CloneCD/DVD   -   BlindWrite   -   1Click DVD Copy   -   AnyDVD
DAEMON Tools   -   CureROM -   Pr0t.St0p   -   SD4 Hider/Blocker
GameCopyWorld   -   ConsoleCopyWorld   -   CD Media World   -   CoverTarget   -   LinkWorld

Go Back   FileForums > Games > Game Trainers

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 06-07-2011, 00:39
jarfin jarfin is offline
Registered User
 
Join Date: Jul 2011
Location: finland
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
jarfin is on a distinguished road
Exclamation Lingon trainers..

something is wrong or so these Lingon trainers,my ESET always warning trojans,all time.

example,again,Crysis 2 v1.9 (v1.9.0.0) +22 TRAINER have it again.

here:

Object:
http://d02.gamecopyworld.com/?r=pc_c...2Tr-LinGon!rar
Threat:
a variant of Win32/Packed.VMProtect.AAH trojan
Information:
connection terminated - quarantined



there is must be some spy codes.
any1 else trainers DONT do this.




any1 know better?
Sponsored Links
  #2  
Old 06-07-2011, 07:35
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,240
Thanks: 4
Thanked 74 Times in 52 Posts
Joe Forster/STA is on a distinguished road
Confirmed, NOD32 gives a warning, also see VirusTotal: http://www.virustotal.com/file-scan/...a7a-1309962545 . That's too much for me, too. I suggest that you don't use the trainer and, if LinGon has a contact address, tell him to use a different EXE compressor/encryptor/whatever.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: sta@c64.org; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
  #3  
Old 15-07-2011, 08:28
EMPiRE EMPiRE is offline
Administrator
 
Join Date: Feb 2002
Posts: 1,091
Thanks: 2
Thanked 37 Times in 26 Posts
EMPiRE is on a distinguished road
All trainers from LinGon generate an ESET virus warning, nothing new... and nothing to worry about!
  #4  
Old 01-09-2011, 11:49
rkaye rkaye is offline
Registered User
 
Join Date: Feb 2009
Location: The land of confusion
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
rkaye is on a distinguished road
another Lingon trainer, another trojan...

People are just trying to be safe and it is unreasonable for the community to accept that Lingon's trainers will always give a 'false' positive -- is someone really trying to make the argument that this guy can code complex trainers but he is unable to do so without setting off everyone's AV? gamecopyworld should step up and tell Lingon that they arent going to post his trainers until he can learn to submit code that passes AV's. The problem is that Lingon is the *only* trainer maker who is getting flagged by eset, sophos, and other antivirus' as having a serious trojan. This has been going on for some time, see jarfin's post above regarding Win32/Packed.VMProtect.AAH trojan back in June. The longer he waits to change his code to prevent this, the more and more people are going to post on forums all over the place, these sites will get indexed by google, which will strengthen the tie between Lingon's name with trojan/viri.

+ TR/Black.Gen2 is not h0tkeys, it is WAY more serious of a threat.

+ eset is regularly rated as an extremely good AV with low false positives.

+ I submitted his Deus Ex: HR trainer to both sophos and eset, NEITHER is willing to whitelist it because, while it may (or may not) be malicious, the implementation is both unorthodox and extremely dangerous.

+ Give the community a choice between choosing a +12 trainer that gives a virus warning and a +10 trainer that doesnt -- which do you think is going to get used, and which do you think is going to get flamed?

worse, since his trainers already flag as TR/Black.Gen2, how easy would it be for someone to download his trainers, infect them with a "real" TR/Black.Gen2 trojan and then repost them to a forum as Lingon's? imagine the storm that would ensue then -- youd have a bunch of forum posts saying 'his trainers are fine, dont worry' and lingon's website would say 'hey they are false positives, go ahead' and idiots who believe it would execute the code and *poof* there goes someones pc along with Lingon's reputation.

+ the ONLY reason Lingon is packing his exe's like this is to prevent reverse engineering. For someone skilled enough to code a trainer with more features than anyone else, it is simple laziness to not find another way to protect their code, minus the virus alerts.

Lingon needs to choose:
1. stay lazy, keep your exe's packed the way they are, and accept that people everywhere will associate Lingon and 'malicious trojan.' [in which case, quit your whining about it]
2. change your code so that you arent the only freaking trainer-maker who is getting TR/Black.Gen2 trojan alerts on your releases.

'my releases are clean, i promise.' is an idiotic argument. fix your code or live with the rep.
  #5  
Old 01-09-2011, 13:21
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,240
Thanks: 4
Thanked 74 Times in 52 Posts
Joe Forster/STA is on a distinguished road
It seems that, fortunately, noone has been riding the possibility of really infecting Lingon's trainers so far. If they did, we would've received more serious reports about actual trainers.

It is well possible that Empire is accepting Lingon's trainers only from Lingon: this was a simple yet effective solution for h4x0r's trainers after CheatHappens started submitting fake trainers to GCW in his name. If so, it is up to Lingon to decide whether he wants to fuck up both himself and GCW and he's surely smart enough to understand that this would be a major lose-lose situtaion for everyone so what would be the point? If my assumption is right then GCW is a reliable distributor of genuine trainers from Lingon which would be a win-win situation for everyone.

But, again, Empire is the only one who can really answer these questions; I'm just guessing.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: sta@c64.org; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
  #6  
Old 01-09-2011, 17:06
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,825
Thanks: 0
Thanked 10 Times in 9 Posts
TippeX is on a distinguished road
"Protecting his trainers" is a joke anyway, there are only a few methods that trainers use..like WriteProcessMemory, ReadProcessMemory, VirtualAllocEx and code injection... All of which are incredibly easy to hook, and thus obtain the patch code, memory addresses and so on.. Any trainer / ripper with any skill could do this...
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...

Last edited by TippeX; 01-09-2011 at 17:08. Reason: typo
  #7  
Old 01-09-2011, 18:31
MasterHand MasterHand is offline
Registered User
 
Join Date: Sep 2011
Location: Earth
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
MasterHand is on a distinguished road
I ses everyone says LinGon is whining when infact it's the other way around.
atleast that is what we the rest of the users are seeing.

He protects his trainers and it's his decision and so does many other trainer makers.
i see nothing wrong with that and whining about it here is useless and will lead nowhere.

Also if i remember correct, i recall Lingon saying he woulndt upload trainers to GWC anymore.
so why are why are people even complaining when it's not even lingon that is uploading them here?

Now if he was the one providing GWC with the trainers i would have more understanding for it,
yet it would be pointless to argue about this subjects since i think lingon woulndt change it anyways.

so the question here would be, why are you even whining about that lingon is doing this or that
whit his trainers, is it up to you to say how he should protect them or not?

There are bigger issues in this world and whining over a trainer using this or that protection is pointless.
These user that think he can make changes to something thats obviouly not going to happen,

@rKaye
I quote 'my releases are clean, i promise.' is an idiotic argument. fix your code or live with the rep.
so accoring to you what should lingon be saying?
hey there is virus in my trainer just so you know, would he be more trusted for you then???

conclusin: stop using the trainers that you dont like for which ever reason and use the ones you preffer
and quite the whining you accuse lingon for.

And yes i use his trainers since most of the time he makes the best trainers there is.

Just wanted to stand up for him since he makes my gaming aloot more fun with trainers he makes.

@TippeX
Be it a joke or what, in the end its up to him and not us.
His not even forcing anyone to use his trainers.


/MasterHand
  #8  
Old 02-09-2011, 08:14
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,240
Thanks: 4
Thanked 74 Times in 52 Posts
Joe Forster/STA is on a distinguished road
Quote:
Originally Posted by MasterHand View Post
conclusin: stop using the trainers that you dont like for which ever reason and use the ones you preffer and quite the whining you accuse lingon for.
This is exactly my personal opinion, too, but I dare not say it officially.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: sta@c64.org; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
  #9  
Old 02-09-2011, 08:43
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,825
Thanks: 0
Thanked 10 Times in 9 Posts
TippeX is on a distinguished road
I second that, unofficially of course (angering ye gods, sleeping or otherwise isnt a good idea)
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
  #10  
Old 03-09-2011, 06:29
Cowsheep Cowsheep is offline
Registered User
 
Join Date: Oct 2009
Location: Near OEP;)
Posts: 352
Thanks: 0
Thanked 5 Times in 2 Posts
Cowsheep is on a distinguished road
VMProtected files are causing false positives with the will of the VMP developers - but only IF the VMP software itself is poorly cracked and the triggers kick in.
Files protected with original or propper cracked VMP should not cause that problems.
Source: Other forum, i dont think i can post link to it here.
  #11  
Old 04-09-2011, 10:12
darkedone02's Avatar
darkedone02 darkedone02 is offline
Registered User
 
Join Date: Jun 2011
Location: none of your business
Posts: 21
Thanks: 0
Thanked 0 Times in 0 Posts
darkedone02 is on a distinguished road
never usually download hardly any of his trainers because some don't work, I look forward on HoG's and other people who make more efficient trainers.
  #12  
Old 06-09-2011, 00:10
EMPiRE EMPiRE is offline
Administrator
 
Join Date: Feb 2002
Posts: 1,091
Thanks: 2
Thanked 37 Times in 26 Posts
EMPiRE is on a distinguished road
Our/My aim has always been to make available ALL existing trainers & tools even if they are badly coded, packed, promo's, call home, are in a foreign language or whatever. In the end this gives you the ultimate choice what to use (or not, that is up to YOU)

I would also want to see that the files are not detected as a virus/Trojan (read: Packed) or call home but this up to the author. I understand that some of them want to protect their work for various reasons but I also think that sharing your knowledge is a good thing and then there would be no need to pack files

My thought is that the AV companies should never have added detection for packed files, I totally understand that they did it as they want to warn EVERYBODY for the possibility of an infected file and not just a small group of people... (better safe than sorry)

Maybe we come over as “insensitive” about this subject but this is mainly because we get so many posts & emails about "possible" viruses/trojans that you become a bit immune for these kinds of messages as most are false positives!

Ofcoz it is possible to fake trainers and upload them. This happens, not often and most all are detected in time...

We will do our utmost to make sure it will be a save experience to use GCW & FF but in the end you alone are responsible for what you download & use from the internet, nothing new there…
  #13  
Old 06-09-2011, 08:42
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,240
Thanks: 4
Thanked 74 Times in 52 Posts
Joe Forster/STA is on a distinguished road
Well, then it's official.

Quote:
Originally Posted by EMPiRE View Post
I understand that some of them want to protect their work for various reasons but I also think that sharing your knowledge is a good thing and then there would be no need to pack files
Being a faithful communist, I cannot possibly disagree with the second part of the sentence.

Much more generally, people are wasting way too much of their time, energy and other resources battling with each other when there are so many useful goals out there. (We could've colonized half the Solar System by now which would've inherently solved many of the major problems that mankind is currently struggling with.) Well, that's capitalism, people!

Quote:
Originally Posted by EMPiRE View Post
My thought is that the AV companies should never have added detection for packed files, I totally understand that they did it as they want to warn EVERYBODY for the possibility of an infected file and not just a small group of people... (better safe than sorry)
The problem with this is that, 1) when an executable is packed and/or encrypted, you cannot (easily) find out whether or not it's malicious because you can't see the actual code, 2) it's impossible for an anti-virus company - or anyone else, for that matter - to code depackers and decryptors for all packers/encryptors available, especially for serious encryptors where the point is exactly to avoid people from seeing what's inside. Therefore, the easiest way is warning the user about packers/encyptors that are usually found in malware and there's nothing we can do about it.

Of course, smart programmers listen to the needs and requests of their users. However, there's nothing we can do about this either.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: sta@c64.org; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
  #14  
Old 06-09-2011, 11:33
EMPiRE EMPiRE is offline
Administrator
 
Join Date: Feb 2002
Posts: 1,091
Thanks: 2
Thanked 37 Times in 26 Posts
EMPiRE is on a distinguished road
I understand that it is hard to check a packed file which they cannot decrypt but that is a bit too easy!

AV software should be more intelligent, if they encounter a packed file it should execute it inside its own sandbox and then check the results. It will be hard to make this foolproof but it is possible.
  #15  
Old 06-09-2011, 11:59
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,240
Thanks: 4
Thanked 74 Times in 52 Posts
Joe Forster/STA is on a distinguished road
Some anti-malware software, actually, do this but those are rather called HIPS than anti-virus. E.g. the free Comodo Firewall has a built-in sandbox which, as far as I remember, has a semi-automatic community-driven online database of whichever file is or isn't malware and you can also submit (I guess, only the checksum of) your own "suspicious" files there. Such sandboxes to become common is, I think, still a bit into the future, especially for fully automated ones.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: sta@c64.org; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sicheats (h4x0r) trainers now contain DRM but why? darkedone02 Game Trainers 136 29-06-2011 06:09
Announcement and final word on the CheatHappens vs. h4x0r trainer war Joe Forster/STA Game Trainers 7 12-07-2010 08:31
Bws-Dao Trainer clayp Game Trainers 16 22-02-2010 10:58
Where to find Cheats/Trainers; also about Promo/Demo Trainers Joe Forster/STA Game Trainers 1 24-09-2009 05:44



All times are GMT -7. The time now is 02:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 2000-2010, FileForums @ http://fileforums.com