Question : May you post..

[jaenster]

Hi , can i post here my own create maphack?
100 % safe , based on stings version.. Can i post it?

[Bloodangel26]

you can...but if people check it out and there is even a hint of a keylogger or anything in it, rest assured you will be banned. if you really want to be a help to the site i would PM it to frogman for him to check out and if its any good/safe he will add it to the download section.

[wm_hunter]

Post it. I will check it...

Be assured that no matter how much decompile protection, or how well you hide your remote keylogger, I will find it and you will never see this forum again.

Have a nice day = )

[jaenster]

Ok download path is here Download here

Code:

Hi, I am jaenster from blizzsector.co,
Sting creates a hackmap for me. I create some function for it in autoit.

1. How use.
    Start "D2HackMapStarter.exe", go to diablo II, and press ctrl + .
    This reveals the act. It works only if you are IN game.
    I use this all the time. and it works fine :)

2. Safe?
    Its safe it freeze diablo II, shows the map, and unfreeze it again.
    YOU USE IT OWN OWN RISK, May you can be banned for this maphack, I dont know i used 4 weeks on closed.
    I dont get any ban for using this on bnet. So have fun.
3. Credits.
    This fantastic program is create by sting, Autoit script create by jaenster.
    Autoit programmers can get the source,
    [email protected]
4. Keyloggers?
    I am not some noob that use keyloggers to get some stuff.
    I dont play anymore diablo II and i have only full tal.
    I dont need any cdkey or stuff so i dont have put a keylogger in this software.
5. Virus Scaners.
    Autoit is a bot software, a virus scanner will delete this maby.

Have Fun With it !

[wm_hunter]

... Please don't tell me this is Stings with an autoit script built in (was just reading description.)

I will test this when I have some time, really busy.

[jaenster]

Thanks mate , this is one of the best version

test it

Bump ! why not?
Anyone see my maphacak!

[RaZzor]

My AntiVir found W32/Parite Oo

Still checking though.

Well, seems clean, however his behavious is very suspicious. I think AntiVir just identified the script as a virus, you know that error. Anyways, could you please PM me the source of the script?

[John]

If a moD checks it out, and declares it safe, it will be placed in the download section i think thats how they do it, well if it gets that far.

[Gods]

Whats the point of using this when we have Stings auto reveal whcih does it automatically without pushing any buttons??

[jaenster]

Unsafe , the warden can detect that sting's maphack is running , my ai script not

[wm_hunter]

Actually, no it can't. Even the CRC signature of the file is masked with notepad... but that is besides the point.

Can I ask what language, macro or otherwise, you used for this? I can take a look at it in a bit, bogged down with HW at the moment.

[Gods]

Unsafe , the warden can detect that sting's maphack is running , my ai script not

huh?? I've been using it for a while now w/o plugin and I haven't been banned, where are you getting your facts from?

[jaenster]

Actually, no it can't. Even the CRC signature of the file is masked with notepad... but that is besides the point.

Can I ask what language, macro or otherwise, you used for this? I can take a look at it in a bit, bogged down with HW at the moment.

True, But the cool thing about my ai script is that the maphack isn't running, My ai script disable diablo II Reveal the act if you want, not automatic (ctrl+.) By the way, If you do baalruns, someone other tele's, do you need maphack?
no you dont, but auto install reavels the act. By own program doens't , Its YOUR choose when you use, Not automatic.. By the way, any other bot is banned, autoit not.. The maphack exe file only run if you press ctrl + . , and then is diablo II disabled.

This combo of ai and Stings maphack works allot beter.
Thy cant detect. Blizz dont see autoit as a botting software. Autoit isn't bot software. I create a irc client in it. so blizzard dont see ai as a problem.

My software is in ai, Stings ultimate maphack is safe on bnet, such the exe is closed.

Thanks for reading, jaenster

[godlylegend]

Dude >.> d2hackmap.exe was detected as a virus on my comp.

[jaenster]

Ofc , autoit will always be detect as a virus -.-


Read it on the offical site :
Are my AutoIt EXE's really infected? - AutoIt Forums

[slashbomb]

Ok, lets cut to the chase here and see what happens

Info on the virus: Malicious Software Encyclopedia: Win32/Parite

File: HackMap.rar Status: INFECTED/MALWARE
MD5 0126d1df2d7885f5cfaf72a4c9e85a17 Packers detected: -
Scanner results
AntiVir Found W32/Parite
ArcaVir Found W95.Parite.B
Avast Found Win32arite
AVG Antivirus Found Win32/Parite
BitDefender Found Win32.Parite.B
ClamAV Found nothing
Dr.Web Found Win32.Parite.2
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Virus.Win32.Parite.b
Fortinet Found W32/Parite.B
Kaspersky Anti-Virus Found Virus.Win32.Parite.b
NOD32 Found Win32/Parite.B
Norman Virus Control Found nothing
VirusBuster Found Win32.Parite.B
VBA32 Found Win32.Parite.B

[Nex]

hmm sounds like he was trying to scam us....

[jaenster]

Ofcousre i will scam you all!. Sting created for my an ohter version of maphack cuz i will hackzor you all.. SURE OFCOURSE...

Read that ****ing topic on autoitscript.com. AUTOIT is ALWAYS a virus. Cuz it contains functions like blockinput(1), then you dont have any contol over your pc.

This is NOT a virus, If None of here trust me, Fine. I will move to another forum where they give someone a CHANGE to start as a programmer. ANYONE thinks that a exe is a virus. IT ISN'T, Listen. I am now 2 years quit by diablo II. WHY i shall created a maphack with sting? FOR SCAN? No just to test my skills in autoit. So please BAN me if no one trust me, I forget it ****ing noobs

[godlylegend]

Omfg ban that noob already >.>

PS: AUTOIT WILL NEVER,EVER,BE DETECTED AS A VIRUS.(possibly malware)

No offense but get a life.

Malicious Software Encyclopedia: Win32/Parite

Published: 5, 12/1

Win32/Parite is a family of polymorphic file infectors that targets computers running Microsoft Windows. The virus infects .exe and .scr executable files on the local file system and on writeable network shares. In turn, the infected executable files perform operations that cause other .exe and .scr files to become infected.

Severity

What the levels mean

Related Links

•Removal Tools - Microsoft
•Removal Tools - Microsoft
Glossary Terms

Click the term to get the definition from our Security Glossary.
•Trojan horse
•virus
•worm


On This Page

Threat OverviewAliases (Also Known As)Technical AnalysisHow to Prevent InfectionHow to Tell If Your Computer Is InfectedHow to Recover from InfectionTransmission MethodsPayload InformationChanged ProcessesThreat Overview

Class/typeVirus - File
DiscoveredOctober 1, 2001CirculatingYesAffected operating systemsWindows NT 3.x
Windows NT 4.0
Windows 95
Windows 2000
Windows XP
Windows Server 2003
Windows ME
Windows 98
Affected software Not specified Infection ratingLowRecovery difficultyDifficultDamage ratingMediumTransmission ratingMediumTop of page
Aliases (Also Known As)

Different antivirus vendors may be using different names to refer to this malicious software. Here are some of the names currently in use by antivirus software vendors participating in the Microsoft Virus Information Alliance (VIA):
Kaspersky: Win32.Parite
McAfee: W32/Pate
Symantec: W32/Pinfi
Trend Micro: PE_PARITE
Learn more about the Microsoft Virus Information Alliance.

Top of page
Technical Analysis

Win32/Parite is a packed, encrypted virus that infects files on the local file system and on writeable network shares. The virus repeatedly performs a sequence whereby it selects an .exe or .scr executable file, infects the file, waits a random time interval, selects and infects another file, and so on.

To each file that it selects for infection, the virus appends a new code section named ".<three random alphabetic characters>", such as .mpg. The virus changes the code-entry point of the file to the new, appended section. The virus contains certain code that it unpacks, re-encrypts, re-packs, and then copies to the new section of the executable file. This copied code consists of certain DLL code and some additional execution instructions.

When a file infected in this way runs, the execution instructions in the appended section of the file unpack and decrypt the DLL code in the appended section and drop it as a new file into the Windows temporary directory. The name of the dropped DLL consists of 4 randomly-chosen alphanumeric characters: the first three characters are alphabetic and the final character is a digit. Although the file is actually a DLL, the file extension is .tmp. So for example, the file could have a name like fia1.tmp.

The virus may also create the value: PINF
in registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
This value contains the full path to the dropped DLL. Win32/Parite may check for this registry entry to determine whether the virus is already running on the computer.

The execution instructions in the appended section of the infected file load the dropped DLL. The DLL exports a start function which contains the main virus code. The virus code calls the start function, which injects the DLL into the explorer.exe process. When a certain condition is satisfied, the DLL code runs and infects other .exe and .scr executable files.

Win32/Parite does not run executable files that it infects. When an infected file runs (for example, when a user or the system runs the file), the virus code in the appended section runs and then returns control to the original code-entry point of the executable file. The executable file then runs normally even though it is infected, so there may be no readily apparent indication to a user of any malicious activity.

Top of page
How to Prevent Infection

Take the following steps to help prevent infection on your system:

• Get the latest computer updates.
• Use up-to-date antivirus software.

[B]Get the latest computer updates [/B]

Updates help protect your computer from viruses, worms, and other threats as they are discovered. You can use the Automatic Updates feature in Microsoft Windows XP to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
To turn on Automatic Updates in Windows XP

• Click Start, and click Control Panel.
• Click Performance and Maintenance. If you do not see Performance and Maintenance, click Switch to Category View.
• Click System.
• Click Automatic Updates, and select Keep my computer up to date.
• Select a setting. Microsoft recommends selecting Automatically download the updates, and install them on the schedule that I specify and setting a regular update time.
• If you choose to have Automatic Updates notify you in step 5, you will see a notification balloon when new downloads are available to install. Click the notification balloon to review and install updates.

[B]Use up-to-date antivirus software [/B]

Most antivirus software can detect and prevent infection by known malicious software. You should always run antivirus software on your computer that is updated with the latest signature files to automatically help protect you from infection. If you don't have antivirus software installed, it is available from several sources. For more information, see Windows Marketplace: Security

Top of page
How to Tell If Your Computer Is Infected

The following symptoms may be a result of infection by Win32/Parite:

• Presence of value: PINF
  in registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  
• Instability in Windows if the virus infects certain system files while the operating system is starting.

Top of page

How to Recover from Infection

Automatic Recovery
To attempt to automatically remove this threat, run one of the following removal tools:

• Microsoft
  
• Microsoft

Manual Recovery

It is not possible to recover manually from Win32/Parite. Consult your antivirus software vendor for specific directions for removing this Trojan.

Top of page
Transmission Methods

MethodDescriptionInfected FilesRandomly selects .exe and .scr executable files to infect on the local file system and on writeable network shares.[URL="http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fParite#top"]
[/URL][/url]

Payload Information

Payload typeTriggerDescriptionCompromises SecurityExecution
Infects .exe and .scr executable files.
Degrades PerformanceExecution
Can cause Windows to become unstable if the virus infects certain system files while the operating system is starting.
[URL="http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fParite#top"]
[/url]

Changed Processes


[URL="http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fParite#top"]
[/url]
[url=http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fParite#top]