1. caitsith2

    caitsith2 GBAtemp Fan
    Member

    Joined:
    Jan 16, 2004
    Messages:
    343
    Country:
    Canada
    I investiged that uips.exe that was included with the zelda patch.

    It is definitely a trojan. The official uips.exe is available at http://www.neillcorlett.com (with source code available.) Aparently, helga/mugs took that source code, and built a trojan into it, in this type of fashion.

    The initial exe is UPX packed, and is just the loader, to unpack all of the exe files that will infect the system. Next, it loads up the first unpacked exe, which is the trojaned version of uips.exe. At that point, it installs all of the necessary .exe/.dll files (also included with that upx packed loader), to appropiate directories. Finally, the first unpacked exe does its legitimate job, apply the IPS patch, in the way the original uips source code was written.

    Strangely enough, norton doesn't detect this trojaned version of uips.exe, so I submitted it to symantec to have a more thourough analysis done.
     
  2. Fusion Master

    Fusion Master WOW Addict :0
    Member

    Joined:
    Oct 27, 2002
    Messages:
    1,524
    Country:
    I'm always careful about downloading programs. For instance when a program is announced on the frontpage i leave at least one day before getting it. This way if it does contain something nasty, i'm not the one that finds it first.
     
  3. TyrianCubed

    TyrianCubed Gamer 1989 to present
    Member

    Joined:
    Oct 26, 2003
    Messages:
    1,138
    Country:
    Italy
    I'm really MAD!!
    This guy should be havily punished, I really hope that someone finds him and kicks his ugly b*tt!
    So we'll see if he's really this "strong" as he thinks of himself.
    I hate you!!!

    I was infected with that damned uips.exe , and I'm worried because the keystrokes logging...does this mean he has/can have a log with all I've written with my keyb?

    On the positive side, hello caitsith2, long time no see! I hope you come and visit garpland again!
     
  4. Takeshi

    Takeshi GBAtemp Addict
    Member

    Joined:
    Jun 1, 2004
    Messages:
    1,946
    Country:
    Germany
    that's the purpose of a key-logger imho ... but you may be lucky ... since the number of infected people would be rather large he/she (should i use 'it'???) propably cant examine all the logs... hopefully! sad story going on here ... [​IMG]
     
  5. TyrianCubed

    TyrianCubed Gamer 1989 to present
    Member

    Joined:
    Oct 26, 2003
    Messages:
    1,138
    Country:
    Italy
    thanks for the reply, takeshi.
    and btw, it would be even too nice [​IMG]
     
  6. Foppzter

    Foppzter GBAtemp Advanced Fan
    Member

    Joined:
    Sep 26, 2003
    Messages:
    754
    Country:
    Would´nt the ones saying "FUCK YOU mondayz" say something like "I´m sorry, I made a mistake, forgive me mondayz" now when it´s clear that mondayz did´nt do it?
     
  7. TyrianCubed

    TyrianCubed Gamer 1989 to present
    Member

    Joined:
    Oct 26, 2003
    Messages:
    1,138
    Country:
    Italy
    You're right, mondayz didn't do anything and I think he's sad as we are.
     
  8. Lily

    Lily One Scary Lady
    Former Staff

    Joined:
    Jun 18, 2004
    Messages:
    5,727
    Country:
    Canada
    It's sad that people can't see beyond their own noses for long enough to make a decision on their own, rather than just following the masses.

    Hopefully those of you who gave out instant "fuck you" comments to mondayz will retract them, apologize, and move on with your ridiculous internet drama-driven lives.

    I'm sorry to see someone who actually gave out a good tool to the community get blasted. Aren't we better than that as a whole? [​IMG]
     
  9. Takeshi

    Takeshi GBAtemp Addict
    Member

    Joined:
    Jun 1, 2004
    Messages:
    1,946
    Country:
    Germany
    thats what i always thought when they bashed on him like crazy! thats why i only replied with a funny touch at first ...

    anyways ... i think the most of us are ... [​IMG] but the 'fuck you'-shouters were much faster in making comments than those who actually cared and thought about the 'accident' for themselves ... so i doubt we'll see much apologies to mondayz from the most of them !!

    sad; really sad!! but true ... ????

    edit: fixed my uncomplete sentence by inserting another word ... [​IMG]
     
  10. Garp

    Garp GBATemp's Wandering Gnome
    Member

    Joined:
    Nov 18, 2003
    Messages:
    956
    Country:
    United States
    It's not the first time that someone innocent got jumped on by the angry and upset, and unfortunately it won't be the last. I've done everything that I can to contact mondayz, but I doubt it will do any good. The harm has already been done, I'm afraid.

    Hopefully, people can learn from this one and think a little longer the next time something like this happens...that would do far more good than an apology would, in reality.
     
  11. djgarf

    djgarf I Am A Raver
    Former Staff

    Joined:
    Oct 24, 2002
    Messages:
    2,955
    Country:
    me and speechles have both spoke to mondayz and we are in the process of restoring all his shit on irc for him [​IMG]
     
  12. Takeshi

    Takeshi GBAtemp Addict
    Member

    Joined:
    Jun 1, 2004
    Messages:
    1,946
    Country:
    Germany
    wowy ... that's really good news (at last)!!!! [​IMG]
     
  13. Foppzter

    Foppzter GBAtemp Advanced Fan
    Member

    Joined:
    Sep 26, 2003
    Messages:
    754
    Country:
    Then maybe we hav´nt lost another great resource for the scene.
     
  14. solarsaturn9

    solarsaturn9 Newbie

    Well, I didn't really say that, but I did say something that I didn't mean... and I am sorry Mondayz [​IMG]

    I prolly won't use your tool, cuz I don't like cheating on games, but I hope you do continue developing your tool for the sake of all the cheaters out there [​IMG]
     
  15. Garp

    Garp GBATemp's Wandering Gnome
    Member

    Joined:
    Nov 18, 2003
    Messages:
    956
    Country:
    United States
    Thanks again, djgarf. As usual, you do the right thing.
     
  16. speechless

    speechless Friend Of GBATemp
    Member

    Joined:
    Oct 26, 2002
    Messages:
    360
    Country:
    United States
    mondayz is back. [​IMG]

    Helga, suck my cock dearie. [​IMG]

    life goes on, helga, you rule nothing..as you know this

    mugs sucks, fact!!
     
  17. Gandalf515

    Gandalf515 Member
    Newcomer

    Joined:
    Jul 18, 2004
    Messages:
    11
    Country:
    Netherlands
    I cheat, and I'm not afraid to admit it... That's why I like the Gabsharky-tool [​IMG].
    The reason I cheat in games, is that I'm just not very good at it, although I enjoy the games [​IMG]
     
  18. Callahah

    Callahah Advanced Member
    Member

    Joined:
    Nov 7, 2002
    Messages:
    84
    Country:
    Brazil
    I watched this whole gba-sharky thing from a distance.Well,i just ignored the announcement about gba-sharky release,but the other day i noticed how many people were flaming the tool and his author. I didn't know what was going on till right now,but it seems it turned out to be a terrible mistake.I'm really sorry for everyone here,and mondayz,come back dude,i really want to know more about Gba Sharky,cause i haven't had the chance to do it with all that mess about trojans and so.Sounds like interesting if this tool can help with hard-to-beat games (cheats can be helpful and time-sparing sometimes...). Don't give up on Gba Sharky yet,i bet many people around here want to try a true and clean version of your tool.As i said,cheats can be pretty handy sometimes... [​IMG]
     
  19. nl255

    nl255 GBAtemp Addict
    Member

    Joined:
    Apr 9, 2004
    Messages:
    2,924
    Country:
    A virus scanner won't help you if the trojan/keylogger is custom made, and either loosely based on available source code or hand made. Almost all virus scanners work with known signatures, and mugs would have been stupid to make a trojan that would be picked up by virus scanners. It is likely that mugs tested the trojan to make sure no existing virus scanner would detect it. The only thing that would detect it would be (annoying) behavior monitors. With those all a person would see is "warning, uips.exe wants to install a device driver" or "warning, uips.exe wants to access the internet" or "warning, uips.exe wants to write to the startup folder", things that many legitimate apps would want to do.
     
  20. Bart Lemming

    Bart Lemming Gēmu Bōi mikuro
    Member

    Joined:
    Feb 25, 2004
    Messages:
    350
    Country:
    United Kingdom
    Wouldn't it be a good idea to put something up on the front page to declare Mondayz innocence? I noticed the other day someone put up a notice declaring Shaunj66 and Costello's birthday...i think it's the least that can be done. As it stands unless you've read this entire topic you won't really know the whole story and may still presume Mondayz to be a virus writer and not know that Mugs/Helga is a childest miscreant.
     
Loading...

Hide similar threads Similar threads with keywords - GABSharkY,