[Important]Before You Download Anything

[N1nj4Styl3]

The last few weeks there's a kid lurking on the forum spreading keyloggers. He has access to more than 15 MXC accounts approximately and he's trying to get more. His main target is to steal your hard-worked & earned money from your PayPal, Skrill and other payment processors. This kid is sharing files as executable (.exe) so BE CAREFUL. DO NOT RUN ANY EXECUTABLE FILE BEFORE SCANNING IT WITH VIRUSTOTAL.COM. STILL THOUGH, VIRUSTOTAL MIGHT NOT CATCH IT BECAUSE OF THE ENCRYPTION. IN ANY WAY, DO NOT TRUST ANYONE FOR A WHILE. ESPECIALLY IF IT'S ABOUT AN EXECUTABLE.

 

Now, if you ran his files, change your passwords and format your computer right away. I tried myself to remove his shit from my computer and it took me so damn long, so it's not worth it. Go straight for a format.

 

You will see him sharing L2 stuff (lameguard, maps, tools, etc) but he might change his trends later.

 

If you want to see if you got infected, search your computer for the folder "Imminent".

 

It should be located here: C:/Users/<Name>/AppData/Roaming/Imminent/Logs/ 

 

If it exists do the following:

 

check up your processes by hitting alt+ctrl+del simultaneously -> task manager -> processes 

 

And then look for "winlogor.exe", if it exists, right click on it -> open file location -> delete

 

Download MBAM & BitDefender. Run a full scan with both of them and check what are the results. If you don't have the right knowledge to do so, just format your computer before seeing your money transferred to another PayPal account.

 

Note: I recommend you to have an update AV/Anti-malware always. Just to be 100% sure before jumping on fake conclusions, run a full scan using an antivirus (BitDefender, NOD32, etc) & an anti-malware (Malware Bytes - Antimalware) & Ccleaner, it will help you clean junk.

 

A few information that I have gathered about the mr h4x0r:

 

PayPal email: dimitriou16@outlook.com

Email(s): hack0t@hotmail.com | andrianosg@outlook.com

Edited March 11, 2015 by N1nj4Styl3

[Gries]

Give some foruum account name at least, thanks.

[N1nj4Styl3]

Give some foruum account name at least, thanks.

He doesn't have a certain account. He uses the accounts of the people who downloaded his files.

['Baggos']

I tried myself to remove his shit from my computer and it took me so damn long, so it's not worth it. Go straight for a format.

I had this shit on my pc... But when i searched on my processes (Ctrl - Alt - Delete), i found a "Winlogor.exe"...

The real name of this processes is "Winlogon.exe" and no Winlogo"r".exe

When I looked at the date, been in windows/system32 from 23/02/2015. I kick off this shit...

and now the real "Winlogon.exe" is there from 17/7/2014.

 

Not need always format..

Edited March 11, 2015 by 'Baggos'

[.Thug]

and which file is this? 

[N1nj4Styl3]

I had this shit on my pc... But when i searched on my processes (Ctrl - Alt - Delete), i found a "Winlogor.exe"...

The real name of this processes is "Winlogon.exe" and no Winlogo"r".exe

When I looked at the date, been in windows/system32 from 23/02/2015. I kick off this shit...

and now the real "Winlogon.exe" is there from 17/7/2014.

 

Not need always format..

I know, I found it as well.

It stores all the logs in AppData/Imminent/Logs

You run supposedly lameguard and it appears up as Google Chrome.exe (that's random). The thing is you need to kick out winlogor.exe.

I wanted to format my computer anyway, so that's why I did it. But yeah, in case someone is not capable of finding these stuff a format would be ideal to be 100% secure.

[N1nj4Styl3]

and which file is this? 

I think I have not missed anything in my first post.

 

/EDIT

 

If you want to see if you got infected, search your computer for the folder "Imminent".

 

It should be located here: C:/Users/<Name>/AppData/Roaming/Imminent/Logs/ 

 

If it exists do the following:

 

check up your processes by hitting alt+ctrl+del simultaneously -> task manager -> processes 

 

And then look for "winlogor", if it exists, right click on it -> open file location -> delete

 

Download MBAM & BitDefender. Run a full scan with both of them and check what are the results. If you don't have the right knowledge to do so, just format your computer before seeing your money transferred to another PayPal account.

Edited March 11, 2015 by N1nj4Styl3

[.Thug]

im clean, im just asking to know :)

[Maxtor]

thank you for yor information. i make it sticky.

[Lineage 2 Boyd]

i don't have winlogor on task manager but i have winlogon is this the same or no?
should i remove it?

[N1nj4Styl3]

thank you for yor information. i make it sticky.

You're welcome. I'll be posting a step to step guide soon.

[N1nj4Styl3]

i don't have winlogor on task manager but i have winlogon is this the same or no?

should i remove it?

No, this means you're fine. If you right click on it and press "open file location" you will see that's located in System32. Verify this.

[Lineage 2 Boyd]

No, this means you're fine. If you right click on it and press "open file location" you will see that's located in System32. Verify this.

well one friend tested and it's fine but when i try to open the file location don't open the location but i found it inside the folder System32 as you said

[N1nj4Styl3]

well one friend tested and it's fine but when i try to open the file location don't open the location but i found it inside the folder System32 as you said

Run task manager as administrator, this might help.

 

Updated first post with a few info about the mr h4x0r.

[Lineage 2 Boyd]

Run task manager as administrator, this might help.

 

Updated first post with a few info about the mr h4x0r.

yep you're right it's working thank you mate