Quantcast

Jump to content


Photo

[Guide] Checking Neopets Programs


  • Please log in to reply
33 replies to this topic

#1 Kyle

Kyle
  • Legit.

  • 2,081 posts


Users Awards

Posted 26 June 2007 - 08:19 PM

Requirements:
Virus Scanner (Your own will likely work, but AVG located here)
PE Explorer (located here)
Install both files as necessary.

Purpose:
PE Explorer: To check for password stealers within a program.
AVG/your virus scanner: To check for viruses within a program.
------------------------------------------------------------------------------------------------------------------

Now, open PE explorer. Your window will look like this. From this screen, you can select the program you want to check by clicking the yellow folder in the upper left corner, as shown here, and browsing for it.

From their, you will be given the opportunity to buy the full version of PE Explorer. Click continue, and move on to the next step.

Now, you should be looking at a window very similar to this. From here, you will click on the blue scroll-looking button at the top, shown here.

Two windows will pop up, and without changing anything, press the "Start Now" button on the front window.

You should now be looking at a very crowded and confusing page, looking something like this. In the top box, you want to scroll over so the last column is at the left most viewing point of the box, as shown here.

Now, you actually start checking the program. Press ctrl+f to bring up the search box, and type http, like this. Continue pressing ctrl+f and enter to search the whole program. If any of the links go anywhere but neopets.com, there is a very good chance the program is attempting to steal your username and password.
Example of clean program: Here
Example of a Password stealing program: Here
------------------------------------------------------------------------------------------------------------------

For the purpose of this guide, I will be using AVG, although your virus scanning program will almost certainly work.

Find the program you want to scan, and right click. A menu like this will show up. Select "Scan with AVG". If a virus is found, something similar to this will show up. If the program is virus free, a window looking similar to this will show up.

Disclaimer: If you use these techniques and somehow a password stealer or virus gets past you, I am NOT responsible for your account. These are the methods I have used and they have never failed me, but that doesn't mean they are completely full-proof.
This guide was written by Kyle, and distributed ONLY to Neocodex.us. Enjoy! :)

Edited by Kyle, 21 May 2012 - 11:37 AM.


#2 Kyle

Kyle
  • Legit.

  • 2,081 posts


Users Awards

Posted 26 June 2007 - 08:24 PM

No problem. Its a guide I had been wanting to write for a while smile.gif

#3 Cataliste

Cataliste
  • Codex's Right Hand

  • 4,662 posts


Users Awards

Posted 26 June 2007 - 08:32 PM

I'll just Mew11 all my evil programs then.

#4 Kyle

Kyle
  • Legit.

  • 2,081 posts


Users Awards

Posted 26 June 2007 - 08:41 PM

QUOTE(Cataliste @ Jun 26 2007, 11:32 PM) View Post
I'll just Mew11 all my evil programs then.

Isn't that packing in such a way that its harder to detect?

If so, its more of a beginners guide to checking, and I didn't get into/know how to check when thats the case.

#5 Guest_Rambo_*

Guest_Rambo_*

Posted 27 June 2007 - 01:14 PM

Isn't exactly required for this site, as the programs are checked any way.

Also, Ange, a suggestion, all guides should have a similar formatting.

#6 Mumei

Mumei
  • 3,545 posts

Posted 27 June 2007 - 02:25 PM

I think this is a great idea to have a guide, yes - we check every program that's submitted here, but please remember we can't check every line of code (first we don't usually ask for the source, we only check the object, and secondly it's always possible to miss things as we're only human and do not guarantee the programs posted here are 100% free of malware, only that we've checked them and didn't spot anything) so if anyone spots something in a program PM one of the Admin/Sr programmers/programmers here and we'll investigate it immediately.


if you really want a comprehensive guide, you may also add into it a network sniffer mini guide (eg ethereal) and use of Hex Editors

most anti virus scanners use signatures to identify malware, so a home built program will not often get picked up unless all they've done is bind into the code an already existing virus

also another thing to mention, is to identify all the calls to the communication protocol they are using (eg Wrapper) - i would investigate a program if there is a call to the wrapper with a call to a decrypt function just before it.
other things to check for are any POP protocols (calling any installed email programs, hosted email servers, or including an email server in the code)
any programs that contain 2 methods for HTTP communication (using 2 wrappers, or a wrapper and web browser)
check for any unnecessary security protocol (a daily doer does not need an encrypt/decrypt function within it, so you have to ask why it's there - what data is it hiding etc....)

#7 Chew

Chew
  • 6,307 posts


Users Awards

Posted 27 June 2007 - 03:12 PM

thanks for the guide. I ran this on some other auto programs I use on other game sites and I actually found two programs that had some suspicious http's in them. thanks again

#8 Hazard

Hazard
  • 3,424 posts

Posted 27 June 2007 - 04:15 PM

yea thanks for the guide...heavily needed just in case those thief's reaper4lv.gif

#9 Kyle

Kyle
  • Legit.

  • 2,081 posts


Users Awards

Posted 27 June 2007 - 07:12 PM

QUOTE(mastachew @ Jun 27 2007, 06:12 PM) View Post
thanks for the guide. I ran this on some other auto programs I use on other game sites and I actually found two programs that had some suspicious http's in them. thanks again

That was basically the main goal of this. I saw lots of people getting scammed from programs from other sites. So if you chose to use programs from other sites, at least you can use a guide from Codex to check them. smile.gif

#10 Cataliste

Cataliste
  • Codex's Right Hand

  • 4,662 posts


Users Awards

Posted 27 June 2007 - 08:04 PM

Also, get UPX. Try to decompress the file with UPX to make sure it is not packed. Though anyone really wanting to get people would use Mew11, The dumber one's may use UPX. Viral signatures are distorted with UPX packing.

#11 the_skip

the_skip
  • 30 posts

Posted 10 July 2007 - 02:51 PM

Also to be double sure use a packet sniifer or somethign liek wpe pro and put fals information in and see if it goes to anywhere else but neopets. they cannot hide the post data from a packet sniffer unless they are good, but then you'll have to watch them take your account

#12 Stephen

Stephen
  • 3,509 posts


Users Awards

Posted 05 November 2007 - 09:33 PM

QUOTE(Cataliste @ Jun 28 2007, 02:04 PM) View Post
Also, get UPX. Try to decompress the file with UPX to make sure it is not packed. Though anyone really wanting to get people would use Mew11, The dumber one's may use UPX. Viral signatures are distorted with UPX packing.

Isn't UPX packing close to useless nowadays anyway?
Most people wouldn't pack with UPX anymore, and morphine is close to useless because of paranoid anti-virus software.. to my knowledge anyway.

I'll do my research later, hacking, packing, and maltivity isn't really my area of knowledge, but I wouldn't mind knowing more of course. tongue.gif

#13 Sorrow

Sorrow
  • 26 posts

Posted 20 February 2008 - 02:20 PM

Good ! Thanks!

#14 Member

Member
  • 1 posts

Posted 06 July 2008 - 05:36 PM

I want to thank you for the information! It just confirmed that I had been had. I was searching for my answer and yound this forum. The PE Explorer (with your instructions) found the bad news for me. sad.gif Do not use the "Altador Cup Hack" listed by jugularfreeman on youtube. The code shows a link where he is stealing your Log in info!

I royally screwwed up and my 6 year account is gone sad.gif
GREAT Thread with Very Useful Information!! please do keep pinned!

Edit by Kitsune: I edited out your links as it is safer for our users this way.

#15 permeability

permeability
  • 20 posts

Posted 12 September 2009 - 12:01 AM

Thank you for this. I'm always paranoid when I use programmes, haha!

#16 stirlingL

stirlingL
  • 424 posts

Posted 12 September 2009 - 05:28 AM

never use programs off youtube..... thats a pretty self explanatory one

#17 gaelle

gaelle
  • 65 posts

Posted 12 September 2009 - 05:36 AM

Wow very nice and useful guide ! We know programs on neocodex are sure but I often download neopets programs found on google so that will be very useful !

#18 nonotjj

nonotjj
  • 134 posts

Posted 12 September 2009 - 06:15 AM

heh, youtube programs is the quickest way to have your acct stolen... at least for WoW, I'm pretty sure it's the same for neo. :p

#19 shesamessx

shesamessx
  • 41 posts

Posted 20 October 2009 - 03:36 PM

Thanks for this! 

At first I was skeptical with this site, but then I got to thinking, if you have a whole community of people, someone would have piped up that they lost their account, you know?

This will help if I ever decide to use other programs xD



#20 GrenadeApple

GrenadeApple
  • 20 posts

Posted 06 November 2009 - 06:53 AM

Thanks for the guide i already had AVG but i didn't have PE Explorer.

#21 jonnykun

jonnykun
  • 403 posts


Users Awards

Posted 25 December 2009 - 09:22 PM

nice guide.
just wondering, has anyone ever seen a bad program put up on a reputable site ?
trying to assess the risk of pw stealing progs on good sites.

#22 Reemer

Reemer
  • 6 posts

Posted 25 March 2010 - 12:31 PM

Just a little tip, after you search for http once, you can press the F3 button to continue searching for http instead of pressing ctrl+f and hitting Find Next over and over.

#23 StefanKai

StefanKai
  • 375 posts

Posted 20 May 2010 - 12:03 PM

Excellent,will keep this in mind if I use any programs besides a Codex program.

#24 picole

picole
  • 483 posts

Posted 22 June 2010 - 09:59 AM

I loved the guide, always I had fear of a program that stole passwords

#25 zevrom

zevrom
  • 411 posts

Posted 29 January 2011 - 12:43 PM

Thanks, :thumbsup: Some programs are really untrustworthy


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users