat -ano
http://i.imgur.com/198C97z.png

Scroll up the command prompt a little and you'll see the list of IPs, and it will say "Established" or "Listening" or "Something_Wait" (Highlighted in Red), look for the ones that say Established, and the number next to it is their PID (Highlighted in Green).
http://i.imgur.com/MVy4wUM.png

Then back on Task Manager, you can read the PID's from the cmd.exe and match them up with the processes running on your PC, by looking at the "Processes" and "Services" tab of Task Manager.
http://i.imgur.com/Wuyr9qu.png
Most of the IPs from the cmd.exe will return to things like Firefox, Chrome, Skype and whatnot, but if you find any IPs that definitely do not link up with a Process running, it could potentially be the IP of the RAT.

Thank you.

I was RATted not long ago and I took care of it. It's freaky to know some fuck boy from who knows where can be watching you, especially when you talk to people about personal things on messengers. Good looks on this thread, Blackdick.

I just want to say that the leader of Team UAE said he's going to jail LOL

Thanks for sharing not hard to do ot though.

Thanks for sharing not hard to do ot though.

If you know what your doing, my guess it is your first timing seeing a JDB? Those things are tricky.

The only way back from getting ratted is to completely reformat your hard disk and re-install your operating system. If you are getting ratted by things like this and visiting these dodgy sites then all the antiviruses won't protect you from your self. You could have a completely secure system and an unknowing user. Everyone should not be using Internet Explorer and instead be using Firefox or Chrome with extensions NoScript and Adblock.

Thanks man.

The only way back from getting ratted is to completely reformat your hard disk and re-install your operating system. If you are getting ratted by things like this and visiting these dodgy sites then all the antiviruses won't protect you from your self. You could have a completely secure system and an unknowing user. Everyone should not be using Internet Explorer and instead be using Firefox or Chrome with extensions NoScript and Adblock.
Please dont post false things, this is completely not true at all. All you need to do is end the proccess and delete the main exe installed on your computer and also remove it from msconfig startup.

Please dont post false things, this is completely not true at all. All you need to do is end the proccess and delete the main exe installed on your computer and also remove it from msconfig startup.

You're wrong in the fact that you accuse my post of being incorrect. Most RAT's don't have a process you can end and hook on to already running windows processes and services like svhost.exe. The average user probably won't even be able to locate the main executable as when the infected file is run it usually infects the windows process then when that windows process is run (on startup) so is the virus.

All RATs and viruses are different so it is difficult to speak generally.

You're wrong in the fact that you accuse my post of being incorrect. Most RAT's don't have a process you can end and hook on to already running windows processes and services like svhost.exe. The average user probably won't even be able to locate the main executable as when the infected file is run it usually infects the windows process then when that windows process is run (on startup) so is the virus.

All RATs and viruses are different so it is difficult to speak generally.

The fact that I am even arguing this right now is crazy. 1. All fucking programs have a process, so hence, they can be ended. Second, they dont "hook" onto another service, you will just see a extra svhost.exe in your processes. And third the exe is very easy to find as you open file location of the unknown process as well as using wireshark, please stop posting false info on the thread.

The fact that I am even arguing this right now is crazy. 1. All fucking programs have a process, so hence, they can be ended. Second, they dont "hook" onto another service, you will just see a extra svhost.exe in your processes. And third the exe is very easy to find as you open file location of the unknown process as well as using wireshark, please stop posting false info on the thread.

It's called an injection. There is no false info. I don't know why you're so determined to say this info is false, I suspect you have other motives.

I'll just agree to disagree with you because clearly we both have a different idea of how things work.

It's called an injection. There is no false info. I don't know why you're so determined to say this info is false, I suspect you have other motives.

I'll just agree to disagree with you because clearly we both have a different idea of how things work.

Becasue it is wrong, all programs have processes, you are giving out false info to SARP... Also injection doesnt stop the program from having a process unless it has access to ring0, which no rat does at the moment.

Becasue it is wrong, all programs have processes, you are giving out false info to SARP... Also injection doesnt stop the program from having a process unless it has access to ring0, which no rat does at the moment.

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .



Bootkits

A kernel-mode rootkit variant called a bootkit is used predominantly to attack full disk encryption systems, for example as in the "Evil Maid Attack", in which a bootkit replaces the legitimate boot loader with one controlled by an attacker; typically the malware loader persists through the transition to protected mode when the kernel has loaded. For example, the "Stoned Bootkit" subverts the system by using a compromised boot loader to intercept encryption keys and passwords. More recently, the Alureon rootkit has successfully subverted the requirement for 64-bit kernel-mode driver signing in Windows 7 by modifying the master boot record.
The only known defenses against bootkit attacks are the prevention of unauthorized physical access to the system—a problem for portable computers—or the use of a Trusted Platform Module configured to protect the boot path.


Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/2011/01/ring-0f-fire-rootkits-and-dkom.html

R@t alerts~

Who still opens mail attachments from unknown senders at this age of time? Ugh..., if only there was a patch for human stupidity.

PS: This doesn't explain how they get our e-mail addresses? Either the admin team is handing out e-mail addresses as they were handing out ip's a while back, or i call this false. Nice try though.

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .



Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/2011/01/ring-0f-fire-rootkits-and-dkom.html

Clearly you have no idea what you're talking about. I said ring0. ring0 = rootkit, there is not rat right now that has ring0, case closed.

How did yall manage to turn this one into an argument

How did yall manage to turn this one into an argument
Its not really a argument, its more false info from a member, but he refuses to notice it. Just ignore it lol.

Good job Blackburn, good job...

The only way back from getting ratted is to completely reformat your hard disk and re-install your operating system. If you are getting ratted by things like this and visiting these dodgy sites then all the antiviruses won't protect you from your self. You could have a completely secure system and an unknowing user. Everyone should not be using Internet Explorer and instead be using Firefox or Chrome with extensions NoScript and Adblock.

Not true. Find the location of the process, close the process, disable it on startup, delete the file in the location of the process containing the RAT, and problem solved. Many rats are made by skids and people who use tuts or some bootleg crap.

Not true. Find the location of the process, close the process, disable it on startup, delete the file in the location of the process containing the RAT, and problem solved. Many rats are made by skids and people who use tuts or some bootleg crap.

Bout time someone else posts stating he is wrong. My guess is he is going to come back and still argue it but what ever.

I've been RATted recently, so I've been through this.

Ok. I am not giving out false info. You seem determined to disprove everything I say. Please consult http://en.wikipedia.org/wiki/Rootkit .



Quick google search revealed:

https://www.underground.org.mx/index.php?topic=28482.0
http://c0decstuff.blogspot.co.uk/2011/01/ring-0f-fire-rootkits-and-dkom.html

What you're talking about is not a bootkit or rootkit, believe me. I know there's injection out there, but it all has to come from something. If you restart your computer, the injection is gone and so is the virus, right? wrong. There will always be an executable file to inject into another process and most viruses out there don't make too much of an effort to literally inject the ACTUAL VIRUS into another process, although I've seen what I call "backups" injected into processes.

By the way, if you think you were infected by this virus, run this command. It will remove this RAT, I've examined it quite closely.


taskkill /f /im "msdcsc.exe" & del %UserProfile%\Documents\MSDCSC\msdcsc.exe

Its not really a argument, its more false info from a member, but he refuses to notice it. Just ignore it lol.


This is SARP, what'a expect?


Oh what's a RAT?

Hit cntrl alt delete, open task manager, scroll to the bottom of processes and If you have two winlogin.exe's, it means you got a a rat watching everything you do. Also, don't trust spastics on skype that give you an .exe that you have to open.

Hit cntrl alt delete, open task manager, scroll to the bottom of processes and If you have two winlogin.exe's, it means you got a a rat watching everything you do. Also, don't trust spastics on skype that give you an .exe that you have to open.

Incorrect/correctish... Not all Rats are named winlogin.exe haha... some could be named noob.exe so that sonly for some cases.

Incorrect/correctish... Not all Rats are named winlogin.exe haha... some could be named noob.exe so that sonly for some cases.

well ye, I meant that it's one way to check. In my case it was named cunt.exe.

This is SARP, what'a expect?


Oh what's a RAT?

Remote Administration Tool.

I feel you're an idiot if you get infected, these things are so simple to avoid(experience, on both sides)

The amount of 'dislike' and 'hate this post' I got from Kevin and Byte made me cry a little.

The amount of 'dislike' and 'hate this post' I got from Kevin and Byte made me cry a little.

dun be postin dat false info my nigga'

Yes, if you have any duplicate processes, look that process up. Find out what it is first, then find out where it's located. Remove the one that's in the fishy location.

Don't worry, I think he might rethink DDoSing everyone

http://i.imgur.com/eOIzena.png

I thought this thread was about under cover cops or IG snitches/rats. LOL

Don't worry, I think he might rethink DDoSing everyone

http://i.imgur.com/eOIzena.png

He claimed he wasn't the on DDoSing SARP, but we'll never know. I had my IP hit off a couple of times and he claimed he got someone else to do all this for him. Either way, yup, after almost a whole year, those fuckers are gone.

No, He was the one.. He also DDosed many FRIENDS

Antivirus wont let me install mods :/

I feel you're an idiot if you get infected, these things are so simple to avoid(experience, on both sides)

I feel like you've never been infected by a JDB, I used to forget and click run to everything.

Another way is to go to https://www.virustotal.com/en/ and check there. It has like 35 antivirus programs that check the file..

Another way is to go to https://www.virustotal.com/en/ and check there. It has like 35 antivirus programs that check the file..

Life is too short to scan every file you get.

Perhaps you shouldn't download random shit and check comments and rating and see if it's a trusted source.

Don't go full retard and download everything you see.

It's creepy knowing that someone is watching every move you do though and even if you feel like you're not being creeped on, always double check so you can be certain. Just curious, can they get through MACs also?

Yes. There are RATs for every operating system.

It's creepy knowing that someone is watching every move you do though and even if you feel like you're not being creeped on, always double check so you can be certain. Just curious, can they get through MACs also?

There's a common misconception that if you run OSX or a Linux distribution, you're invulnerable. This is incorrect and there is plenty of viruses for all operating systems, just a lot less for OSX and Linux.

Yes. There are RATs for every operating system.


There's a common misconception that if you run OSX or a Linux distribution, you're invulnerable. This is incorrect and there is plenty of viruses for all operating systems, just a lot less for OSX and Linux.


So how do you protect yourself if you got a MAC?

So how do you protect yourself if you got a MAC?

It's the same idea, be vigilant and don't go "full retard".

It's the same idea, be vigilant and don't go "full retard".

Okay but is there any way you can check if there's a RAT on a mac, like for windows there are ways you can check but what about MACS?

Just the ones that you're suspicious about.

Okay but is there any way you can check if there's a RAT on a mac, like for windows there are ways you can check but what about MACS?

There is going to be NO RAT on your mac. Dont worry, there are really no RAT's out there that are made for the RAT OS, so dont worry about that.

There is going to be NO RAT on your mac. Dont worry, there are really no RAT's out there that are made for the RAT OS, so dont worry about that.

sounds good, thanks kev.

So how do you protect yourself if you got a MAC?

Please don't tell me you play SARP on a mac..

Please don't tell me you play SARP on a mac..

Nah I don't have SARP on my mac, I use my mac for work and school.

Another way to check you have one is to open Task Manager, hit "View" and "Select Colums" and make sure "PID" is showing.
http://i.imgur.com/O19kY46.png

http://i.imgur.com/nK06uIe.png

Then open command prompt (Start > cmd.exe) and type in:

netstat -ano
http://i.imgur.com/198C97z.png

Scroll up the command prompt a little and you'll see the list of IPs, and it will say "Established" or "Listening" or "Something_Wait" (Highlighted in Red), look for the ones that say Established, and the number next to it is their PID (Highlighted in Green).
http://i.imgur.com/MVy4wUM.png

Then back on Task Manager, you can read the PID's from the cmd.exe and match them up with the processes running on your PC, by looking at the "Processes" and "Services" tab of Task Manager.
http://i.imgur.com/Wuyr9qu.png
Most of the IPs from the cmd.exe will return to things like Firefox, Chrome, Skype and whatnot, but if you find any IPs that definitely do not link up with a Process running, it could potentially be the IP of the RAT.

What a friendly soul, caring about others and their computer issues.

Another way to check you have one is to open Task Manager, hit "View" and "Select Colums" and make sure "PID" is showing.
http://i.imgur.com/O19kY46.png

http://i.imgur.com/nK06uIe.png

Then open command prompt (Start > cmd.exe) and type in:

netstat -ano
http://i.imgur.com/198C97z.png

Scroll up the command prompt a little and you'll see the list of IPs, and it will say "Established" or "Listening" or "Something_Wait" (Highlighted in Red), look for the ones that say Established, and the number next to it is their PID (Highlighted in Green).
http://i.imgur.com/MVy4wUM.png

Then back on Task Manager, you can read the PID's from the cmd.exe and match them up with the processes running on your PC, by looking at the "Processes" and "Services" tab of Task Manager.
http://i.imgur.com/Wuyr9qu.png
Most of the IPs from the cmd.exe will return to things like Firefox, Chrome, Skype and whatnot, but if you find any IPs that definitely do not link up with a Process running, it could potentially be the IP of the RAT.

Well i opened the Task manager, and there wasn't the 'tick' on PID.erhh

Well i opened the Task manager, and there wasn't the 'tick' on PID.erhh

Then click it?

Once again if anyone has the slightest feeling they're infected. We beg you to contact me or cody, we would like to wireshark that shit. Thanks.

That should have already been done... You had the chance with Jarid

Who still opens mail attachments from unknown senders at this age of time? Ugh..., if only there was a patch for human stupidity.

PS: This doesn't explain how they get our e-mail addresses? Either the admin team is handing out e-mail addresses as they were handing out ip's a while back, or i call this false. Nice try though.

http://i.imgur.com/4Q0Y4.jpg

Lol..

I feel like you've never been infected by a JDB, I used to forget and click run to everything.

I've seen them before, one time my virtual friend on skype sent me a picture on gyzao.com and it ended up being a JDB. He was a sure-fire cunt.

I've seen them before, one time my virtual friend on skype sent me a picture on gyzao.com and it ended up being a JDB. He was a sure-fire cunt.

Gyazo* is instant screen capping. How can there be a JDB in that? Anyone care to elaborate? :p

Gyazo* is instant screen capping. How can there be a JDB in that? Anyone care to elaborate? :p

There can eaisly be a JDB on that becasue some of the advertisements people pay for that put a JDB in them so they get as many bots as they can.

There can eaisly be a JDB on that becasue some of the advertisements people pay for that put a JDB in them so they get as many bots as they can.

This, they can easily just have it say the following..

http://danieladeniji.files.wordpress.com/2013/02/java-applet-needs-permission-to-run.png

I assume it's only if you click the ads, correct? I have Adblock on anyway.

I think I have a RAT on my pc and I have been watching an excesive amount of porn, I hope this guy doesn't get my Brazzers password nor user name. Also I think he knows what I'm into :L .

I assume it's only if you click the ads, correct? I have Adblock on anyway.

No, if you opened a picture, it'll say - Java needs your permission/needs to update [run button]

I assume it's only if you click the ads, correct? I have Adblock on anyway.

Surprisingly no you don't because they can just have it as a pop up with some simple java code.

This, they can easily just have it say the following..

http://danieladeniji.files.wordpress.com/2013/02/java-applet-needs-permission-to-run.png


Im not 100% sure but I think this popup can also infect you as well. Not sure though.

Don't even bother downloading the malware detection, it is a Virus and I scanned it today by AVG.
My brother said this Virus is a RAT, do not bother download this people! I am warning you.
PS:
You may think that if players from September or have a old join date doesn't mean they will not send you a RAT.
Go ahead scan this malware detection .exe on www.virustotal.com
You will thank me because this Kevin person loves to fool/troll people, I am warning you to not download this.
But his methods work and the malware detection is definatey a RAT.
I am sure he used Visual Basic to code this and crypted it.
Don't trust any programs from anyone.

The rat poison in my house did no good. Looking at this guide - I'm litterally Rat free in my house

Can someone shed light on what does UAE DM team actually do? except DM? since I know their leader.

Don't even bother downloading the malware detection, it is a Virus and I scanned it today by AVG.
My brother said this Virus is a RAT, do not bother download this people! I am warning you.
PS:
You may think that if players from September or have a old join date doesn't mean they will not send you a RAT.
Go ahead scan this malware detection .exe on www.virustotal.com
You will thank me because this Kevin person loves to fool/troll people, I am warning you to not download this.
But his methods work and the malware detection is definatey a RAT.
I am sure he used Visual Basic to code this and crypted it.
Don't trust any programs from anyone.

You're obviously not very smart, antiviruses have false positives every day. In fact I believe about 5 out of every 10 executables will be detected by at least one antivirus, malicious or not.

I've actually "scanned" this scanner, but I didn't use antivirus software, I watched every single thing that the executable does and here's the results.

1. It does not try to connect to the internet EVER.
2. It doesn't extract anything and execute it
3. Nothing got added to start up.

The scanner might not be very good (it's meant to detect popular malware), but it works and is not backdoored.

Don't even bother downloading the malware detection, it is a Virus and I scanned it today by AVG.
My brother said this Virus is a RAT, do not bother download this people! I am warning you.
PS:
You may think that if players from September or have a old join date doesn't mean they will not send you a RAT.
Go ahead scan this malware detection .exe on www.virustotal.com
You will thank me because this Kevin person loves to fool/troll people, I am warning you to not download this.
But his methods work and the malware detection is definatey a RAT.
I am sure he used Visual Basic to code this and crypted it.
Don't trust any programs from anyone.

That fact that you would even think I would try and infect members makes you a complete scum bag. Seriously go fuck yourself. 1. I would never infect people on SARP. I try and help and I get bullshit from your dumbass that can't tell weather something is a virus or not. Please just leave. Also I wish I fucking coded that program and owned blackshades I would be rich... Anyways get da fuck outta here nub.





Also UAE DM team are a bunch of script kiddies that call them selfs hackers when really they just go online copy and paste shit and use public programs that are a pile of shit seriously you shouldn't be scared of the UAE DM team pussys.

wtf after i downloaded this all my passwords were changed and stuff were randomly closing and something like a chat came up and telling me that hes a ghost

i think is a keylogger

wtf after i downloaded this all my passwords were changed and stuff were randomly closing and something like a chat came up and telling me that hes a ghost

i think is a keylogger

This isn't a virus, if you have a virus then it was something else.

Thanks for sharing not hard to do ot though.

Not even in the realm of difficulty.

kevi blackbur, why are you doing this? from your posts i see that you know alot about hacks and you have a crew who defend you , please stop, ive lost all my passwords and porn randomly opens at all time!! this happened after i downloaded your antirat its not too late to stop i know everyone makes mistakes and you shuld stop hacking me please... ive lost my facebook,steam,origin,guildwars2 and wow accounts.. i have to put gum in my webcam because im so scared ..please stop before its too late i forgive you but please dont do this to anyone else

kevi blackbur, why are you doing this? from your posts i see that you know alot about hacks and you have a crew who defend you , please stop, ive lost all my passwords and porn randomly opens at all time!! this happened after i downloaded your antirat its not too late to stop i know everyone makes mistakes and you shuld stop hacking me please... ive lost my facebook,steam,origin,guildwars2 and wow accounts.. i have to put gum in my webcam because im so scared ..please stop before its too late i forgive you but please dont do this to anyone else


Lol ur a good troll

kevi blackbur, why are you doing this? from your posts i see that you know alot about hacks and you have a crew who defend you , please stop, ive lost all my passwords and porn randomly opens at all time!! this happened after i downloaded your antirat its not too late to stop i know everyone makes mistakes and you shuld stop hacking me please... ive lost my facebook,steam,origin,guildwars2 and wow accounts.. i have to put gum in my webcam because im so scared ..please stop before its too late i forgive you but please dont do this to anyone else

Jaki Kha, why are you doing this? from your posts i see that you are an obvious troll and you dont have a crew that defends you , please continue, youve not lost all your passwords and ur pr0n is perfectly safe and closed unless you open it!! this happened after you downloaded "sexy brunette sex simulator.exe" and ran it and u make mistakes by doing that and you shuld stop being dumb please... yur fb st3am 0r1g1n & gu1dwar5z and brazz3rz is safe.. also ur paranoia is hitting all time highs putting gum into your butthole cause the us guvrnment has camera logded in ur but ..please stahp before its too late and you kill yourself and someone else.

No.

Jaki Kha, why are you doing this? from your posts i see that you are an obvious troll and you dont have a crew that defends you , please continue, youve not lost all your passwords and ur pr0n is perfectly safe and closed unless you open it!! this happened after you downloaded "sexy brunette sex simulator.exe" and ran it and u make mistakes by doing that and you shuld stop being dumb please... yur fb st3am 0r1g1n & gu1dwar5z and brazz3rz is safe.. also ur paranoia is hitting all time highs putting gum into your butthole cause the us guvrnment has camera logded in ur but ..please stahp before its too late and you kill yourself and someone else.

No.

stahp codi

You have to be pretty dumb to get a RAT imo.


this happened after you downloaded "sexy brunette sex simulator.exe" and ran it.

OMG I GOT A VIRUS FROM THIS

HELP

why are you mad? maybe both of you hack people together ? so you go hack people and when they complain you tell them to fuck theirselves??? wy are you getting mad if you are not the hacker

Thanks for sharing this.

why are you mad? maybe both of you hack people together ? so you go hack people and when they complain you tell them to fuck theirselves??? wy are you getting mad if you are not the hacker

y r u mad? maybe ur a complete dumbass ? so you got around accusing people and when we deny you tell us we r h4x3rzzz??? wy are you complete dumbass

I'm actually a pro at these things and know a muuuch easier way to remove them not reformate the computer.


but im banned so i wont tell

I'm actually a pro at these things and know a muuuch easier way to remove them not reformate the computer.


but im banned so i wont tell
Show us, master. Is that opening up your hard-disk and looking for rats?

Wait, how are people getting infected. Is it happening by accessing the server or using the website.

Wait, how are people getting infected. Is it happening by accessing the server or using the website.

i got hacked by opening the .exe usually the file is something like " anti-rat.exe"

http://i.imgur.com/wjXMAIf.jpg

i got hacked by opening the .exe usually the file is something like " anti-rat.exe"

http://i.imgur.com/wjXMAIf.jpg

You do realize what he linked is called "MalDetect.exe" and is not backdoored? Also if you look you'll see on that screenshot kaspersky is blocking a completely different url (the fav icon). You're obviously just trying to make it seem like a virus, but "why?" is the question.

eh, I think those who are stupid enough to fall for it deserves to be RAT'd.


Wait, how are people getting infected. Is it happening by accessing the server or using the website.
You don't get infected by just visiting the website. You will get infected when you allow the Java client to run(it will pop up, check the pictures in post 1). Once you've allowed it to run it will download and execute a executable(exe) in the background. The executable is a virus, probably a RAT, darkcomet or such. Easy to detect since they probably use some shitty crypter from hf or something.

Can you explain why kevin blackburn was randomly sending PMs to my friends about a 'hack' and now suddenly he is giving away an 'anti-rat' which shows that he is obviously not attempting to rat people..

why dont you post on your other account,kevin?http://www.gta-sarp.com/forums/member.php?25032-ihackedbyte

solution: dont send porn with emails and use piratebay

also delete system32 to get rid of viruses.

still, i dont see how this hardly matters. pretty sure not many people check their email, or maybe thats just me.

Can you explain why kevin blackburn was randomly sending PMs to my friends about a 'hack' and now suddenly he is giving away an 'anti-rat' which shows that he is obviously not attempting to rat people..

why dont you post on your other account,kevin?http://www.gta-sarp.com/forums/member.php?25032-ihackedbyte


LOL I never sent 1 pm to any of your friends, if admins feel the need to go through every single one of my sent PM's feel free! I'm not hiding anything. Just trying to help is all :P

for those with worries. here is some white hat advice. Also message to admins, ANYONE messing with this server let me know, ill show them what a dox is.

http://www.gta-sarp.com/forums/showthread.php?78680-Preventing-Infections

btw avast is a terrible free antivirus.

In my black hat hacking days i had most trouble with comodo internet security..

Also wiresharking to find a rat is a joke.

Reverse engineering the file is the best way to go.

If the infector is smart, they will use a known server to run the rat through. I knew a guy once who rooted the main server of https://gigenet.com/ and used to run rats through them because they are used by some major corps.

It's a RAT, lol. Don't trust this guide.

My relative who's a computer proffesionalist said that this is a RAT, do not even Bother Downloading These Stuff Because It Is RAT
He Is Just Gonna Trick You Guys.

It's a RAT, lol. Don't trust this guide.

And where is your proof to back up this claim? Have you reverse engineered the Malware Detector and found a backdoor in it? The only reason antiviruses detect it is probably because when you're trying to download from bshades.eu, which is a known malware seller, it doesn't exactly like you even getting near to that website much less downloading from it.

I haven't had an antivirus on this computer for 3 years, I have not one infection and I've ran that malware detector on this PC, believe me when I say it's clean.


My relative who's a computer proffesionalist said that this is a RAT, do not even Bother Downloading These Stuff Because It Is RAT
He Is Just Gonna Trick You Guys.

Your friend has absolutely no clue what he's talking about then, you really think that Kevin and I would spread out a RAT to the community that we've played on for years and achieved so much on? bshades.eu isn't even our website, and they don't have bad intentions over there.

Since xvisceral was sent to jail during the cardersprofit FBI sting then who da fuck even manages bshades anymore? I remember when that shit first went on sale that dude was bankin lmfao

And where is your proof to back up this claim? Have you reverse engineered the Malware Detector and found a backdoor in it? The only reason antiviruses detect it is probably because when you're trying to download from bshades.eu, which is a known malware seller, it doesn't exactly like you even getting near to that website much less downloading from it.

I haven't had an antivirus on this computer for 3 years, I have not one infection and I've ran that malware detector on this PC, believe me when I say it's clean.

ya right n it dont matter , if it is a malware seller , it is still a virus because im scan it? you mad brother? my relative is good at computers
dont believe him because he is admin dont mean anything , trust me people he is laughing and looking at people PC !!!

ya right n it dont matter , if it is a malware seller , it is still a virus because im scan it? you mad brother? my relative is good at computers
dont believe him because he is admin dont mean anything , trust me people he is laughing and looking at people PC !!!

No the program is not a virus lol.

ya right n it dont matter , if it is a malware seller , it is still a virus because im scan it? you mad brother? my relative is good at computers
dont believe him because he is admin dont mean anything , trust me people he is laughing and looking at people PC !!!

If your "relative" is Avast then I guess you're SO right here! Yes, it's a virus because your antivirus told you so! Ohhhhh yes!

Since xvisceral was sent to jail during the cardersprofit FBI sting then who da fuck even manages bshades anymore? I remember when that shit first went on sale that dude was bankin lmfao

I believe it was taken over by some dude because everything about bshades still stands and I believe development is still going on, I personally don't know TOO much about bshades but I do know that it's still around.

I believe it was taken over by some dude because everything about bshades still stands and I believe development is still going on, I personally don't know TOO much about bshades but I do know that it's still around.

I just looked it up I guess he was only the co-creator, and the rest of the team just kept working as usual on it with no repercussion. I can say that as I know some the people who run and code for blackshades personally and I knew them before I even joined SARP the software is clean and it is legit, they made it for users on another board, and they wouldn't infect the users of that other board same how byt3 wouldn't do that here, and the reason for that is the products they're making actually do make them some $$$ so why lose it all by infecting their users

Since xvisceral was sent to jail during the cardersprofit FBI sting then who da fuck even manages bshades anymore? I remember when that shit first went on sale that dude was bankin lmfao

It is still managed, I am good friends with the manager/owner, he tends to keep it private, but yeah, still operational.

Suspicious software you got there.

Wouldn't recommend people torrenting anything, especially from forum boards.

3. One quick tool to use is this http://download.bshades.eu/download....detect.torrent
It was made by a company that creates malware, but this tool detects any rats on your computer, yes it is created by someone that creates malware, but they also made a tool to detect any malware on your computer, dont worry it is 100% safe.

Detects or plants? Just like Chin said, I wouldn't download anything.

Seriously, this shouldn't be downloaded at all, this thing is pretty much a software that records everything you doing and other people seeing it, without you relizing it, Last night i was looking down at the script of it, and found out some suspicious stuff, i Recomend not to have this at all and never Trust Kevin on this,
Also this program was Given to one of my friend[not mentioning name], and his computer/laptop got full of virus, and someone started to control it, and later on he actually went to my friends skype, and wrote name Kevin on the place were you find people in your skype,
I recomend not to download this, not Trusted at all.

Seriously, this shouldn't be downloaded at all, this thing is pretty much a software that records everything you doing and other people seeing it, without you relizing it, Last night i was looking down at the script of it, and found out some suspicious stuff, i Recomend not to have this at all and never Trust Kevin on this,
Also this program was Given to one of my friend[not mentioning name], and his computer/laptop got full of virus, and someone started to control it, and later on he actually went to my friends skype, and wrote name Kevin on the place were you find people in your skype,
I recomend not to download this, not Trusted at all.

Hello, Jessica Alejandro, I realize that you're butthurt and all but trying to frame someone for doing crimes that he or no one else did is honestly the lowest point you can get to, especially with your obvious lack of knowledge which is clearly seen in this post.

I think that you're low enough to be living in the sewers of Columbia!


http://www.youtube.com/watch?v=X4koXeZvAfg

Protection from Byt3

You know what, I CHALLENGE anyone out there to provide SOLID proof that this malware scanner is a virus (not some shitty antivirus pictures, as I've said before some antiviruses are bound to be wrong 40~% of the time), from packet logs to assembly, I don't really care, I just challenge you to find any possible thing that's dangerous about it.

Go on, amaze me.

It helped me a lot Kevin, thanks man.

Check out my tutorial bitch Blade http://www.gta-sarp.com/forums/showthread.php?79404-How-to-actually-remove-a-rat

You know what, I CHALLENGE anyone out there to provide SOLID proof that this malware scanner is a virus (not some shitty antivirus pictures, as I've said before some antiviruses are bound to be wrong 40~% of the time), from packet logs to assembly, I don't really care, I just challenge you to find any possible thing that's dangerous about it.

Go on, amaze me.
How would it be possible other than anti-virus?
Obviously you wouldn't do anything to the hacked person because you know that they are probably recording or something

How would it be possible other than anti-virus?
Obviously you wouldn't do anything to the hacked person because you know that they are probably recording or something

The fact that you just said that is clear proof your a fucking retarded child

The fact that you just said that is clear proof your a fucking retarded child

Sure I am a child but atleast I don't rage on the internet.
Obviously mad that someone found out his virus

Sure I am a child but atleast I don't rage on the internet.
Obviously mad that someone found out his virus

You have a lot to learn.

How would it be possible other than anti-virus?
Obviously you wouldn't do anything to the hacked person because you know that they are probably recording or something

Well if you were skilled at such a field you could try to reverse engineer it and actually see the code (which im sure is beyond your abilities, which is fair enough im not even saying i could do it), but its likely obfuscated (which is also part of what is causing your false positives, some antiviruses see obfuscated code in similar ways to 'crypted' code which is programs used to make bots/viruses undetectable). It amazes me so many of you are convinced that they're trying to infect you based off of simple false positives :S

Sure I am a child but atleast I don't rage on the internet.
Obviously mad that someone found out his virus

Most of the time if a antivirus finds a virus there is always a chance its wrong
just be secure if you download anything and use your common sense which I believe you do not have

You know what, I CHALLENGE anyone out there to provide SOLID proof that this malware scanner is a virus (not some shitty antivirus pictures, as I've said before some antiviruses are bound to be wrong 40~% of the time), from packet logs to assembly, I don't really care, I just challenge you to find any possible thing that's dangerous about it.

Go on, amaze me.

Still waiting on results, assuming anyone who's been accusing it of being an infected file has even looked into it.

Was Ratted before by some guy who posed as FBI. They did it by disguising a Rootkit as a Java installer. I got tired of it popping up so I just clicked accept already knowing it was a rat. it disabled my computer in the sense that I couldn't use it on normal mode by inserting a fake FBI Cyberdivision page over my desktop saying that I had been downloading illegal hacking shit ( Which is bullshit ) and said under sources of evidence things like that one free music download you downloaded. Ridiculous, right? Well it got even more so. It demanded that I could either go to court and have a case filed against me or I could pay 300 dollars to ( Insert address here ) using one of those untracable money senders from 7-11 within 3 days to cancel the case and have charges dropped against me ( HOW RETARDED DO THEY THINK I AM ), Obviously all fake and signs of a scanner, Especially if it had Ads on a legit looking at first FBI lockdown page. I just Rebooted the computer and then I started it in safe mode with control panel therefore taking care of the problem in that sense and getting rid of it. I then sent malware to his computer frying his computer so he can't sneak RATS to stupid people again.

- Like a pro, Justice is served.

Was Ratted before by some guy who posed as FBI. They did it by disguising a Rootkit as a Java installer. I got tired of it popping up so I just clicked accept already knowing it was a rat. it disabled my computer in the sense that I couldn't use it on normal mode by inserting a fake FBI Cyberdivision page over my desktop saying that I had been downloading illegal hacking shit ( Which is bullshit ) and said under sources of evidence things like that one free music download you downloaded. Ridiculous, right? Well it got even more so. It demanded that I could either go to court and have a case filed against me or I could pay 300 dollars to ( Insert address here ) using one of those untracable money senders from 7-11 within 3 days to cancel the case and have charges dropped against me ( HOW RETARDED DO THEY THINK I AM ), Obviously all fake and signs of a scanner, Especially if it had Ads on a legit looking at first FBI lockdown page. I just Rebooted the computer and then I started it in safe mode with control panel therefore taking care of the problem in that sense and getting rid of it. I then sent malware to his computer frying his computer so he can't sneak RATS to stupid people again.

- Like a pro, Justice is served.

https://i.chzbgr.com/maxW500/5059588096/h07BC4AE6/

I have all the "protection" I need. My dad runs a 24/7.

good job

good job

Thank you glad you enjoyed it!

Thank you for this guide. However, virus protection is just completely unnecessary, since I've been running with out a protection since like 3 years ago and never received a virus during that period. Just be aware of what you're downloading. All they do is block softwares and traffic that I don't want to be stopped.

Thank you for this guide. However, virus protection is just completely unnecessary, since I've been running with out a protection since like 3 years ago and never received a virus during that period. Just be aware of what you're downloading. All they do is block softwares and traffic that I don't want to be stopped.

Antivirus software is only suggested by me if you're not "computer smart", removing (most) viruses is easy and getting them.. well that's kinda hard to do, unless of course you're downloading executables from Youtube ("Bypass VAC ban!" lul). Although sometimes it'd be good to have that extra layer of protection, depending on what you're doing.

Antivirus software is only suggested by me if you're not "computer smart", removing (most) viruses is easy and getting them.. well that's kinda hard to do, unless of course you're downloading executables from Youtube ("Bypass VAC ban!" lul). Although sometimes it'd be good to have that extra layer of protection, depending on what you're doing.

Didn't you rat people yourself?

Didn't you rat people yourself?

There's been a rumor going around that I did, but that's not really relevant at this point. Getting viruses isn't easy, you'd have to either really trust someone and not know that they're sending you a virus, or just be completely stupid and accept and run everything you get.

There's been a rumor going around that I did, but that's not really relevant at this point. Getting viruses isn't easy, you'd have to either really trust someone and not know that they're sending you a virus, or just be completely stupid and accept and run everything you get.

This thread is help from you and Kevin Blackburn right? So why should we trust you when this apparent "rumour" is around?

This thread is help from you and Kevin Blackburn right? So why should we trust you when this apparent "rumour" is around?

Because, it is a rumour Joe Slice started because he is extremely butthurt, he thinks I RAT'ed him which got him banned from SARP. So the first people he blamed was me and cody. Which, is not true. You can beileve what ever you want. If you dont feel this is safe then leave thread and stop flaming. Just trying to help people out here. So if you would please stop flaming. The fact of saying that cody ratted people without any proof, just by word is completely stupid and really brings out the maturity of the SARP players. Maybe if there was some proof of cody ratting someone then fine, but just taking Joe Slices word for it is a bunch of bullshit and you should really mature up a bit. I could go around spreading a rumor that Momo is going around DDoSing people working with Steven Rahul but I have no proof that is what you guys are trying to claim. None of it is true, grow up.

Antivirus software is only suggested by me if you're not "computer smart", removing (most) viruses is easy and getting them.. well that's kinda hard to do, unless of course you're downloading executables from Youtube ("Bypass VAC ban!" lul). Although sometimes it'd be good to have that extra layer of protection, depending on what you're doing.

Yeah, that's true. RATs are a bit harder to spot, if you ask me. This Java thing is a bit tricky as sometimes your web browser gives off these warnings, pretty smartly done if you ask me.

Funny, not so long ago a little bird tweeted to me this was accutally a RAT, but if it is not, then it is good.

Because, it is a rumour Joe Slice started because he is extremely butthurt, he thinks I RAT'ed him which got him banned from SARP. So the first people he blamed was me and cody. Which, is not true. You can beileve what ever you want. If you dont feel this is safe then leave thread and stop flaming. Just trying to help people out here. So if you would please stop flaming. The fact of saying that cody ratted people without any proof, just by word is completely stupid and really brings out the maturity of the SARP players. Maybe if there was some proof of cody ratting someone then fine, but just taking Joe Slices word for it is a bunch of bullshit and you should really mature up a bit. I could go around spreading a rumor that Momo is going around DDoSing people working with Steven Rahul but I have no proof that is what you guys are trying to claim. None of it is true, grow up.



Please quote me where I flamed? I just have my suspicions. You can fuck off, don't tell me to grow up.

Please quote me where I flamed? I just have my suspicions. You can fuck off, don't tell me to grow up.
The fact that you believe that crap really shows that you need to grow up. Just my opinion.

The fact that you believe that crap really shows that you need to grow up. Just my opinion.


Didn't you rat people yourself?


this apparent "rumour" is around?

How the fuck is me "believing it" when I tried to find out if this rumour was true? Fuck off you thick cunt.

Please quote me where I flamed?


How the fuck is me "believing it" when I tried to find out if this rumour was true? Fuck off you thick cunt.


Hmm... There is the flaming. I love it. Keep it coming.

Hmm... There is the flaming. I love it. Keep it coming.

A little kid telling me to grow up, telling me to leave thread and stop flaming, don't expect shits and giggles.

A little kid telling me to grow up, telling me to leave thread and stop flaming, don't expect shits and giggles.

I have no idea what you just said. Please keep this thread English. Thanks.

I have no idea what you just said. Please keep this thread English. Thanks.

Awkward moment when I'm English.

Muricans.

Stop fueling flames here, go take a Xanax and chill the fuck out.


Funny, not so long ago a little bird tweeted to me this was accutally a RAT, but if it is not, then it is good.

If you look in the previous pages you'll notice a bunch of trolls kept claiming that, and when I asked for proof everyone ended up shutting their mouths, they can't prove it because it's not true.

Awkward moment when I'm English.

Muricans.

inb4 lloyd christmas writes 4 paragraphs