Think it's a virus? Question its legitimacy? Take a closer look.

[Zangrefia]

This video I created is to exploit hidden viruses inside fake programs used to steal your info or infect you with a keylogger, trojan, or even a RAT. Sorry if some things I said were mumbled. I made this in a rush because I had to treat someone to breakfast .
[video=youtube]http://www.youtube.com/watch?v=yiltx5rhwfI[/video]

 

[Unforgettable]

To be honest, I'd just avoid downloading RuneScape-related programs. Especially if it's an .exe-file. I might download files if they're from trusted users and the file extensions is appropriate and NOT .exe, .scr or .com.

Nonetheless, great guide!

 

[Zangrefia]

Yes it's common sense that all runescape programs are fake. This is just a way to confirm it and possibly do more that I don't want to show in the guide.

 

[the_lol]

Good video guide. I downloded it for future use. Why would you download facebook "hax" and the like.. that's just silly.

 

[Zangrefia]

Thanks for the feedback, the_lol.

 

[Snarf]

Decent guide, this should show all of the dumb little kids that they in fact cannot get ahead in the game with a little program. RuneScape is impregnable!

 

[Zangrefia]

Thank you for the feedback!

 

[Fast Don't Lie]

Great guide man, I learned something new. Can you do this without the .Net Reflector? Such as using a text editing software like Notepad++?

 

[Zangrefia]

No you can't. Most of the programs you see will most likely be crypted so it would be nearly impossible.

 

[WetRain]

This was an excellent guide

 

[Disruption]

No you can't. Most of the programs you see will most likely be crypted so it would be nearly impossible.

Well of course not with Notepad++ and .Net reflector is not the best way.

Your best and safest bet is to use a virtual machine and use a tool such as HJT (HiJack This) or OTL (ONLY IF TRAINED), and see if it has a running process.

 

[Rebel_mybb_import13008]

good video guide
was informative

 

[Zangrefia]

Well of course not with Notepad++ and .Net reflector is not the best way.

Your best and safest bet is to use a virtual machine and use a tool such as HJT (HiJack This) or OTL (ONLY IF TRAINED), and see if it has a running process.

Also Wireshark to see outside connections.

 

[Reaperrr]

When I first saw it I thought it was a whaling video. Ha I liked it though nice commentary.

(Fail on my part)

 

[DarkCore]

A++ guide, thanks a bunch

 

[Zangrefia]

@Reaperrr haha, the use can go many ways, and DarkCore, thanks a lot!

 

[Europe]

Good looking video, although I don't have the time to watch it. It looks like you're using .NET Reflector to investigate the programs code. Pretty good. Won't work for non .NET apps and the virus code may be hard to find if it's hardcoded into the application or the program uses an obfuscator (like SmartAssembly), but it will definitely prevent you from getting infected by noobs.

As the others have pointed out, however, there's still quite a few other methods that would work. Using a virtual machine and a packet analyzer like WireShark, or even a proxy like Paros Proxy (while setting the system wide proxy address to the correct settings, of course), seeing as how a lot of viruses use HTTP to store things in PHP and SQL logs.

 

[Zangrefia]

Yes, but most skids use .net and even if they use SmartAssembly, you can see SMTP activity will happen if you execute it because most programs don't obfuscate the web connection methods.

 

[Automatic]

"account stat booster and IP grabber doesn't exist are impossible."

Nope, not one bit impossible. You just have to have access to jagex's servers and it's all easy go from there

 

[Inxy]

Very nice guide mate.