dual client malware found using AVAST

ias1984 · #1 Post by **ias1984** » 03 Dec 2010, 09:59

can some one help me why valexe for dual has been removed because of a malware-gen. Ive been using dual client for valkyrie since renewal but only now Dec 3, 2010 its been block by my anti virus "AVAST" and been move to virus volt. Any one have the same problem like this. And another thing is that the original valexe dont have this same malware and working properly. I also tried to download sakexe from this site "http://forums.openkore.com/viewtopic.php?f=55&t=11659" and it also gave the same result "malware found"

minyong · #2 Post by **minyong** » 03 Dec 2010, 10:40

Even the link to download the ragexe has this. Can't download the ragexe from the link 4shared and I couldn't use the hexed client.

dodecagon · #3 Post by **dodecagon** » 03 Dec 2010, 11:12

Got that too with the unpacked Sakexe, just now, and I've been using the same file since renewal. The trojan is called "Magania" and is a password/username stealer according to Avira. I wonder why only now do I get it.

ias1984 · #4 Post by **ias1984** » 03 Dec 2010, 11:54

So it means not only avast detects this as a malware but also other antivirus.But the question is why only now. What i have done so far is to install new antivirus i will try if it will work. Hope to have good results..

dodecagon · #5 Post by **dodecagon** » 03 Dec 2010, 11:59

My guess, based on nothing, is that the virus will activate on "123" date, which is 12-3 or December 3.

Kidding aside. It's still early to judge other people, but for safety reasons, I recovered my client with GG and changed my game password. Just in case, I won't be using the unpacked client until someone tells me that it is really safe.

Or I will unpack my own .exe.

xtiantorres · #6 Post by **xtiantorres** » 03 Dec 2010, 12:03

whew.. AVAST automatically deleted the hexed valexe. been using this for months, but why only now that it has been detected as a malware?

th3_gam3r · #7 Post by **th3_gam3r** » 03 Dec 2010, 17:14

i allowed it also as trusted application.

should i be worried? and yes, why only now? ive been using this for months

#8 Post by **benj1320** » 04 Dec 2010, 01:07

hmmm thats wierd could be another false positive again...

will be removing the link for unpacked clients at the moment.

----------- links temporarily removed.. will be testing unpacked clients after updating sakray.

EDIT :

Managed to UNPACK Ragexe using belladonas Stripperx.... the problem is.. the blocks of hextrings are not the same as before @_@

EDIT:

seems like they did change the positions of the hex strings... but I managed to trace the hex for Gameguard disabling in New Chaos.. I will be uploading the Unpacked RAGEXE.EXE and its upto you to use it... http://forums.openkore.com/posting.php? ... 59&p=43231 ...

mysticfalls · #9 Post by **mysticfalls** » 04 Dec 2010, 05:55

even my very reliable kaspersky detected a magania.edgo trojan in unpacked ragexe.
so sad i can't dual login the thing is i'm using that file since renewal.

ias1984 · #10 Post by **ias1984** » 04 Dec 2010, 06:08

i have just change my antivirus to norton and it does not detect any thing on my dual client for valexe. But i do not suggest that this is the solution.
I think we just need to update the valexe for dual..

OpenKore

dual client malware found using AVAST

dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST

Re: dual client malware found using AVAST