[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
I'm freaking the fuck out right now.
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 49
Thread images: 5
File: help.png (38 KB, 1042x675) Image search: [iqdb] [SauceNao] [Google]
help.png
38 KB, 1042x675
I'm freaking the fuck out right now.

What the fuck is this
>>
>>52223725
don't worry about it, it's just some random remnant of a chinese botnet
delete it and forget about it
>>
Ask Rockstar. It's made even on legit GTA5 installs.
>>
>>52223725
some program probably passed a chararray to CreateFile without a terminating null and garbage on the stack/heap outside of the intended buffer got interpreted as UTF-16.

its probably nothing. very rarely does the existence of chinese characters actually indicate the existence of chinese hackers or anything like that. most times, binary garbage getting coverted to a character set end up displaying as chinese characters because there are so goddamn many and they are all larger values.
>>
>>52223725
maybe it is "random" data that the computer interpreted as symbols.
>>
>>52223755
It just happens to be a certain range of UTF-16 that contains a single language writing system

k
>>
google translate it!
>>
File: Capture.png (12 KB, 637x284) Image search: [iqdb] [SauceNao] [Google]
Capture.png
12 KB, 637x284
>>52223781
>>
>>52223809
what the fuck
>>
>>52223809
wow, your computer is racist

how would you feel if your computer couldn't display the letter A ?
>>
>>52223773
its such a huge range that its pretty common. have you ever noticed that very often when you look at non character buffers as utf-16/unicode (via "du [addr]" in windbg or the like) ? This is that same thing. I've seen that many times in the 15+ years I've been writing native code. For the last 10 years of doing malware analysis, I've never seen a piece of malware put down files using the authors system encoding. I'm not saying it couldn't happen, but I've never seen it.
>>
>>52223875
yeah, you are correct
I live in a utf-8 world, so I never see this type of thing.

I told vim to use utf-16 and opened up ls
It was all moon runes
>>
whatever it is it's not working right because it put it's shit in %homepath%\appdata instead of local, locallow, or roaming. the registry ties all of these directories together, if something is storing it's shit in appdata it will have to be in roaming, local, or locallow. most shitware stores its things/itself in roaming.

just out of curiosity it has 1Kb worth of whatever, open it with notepad. lets see it.
>>
>>52224011
indeed, not an issue with utf-8. whatever is making that file may have some interesting memory corruption bugs, if thats something you're interested in. Never know, might get lucky and find an RCE bug. Stuff like this is a pretty clear indicator that whoever wrote that code was less than meticulous.
>>
File: 1451332766405.jpg (47 KB, 1024x576) Image search: [iqdb] [SauceNao] [Google]
1451332766405.jpg
47 KB, 1024x576
>>52223725
upload to virustotal and provide link OP
>>
>>52224055
it was probably trying to put something into Local, but then the buffer got corrupted/overwritten.

also
> notepad
get a hex editor
>>
>>52223809
Uh oh, Tong lao that nigga you seriously dont wanna fuck wid, better toss that comp in the river and move states tbqh
>>
>>52224123
Kekd
>>
>>52224114
https://www.virustotal.com/en/file/2fa44a9c00eb8947b5ba2dc617ccfb8e1cb0868c20356f97e0607ee736fdd302/analysis/1451886488/
>>
>>52223725
https://support.rockstargames.com/hc/communities/public/questions/203450847-GTA-V-PC-not-launching-no-error-with-an-additional-piece-of-data-?locale=zh-tw
>>
>>52224197

I took a look at the file and it doesn't look like anything malicious. It doesn't decompile into anything either on ODA.

It's pretty random looking without any NULL's so it could be encrypted PII that was stolen.
>>
>>52224321
>It's pretty random looking without any NULL's so it could be encrypted PII that was stolen.

It could also be the meaning of life encrypted by that logic
>>
>>52223725
Probably related to Tencent or Sogu. Just a stupid trace. Check for adware though.
>>
>>52223725
Welcome to the botnet you fucking cunt.
>>
>>52223749
This, it's gta v
>>
You should kill yourself if you can't read Chinese.
>>
>>52224801
> tencent or sogu
> trying this hard to sound cool on the internet

Neither of those pieces of malware are remotely related to this problem. Especially considering OP is having the exact problem described by the GTA help forum article.

Also, the fact that a piece of code was compiled on a computer with its locale set to some chinese locale would somehow make it spit out shit in chinese filenames is a total amateur assumption. Its just not how it works. The author would have needed to hardcode or derive those characters specifically, and while the sogu and tencent authors aren't exactly the best of the bunch, they aren't retarded.
>>
>>52224767
right...it could be anything encrypted.
>>
It's from one of the crack by 3DM for GTA5 bruh
Got it as well
>>
>>52224938
Or, more likely, its just a bunch of fucking junk.
>>
>>52224965
If it was put there on purpose, then it's more likely that it's something we don't have enough information to interpret or to decrypt.

If it was dropped as the result of a programming error then that would be a different story.
>>
>>52223725
B O T N E T
O
T
N
E
T
>>
>>52225015
Considering the fact that the filename is that which is caused by a common programming error, I'm going with probably nothing, because in the majority of cases thats what it is. But, how would we have security theater if we didn't just jump to the "could be encrypted PII" conclusion first. Most of the files on the computer don't have encrypted personally identifiable information in them and up to this point there is no reason to indicate that this file is any different.
>>
>>52223725
See: >>52223983
>>
#notallchinese
>>
>>52223875
How would you know what the authors system encoding is?
>>
if you've ever installed gta 5

that's what happens
>>
>>52223875
ZeroAccess is back. Good luck.
>>
File: 1447725675207.jpg (64 KB, 540x516) Image search: [iqdb] [SauceNao] [Google]
1447725675207.jpg
64 KB, 540x516
>>52225066
>>52225066

occam's razor is no fun I want to theorize worst case here :^)
>>
>>52224114
Do you have a link to that event?
>>
>>52225201

https://media.ccc.de/b/congress/2015

recordings
>>
>>52223725
>hurdur its chingchong must be botnet lol
>>
>>52225215
thanks, appreciate it
>>
>>52223809
Try Japanese.
>>
File: 1451758746689.jpg (87 KB, 1076x743) Image search: [iqdb] [SauceNao] [Google]
1451758746689.jpg
87 KB, 1076x743
It's definately GTA V, I've got it on my install too.

Also my autism can't handle it, install Windows 7.
>>
*sigh*

It's from GTAV. This has been known for over a goddamn year now. It's a fix to displaying Chinese characters online. Works great, but it's not the most elegant of solutions.

With that figured out, calm your saggy man-tits. Not everything is because of a virus.
>>
>>52224918
Tencent is an advertising company...
>>
>>52225231
it's not Japanese
>>
>>52224918
I actually know what the fuck I'm talking about. P.s. Hi baidu
Thread replies: 49
Thread images: 5
Thread DB ID: 367405



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.