Hacking and virus - Don't run random executable

Discussion in '3DS - Flashcards & Custom Firmwares' started by GovanifY, Oct 17, 2014.

Thread Status:
Not open for further replies.
  1. GovanifY
    OP

    GovanifY Member

    Banned
    42
    45
    Mar 9, 2014
    France
    Edit by moderator:

    I cleaned and moved all offtopic discussion originally posted in 3DS Homebrew development thread.

    Ernilos alerted us that Govanify hacked his computer and stole his files and informations (from personal files to keyboard keystroke/credit card informations could have been illegally obtained).


    Govanify originally posted a picture with Ernilos' IP, Ernilos' files and everything saved to a path containing the name of a trojan virus application.
    Govanify claimed on IRC he sent a backdoor to someone the same day Ernilos got infected. Ernilos backtracked the destination (home calling) and found Govanify's IP. We have confirmed the IP provided by Govanify in the picture was used by Ernilos, and confirmed Ernilos' provided IP found by reverse engineering the virus was the one used by Govanify.

    The program sent to Ernilos was related to 3DS Hacking (CTRKeyGen.exe) and it installed a program named Startup0.exe in his autorun place:
    C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

    The program affected csrss.exe (which is a perfectly normal Windows process (do not delete it), but it's often the target to viruses!).

    You can check the programs run at startup with Sysinternal's autorun.



    As a reminder and a warning to all our users :
    DO NOT RUN RANDOM EXECUTABLE FROM OTHER USERS!

    A lot of users are recompiling programs and providing them to the forum, we can't analyze them nor provide assistance before you choose to run them on your computer.
    You are responsible of any infection and virus you launch on your computer.

    I know everyone is waiting for 3DS hacking tools and are eager to test and launch them, but be aware that anything can be turn in Computer hacking tools easily.

    First be sure you are using an antivirus and a firewall which detect all incoming and outgoing network activity.
    Test the files you find using your antivirus, run them in sandboxes environment (VMWare), or on an offline dedicated computer.



    We have taken action to ban Govanify, even if it wasn't a direct attack nor a situation which happened directly on GBATemp's forum, we decided it was safer for everyone's security to prevent him from posting files here.
    Be warned and stay safe.

    Cyan
     
    Aidan25 and Celice like this.


  2. windwakr

    windwakr GBAtemp Fan

    Member
    483
    112
    Sep 13, 2009
    United States
    [​IMG]

    xRAT? Did you steal that from someone?

    Also, what's the point of trying to hide the function names on the side? They all appear to be just unnamed 'sub_xxxx'.


    EDIT: Quoting his post below this one to preserve it in case he deletes it:

    EDIT2: Just got confirmation that the file is indeed stolen from a member of this forum. Won't specify who, but they're contacting the admins right now.
     
  3. GovanifY
    OP

    GovanifY Member

    Banned
    42
    45
    Mar 9, 2014
    France
    Nope not using xRAT afaik(just working on this directory since I was working on a mod of it.) Just named what I wanted(and needed). Also I can send you the database, if that is what you want. Not THAT secretive. Anyways now making a CFW is easy, as long as u have basic infos...
     
  4. GovanifY
    OP

    GovanifY Member

    Banned
    42
    45
    Mar 9, 2014
    France
    Double post, unneeded
     
  5. st4rk

    st4rk nah

    Member
    545
    672
    Feb 11, 2014
    Brazil
    GovanifY


    Are you really kidding with me, right ? you hacked and leaked the files i sended to ernilos
     
    Huntereb likes this.
  6. ernilos

    ernilos GBAtemp Regular

    Member
    152
    140
    Aug 28, 2013
    Yea, renaming right?
    [​IMG]
    Also,
    [​IMG]
    And the IP is spanish, and I'm the unique one here what has this stuff here. Your CFW, Key's and that thing's, you had stealed mine work and from st4rk and saying it's yours.
    I already thought when you said "skype has backdoors I can see where you talk and recuperate first messages". From here you grabed all mine conversations and started learning about this right?
    I hope you burn in the hell, now let's report you.
     
  7. gamesquest1

    gamesquest1 Nabnut

    Member
    14,134
    9,478
    Sep 23, 2013
    ...drama's :O
     
  8. json

    json MUSCLEMAN

    Member
    693
    781
    Aug 9, 2013
    Burkina Faso
    Wow, if this is true then GovanifY is really a scumbag. Looks like nobody can be trusted these days. :gun:
     
  9. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,067
    10,391
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    This is why we can't have nice things.....
     
  10. Abcdfv

    Abcdfv What comes around goes around.

    Member
    1,452
    590
    Dec 24, 2013
    United States
    Haha you'd think someone would know how easy it is to unedited pictures.
     
  11. gamesquest1

    gamesquest1 Nabnut

    Member
    14,134
    9,478
    Sep 23, 2013
    you didnt even need to edit that picture to see the writing....he had "shaded" it out lol
     
  12. Cjuub

    Cjuub GBAtemp Regular

    Member
    196
    141
    May 25, 2006
    The funniest part is how the argument is about stealing code that was stolen from Gateway. :rolleyes:

    No but seriously, that's really shitty of Govanify.
     
    Reisyukaku and st4rk like this.
  13. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,067
    10,391
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    Who is that guy, another tool and so-called dev?
     
  14. Cjuub

    Cjuub GBAtemp Regular

    Member
    196
    141
    May 25, 2006
    Hm? You mean me? What are you so angry about?

    Anyway, I'm not "with" anybody and I don't call myself anything either. All I've done is extracting the payloads from gw launcher 1.0... Which I did only for the sake of doing it (gaining knowledge, basically), and that's also where I stop, I'm not interested in doing a cfw or whatever.
     
  15. Nic333

    Nic333 GBAtemp Regular

    Member
    146
    70
    May 3, 2014
    Brazil
    For you, i think it's better you do a Virus check using an antivirus, you kind of have a backdoor or a server running on your PC (Or you don't have a firewall)...
     
  16. the_randomizer

    the_randomizer The Temp's official fox whisperer

    Member
    22,067
    10,391
    Apr 29, 2011
    United States
    Dr. Wahwee's castle

    What are you talking about? I wasn't talking about you. I was quoting you as you were mentioning Govanify. I'm angry at people like him for fabricating a fake image.
     
  17. Cjuub

    Cjuub GBAtemp Regular

    Member
    196
    141
    May 25, 2006
    Jeez, calm down. It was not clear who you were talking about and since you quoted me I became unsure on what you meant, notice that I asked what you meant.

    But to answer your question in the same attitude you use: "Why the hell would I know who Govanify is and why the **** are you quoting me about it?".

    Anyway. Clearly offtopic, let's just stop.
     
    RubenCantuVota and st4rk like this.
  18. Abcdfv

    Abcdfv What comes around goes around.

    Member
    1,452
    590
    Dec 24, 2013
    United States
    Yeah isn't xRAT a remote admin tool? Not a fun thing to get infected with.
     
  19. ernilos

    ernilos GBAtemp Regular

    Member
    152
    140
    Aug 28, 2013
    Yep, now I had done a scan and I noticed it was the application "csrss.exe", now I'm debugging it, let's hope if i can extract the IP and send it to admins and they might confirm this
     
  20. Cyan

    Cyan GBATemp's lurking knight

    Global Moderator
    18,274
    8,748
    Oct 27, 2002
    France
    Engine room, learning
    if it's a skype security issue, why is it discussed here?
    it's offtopic, even if it's bad and I wouldn't like to be in your situation, there's nothing to do about it in this thread.

    If you want help on getting fixed/secured again, maybe you should ask in the general computer section of the forum.
    The leaked files are leaked, nothing can be done about it now.
     
    Margen67 and st4rk like this.
Thread Status:
Not open for further replies.