Hello, I'm admin on one server. I played there realy a lot, more than 950 hours, and I made 200 000 frags there.
Yesterday one player asked for unban on forum, because he have bad wargod report. It's not realy bad, but in dll-s he have file with name:
opengl32.dll (MD5: 28DC4F094E7769441FB891367AB4BB84) (Size: 755200) -> Unknown
In that unban request on forum other admin posted youtube link with some wallhack video. In desription of that video was link on opengl32.dll file.
And I just go and download that file, to make MD5 hash. And to compare is it that file, that detected from player, that asked for unban.
I got MD5 form real wallhack file: 3cc7f256fab2fd6bbb3eb65a118b0ef0. And no, this is not the same file that a banned user has.

I forgot to delete this file from my Decktop. My desktop is my trash-bag. I don't delete shits from my desktop many years. I have files from 2007 on my desktop. And I didn't delete this shit, that I downloaded.

Today I played on server, and one admin asked me to make WarGods test. No problem - I've done it many times.
I made test and I got report, that said, that I have Wallhack.

<b>You have to register to ba able to see this link</b>

It's clear in modules, in cfg-s, in dll-s. I have clean default version:

<b>You have to register to ba able to see this link</b>

Than I delete this file from Desktop and made test again without restart cs-client, and yep this file was catched from my Desktop:

<b>You have to register to ba able to see this link</b>

I don't use wallhack, I don't need this gay-shit. But now, every time, when I will make WG-test, it will be said, that:
>Last Detection: True. This player have been detected in the past. Use search option to find reports of this user.

Can you do something with that?

--------------- Added after 17 minutes ---------------

<b>You have to register to ba able to see this link</b> - link on false-positive
<b>You have to register to ba able to see this link</b> - link after delete file from Desktop

--------------- Added after 6 minutes ---------------

ANTIVIRUS: never use
LINK DUMP MEMORIE CS: <b>You have to register to ba able to see this link</b> I didn't close my cs-client. It started yesterday at 16:33.

Hi. I whitelisted the opengl32.dll clean file . The second one is already blacklisted. Your opengl32.dll cheat file from Desktop directory is not loaded in your memory, therefore it can't affect you and your scans.

The problem didn't start from any of these files, but from a weird function hook in your game memory. Unfortunately for you that function hook is not in your memory dump anymore, everything is clean... but you are lucky, because that address where the hook points in your game memory it not a valid one and it shouldn't be. I cleaned your report.

Also, you should install an antimalware (you could use Bitdefender Free (<b>You have to register to ba able to see this link</b>), it's lightweight, it won't affect your computer's performance) - your game memory is extremely fragmented, so I suspect it could be a packed malware.

I downloaded this file yesterday at 14:56, put it on Desktop, then upload it on virustotal using drag-and-drop to get MD5-hash from this file. I didn't restart browser until 08:10. So, this file was in two places - on desktop, and inside browsers cache. Maybe this file was detected not from desktop, but from browasers cache. I don't know how it works. Do WCD check memory and cache of other processes?


Also, you should install an antimalware
I don't use antimalware from 2004. I have KillSwitch from COMODO. He shows me, that all processes is trusted.

Anyway, thanks.

--------------- Added after 8 minutes ---------------

What about:
>Last Detection: True. This player have been detected in the past. Use search option to find reports of this user.

Can you do something with that?

Do WCD check memory and cache of other processes?

No, wCD doesn't scan caches or other processes' memory (it would be useless to scan the entire memory of other processes to detect cheats).


I don't use antimalware from 2004. I have KillSwitch from COMODO. He shows me, that all processes is trusted.

Just because it shows you the trusted processes that doesn't mean you are protected. The malware can reside in your browser, or other places, and can be triggered when you don't expect.

I will scan my system with COMODO CCE.


What about:
>Last Detection: True. This player have been detected in the past. Use search option to find reports of this user.

Can you do something with that?

Oops, sorry, my mistake. I fixed it. :)

It's still looks sad here: <b>You have to register to ba able to see this link</b> :((

<b>You have to register to ba able to see this link</b>

Xcont <b>You have to register to ba able to see this link</b>
Salut tiger imi cer scuze ca te deranjez sunt Mop detinator la respawn.***********.ro nu prea inteleg engleza am si eu o mica problema cu xcont adminul care este la noi a fost prins cu wallhack cu ajutorul wargood ul test chestia e ca joaca de 3 ani pe servarul nostru si chiar este un admin super ok cu multa activitate sii vreau sa ma lamuresti te rog frumos daca se poate sa ma faci sa inteleg ce sa intamplat cu wargood ul lui xcont si daca vrei si ai timp sa arunci un ochi pe forumul nostru la cererea lui de unban as aprecia foarte mult ajutorul tau iti multumesc anticipat <b>You have to register to ba able to see this link</b>***********.ro/forum/index.ph...e-unban-xcont/ sa lamuresc odata problema asta

Mop, your link dosn't open.
<b>You have to register to ba able to see this link</b>***********.ro/forum/index.php?/topic/372-cerere-unban-xcont/

It's still looks sad here: <b>You have to register to ba able to see this link</b> :((



Search queries are cached for 3 hours. I can't delete them, they will be deleted automatically.

Mopmopuletz: Asa cum ti-am spus si pe Steam, este curat. :)

este curat. :)
;;)

Yep, now it's perfect. Thanks a lot.

<b>You have to register to ba able to see this link</b>