GABSharkY

[caitsith2]

I investiged that uips.exe that was included with the zelda patch.

It is definitely a trojan. The official uips.exe is available at http://www.neillcorlett.com (with source code available.) Aparently, helga/mugs took that source code, and built a trojan into it, in this type of fashion.

The initial exe is UPX packed, and is just the loader, to unpack all of the exe files that will infect the system. Next, it loads up the first unpacked exe, which is the trojaned version of uips.exe. At that point, it installs all of the necessary .exe/.dll files (also included with that upx packed loader), to appropiate directories. Finally, the first unpacked exe does its legitimate job, apply the IPS patch, in the way the original uips source code was written.

Strangely enough, norton doesn't detect this trojaned version of uips.exe, so I submitted it to symantec to have a more thourough analysis done.

 

[Fusion Master]

I'm always careful about downloading programs. For instance when a program is announced on the frontpage i leave at least one day before getting it. This way if it does contain something nasty, i'm not the one that finds it first.

 

[TyrianCubed]

I'm really MAD!!
This guy should be havily punished, I really hope that someone finds him and kicks his ugly b*tt!
So we'll see if he's really this "strong" as he thinks of himself.
I hate you!!!

I was infected with that damned uips.exe , and I'm worried because the keystrokes logging...does this mean he has/can have a log with all I've written with my keyb?

On the positive side, hello caitsith2, long time no see! I hope you come and visit garpland again!

 

[Deleted User]

...does this mean he has/can have a log with all I've written with my keyb?...

that's the purpose of a key-logger imho ... but you may be lucky ... since the number of infected people would be rather large he/she (should i use 'it'???) propably cant examine all the logs... hopefully! sad story going on here ...

 

[TyrianCubed]

thanks for the reply, takeshi.
and btw, it would be even too nice

 

[Foppzter]

Would´nt the ones saying "FUCK YOU mondayz" say something like "I´m sorry, I made a mistake, forgive me mondayz" now when it´s clear that mondayz did´nt do it?

 

[TyrianCubed]

You're right, mondayz didn't do anything and I think he's sad as we are.

 

[Lily]

It's sad that people can't see beyond their own noses for long enough to make a decision on their own, rather than just following the masses.

Hopefully those of you who gave out instant "fuck you" comments to mondayz will retract them, apologize, and move on with your ridiculous internet drama-driven lives.

I'm sorry to see someone who actually gave out a good tool to the community get blasted. Aren't we better than that as a whole?

 

[Deleted User]

... Aren't we better than that as a whole?

thats what i always thought when they bashed on him like crazy! thats why i only replied with a funny touch at first ...

anyways ... i think the most of us are ...

but the 'fuck you'-shouters were much faster in making comments than those who actually cared and thought about the 'accident' for themselves ... so i doubt we'll see much apologies to mondayz from the most of them !!

sad; really sad!! but true ... ????

edit: fixed my uncomplete sentence by inserting another word ...

 

[Garp]

It's not the first time that someone innocent got jumped on by the angry and upset, and unfortunately it won't be the last. I've done everything that I can to contact mondayz, but I doubt it will do any good. The harm has already been done, I'm afraid.

Hopefully, people can learn from this one and think a little longer the next time something like this happens...that would do far more good than an apology would, in reality.

 

[djgarf]

me and speechles have both spoke to mondayz and we are in the process of restoring all his shit on irc for him

 

[Deleted User]

me and speechles have both spoke to mondayz and we are in the process of restoring all his shit on irc for him

wowy ... that's really good news (at last)!!!!

 

[Foppzter]

me and speechles have both spoke to mondayz and we are in the process of restoring all his shit on irc for him

Then maybe we hav´nt lost another great resource for the scene.

 

[solarsaturn9]

Would´nt the ones saying "FUCK YOU mondayz" say something like "I´m sorry, I made a mistake, forgive me mondayz" now when it´s clear that mondayz did´nt do it?

Well, I didn't really say that, but I did say something that I didn't mean... and I am sorry Mondayz

I prolly won't use your tool, cuz I don't like cheating on games, but I hope you do continue developing your tool for the sake of all the cheaters out there

 

[Garp]

Thanks again, djgarf. As usual, you do the right thing.

 

[speechless]

mondayz is back.

Helga, suck my cock dearie.

life goes on, helga, you rule nothing..as you know this

mugs sucks, fact!!

 

[Gandalf515]

I cheat, and I'm not afraid to admit it... That's why I like the Gabsharky-tool

.
The reason I cheat in games, is that I'm just not very good at it, although I enjoy the games

 

[Callahah]

I watched this whole gba-sharky thing from a distance.Well,i just ignored the announcement about gba-sharky release,but the other day i noticed how many people were flaming the tool and his author. I didn't know what was going on till right now,but it seems it turned out to be a terrible mistake.I'm really sorry for everyone here,and mondayz,come back dude,i really want to know more about Gba Sharky,cause i haven't had the chance to do it with all that mess about trojans and so.Sounds like interesting if this tool can help with hard-to-beat games (cheats can be helpful and time-sparing sometimes...). Don't give up on Gba Sharky yet,i bet many people around here want to try a true and clean version of your tool.As i said,cheats can be pretty handy sometimes...

 

[nl255]

A virus scanner won't help you if the trojan/keylogger is custom made, and either loosely based on available source code or hand made. Almost all virus scanners work with known signatures, and mugs would have been stupid to make a trojan that would be picked up by virus scanners. It is likely that mugs tested the trojan to make sure no existing virus scanner would detect it. The only thing that would detect it would be (annoying) behavior monitors. With those all a person would see is "warning, uips.exe wants to install a device driver" or "warning, uips.exe wants to access the internet" or "warning, uips.exe wants to write to the startup folder", things that many legitimate apps would want to do.

 

[Bart Lemming]

Wouldn't it be a good idea to put something up on the front page to declare Mondayz innocence? I noticed the other day someone put up a notice declaring Shaunj66 and Costello's birthday...i think it's the least that can be done. As it stands unless you've read this entire topic you won't really know the whole story and may still presume Mondayz to be a virus writer and not know that Mugs/Helga is a childest miscreant.