PDA

View Full Version : FALSE POSITIVE Free Unban Zer0


Zer0_
25-06-2023, 12:04 AM
Hi,
I got banned from WCD :(

---------------------------
Banned - 24.06.2023 20:20:47
---------------------------
[ENG]: You have been banned permanently due to abusing of this free service!
You violated our terms and conditions. For more details about the ban or unban request, please contact us: <b>You have to register to ba able to see this link</b>

You can receive free unban, please check to see if you meet the conditions: <b>You have to register to ba able to see this link</b>
Server timestamp: 2023.06.24 22:20:51
---------------------------

LAST REPORT ID (OPTIONAL): <b>You have to register to ba able to see this link</b>
NICK: Nick:Zer0 ︻气デ一一
IP (OPTIONAL): 1*5.1*6.*5.*4
STEAM ID: VALVE_0:1:1646499578
OTHER INFORMATION:
A few days ago (21/06/2023) I download games from torrents, a virus (Win32/neshta) infected my PC Executable Files :((
I scanned my PC after that used tool (avg_remover_neshta.exe ), Today I checked WG and got banned

Edit scan log:
<b>You have to register to ba able to see this link</b>
<b>You have to register to ba able to see this link</b>
<b>You have to register to ba able to see this link</b>
Tiger
25-06-2023, 12:13 AM
Please upload your version of wCD so I can analyze it. Your wCD version has the following sha256 checksum: 418475B35A9BC28982843FF400D0F89A0657D301455E215084 6942E9DD4DFEE6
Zer0_
25-06-2023, 12:42 AM
Sorry, I don't know which site to upload it to
I uploaded it to mediafire
<b>You have to register to ba able to see this link</b>
<b>You have to register to ba able to see this link</b>

CRC32: 5A811734
MD5: 2B4C74C4E9FA2465DB289BD2828DF52B
SHA-1: DFA4E9EF4ECCA8CCC5CED26D01C0879247E236A1

<b>You have to register to ba able to see this link</b>
<b>You have to register to ba able to see this link</b>
Tiger
25-06-2023, 08:44 PM
Both files are the same. This file has different file sha256: 89aaf53ac53bfe757208532fde6e276beac2e8b4cda0bea7e4 0abf2c6e639842 . Indeed this file seems to be cleaned by AV, the malware seems to be still there but inactive.

Do you somehow can recover the original file?
Zer0_
25-06-2023, 09:42 PM
The tool avg_remover_neshta cleans files and deletes uncleaned files automatically without Quarantine folder
There is no way to recover infected version
I check Full HDD and it's clean now
<b>You have to register to ba able to see this link</b>
<b>You have to register to ba able to see this link</b>
Tiger
25-06-2023, 10:47 PM
I unbanned you.

Please do the following steps:
- delete all wCD binaries you downloaded until now (as they are modified by that virus)
- install a proper antimalware product if you don't have one (e.g.: Bitdefender Antivirus Free (<b>You have to register to ba able to see this link</b>))
- restart your computer and check that AV is running (if you installed a new one)
- do a full-system scan and restart your computer again if required
- download wCD from website and try to do a scan to see if everything works

LE: I suggest to reset all your passwords.
Zer0_
26-06-2023, 02:07 PM
I checked today and found 148 inactive viruses
<b>You have to register to ba able to see this link</b>
Now Everything works fine :) <b>You have to register to ba able to see this link</b>

But Malwarebytes gives a false positive "Malware-AI-3809898543"
on the site "wargods.ro"
<b>You have to register to ba able to see this link</b>
and the program "WarGods Cheat Defender"
<b>You have to register to ba able to see this link</b>
Thanks Tiger
Tiger
26-06-2023, 08:30 PM
Those detections are possible unwanted program (PUP), most likely false-positives.

Advice: Don't use Malwarebytes, even Windows Defender is better than that product...

You are welcome.
Zer0_
26-06-2023, 09:17 PM
I'll only use Kaspersky Internet Security
My appreciation and respect for the help