Jump to content
KLM ✈

Virus Alert: Please Read (Generator Class & Shop Arma3 Altislfie)

Recommended Posts

Hello all,

Today we had a thread reported "Tool: Generator Class & Shop Arma3 Altislfie" which contained a tool to generate Config_Vehicle classes for vehicles and stores based on text box inputs (see image below).

Spoiler

725764aee7d73fafbac2162fbe930786.png

 

Upon investigation the application (although functional) included a RAT (remote access tool / backdoor) and a key logger. The tool included a dropper which installed the virus onto your machine and onto any connected storage devices such as USB sticks, if you have ran this application I would highly recommend formatting any external storage devices.

VirusTotal scan of the .rar file

VirusTotal scan of the executed virus

The user who created the post has since been banned and the post removed.

 

IMPORTANT

If you had downloaded this application (from either here or from the link in the video description from the post) then please check the following (only applicable for Windows):

remove SEE_MASK_NOZONECHECKS from your windows environment variables (how-to).

check for c91b31a7dd6aea056205bfae04cfff82 in your windows registry (use regedit, ctrl-f) if you find it remove the entry. (how-to)

If you are aware that your machine has been infected, I would recommend blocking traffic with the IP address it communicates with (103.212.181.48) (how-to).

We do not condone attacking that IP address or it's owner and do not know if the owner is aware of the virus acting from it, steps have been taken to contact them.

 

Going forward we will be taking steps to ensure this does not happen again, we have since made the tools sub-forum require all threads to be approved before being posted to the site where we will run VirusTotal scans of all content uploaded to the thread before allowing it. Any positives from the scans will be investigated as false positives can still occur.

 

We would like to thank you for your understanding and are sorry to those affected.

Edited by KLM ✈
more info
  • Like 4
  • Thanks 1
  • Sad 1

Share this post


Link to post
Share on other sites

Good job :) 

Shouldn't this be posted somewhere on the front page so it isn't lost and people who did download it can sort it asap? Putting this thread in Headquarters or adding a notification (automated message or banner/bar) when coming to the site would help those that have downloaded this.

 

  • Like 1

Share this post


Link to post
Share on other sites
7 hours ago, JedINyte said:

Good job :) 

Shouldn't this be posted somewhere on the front page so it isn't lost and people who did download it can sort it asap? Putting this thread in Headquarters or adding a notification (automated message or banner/bar) when coming to the site would help those that have downloaded this.

 

I have asked Monte to do so but I believe he is currently asleep, should be moved some point today hopefully

Share this post


Link to post
Share on other sites
29 minutes ago, KLM ✈ said:

I have asked Monte to do so but I believe he is currently asleep, should be moved some point today hopefully

Let's hope so, he was on reading the thread after i posted....obviously you have spoken directly to him too, it's pretty serious given it was released here and potentially has infected hundreds of users who tried it out.

Let's hope no one has had their bank emptied in the meantime.

 

  • Like 1

Share this post


Link to post
Share on other sites

×