1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[GET] New Craigslist Poster v2.1 UPDATE

Discussion in 'Black Hat SEO' started by crazyzcraz, Mar 27, 2009.

  1. crazyzcraz

    crazyzcraz BANNED BANNED

    Joined:
    Feb 28, 2009
    Messages:
    2
    Likes Received:
    26
    Okay here is the update sorry not in other thread if u are lost look at my other craigs list poster thread its now 2 in the morning and ive been codeing all day so here it is ive really tired so if anything is messed up just pm and ill get to it as soon as possible also included some screenies


    RapidShare:
    ***.rapidshare.com/files/214020048/Craigs_List_Poster_2.1.rar
    www
     

    Attached Files:

    • Thanks Thanks x 2
  2. clickbang

    clickbang Jr. VIP Jr. VIP Premium Member

    Joined:
    May 21, 2008
    Messages:
    199
    Likes Received:
    121
    VirusTotal Scan:
    Code:
    http://www.virustotal.com/analisis/2bd797fdfab6038d1cc64027a9a678fa
    Antivirus Version Last Update Result
    a-squared 4.0.0.101 2009.03.27 -
    AhnLab-V3 5.0.0.2 2009.03.27 -
    AntiVir 7.9.0.129 2009.03.26 -
    Antiy-AVL 2.0.3.1 2009.03.26 -
    Authentium 5.1.2.4 2009.03.27 -
    Avast 4.8.1335.0 2009.03.26 -
    AVG 8.5.0.283 2009.03.26 -
    BitDefender 7.2 2009.03.26 -
    CAT-QuickHeal 10.00 2009.03.26 -
    ClamAV 0.94.1 2009.03.26 -
    Comodo 1085 2009.03.26 -
    DrWeb 4.44.0.09170 2009.03.27 -
    eSafe 7.0.17.0 2009.03.26 -
    eTrust-Vet 31.6.6419 2009.03.27 -
    F-Prot 4.4.4.56 2009.03.26 -
    F-Secure 8.0.14470.0 2009.03.27 -
    Fortinet 3.117.0.0 2009.03.27 -
    GData 19 2009.03.26 -
    Ikarus T3.1.1.48.0 2009.03.27 -
    K7AntiVirus 7.10.682 2009.03.26 -
    Kaspersky 7.0.0.125 2009.03.27 -
    McAfee 5565 2009.03.26 -
    McAfee+Artemis 5565 2009.03.26 -
    McAfee-GW-Edition 6.7.6 2009.03.26 -
    Microsoft 1.4502 2009.03.26 -
    NOD32 3968 2009.03.27 -
    Norman 6.00.06 2009.03.26 -
    nProtect 2009.1.8.0 2009.03.27 -
    Panda 10.0.0.10 2009.03.26 -
    PCTools 4.4.2.0 2009.03.26 -
    Prevx1 V2 2009.03.27 -
    Rising 21.22.40.00 2009.03.27 -
    Sophos 4.40.0 2009.03.27 -
    Sunbelt 3.2.1858.2 2009.03.26 -
    Symantec 1.4.4.12 2009.03.27 -
    TheHacker 6.3.3.7.292 2009.03.26 -
    TrendMicro 8.700.0.1004 2009.03.27 -
    VBA32 3.12.10.1 2009.03.26 -
    ViRobot 2009.3.26.1664 2009.03.26 -
    VirusBuster 4.6.5.0 2009.03.26 -
     
    • Thanks Thanks x 1
  3. DchozN

    DchozN BANNED BANNED

    Joined:
    Feb 4, 2009
    Messages:
    37
    Likes Received:
    61
    Once again, thank you for your efforts!
     
  4. 75020780

    75020780 BANNED BANNED

    Joined:
    Feb 5, 2009
    Messages:
    122
    Likes Received:
    46
    does this work, anyone?
     
  5. gimmedat

    gimmedat Junior Member

    Joined:
    Jan 9, 2009
    Messages:
    106
    Likes Received:
    52
    Occupation:
    cartographer
    Location:
    VA
    This guy has been bullshitting you all.
     
  6. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    I am not making any accusations but as soon as i started this program, first it didnt work so removed the exe from system processes, Secondly all of my passwords in firefox were removed, forgotten, I am decompiling now. will post results.
     
  7. pennyb

    pennyb Junior Member

    Joined:
    Aug 14, 2008
    Messages:
    119
    Likes Received:
    267
    Location:
    Necropolis
    all my firefox logins are gone also MF
     
  8. pennyb

    pennyb Junior Member

    Joined:
    Aug 14, 2008
    Messages:
    119
    Likes Received:
    267
    Location:
    Necropolis
    btw clp.exe is set to run at startup its in the system32 folder dont know what it does
     
  9. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    remove clp.exe asap, iso far i found it is actually Enforcer.exe, what it does i dont know, still looking at all the code.

    dont reboot ur puter till you removed all traces.
     
  10. gulp86

    gulp86 Junior Member

    Joined:
    Mar 16, 2009
    Messages:
    171
    Likes Received:
    133
    Ok caps on here mates...

    Do not download this soft, neither any version or any soft this motherfuck...


    This has a keylogger:
    Here's how it works
    1) capture allllll your firefox (and otehrs browsers probably) users and key
    2) upload it through batch code to an ftp of his own.


    So: Again do not download this i forgot all my keys i hope this guy dont change my password,

    wtf??????????
     
  11. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    look in windows\system32\

    delete clp.exe and xpwin.exe

    this will stop the autologin of the malware, i have yet to find proof that it is a keylogger or sends your personal info to any ftp, I am still looking through the endless lines of code.

    One thing is for certain this program is NOT what the OP stated and he should be banned!
     
  12. gulp86

    gulp86 Junior Member

    Joined:
    Mar 16, 2009
    Messages:
    171
    Likes Received:
    133
    I was there...
    I know this is a fucking keylogger and i also can risk to say: i know WHICH keylogger is.
    If it is what i think it is, the keylogger sned ALL the log with the usernames and pass thorugh fto or email (port 21) and then it simple moves itself to the temporary folder so it is self destructed.
    Nothing to do when that happens, it is SHIT
    Probably change the passwords is the best thing to do

    MODS: BAN THIS USER NOW
     
  13. pennyb

    pennyb Junior Member

    Joined:
    Aug 14, 2008
    Messages:
    119
    Likes Received:
    267
    Location:
    Necropolis
    well if its a keylogger this guy should be killed not just banned
     
  14. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    I didnt say it wasnt a keylogger but if it was and sent info via ftp on port 21 as you say, my firewall would have blocked it and nothing was blocked in my logs, always good to be safe though and change all your passes, i have since deleted both files i mentioned above abd ran a few scans in spybot, ad-aware, keylogger detector and a rootkit scanner and everything seems to be back to normal.

    I am still looking at the binaries though if there is a http,ftp tranmittald ill find it. I am not the expert coder so its taking me some time :)
     
  15. gulp86

    gulp86 Junior Member

    Joined:
    Mar 16, 2009
    Messages:
    171
    Likes Received:
    133
    which firewall are u using?
     
  16. marcuskona

    marcuskona Junior Member

    Joined:
    Sep 27, 2008
    Messages:
    168
    Likes Received:
    654
    Occupation:
    IT
    Location:
    127.0.0.1
    Home Page:
    a low end juniper netscreen 208, more bang for the buck. ;)
     
  17. pennyb

    pennyb Junior Member

    Joined:
    Aug 14, 2008
    Messages:
    119
    Likes Received:
    267
    Location:
    Necropolis
    system32 in the windows folder or you can just go to start - run and type msconfig then go to startup and just turn it off of course its better to delete it btw i didnt have the xpwin.exe
     
  18. kingofbigmac

    kingofbigmac Regular Member

    Joined:
    Apr 10, 2008
    Messages:
    269
    Likes Received:
    55
    Occupation:
    Sitting at my computer dicking around
    Location:
    Las Vegas
    what about his older version that he had up. I have xpwin.exe and no clp.exe I really dont want to change all my passwords again.
     
  19. gulp86

    gulp86 Junior Member

    Joined:
    Mar 16, 2009
    Messages:
    171
    Likes Received:
    133
    Unlock + xpwin.exe = easy way to solve it
    No clp.exe at all
     
  20. kingofbigmac

    kingofbigmac Regular Member

    Joined:
    Apr 10, 2008
    Messages:
    269
    Likes Received:
    55
    Occupation:
    Sitting at my computer dicking around
    Location:
    Las Vegas
    Might as well start fresh this time using Ubuntu.