Thread
:
!!Warning!!
View Single Post
Reply
Posted 2003-07-12, 08:36 AM in reply to
tacoX
's post
"!!Warning!!"
www.d2hacking.com
is pointed at
http://www.pixelmethods.com/d2h/index2.htm
and resolves to 209.120.206.164.
pixelmethods.com is pointed at the Nameservers own by muderopolis.com
http://www.pixelmethods.com/d2h/dls/aim.zip
http://www.pixelmethods.com/d2h/dls/d2hackit.zip
http://www.pixelmethods.com/d2h/dls/herzonggol.zip
http://www.pixelmethods.com/d2h/dls/isspamsetup.zip
http://www.pixelmethods.com/d2h/dls/pinda.zip
http://www.pixelmethods.com/d2h/dls/wirt.zip
http://www.pixelmethods.com/d2h/dls/yayD2H.zip
Every single one of these files contains the same file, setup.exe which is a trojan. The payload is
c:\mswinsck.ocx
c:\kernel32.exe
c:\conversions.ini
conversions.ini allows the typing of characters that you cannot see, and this trojan allows the access to steal the account name // pw and cdkeys of the game Diablo 2
Blizzard.com has released on official warning at
http://www.battle.net/forums/thread...nt=0#post322018
Please remove these files and I certainly hope that this user is removed from your services
fyi: This person is in the Diablo 2 community as TacoX, a recent administrator at
www.zelaron.com
Profile
PM
WWW
Search
Kronix