Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Zuitana

some f*ckery with login.

Recommended Posts

the link is stupid easy 2 obtain, just click left click the link itself, and select copy link destination.

as 4 the installation, it's literally dumped 2 the default location: the c:/ultima PSOBB. i have not messed aroud with it.

Edited by Zuitana

Share this post


Link to post

and cause of this link below, i can't prove that the id registered does not exist error exists. you wanna know why? cause print screen doesn't actually save a screenshot during login.

https://www.phantasystaronline.net/forum/index.php?/account-management/account-recovery/

why is that you may ask? cause the account was fixed with that link several hours back, meaning i can no longer backtrace the issue. otherwise i would provide evidence on it, just like everything else.

Share this post


Link to post

and cause the launcher was updated, i made a false assumption, and after digging up that link, it buries up the evidence. and before anyone asks, here's the source where i found it.

 

that would have been very helpful 2 know btw, yet nobody pinpointed that issue.

Share this post


Link to post

*sigh* the patch server just doesn't like me anymore. im going 2 check my faithful watchdog, comodo, and turn it off if turns up 2 c if that's causing it or not.

Edited by Zuitana

Share this post


Link to post

well, i went 2 my comodo's firewall settings, and turned it off. then got treated with this message afteword.

http://www.mediafire.com/view/k3odfgoj6la8fdn/you try figuring this shit out..png#

from what i can understand, the files.txt is missing on the update server side, and refuses my connection.

Edited by Zuitana

Share this post


Link to post

or that the distant host name is unable 2 be figured out

Edited by Zuitana

Share this post


Link to post

Well lads,i think i finally figured it out. looks like someone kept messing with comodos auto-contaiment, and used it 2 make a containment procedure that the all applications and set them as malicious, and were 2 be blocked. that would explain why the connections were never allowed, as ephinias client got me 2 my ban message as soon as it was removed. so, i promptly changed the password on the settings, 4 all the good that it will do me.

some interloper keeps accessing my cheap sh*t laptop as either an inbound or outbound connection, using either ip, tcp or udp 2 access it. the rulesets that i put in place 2 detect it's entry was fully wiped as well, which made me do a lot of work setting up a minefield. it wasn't fun. i should be able 2 access the server now, just need 2 test it.

Edited by Zuitana

Share this post


Link to post

Well, after a long and drawn out battle, i finally found the culprit: dasmhost.exe, at 93.5kt (that's the finland version known as kilotavu), and it had asserted complete dominance over the system, and after the battle was over, repeatedly tried messing with my internet, while using a system through an igmp connection, whatever that is, and trying 2 maintain control with multiple scvhost.exe files running. At that point i had enough, and promptly handed comodo an arrest warrant, and dasmhost.exe was promptly arrested, taken into custody, and trialed, which was a show trial, and permanently placed into quarantine, as killing via deletion required permission from trusted installer, despite being a Microsoft Windows service product. Afterword, i was free once again, but my laptops internet no longer functions.

 

Share this post


Link to post

This sounds like an absurdly twisted, in-depth plot to mess with your system that goes very far beyond the original assertions you thought we were responsible for...

  • Dislike 1
  • Dw 1

Share this post


Link to post

Yet, what would i have gain instead of playing on a pso server, which is something i'd rather do?

Share this post


Link to post

The very fact that i was lying, or not trying get Access would be counterproductive at best, and worst would entirely undermine my entire threads existence, extensive details, evidence, analysis, speculation and effort in problem solving. It just wouldn't logically make any sense, unless it was it was a really bad prank. Which it isn't, as im not even that type of person.

Edited by Zuitana

Share this post


Link to post

Oh look, downloading a program that would supposedly fix my dasmhost.exe, smuggled in dasmhost.exe onto laptop after it snuck onboard after being transferred from my phone. And instead of being in system32 folder, whoever tried reasserting control knew that the jig was up, and in desperation tried hiding it in the c:/windows/WinSxS/amd64_micrsoft_windoews-o...(it gets cut off in the search bar afterward, thanks windows 10) was up 2 it's old tricks by inserting an inbound system connection, several scvhost.exe files running and trying 2 access culauncher.exe which is the control at comodo, in order 2 do more damage.

Share this post


Link to post

After cutting lose it's remaining life lines of the infected dasmhost.exe after i read online on how 2 dispose of it, and it once again in last ditch effort cuts my internet access upon realizing that im updating Windows. Fortunately, 1 update got past the download phase and is trying 2 install itself. I will keep you guys posted on the situation as it continues developing.

Share this post


Link to post

And since whoever was responisble knew that there is absolutely nothing more it can do, it had significantly slowed down my cheap shit laptop, and tries hiding the folder in winsys where it's hidden, so that comodo can't quarantine it again. And now when trying 2 be deleted, it pretends 2 need that requires admin priviledges, of SYSTEM despite me being the admin with no other users present.

Edited by Zuitana

Share this post


Link to post

And after finally gaining access 2 task manager i was greeted by a windowskeskeytys process translating as windowsprevention using up 100% of the processor. Big surpise there. It almost immediately went down significantly and 2 2.3% and keeps bouncing around task manager, in order 2 prevent itself from being shutdown. System was also there, operating ntosknl, which when attempting deletion requires our old friend, yup! You guessed it, TrustedInstaller.

When looking at other suspect files, i noticed 3 com surrogates running from dllhost. Upon deletion? TrustedInstaller.

Share this post


Link to post
Guest
This topic is now closed to further replies.
×
×
  • Create New...