Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Flung trainer...HELP!!!!!!!!!!!!!!

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
j0shua1302
How do I cheat?
Reputation: 0

Joined: 17 Jul 2014
Posts: 1

PostPosted: Thu Jul 17, 2014 10:35 am    Post subject: Flung trainer...HELP!!!!!!!!!!!!!! Reply with quote

I have been using Flung trainer for like 4 months for all kinds of games like Dead Space 3 , FIFA 14 , Dark Souls 2

2 days ago I started playing DMC 5 and the trainer for that game worked well...but yesterday it suddenly stopped @@...

I thought something was wrong with the trainer or the game so I tried to fix it but then I realized all the Fling trainer for all the games had stopped...

Now I think maybe the problem comes from my PC but I just dont know what it is...

Can someone please help me
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Thu Jul 17, 2014 11:25 am    Post subject: Reply with quote

I have a question for you

What in the fuck has this to do with CE ?

Anything Cheat Engine related, bugs, suggestions, helping others, etc..


And go ask FLING why their trainer is not working, does this look like a place where support for other trainer makers that have zilch to do with CE is provided ?

If we are going down this road, i have a question of mine that i hope someone can help me with.

I have been using devious trainers for decades, now all of a sudden yesterday it stopped working and caused my PC to fry...i think my PC was smoking because there was smoke coming out of it. I didn't think much of it but now the trainer won't work.

I thought something was wrong with the trainer or the game so I tried to fix it - i have no idea how i tried to fix but then I realized all the devious trainer for all the games had stopped...

Now I think maybe the problem comes from my PC but I just dont know what it is...

Can someone please help me

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 111

Joined: 05 Feb 2010
Posts: 5636

PostPosted: Thu Jul 17, 2014 1:13 pm    Post subject: Reply with quote

Just report it. But it's not like I didn't notice it anyway.
_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jul 17, 2014 2:05 pm    Post subject: Reply with quote

perhaps their trainers come with a remote admin tool which takes over your system while you use it. (e.g stealing your passwords, reading your mail, sending people in your address book trojans, infecting .exe's with viruses, etc...)
and perhaps the server it connects to has been shut down by the authorities, causing the trainer to fail gathering the data it needs

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Xblade Of Heaven
Master Cheater
Reputation: 0

Joined: 16 Oct 2005
Posts: 394
Location: DEAD

PostPosted: Thu Jul 17, 2014 2:11 pm    Post subject: Reply with quote

this is just cheap publicity to that person ...
_________________
Welcome to the Hell.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Jul 17, 2014 2:16 pm    Post subject: Reply with quote

yeah, it's likely a trojan that's failing in calling home

Edit: it's confirmed. Their trainers are trojans

atom0s wrote:
His trainer executables are unpackers. They extract a packed trainer from within its own resources.

On load, it obtains the AppData folder via:
Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);

Then extracts the trainer via:
mMain.SaveIt(ref obj, folderPath + "\\Trainer.exe");

Afterward it creates the Trainer process. There are two processes it extracts:
Trainer.exe = mT (resource file)
MemoryStr.exe = mM (resource file)

Trainer.exe - mT
Looks to be a non-packed, non-managed executable. Compiled with Visual Studio 2010 from the look of it. The file does appear to be an actual trainer. No malicious strings from the look of it. Has signature scanning functionality within it.

Code:
011B02A4  |. FF15 4C101E01  CALL DWORD PTR DS:[<&KERNEL32.VirtualAll>;  kernel32.VirtualAllocEx
011B02AA  |> 6A 38          PUSH 0x38                                ; /Arg2 = 00000038
011B02AC  |. 68 A45F1E01    PUSH mt.011E5FA4                         ; |Arg1 = 011E5FA4 ASCII "F3 0F 10 46 50 F3 0F 10 4E 54 F3 0F 10 56 58 F3 0F 58 84"
011B02B1  |. 8D4F 2C        LEA ECX,DWORD PTR DS:[EDI+0x2C]          ; |
011B02B4  |. 8947 04        MOV DWORD PTR DS:[EDI+0x4],EAX           ; |
011B02B7  |. E8 6478FFFF    CALL mt.011A7B20                         ; \mt.011A7B20
011B02BC  |. 6A 0E          PUSH 0xE                                 ; /Arg2 = 0000000E
011B02BE  |. 68 E05F1E01    PUSH mt.011E5FE0                         ; |Arg1 = 011E5FE0 ASCII "F3 0F 10 46 50"
011B02C3  |. 8D4F 48        LEA ECX,DWORD PTR DS:[EDI+0x48]          ; |
011B02C6  |. E8 5578FFFF    CALL mt.011A7B20                         ; \mt.011A7B20
011B02CB  |. 68 EB010000    PUSH 0x1EB                               ; /Arg2 = 000001EB
011B02D0  |. 8D77 64        LEA ESI,DWORD PTR DS:[EDI+0x64]          ; |
011B02D3  |. 68 F05F1E01    PUSH mt.011E5FF0                         ; |Arg1 = 011E5FF0 ASCII "39 35 00 05 C5 05 0F 84 93 00 00 00 39 35 00 05 C6 05 0F 85 68 00 00 00 83 3D 00 01 CB 05 01 75 0C D9 86 60 0A 00 00 D9 9E 5C 0A 00 00 83 3D 04 01 CB 05 01 75 14 52 8B 96 64 0A 00 00 D9 82 F4 00 00 00 D9 9A F0 00 00 00 5"...
011B02D8  |. 8BCE           MOV ECX,ESI                              ; |
011B02DA  |. E8 4178FFFF    CALL mt.011A7B20                         ; \mt.011A7B20
011B02DF  |. 6A 05          PUSH 0x5                                 ; /Arg2 = 00000005
011B02E1  |. 68 DC611E01    PUSH mt.011E61DC                         ; |Arg1 = 011E61DC ASCII "iComp"
011B02E6  |. 8D4D D4        LEA ECX,DWORD PTR SS:[EBP-0x2C]          ; |
011B02E9  |. C745 E8 0F0000>MOV DWORD PTR SS:[EBP-0x18],0xF          ; |
011B02F0  |. 895D E4        MOV DWORD PTR SS:[EBP-0x1C],EBX          ; |
011B02F3  |. 885D D4        MOV BYTE PTR SS:[EBP-0x2C],BL            ; |
011B02F6  |. E8 2578FFFF    CALL mt.011A7B20                         ; \mt.011A7B20


MemoryStr.exe - mM
File is another executable. This time this one is managed, and obfuscated. A main namespace that did not get obfuscated it named 'Bot_Downloader', so it does appear to be a downloader / file dropper at first glance.

File is obfuscated with CryptoObfuscator.

The file after being unpacked, can be found to do the following:
- Connects to: http://trainersmasterdot tk/api/ and downloads the base64 string.
- Decodes the base64 string with some minor encryption using the key: DerLo (uses the MD5 of this string)
- The decoded address is a download url for another executable named WMIClient.exe
- The downloaded file is from: http://exa-man.site90.net/MyDB.db
- The file is stored from where the original trainer launched, again as WMIClient.exe
- The file is the executed immediately after downloading.


WMIClient.exe / MyDB.db
- File is also an executable.
- File is managed written in VB.NET also obfuscated with CryptoObfuscator.
- File contains 3 more binaries in its resources (m32bit, m64bit, mDll)
- File is most definitely a trojan.

This file attempts to download more junk, which I didn't bother looking into after seeing what this file alone does. It is certainly a virus.

The file attempts to locate various registry information about your system to locate and determine any anti-virus running on your system.
It scans for:
- NOD32, AVG, Avira, AhnLab-v3, BitDefender, ByteHero, ClamAV, F-Prot, F-Secure, GData, and about 50 more known virus scanners.

It adds itself to your systems registry to ensure that it runs on startup of your machine.
It creates several more executables/binaries onto the disk:
- WMIService.exe
- pthreadGC2.dll
- wimihost.exe
- u-host.exe

It attempts to access info on your processor via:
- HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\ProcessorNameString

It attempts to access more downloadable files and junk:
Code:
      public const string string_1 = "http://exa-techo.faster-host.cz.cc/API/";
      public static string string_2 = "stratum+tcp://pool.xhash.net:3355";
      public static string string_3 = "X11";



It attempts to upload your system information to:
Code:
http://exa-techo.faster-host.cz.cc/API/


Including the following info:
- Your personal id.
- Your version of his software.
- Your processor type / info.
- Your system type (32bit/64bit)
- Your antivirus software.

The resource files it stores are not managed. They are a console based bitcoin miner.


Conclusion

His trainers are trojans to install bitcoin miner software onto the systems of the people that use his junk so he can freely profit off the users with them knowing assuming their anti-virus does not catch any of this happening.

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites