Beware of nodnt_kg.exe

  • Thread starter Thread starter Anonymous via the Cypherpunks Tonga Remailer
  • Start date Start date
A

Anonymous via the Cypherpunks Tonga Remailer

Its supposed to be a keygen for NOD32, but on extraction it unleashed a flood of keystroke loggers and back door trojans on my PC. PestPatrol and NAV started going berserk, then they both crashed, and it installed all kinds of malicious stuff. The payload included blocking ports 25 and 110 and changing my IP to 220.163.23.232. I learned since that this is a well known launch pad for Chinese hacker attacks. Even when I changed my IP back to normal I still couldnt get on the Internet, but within a few minutes my PC was "owned" and ZA said somebody was trying to establish connections with Indian and Chinese IPs. Then ZA fell over, or the hacker crashed it. I unplugged my DSL cable and powered down my PC. When I restarted I found my D: partition had vanished and all my e-mail was gone from C: drive. My Recycle Bin was empty. The cable was still unplugged, but something was trying to connect to the Internet every few seconds. When I reconnected the cable the hacker was back in les
s than 30 seconds and my PC developed a life of its own, so I unplugged it again. NAV, ZA, TDS3, PestPatrol, and SpybotSD wouldnt run at all. "nodnt_kg.exe" must have deleted itself after it did its dirty work, because I couldnt find any trace of it. I installed NAV again from CD but it still wouldnt run, so I formatted the drive and started again.
 
Anonymous said:
Its supposed to be a keygen for NOD32, but on extraction it unleashed a flood of keystroke loggers and back door trojans on my PC.
Click to expand...

Gee... what a surprise!


-WD
 
On Tue, 23 Dec 2003 15:17:28 +0100 (CET), Anonymous via the

Its supposed to be a keygen for NOD32, but on extraction it unleashed
a flood of keystroke loggers and back door trojans on my PC.
PestPatrol and NAV started going berserk, then they both crashed, and
it installed all kinds of malicious stuff. The payload included
blocking ports 25 and 110 and changing my IP to 220.163.23.232. I
learned since that this is a well known launch pad for Chinese hacker
attacks. Even when I changed my IP back to normal I still couldnt get
on the Internet, but within a few minutes my PC was "owned" and ZA
said somebody was trying to establish connections with Indian and
Chinese IPs. Then ZA fell over, or the hacker crashed it. I unplugged
my DSL cable and powered down my PC. When I restarted I found my D:
partition had vanished and all my e-mail was gone from C: drive. My
Recycle Bin was empty. The cable was still unplugged, but something
was trying to connect to the Internet every few seconds. When I
reconnected the cable the hacker was back in less than 30 seconds and
my PC developed a life of its own, so I unplugged it again. NAV, ZA,
TDS3, PestPatrol, and SpybotSD wouldnt run at all. "nodnt_kg.exe"
must have deleted itself after it did its dirty work, because I
couldnt find any trace of it. I installed NAV again from CD but it
still wouldnt run, so I formatted the drive and started again.
Click to expand...

So does this mean you will pay for a good AV now instead of trying to
steal someone's intellectual property?
 
On Tue, 23 Dec 2003 15:17:28 +0100 (CET), Anonymous via the

<whining snipped>

Geeez, maybe a lesson learnt there??? Buy the software and you won't
have the problem!!
 
Its supposed to be a keygen for NOD32, but on extraction it unleashed a flood of keystroke loggers and back door trojans on my PC. PestPatrol and NAV started going berserk, then they both crashed, and it installed all kinds of malicious stuff. The payload included blocking ports 25 and 110 and changing my IP to 220.163.23.232. I learned since that this is a well known launch pad for Chinese hacker attacks. Even when I changed my IP back to normal I still couldnt get on the Internet, but within a few minutes my PC was "owned" and ZA said somebody was trying to establish connections with Indian and Chinese IPs. Then ZA fell over, or the hacker crashed it. I unplugged my DSL cable and powered down my PC. When I restarted I found my D: partition had vanished and all my e-mail was gone from C: drive. My Recycle Bin was empty. The cable was still unplugged, but something was trying to connect to the Internet every few seconds. When I reconnected the cable the hacker was back in les
s than 30 seconds and my PC developed a life of its own, so I unplugged it again. NAV, ZA, TDS3, PestPatrol, and SpybotSD wouldnt run at all. "nodnt_kg.exe" must have deleted itself after it did its dirty work, because I couldnt find any trace of it. I installed NAV again from CD but it still wouldnt run, so I formatted the drive and started again.
Click to expand...

..... pause to allow the sanctimonious bell-ringing to quiet down.


thanks for the heads up, even though no one else on this list has ever
tried, or would ever try, a test run on unlocked warez.

kc
 
Serves you right......
Great software, for a REASONABLE price. If you were dumb
enough to run a program you downloaded from a warez site,
that was mistake #1, mistake #2 was not scanning it or holding
it for a few days to see if some other sap was stupid enough to
run it.
 
Everything you need for NOD32 should be at their website only. The
automatic/manual updates are properly programmed to get the updates at
the legitimate servers. As you can now see, getting somthing for NOD32
at an unauthorized site will simply get you into trouble.

Netuser58
 
Its supposed to be a keygen for NOD32, but on extraction it unleashed
a flood of keystroke loggers and back door trojans on my PC.
Click to expand...
[/QUOTE]
Gee... what a surprise!
Click to expand...

Yes; what a shame.

It certainly is an effective malware research tool, though :-)


--------------- ------- ----- ---- --- -- - - - -
Click to expand...
When your mind goes blank, remember to turn down the sound
 
Anonymous said:
Its supposed to be a keygen for NOD32, but on extraction it unleashed a flood of keystroke loggers and back door trojans on my PC. PestPatrol and NAV started going berserk, then they both crashed, and it installed all kinds of malicious stuff. The payload included blocking ports 25 and 110 and changing my IP to 220.163.23.232. I learned since that this is a well known launch pad for Chinese hacker attacks. Even when I changed my IP back to normal I still couldnt get on the Internet, but within a few minutes my PC was "owned" and ZA said somebody was trying to establish connections with Indian and Chinese IPs. Then ZA fell over, or the hacker crashed it. I unplugged my DSL cable and powered down my PC. When I restarted I found my D: partition had vanished and all my e-mail was gone from C: drive. My Recycle Bin was empty. The cable was still unplugged, but something was trying to connect to the Internet every few seconds. When I reconnected the cable the hacker was back in les
s than 30 seconds and my PC developed a life of its own, so I unplugged it again. NAV, ZA, TDS3, PestPatrol, and SpybotSD wouldnt run at all. "nodnt_kg.exe" must have deleted itself after it did its dirty work, because I couldnt find any trace of it. I installed NAV again from CD but it still wouldnt run, so I formatted the drive and started again.
Click to expand...
Oh dear, what a pitty, never mind.

Next time BUY the software, jerk.
 
Its supposed to be a keygen for NOD32, but on extraction it unleashed a flood of keystroke loggers and back door trojans on my PC.
Click to expand...

Serves you right, theiving scumbag.
 
On Sat said:
Don't let these righteous zealots get ya down.
Click to expand...

Yes; I think we've forgotten that this info is useful as a
what's-going-on heads-up, and a good one at that.

What interests me about this case is how it goes beyond a simple
automated dropping of malware to live humans swinging on RATs tails.


------------ ----- --- -- - - - -
Click to expand...
Drugs are usually safe. Inject? (Y/n)
 
Don't let these righteous zealots get ya down. I've paid plenty of
greenbacks for software that I've tried and gotten satisfaction from, and
I've lost some greenbacks on shoddy programming that looked promising during
the crippleware period. No big deal running a well screened crack or serial
just to get a good preview, but if it's worthy enuff to keep, then reward
the programmer his due. Try as I have to get your money back after you've
paid for and found the product near worthless. You'll find your emails
being ignored or rejected and no legal protection what so ever.



Anonymous via the Cypherpunks Tonga Remailer said:
Its supposed to be a keygen for NOD32, but on extraction it unleashed a
Click to expand...
flood of keystroke loggers and back door trojans on my PC. PestPatrol and
NAV started going berserk, then they both crashed, and it installed all
kinds of malicious stuff. The payload included blocking ports 25 and 110 and
changing my IP to 220.163.23.232. I learned since that this is a well known
launch pad for Chinese hacker attacks. Even when I changed my IP back to
normal I still couldnt get on the Internet, but within a few minutes my PC
was "owned" and ZA said somebody was trying to establish connections with
Indian and Chinese IPs. Then ZA fell over, or the hacker crashed it. I
unplugged my DSL cable and powered down my PC. When I restarted I found my
D: partition had vanished and all my e-mail was gone from C: drive. My
Recycle Bin was empty. The cable was still unplugged, but something was
trying to connect to the Internet every few seconds. When I reconnected the
cable the hacker was back in les
s than 30 seconds and my PC developed a life of its own, so I unplugged
Click to expand...
it again. NAV, ZA, TDS3, PestPatrol, and SpybotSD wouldnt run at all.
"nodnt_kg.exe" must have deleted itself after it did its dirty work, because
I couldnt find any trace of it. I installed NAV again from CD but it still
wouldnt run, so I formatted the drive and started again.
 
We all feel for you..... But somehow we just can't quite
reach!

"Anonymous via the Cypherpunks Tonga Remailer"
Its supposed to be a keygen for NOD32, but on extraction
Click to expand...
it unleashed a flood of keystroke loggers and back door
trojans on my PC. PestPatrol and NAV started going berserk,
then they both crashed, and it installed all kinds of
malicious stuff. The payload included blocking ports 25 and
110 and changing my IP to 220.163.23.232. I learned since
that this is a well known launch pad for Chinese hacker
attacks. Even when I changed my IP back to normal I still
couldnt get on the Internet, but within a few minutes my PC
was "owned" and ZA said somebody was trying to establish
connections with Indian and Chinese IPs. Then ZA fell over,
or the hacker crashed it. I unplugged my DSL cable and
powered down my PC. When I restarted I found my D: partition
had vanished and all my e-mail was gone from C: drive. My
Recycle Bin was empty. The cable was still unplugged, but
something was trying to connect to the Internet every few
seconds. When I reconnected the cable the hacker was back in
les
s than 30 seconds and my PC developed a life of its own,
Click to expand...
so I unplugged it again. NAV, ZA, TDS3, PestPatrol, and
SpybotSD wouldnt run at all. "nodnt_kg.exe" must have
deleted itself after it did its dirty work, because I
couldnt find any trace of it. I installed NAV again from CD
but it still wouldnt run, so I formatted the drive and
started again.
 
cquirke (MVP Win9x) said:
Yes; I think we've forgotten that this info is useful as a
what's-going-on heads-up, and a good one at that.
Click to expand...

Much more useful than telling us that the file was infected with
the hacktool.keygen virus. :O)
What interests me about this case is how it goes beyond a simple
automated dropping of malware to live humans swinging on RATs tails.
Click to expand...

Dangerous.
 
UMMMM!

Why not pay for NOD32, Don't use a keygen pay the money and support the
folks doing the hard work to keep us safe. It's not like they are Microsoft
and you have to steal from them

Michael
 
Back
Top