[Other] Viruses in server files

[intex]

I was thinking of setting up a private server on my LAN, so I downloaded some server files etc from http://secured.mf.kaorimir.com/

I know the owner of the site does not guarantee that the files do not contain viruses. Regardless, the files there are riddled with viruses, trojans, rootkits etc. Do you guys that run private servers just download the files and run your servers with these infected files anyway?

 

[tkila]

I was thinking of setting up a private server on my LAN, so I downloaded some server files etc from http://secured.mf.kaorimir.com/

I know the owner of the site does not guarantee that the files do not contain viruses. Regardless, the files there are riddled with viruses, trojans, rootkits etc. Do you guys that run private servers just download the files and run your servers with these infected files anyway?

yes XD

 

[Ashran]

I was thinking of setting up a private server on my LAN, so I downloaded some server files etc from http://secured.mf.kaorimir.com/

I know the owner of the site does not guarantee that the files do not contain viruses. Regardless, the files there are riddled with viruses, trojans, rootkits etc. Do you guys that run private servers just download the files and run your servers with these infected files anyway?

These viruses are false positives: they're keygens, cracks, etc that an AV thinks that they're viruses.

Anyway... From which files are you talking about? 3.55 Working? If so, these have no viruses.

 

[tkila]

i remember my old pc crashed bcz server files was 2 virused or something like that
anyway i dnt remember 2 good XD maybe was another viruses

 

[intex]

Here is a report from my machine of all the viruses found and all the infected files downloaded from http://secured.mf.kaorimir.com/

Virus:Win32/Gael.gen!A

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:\CruelDragonHolley\3.55Working.rar
file:\CruelDragonHolley\3.55Working.rar->Mud3\Mir3.exe->(Aspack v2.12)


Trojan:Win32/Orsam!rts

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:\CruelDragonHolley\3.55Working.rar
containerfile:\CruelDragonHolley\CruelDragon3G-old.rar
containerfile:\CruelDragonHolley\CruelDragon3G.rar
containerfile:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
containerfile:\GTServer\GT_Tools.rar
containerfile:\KingA3G\A3gNF_FreeTest70P_adFix_05-04-12.rar
containerfile:\LSServer\LS3G-Chinese.rar
file:\CruelDragonHolley\3.55Working.rar->Mud3\Client and Database\HL3.55 Client\Client3.68B.rar->ListMake(配置文件不要给玩家).exe
file:\CruelDragonHolley\CruelDragon3G-old.rar->CruelDragon3G_ServerFile.rar->mud3\Setup\全功能修改!setup.txt1.1.exe
file:\CruelDragonHolley\CruelDragon3G.rar->CruelDragon3G_ServerFile.rar->mud3\Setup\全功能修改!setup.txt1.1.exe
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\3µÇ½Æ÷\ListMake.exe
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\工具\全功能修改!setup.txt.exe
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\读我!\狮王商业登录器\列表生成器(不要给玩家).exe
file:\GTServer\GT_Tools.rar->GT_Tools\GT!setupeditor.exe
file:\KingA3G\A3gNF_FreeTest70P_adFix_05-04-12.rar->KingFor3GServer.dll
file:\LSServer\LS3G-Chinese.rar->LS3G-Chinese\Setup\全功能修改!setup.txt1.1.exe


Backdoor:Win32/Hupigon

Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar
containerfile:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar
containerfile:\CruelDragonHolley\hl_5.02_1102.rar
containerfile:\Eisky3G\Mud3(20060401).rar
containerfile:\EI\040529mud3.rar
containerfile:\EI\xyff_mud3_11_25.rar
containerfile:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar
containerfile:\mir2server1.9\Foundation1.9.rar
file:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar->Mud3\工具\字符替换器.exe
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\工具\字符替换器.exe
file:\CruelDragonHolley\hl_5.02_1102.rar->hl_5.02_1102\字符替换器.exe
file:\Eisky3G\Mud3(20060401).rar->Mud3\Mir3Server\Tools\字符修改器.exe
file:\EI\040529mud3.rar->mud3\ip修改器.exe
file:\EI\xyff_mud3_11_25.rar->XYFF_MUD3_11_25\ip修改器.exe
file:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar->Mud3\工具\字符替换器.exe
file:\mir2server1.9\Foundation1.9.rar->mirserver\使用说明\私服工具\批量字符修改器.exe


VirTool:Win32/Obfuscator.XX

Category: Tool

Description: This program is used to create viruses, worms or other malware.

Recommended action: Remove this software immediately.

Items:
containerfile:\mir2td2.3\Mirserver.rar
file:\mir2td2.3\Mirserver.rar->Mirserver\DBServer\DBServer-Bak.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\DBServer\DBServer.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\GameGate\RunGate.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\LoginGate\LoginGate.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\LoginSrv\LoginSrv.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\LogServer\LogDataServer.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\M2Server\Hell23.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\M2Server\M2Server.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\M2Server\mir.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\M2Server\mir2.exe->[Themida_License]
file:\mir2td2.3\Mirserver.rar->Mirserver\SelGate\SelGate.exe->[Themida_License]


TrojanDownloader:Win32/Troxen!rts

Category: Trojan Downloader

Description: This program is dangerous and downloads other programs.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:\mir2td2.3\Mirserver.rar
file:\mir2td2.3\Mirserver.rar->Mirserver\db convertor\DBConvert.exe
file:\mir2td2.3\Mirserver.rar->Mirserver\guild convertor\GuildConvert.exe


Backdoor:Win32/Hupigon.gen!H

Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommended action: Remove this software immediately.

Items:
containerfile:\mir2server1.9\Foundation1.9.rar
file:\mir2server1.9\Foundation1.9.rar->mirserver\#in1\最新验证器.exe->(UPX)


Virus:Win32/Induc.A

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:\Hero\herosource.rar
file:\Hero\herosource.rar->herosource\Release\MirClient\GameLogin.exe
file:\Hero\herosource.rar->herosource\Release\MirClient\mir2.exe


Trojan:Win32/Dynamer!dtc

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:\Hero\herosource.rar
file:\Hero\herosource.rar->herosource\MirServer.rar->通用登陆器(音乐拍卖).rar->通用登陆器(音乐拍卖)\资源文件\Mir\Mir.exe.bak


VirTool:WinNT/Rootkitdrv.CR

Category: Tool

Description: This program is used to create viruses, worms or other malware.

Recommended action: Remove this software immediately.

Items:
containerfile:\EI\xyff_mud3_11_25.rar
file:\EI\xyff_mud3_11_25.rar->XYFF_MUD3_11_25\注册登陆器\id_11-24.rar->ID_11-24\光通兼容版+补助外挂\传奇3登陆器光通版.exe->(Aspack v2.12)->(Aspack v2.12)->(Aspack v2.12)->(Aspack v2.12)->(Aspack v2.12)->(VFS:cdcd.sys)


Trojan:Win32/Anomaly.gen!A

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:\EI\xyff_mud3_11_25.rar
file:\EI\xyff_mud3_11_25.rar->XYFF_MUD3_11_25\注册登陆器\id_11-24.rar->ID_11-24\光通兼容版+补助外挂\MIR4.exe->(Aspack v2.12)
file:\EI\xyff_mud3_11_25.rar->XYFF_MUD3_11_25\注册登陆器\id_11-24.rar->ID_11-24\私服版+补助外挂\MIR4.exe->(Aspack v2.12)


Trojan:Win32/Bumat!rts

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
containerfile:\EI\040529mud3.rar
containerfile:\EI\xyff_mud3_11_25.rar
containerfile:\ToolsHelps\MapEdit1.9.rar
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\读我!\GetMID.rar->GetMID.exe
file:\EI\040529mud3.rar->mud3\Mir300\Envir\Mon_def\保留-未使用\mondef.exe
file:\EI\xyff_mud3_11_25.rar->XYFF_MUD3_11_25\Mud\Mir300\Envir\Mon_def\保留-未使用\mondef.exe
file:\ToolsHelps\MapEdit1.9.rar->MapEdit.exe


Backdoor:Win32/Hupigon.CK

Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommended action: Remove this software immediately.

Items:
containerfile:\CruelDragonHolley\hl3.56.rar
file:\CruelDragonHolley\hl3.56.rar->HL3.56控制台文件\HL_3.560425_Loader.exe->(EXEEmb)
file:\CruelDragonHolley\hl3.56.rar->HL3.56控制台文件\HL_3.560425_Loader.exe->(VFS:Server.exe)
file:\CruelDragonHolley\hl3.56.rar->HL3.56控制台文件\HL_3.560425_NetCheck.exe->(EXEEmb)
file:\CruelDragonHolley\hl3.56.rar->HL3.56控制台文件\HL_3.560425_NetCheck.exe->(VFS:Server.exe)
file:\CruelDragonHolley\hl3.56.rar->注册机文件\EXECryptor.exe->(EXEEmb)
file:\CruelDragonHolley\hl3.56.rar->注册机文件\EXECryptor.exe->(VFS:Server.exe)


Virus:Win32/Gael.B!dam

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\Mir3Server\GameGate\OldGamegate.rar->SelChrGate\Gate30.exe


Trojan:Win32/Trafog!rts

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:\CruelDragonHolley\CruelDragon3G-old.rar
containerfile:\CruelDragonHolley\CruelDragon3G.rar
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
containerfile:\LSServer\LS3G-Chinese.rar
file:\CruelDragonHolley\CruelDragon3G-old.rar->CruelDragon3G_ServerFile.rar->SqlLogClear.exe
file:\CruelDragonHolley\CruelDragon3G.rar->CruelDragon3G_ServerFile.rar->SqlLogClear.exe
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\读我!\狮王商业登录器\dbt178\YZQ.exe
file:\LSServer\LS3G-Chinese.rar->LS3G-Chinese\SqlLogClear.exe

PWS:Win32/Prast!rts

Category: Password Stealer

Description: This program is dangerous and captures user passwords.

Recommended action: Permit this detected item only if you trust the program or the software publisher.


Items:
containerfile:\CruelDragonHolley\CruelDragon3G-old.rar
containerfile:\CruelDragonHolley\CruelDragon3G.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.30FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.31FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.32FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.33FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.36FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.37FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3G_Holley3.38FreeUpdate.rar
containerfile:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar
containerfile:\CruelDragonHolley\hl_5.02_1102.rar
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
containerfile:\King3G\King4.243G.rar
containerfile:\LSServer\LS3G-Chinese.rar
file:\CruelDragonHolley\CruelDragon3G-old.rar->CruelDragon3G_ServerFile.rar->mir3server\LoginSvr\LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G.rar->CruelDragon3G_ServerFile.rar->mir3server\LoginSvr\LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.30FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.31FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.32FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.33FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.36FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.37FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3G_Holley3.38FreeUpdate.rar->LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\Mir3Server\LoginSvr\LoginSvr.exe
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\工具\Mir3param104b2.exe
file:\CruelDragonHolley\hl_5.02_1102.rar->hl_5.02_1102\Mir3Server\LoginSvr\LoginSvr.exe
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\Mir3Server\LoginSvr\LoginSvr.exe
file:\King3G\King4.243G.rar->King3G4.24 Beta1Mir3 Server (Free100).rar->mir3server\LoginSvr\LoginSvr.exe
file:\LSServer\LS3G-Chinese.rar->LS3G-Chinese\mir3server\LoginSvr\LoginSvr.exe


VirTool:Win32/Obfuscator.M

Category: Tool

Description: This program is used to create viruses, worms or other malware.

Recommended action: Remove this software immediately.

Items:
containerfile:\CruelDragonHolley\3.55Working.rar
containerfile:\CruelDragonHolley\CruelDragon3G-old.rar
containerfile:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar
containerfile:\CruelDragonHolley\hl_5.02_1102.rar
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
containerfile:\Eisky3G\Mud3(20060401).rar
containerfile:\Eisky3G\update.rar
file:\CruelDragonHolley\3.55Working.rar->Mud3\mir3server\HolleyDBSvr\HolleyDBSvr.dll
file:\CruelDragonHolley\CruelDragon3G-old.rar->CruelDragonMir3G_1.22.rar->Mir3G.dll
file:\CruelDragonHolley\CruelDragon3_Holley3.56Cracked.rar->mud3\Mir3Server\HolleyDBSvr\HolleyDBSvr.dll
file:\CruelDragonHolley\hl_5.02_1102.rar->hl_5.02_1102\Mir3Server\DBsvr\HolleyDBSvr.dll
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\Mir3Server\DBsvr\HolleyDBSvr.dll
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\读我!\传奇3全能积分修改系统\传奇3全能积分修改系统.exe
file:\Eisky3G\Mud3(20060401).rar->Mud3\For3G.dll
file:\Eisky3G\Mud3(20060401).rar->Mud3\Mir3Server\LoginGate\LoginGate.exe
file:\Eisky3G\Mud3(20060401).rar->Mud3\Mir3Server\RunGate\RunGate.exe
file:\Eisky3G\Mud3(20060401).rar->Mud3\Mir3Server\SelGate\SelGate.exe
file:\Eisky3G\update.rar->Mymir3.dll


Virus:Win32/Gael.gen!A

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar
file:\CruelDragonHolley\swHL3.56EIMir3V1.85.rar->MUD3\Mir3.EXE->(PECompact2 v2.50+)


Trojan:Win32/Sisproc

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.
Items:
containerfile:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar
containerfile:\Hero\herosource.rar
containerfile:\KingA3G\A3G10PtestNF1.1_05-04-07.rar
containerfile:\KingA3G\A3gNF_FreeTest70P_05-04-11.rar
containerfile:\KingA3G\King3g11bcrack.rar
containerfile:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar
file:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar->Mud3\1.2 控制台1230a版注册\JamesCN.dll->(VFS:V22004810.EPE)
file:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar->Mud3\1.2 控制台1230a版注册\Reg.exe->(VFS:V22004810.EPE)
file:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar->Mud3\KingForEiServer.dll->(VFS:V22004810.EPE)
file:C:\$Recycle.Bin\S-1-5-21-2939609079-2224608815-2124830722-1001\$RD8QRS2.rar->Mud3\王者控制台.exe->(VFS:V22004810.EPE)
file:\Hero\herosource.rar->herosource\MirServer.rar->通用登陆器(音乐拍卖).rar->通用登陆器(音乐拍卖)\Release\GameLogin.exe->[RSRCEmb]
file:\Hero\herosource.rar->herosource\MirServer.rar->通用登陆器(音乐拍卖).rar->通用登陆器(音乐拍卖)\资源文件\Mir\Mir.dat
file:\KingA3G\A3G10PtestNF1.1_05-04-07.rar->MUD3\kingsoft1.1.exe->(VFS:V22004810.EPE)
file:\KingA3G\A3G10PtestNF1.1_05-04-07.rar->MUD3\登陆器，注册系统\regserver\1.3RegServer.exe->(VFS:V22004810.EPE)
file:\KingA3G\A3gNF_FreeTest70P_05-04-11.rar->KingForMir3G\KingFor3GServer.dll->(VFS:V22004810.EPE)
file:\KingA3G\A3gNF_FreeTest70P_05-04-11.rar->KingForMir3G\KingFor3GSql.dll->(VFS:V22004810.EPE)
file:\KingA3G\A3gNF_FreeTest70P_05-04-11.rar->KingForMir3G\KingMir3ServerLog.exe->(VFS:V22004810.EPE)
file:\KingA3G\A3gNF_FreeTest70P_05-04-11.rar->KingForMir3G\kingsoft.exe->(VFS:V22004810.EPE)
file:\KingA3G\King3g11bcrack.rar->老A_3G破解\kingsoft1.1b.exe->(VFS:V22004810.EPE)
file:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar->Mud3\1.2 控制台1230a版注册\JamesCN.dll->(VFS:V22004810.EPE)
file:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar->Mud3\1.2 控制台1230a版注册\Reg.exe->(VFS:V22004810.EPE)
file:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar->Mud3\KingForEiServer.dll->(VFS:V22004810.EPE)
file:\KingServer\SP3Server\´«ÆæѧԺ2.51- SP3·þÎñÆ÷¶Ë.rar->Mud3\王者控制台.exe->(VFS:V22004810.EPE)

 

[tkila]

wow 2 much mate XDD

 

[Azura]

flagged as virus's because they manipulate your system (cracks)

 

[Phantom]

We know all this, as the files are emulated. If you look in released section, you will find my release for hexing inferno.exe and it contains Aspack 1.3. Also you use trial reset to remove keys, which is basically a crack. In kings you have ArmFP to change the HWID and in 3.55 you use the armadillo crack. All of which will give a false positive when being run with a virus checker.