Process Protection from Warden (Hash enabler)

[Skuddle]

It seems someone locally has access to Firesheep and used an exploit against me to hijack my sessions here on mmowned. Nice. Please do not download the software that this guy uploaded. I am talking with Kurious about finding who did it.

Note to self. Don't use a generic password.

I apologize for anyone that was affected by this incident.

[2dgreengiant]

VirusTotal - Free Online Virus, Malware and URL Scanner

I can verify it is safe tho

[Skuddle]

*** There seems to be a bug with people using Windows 7. I am currently looking into it. I don't own a copy of Windows 7 so it may take a day or so.**

[matz77]

Unfourtantly my AV popped saying this was a "trojan" Im providing a screenshot. U trying to infect us man?

Trojan:win32/Bumat!rts

[lordviper666]

Since this was pulled no need for my input.

[_Mike]

I thought warden didn't scan for processes. Has this changed?

[kryptik]

VirusTotal - Free Online Virus, Malware and URL Scanner

I can verify it is safe tho

At this you can say it is save?
Yeah, sometime it will give some fail information, but this is full with 32/41 founds.

[Frosttall]

At this you can say it is save?
Yeah, sometime it will give some fail information, but this is full with 32/41 founds.

Just because it says that there's a found isn't it everytime that it's a real threat.

For example I've written an updater in C# and AntiVir says now, that it's a Dropper.Gen (Trojaner)..
And if a moderator says, that it's safe, then is it safe in every regard.

[eSko]

I find it hilarious how lazy leecher and 2rep member think that elite member and moderator are trying to infect them with a virus :-D

[Skuddle]

I thought warden didn't scan for processes. Has this changed?

Warden scans the initial header bytes of each process to ensure there is no linking between WoW and the selected process. Since all dynamic linking happens in the inclusion area of a program, the first byte location will allow you to see if its MS registered or if its a 3rd party . Should it be a 3rd party it will then scan the inclusion that the program is doing, or trace the jumps to see if its memory editing on WoW's ground.

[Dispoze]

Tested the program on ventrilo with the PID 3844. Kept getting:

Writefile failed; error = 6
Press enter to hide another process from Warden or 'q' to quit.

Confirmed Macafee does recognize this as a Trojan.

+rep

[sed-]

lolz its a false pos, just like when i wrote a simple program that spams E it got flagged 34/41 found it as a trojian//back door? its as simple as use this or dont. He was kind enough and thoughtfull enough to post a usefull program like this public so be thankfull...

Side note "Threat detected:

object is infected by Worm.Win32.Agent.dm" lol oh noez! ;p how do i find pids? If i can get an example i will under stand how, like i thought since i use wowext.exe as the pid because thats what showed up in the processes.

[Neffarian]

Sigh i hate we people say they dont want this to get patched, or people to profit from it.
Do what GD does and Retard proof your codes...

[kynox]

Lets see how many things are wrong with this.

1) You're completely retarded. If you're going to boast about knowing something, you might wish to actually know something.
2) This does literally nothing to protect users from Warden, you would know that if you knew what you were doing.
3) In addition to point 2, this only introduces another obvious thing to detect.

Bravo, you've released a tool to increase a users chance of being banned by 100%. I'm actually astounded that you even manage to find the 'Compile' button.

Code:

    puts("SCManager Opened.");
    puts("Creating random hash");
    puts("Random hash made");

I lol'd.

If anyone was wondering what he was doing, he implemented a popular and public cloaking method available here: http://quequero.org/Sandbox/Our_first_DKOM

*Edit*:

Upon further review, you blatantly copied the code from https://groups.google.com/group/comp...0c9874ff?hl=en - Nice.

[Cypher]

Hahaha. OP just got pwned.

EDIT:

Warden scans the initial header bytes of each process to ensure there is no linking between WoW and the selected process. Since all dynamic linking happens in the inclusion area of a program, the first byte location will allow you to see if its MS registered or if its a 3rd party . Should it be a 3rd party it will then scan the inclusion that the program is doing, or trace the jumps to see if its memory editing on WoW's ground.

Is everything you say complete shit? Or is it just when it comes to Warden and Windows internals.

Seriously, do you have ANY idea how Warden and/or Windows works?

IMPORTANT NOTE TO ANYBODY READING THIS:
This guy is full of shit and has no idea what he's doing. Don't trust this program.