198 replies to this topic

[Hydrogen]

yaa and we dont want to be that board right? so lets try not to fight with otha boards and itz all good

yah, were not gonna fight...were just gonna give them 1 hit KO if they try s*** like this on our boards.

[Fatal]

That still doesnt explain the NPgen though

[Hydrogen]

That still doesnt explain the NPgen though

the npgen had the same keylogger that abpro had in it. but yes, that is proof that he did not make the ab...but was taking credit for it...

[shabba]

no the first versions didnt have any virus in them

[Hydrogen]

no the first versions didnt have any virus in them

its only these versions that the keylogger has shown up in...

my attachment didnt work go here

http://graal16.tripod.com/lame.txt

u will see both the files are the same file just renamed

that looks whack rdd lol

[Dan]

Whos whack? xDD Sorry, had to say that,

[Typhoon]

You may have noticed elz acting weird. And posting keyloggers. Someone hacked his account I checked through the IP logs and it all checks out. It was member 404 that got into his account and by valued resources was told 404 was firebirdGM.

Told ya...

[Ender]

; FireBirdGM? Thought he left the neopets scene a long ti'me ago. Ya sure frosty?

[Cooliodoc]

goddamn! I just almost posted a huge long (like massively huge post) about heaps of stuff to do with this then I accidently put sticky keys on by pressing shift 5 ti'mes grrr so that meant when I scrolled down to click post that it wcrolled backwards though the pages I'd just been to ....soo frustrating, it's ti'mes like this I wish I had my own personal keylogger installed on my own computer again

Anyway, onto the current problem again. I'm supermoderator at 3volutions and I just deleted the keylogging programs. I thought it was odd that someone said the progs were trojans on the boards the other day but I just disregarded it as some n00bish loser lol. Ok well yea when Xenocyde got deleted I was looking around on the board for the reason and yea I discovered the keylogger (from now on referred to as kl because it shorter) I checked the prog and yea it's a kl, I've read all the posts before this (wow that took a while) and it seems like it was pretty much definently elz.

Here is my evidence against it being hi'm:

The post that he posted his kl in was really short kinda unlike elz when he posts progs.

The fact that this situation seems like the victi'm of a keylogger, becase maybe elz got keylogged so that's why the person was on his msn aswell and knew what elz was like (it is sort of possible believe me) Also probably they had never done this to a whole forum acting as the admin so they wanted to know the legality of it.

The fact elz didn't freeze me. SOme person in elz's account might have know about frosty having power but I kept mine pretty secret but elz knew ofcourse. As I have now deleted his post and stuff I may now be banned etc. Elz would have taken away my smod power to stop his posts before doing it.

I'm gonna go sniff around for more info.


But really even if it was elz, I won't be too mad at hi'm, I am sure I might have all of a sudden done something like that 2 years ago (maybe more than 2) when I was 14 or 13 (whatever elz is). I can be sympathetic (I don't care if you can't be) because I used to think exactly like someone who would do this kind of thing (except I would have blocked me )

So yea.... don't be too hard on hi'm, it's not like he's old enough to be charged anyway.

I really hope it wasn't elz, I'm gonna go sniff around for more info on what happend with my smod powers....(any suggestions for stuff I can look for that others can't is appreciated thanks.) I've already tried to check ips but I can't see admins ips, just everyone elses

Oh I just saw frosty post ok, so now I hope we see it weren't elz

OK frosty gave me admin controls so I could back hi'm up:
look at this:
elz's IP addresses (2) matches
IP Address Ti'mes Used Date Used Used for other Reg. IP Tool
193.217.156.** 218 23rd July 2004 - 03:34 PM 0 Learn about this IP
68.149.78.2 6 24th August 2004 - 12:31 AM 1 Learn about this IP
Unless elz moved country or something then it weren't hi'm (I know proxies are still a possibility, but come on this is already getting a bit too deviously complicated for even elz to have schemed)
and yea that second Ip that was only used 6 ti'mes was the same as 404 who we thing is firebirdgm. here is that persons email, they made both the emails of elz and 404: [email protected]

hope this sorta proves to you guys it wasn't elz and that you owe hi'm one big CENSORED apology (crosses fingers that he doesn't suddenly get proven wrong)

Edited by cooliodoc, 24 August 2004 - 05:06 AM.

[JabariAkil]

look who cares if it doesn't sound like hi'm ppl can flip someti'mes. c'mon use ur common sense it had 2 be elz check tha boys ip and he was chattin with noidart and like coolio said he was up 2 some s*** . I ain't choosin sides just think about it tho

[Cooliodoc]

did you read my edited post it wasn't elz. I checked his IP and all my nerdy computer and people senses tell me it wasn't hi'm, I mean damn ppl, it doesn't make sense to be elz really.

[Frosty]

kk I just gotta clear this up.

first it wasn't me deleted members. I checked logs and it was elz under 404's IP (meaning it was 404)

second 404 posted a link to his site yesterday that CONTAINED those 2 programs. elz downloaded them to check them and said they were keyloggers (The exact same) and plus even tho he has mcafee. it says it deleted it. but I didn't (because I had to rescan to get rid of it) anyway I have taken screenshots and posted them on 3vo anyone is welcome to look

PROOF (EDIT by LightSabre: Link removed and pmed to admin; you may post the actual screenshots here though.)

It explains how 404 got into his account KEYLOGGED when elz downloaded those 2 programs

-Frosty

[shabba]

elz whoever it was is guna pay I'm keylogged now and I'm not happy its infected alot of my harddrive and I'm not happy thank you for the ips
I have proof that it was elz he sent me a program of his source code at 2:30 pm gmt and it was his unless his whole computer was hacked which I high doubt......

Edited by dizzee, 24 August 2004 - 03:51 AM.

[XenoCyde]

MWahha he was hacked and I was right when I posted that link to the guy saying about the AB virus he hacked elz mwahha I am potentially smarter than all of u !

[Cooliodoc]

lol xeno, I love the "potentially" part of it, and dizzee your whole computer doesn't have to be hacked to get into someones msn lol, that's the first thing most ppl do when they keylog someone, they go into their msn. I have seen proof with my own eyes in the admin cp so....ihhh what is there to doubt anymore? I Think EVERYONE that posted nasty things about elz should now apologize (I know it's hard) Should we make an elz apology thread?

[Frosty]

new info from elz

His Gmail msn account has possibly been hacked...so anything on it last nite after 12AM (UK ti'me) was not hi'm

[LightSabre]

Such evidence as have been submitted by the staff of 3volutions are hardly conclusive; the relevant fact of the case is that keyloggers have been posted under elz's name, and to that end, it is the right of the admins here to warn their members against downloading and using such programs, as well as to ban hi'm and remove his programs on NeoCodex to safeguard the interests of NCdx's members.

However, in litigation, the staff of 3volutions may later choose to approach an admin on this matter, as well as to allow hi'm temporary access to all admin permissions on 3volutions so as to view all available 'evidence' for elz. No apologies from either party should be required at this point in ti'me.

[XenoCyde]

lol u sound like the news

just end it with

We are reporting live at NeoCodex studio folrlando studios alternate

Edited by XenoCyde, 24 August 2004 - 06:07 AM.

[shabba]

thats a lie frosty I have facts that elz was talking to me at 2:30 I recived a file from hi'm at this ti'me and it WAS source code

[Frosty]

his MSN was HACKED and the hacker (404) sent you HIS source code.

[xx_WLT_xx]

I just found out that the NPGen is a real keylogger, it's not a virus or something but it's not the NPGen. Taka look at it's contents:


ABCDEFGHIjust kiddingLMNOPQRSTUVWXYZabcdefghijust kiddinglmnopqrstuvwxyz0123456789+/    TDFWU`PB13:4    wb  rb      |Â@  .?AVexception@@ |Â@  .?AVlogic_error@std@@ |Â@  .?AVlength_error@std@@  string too long |Â@  .?AVout_of_range@std@@  invalid string position \ <tr><td>&nbsp;</td><td><a href='%s'>%s</a></td></tr>    <tr><td>&nbsp;</td><td>&nbsp;</td></tr><tr><td><b>%s</b></td><td><a href='%s'>%s</a></td></tr>  <unknown> InternetShortcut    URL %s\%s %s\*.*  %s\*.url    </table></HTML>  <HTML><p>&nbsp</p><H2>IE Favorites:</H2><table border='1' cellspacing='0' cellpadding='2' bordercolor='#000099'><tr><td><b>Folder</b></td><td><b>Item</b></td></tr> =ubcmf!xjeui>(86&(!cpsefs>(1(!dfmmtqbdjoh>(1(!dfmmqbeejoh>(1(!bmjho>(dfoufs(?
=us?=ue!bmjho>(dfoufs(?=is!bmjho>(dfoufs(!tj{f>(3(?
Epdvnfou!tfou!cz!=b!isfg>(iuuq;00xxx/tpgu.dfousbm/ofu0lfzmph/qiq(?TD.LfzMph=0b?-
!pggfsfe!cz!Tpgu.Dfousbm=cs?
Wjtju!TpguDfousbm!po!uif!xfc;!=b!isfg>(iuuq;00xxx/tpgu.dfousbm/ofu(?
iuuq;00xxx/tpgu.dfousbm/ofu=0b?=is!bmjho>(dfoufs(!tj{f>(3(?=0ue?=0us?=0ubcmf?=0CPEZ?=0IUNM?    <p>&nbsp;</p> </font></H1></td></tr></table><p>&nbsp;</p>
<br><table align='center' border='0' width='100%' cellpadding='8' cellspacing='0'>
<tr><td align='center' bgcolor='#000099' valign='middle'><H1><font color='#CCCCCC'>
</TITLE></HEAD><BODY>
<HTML><HEAD><TITLE> a    |Â@  .J  %s\%s.dll ab  %s\%s.exe WLEUnlock WLEStopScreenSaver  WLEStartup  WLEStartScreenSaver WLEShutdown WLELogon    WLELock WLELogoff Unlock  StopScreenSaver Startup StartScreenSaver    Shutdown    Logon Logoff  Lock    I'mpersonate Asynchronous    DllName Notify  Run RunServices Software\Microsoft\Windows\CurrentVersion\%s    %s.dll  -r  w See attached file(s)... %s log report *.* Log report of computer %s (%s)  E-MAIL  Log file sent by e-mail Delete logfile failed MAILERROR IE_Favorites.html ief_    ERROR Unable to open logfile while sending e-mail LogFile.log %s\%d-%d    25      |Â@  .H  RegisterServiceProcess  kernel32.dll    FlushBuffer SetLOpt SaveE StartL  StopL %s\%s.le    %s\%s.dat Installation report Unable to start %s engine Enable autostartup failed. The %s engine will not be started automatically by Windows after a reboot (%u) Unable to create link file. %s might be installed already Unable to create engine file. %s might be installed already %s is already running on this host, installation aborted. One or more errors where encountered while installing the %s engine:<br>
<br>
* <p>You will receive a log report every %d days, %d hours and %d minutes from this host. Thank you for using %s!</p> failed  succeeded Installation of %s on host %s (%s)  TD.LfzMph %d.%d.%d.%d ? @ %a, %d %b %y %H:%M:%S %Z
  Date:
      CC:  From: %s <%s>
To: %s
Reply-To: %s <%s>
Subject: %s
X-Mailer: Generic Mail service
Mi'mE-Version: 1.0
 
.


--%s--

  text/html text/plain  Content-Type: multipart/mixed;
boundary="%s"

This message is in Mi'mE format.

--%s
Content-Type: multipart/alternative;
boundary="%s" ----_=_NextPart_000_01C19920.83032BC0 ----_=_NextPart_001_01C19920.83032BC0 DATA
  HELO %s
EHLO %s
www.google.com  qualified 501 RCPT TO:<%s>
  MAIL FROM:<%s>
    QUIT
  421 %s - The server responded: %s Unable to send document. Verify your settings Unable to resolve server    Unable to connect to server Unable to send document (SMTP communication error)  One or more recipients could not be reached:    Unable to send document (network error)

--%s
Content-Type: %s;
charset="iso-8859-1"

 

--%s
Content-Type: application/octet-stream;
name="%s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="%s"



Why does it emails somebody? and one thing is that it operates the registry, screensaver, shutdown and restart and etc? why are there html codes in there? and why is there a logfile?

About Mainshop Restock whatcher
I opened it....... and this is what I saw:


? `Ó?Form    btnStopcheck    txtWait1    About RandomInteger  |   4
8
@
< M a d e b y R I d I c u l e o f N h a c k s . c o m  2 M a I n S h o p R e s t o c k A l e r t e r    kernel32     CreateWaitableTi'merA        r h t t p : / / w w w . n e o p e t s . c o m / o b j e c t s . p h t m l ? t y p e = s h o p & o b j _ t y p e = 1  G E T , A c c e p t - L a n g u a g e : e n - u s  

  ? U s e r - A g e n t : M o z I l l a / 4 . 0 ( c o m p a t I a b l e; M S I E 6 . 0; W I n d o w s N T 5 . 1; y I e 6; . N E T C L R 1 . 0 . 3 7 0 5 )  áN?3?fÏ?  ? `Ó?
S o r r y & R E S T O C K I S O C C U R I N G   


huh? what's ridicule of NHacks.com?  

Edited by xx_WLT_xx, 24 August 2004 - 04:33 AM.