Internet travel guide - all the fun on the web. Checking cleo files for stealers How to check cleo files on a stealer

The scanner includes such modules as:
- YARA signature engine (thanks to the Virustotal team of programmers for such a powerful tool),
- script engine from Andreas Johnson (AngelScript), speed, ease of embedding and beauty of such scripts in one project. It is thanks to him that you can open cryptors for CLEO quickly and technically.
- an emulator of SCM code, it is able to spin up CLEO cryptors quite well (from me)

Features of the program:
- Quite a large base of stealers, which has been growing since about 2014. We collected not a small part of malicious mods from several large and not very large sites.
- Ability to scan folders and files by dragging and dropping into the program window.
- Displaying brief information about the malicious program (type, developer nickname and in old versions of distributor databases)
- Scanning asi, dll, cleo, sf, cs and other potentially dangerous files.
- Detection of malicious code in files with a changed extension, for example, not so long ago there was a fashion to rename stealers into txd files and load them into the game using a loader.
- Unpacking encrypted CLEO scripts and subsequent scanning (it should be noted that decrypts only known cryptors and those that came across to us, but this fact is easy to fix, just write to us by mail and send the file). You can find the source of the latter when scanning the unpacked script in the temp \ decrypt.cs file.
- Emulation of SCM code on the fly and script decryption followed by checking for malicious code. (If malicious code is found, see the dump in temp \ decrypt.cs)
- Friendly and intuitive program interface.
- High scanning speed when checking a large number of files.
- Built-in viewing of the found file in text and hex modes

Particularly Important Point! Read to everyone, so as not to ask stupid questions.
The scanner is designed only for checking game modifications unpacked from the archive, in any other case it is useless!
He also NOT intended for installers and auto-installers, msi, exe packages, pif, mmbak, com, scr, vbs, bat, cmd, js and other potentially dangerous files not found in game mods, there are antiviruses for these files!
Also Do NOT scan the entire system, it's useless and doesn't make sense. This scanner is mod tested and is for mods only. You can scan the folder with the game, but here you need to understand that the game has files that can access the Internet and be ready to see them in the scanner window.

I would like to warn you right away that this program will not protect your accounts 100%, like any other antivirus or scanner. When they write 100% protection on the cover of the antivirus, for me this is already a signal to remove the antivirus from the disk. But this scanner will be able to speed up the check for already known stealers and will help you not to fall for the bait of inexperienced distributors.
The best antivirus is your head and decisions - download or not download. Download mods only from trusted sites and where they monitor the security of the archive.


The author of the program is not responsible for your decisions and possible stealers missed by the scanner.

Some program conventions:

Attention! A file has been found that can establish an Internet connection, you should think about it before putting it into the game. But it can also be script auto-update. It is also possible for the URL to be present in the file. It all depends on your ability to check files by hand.

Found the CLEO styler, the file was unpacked and you can take a look at the source.

The scanner tried to unpack the script, it may not work, or the malicious code was not found. See the source in the temp folder. Make sure the file is not encrypted. Here you need to check the script by hand.

Found CLEO stealer in open form.

Found a file that downloads malware onto your computer

Found a stealer from a well-known project

Protection found, the file may pose a threat. Here you have to rely on the honesty and reputation of the author. Ask the author why the file was encrypted (protected), and then think for yourself about the adequacy of the answer. This file may very well be dangerous.

Perhaps the file is locked by another application, or the file is of zero size

I do not recommend putting such files into the game. Anything can be expected here. This is a merging of several files into one. Among these files, there may well be a stealer or other malware. Don't trust glues. You can make sure that the gluing is safe only by disassembling it in files and checking each file separately.

This plugin blocks dangerous functions in scripts and other mods.
If you have this plugin installed in the game, then the mods will not be able to send web requests to third-party servers, which means that your sump password will not fall into the wrong hands, even if you accidentally installed the stealer into the game. Also, the plugin keeps a detailed log of all suspicious events in the game. Important. The plugin is constantly updated, stay tuned.
p.s: don't forget to thank the author for the plugin;)

Thanks to everyone who helped us.
Special thanks to Gedwadion, DarkP1xel. These are cool guys who have a future in IT security.

Authors:
smalloff - development, project support
andre500 - testing, project support
Authors' sites (official sources): Gamemodding.net, Libertycity.ru
Mail: [email protected]
Download program:
To treat the developer of the program with a beer (thanks in advance): Yandex unfiltered

(Attention! Support for the public project has been completely discontinued.)

Welcome! This blog is about the Internet and computers, or rather it was dedicated to them.

Probably, it is immediately clear that no new articles have appeared on the site for many years. Yes, that's the fate of most blogs. This project was once an ambitious undertaking, and the author, like many others who wrote at the time, had ambitious plans to become one of the best Russian bloggers. Well, if you look now, then of those blogs that were created simultaneously with mine, most have already disappeared into eternity. And I just didn't have enough time to blog. So yes, it is not being updated anymore. Although once we with this site won the competition "Blog of Runet 2011".

I even had the idea to delete all this, but then I revised the old materials, and realized that they can still be useful to readers. Yes, some articles are outdated (if I have enough strength, they will receive appropriate notes), but the site, for example, can be useful for beginners - here you can read about the basic concepts of the Internet, learn how to configure the Internet, Windows, or even decide to switch to Linux. So look at the rubrics and choose the one that's right for you.

And yet, I hope this is more than just a blog, but a real guide to the Internet. The site can be viewed in the directory mode, where all available articles are structured by category. And who knows, maybe one day new high-quality articles will start appearing here.

Sander

Picodi.ru is a discount portal from International Coupons, a Polish expert in savings and cheap shopping. Poles are considered one of the most economical nations in the world, so it is not surprising that this type of project grew out of the Polish startup kodyrabatowe.pl. How can this portal be useful to an ordinary Internet user in Russia?

Modern android phones are more than phones. You get used to the set of installed programs, the history of your calls and text messages, the collection of photos, and much more. But time passes, and the device that suits you completely begins to slow down, glitch, or simply loses its presentable appearance due to chips on the case or scratches on the screen. The question arises of choosing a new phone and changing the android phone. And if we now bypass the question of choice, then "moving" to a new phone remains a serious problem - we absolutely do not want to start all the data from scratch. This is what we are going to talk about today.

Most of the readers of this blog, most likely, have never encountered version control systems and will not come across any in the near future. It's a pity. This extremely convenient invention is widely used by programmers, but, in my opinion, it could be very useful for those who actively work with texts. But, probably, now there is not a single version control system that would be easy to start using for "office" (Microsoft Office) work. Nevertheless, I think that the material presented in the article may be interesting for all readers.

If you have thought about how to watch movies on the network from your TV and go online, this article is for you. No, I know that some TVs already have Smart TV functionality, but I have never seen it work properly. Apparently, therefore, recently the Google corporation demonstrated an absolutely stunning device, which immediately became a sensation. We're talking about the Chromecast media streamer (Chromecast), a more advanced and affordable version of last year's disastrous Nexus Q.

The Chromcast Dongle, which is less than 2 inches in size, connects to your TV's HDMI port and lets you enjoy streaming web content. To control the streamer, you can use any device (tablet, PC, smartphone) based on the operating platform iOS, Windows, Android or Mac OS.

This article is devoted to the device of the android system memory, the problems that may arise due to its lack and how to solve them. Not so long ago, I myself was faced with the fact that my android phone began to regularly give out messages about insufficient memory when trying to install an application. Which was very strange for me, given that according to the description on the market there should have been about 16GB, and I also increased this volume with an additional memory card. However, there was a problem, and I had to tinker a lot before I found the right solution, which did not require root access or completely restore the phone to its factory state.

AVPGameProtect is a program that helps you find malicious files in game modifications. The main feature of the program over other anti-stealers is the possibility of mass scanning, that is, you can scan absolutely any files and in any number of them, you just need to transfer the necessary files or a folder with files to the program window and wait for the scan results.

Features of the program:
- Large base of stealers, which has been maintained since 2014.
- Scanning asi, dll, cleo, sf, cs and other potentially dangerous files.
- High speed of work when checking a large number of files.
- Displaying information about the stealer in the program window (stealer type or developer nickname).
- Built-in viewing of found files in text and hex modes.
- Search for functionality for interacting with the Internet, or downloading files.
- Checking CLEO scripts for the presence of a stealer (not all, only with cryptors known to the program). The decrypted script will appear in the temp folder, in the root folder of the program under the name decrypt.cs
- FuncCrypt decrypt from SR_Team and many others.
- Continuous support of the program.

The scanner is not designed to check installers and game assemblies, or to scan a full PC. To scan, you need to extract the folder or files from the archive and drag them into the program.

It is also worth noting that the program does not protect users 100%. Like any other anti-stealer, it is intended only to identify the stealers known to it, and the further decision to use this or that mod lies directly with you and the author is not responsible for YOUR decisions. The program will be constantly updated.

Some program conventions:
InetLoader- Attention! Found a file that can establish an Internet connection, you should think before downloading. But it can also be script auto-update.
CLEO_Stealer - Found the CLEO stealer, the file was unpacked and you can look at the source.
CLEO_Crypter - The scanner tried to unpack the script, it may not work, or the malicious code was not found. See the source in the temp folder.
CLEO_Stealer- Found CLEO stealer in open form.
Downloader_stealer- Found a file that downloads malware onto your computer
Stealers_ru- Found a stealer from a well-known project
Danger_VMProtect- Found protection, file may pose a threat
Failed to scan - Perhaps the file is locked by another application, or the file is of zero size
JoinFiles- The scanner found several files glued into one. Among these files, there may well be a stealer or other malware.

How not to run into a stealer ?!

A styler is a script that is installed by copying a file with malicious code to the GTA folder. After installation, each time you enter the game server, it will read all the data entered in dialogs (pin codes, password, secret keys, data) and send them to the attacker. Thus, by simply installing the script in the GTA folder, when you enter the correct data into the dialog, you can lose all your game accounts.

At the moment, cases of theft of game accounts on various Samp servers have become more frequent. Most often, these are servers with the Role play mode, since the game currency has its own value. Attackers make money out of your stupidity. In this article I will show you the methods that I know. Do you know the people who make these stealers live by this principle "Don't eat, you won't live."

Basic tips:

1. Always use all methods of protecting the account provided to you by the administration of the project on which you play. (Graphic pin-code, SMS binding, etc. It all depends on the functionality of the server).
2. Use a password of maximum length and complexity.
3. Do not log into the server with a password that you use on others.
4. Do not give your account information to a person in whom you are not 100% sure.
5. I do not advise you to use various custom mods in the game. They may contain an encrypted virus (Stiller). Stiller (from English to steal, to steal) is a certain class of Trojans (malware, viruses - whatever you want), the functionality of which consists entirely of stealing passwords stored in the system and sending them to the "author"
After you have installed the mod with the stealer, when you enter the game, you will enter the password and it will successfully pass into the hands of the thief. Most often sewn into mods such as (Hood, graphical customization and Asi plugin).
6. Use an antivirus! It does not allow you to send your saved mail or account to infected sites (protection against grabbers and stealers (exe)).
7. Administration of SA: MP servers does not restore hacked accounts and does not return money that was lost and will never ask for your account passwords.

The first way.

And so the first way is 100% effective !!!
If you do not download various mods, cleo scripts, hoods, cheats, then you will not have ANY problems and ANY stealers!

Checking through the website:

The first method will protect against all hacks, but this is not suitable for everyone.
And so the second method is suitable for those who download scripts, various mods, hoods, cheats, and so on. Therefore, I have a way out for you, but it will not protect 100%! Here we will be helped by a site that checks files for various scripts, here. By visiting the site you can read "

The newest versions of stealers may have .txd .dff .png .dat formats. But they are connected in .asi .cs .sf plugins and will not work without connection. Therefore, check all plugins and scripts with our checker. If you have hidden files in GTA, delete them.

"Are you a ram or something? Get out of here! I've been playing in SA: MP for 5 years and I know that stealers are only in mods or cleo formats!"

No guys, as we can see even in a simple picture, weapons.png let's say I know, maybe a stealer! We always check any mod, how would you even trust someone. And so, when we check the file for the stealer, if it pops up

Search results information:

Styler not found:

During the scan of the file, no malicious code or anything suspicious was found. This means you don't have to worry about your account, our checker uses all possible methods to detect malicious code in scripts.

Features of the program:
- Quite a large base of stealers, which has been growing since about 2014. We collected not a small part of malicious mods from several large and not very large sites. Special thanks to the Gtavicecity.ru website for the provided samples.
- Ability to scan folders and files by dragging and dropping into the program window.
- Displaying brief information about the malicious program (type, developer nickname and in old versions of distributor databases)
- Scanning asi, dll, cleo, sf, cs and other potentially dangerous files.
- Detection of malicious code in files with a changed extension, for example, not so long ago there was a fashion to rename stealers into txd files and load them into the game using a loader.
- Unpacking encrypted CLEO scripts and subsequent scanning (it should be noted that decrypts only known cryptors and those that came across to us, but this fact is easy to fix, just write to us by mail and send the file). You can find the source of the latter when scanning the unpacked script in the temp \ decrypt.cs file.
- Emulation of SCM code on the fly and script decryption followed by checking for malicious code. (If malicious code is found, see the dump in temp \ decrypt.cs)
- Friendly and intuitive program interface.
- Quite a simple concept of the program, which means it is easy and frequently updated.
- High scanning speed when checking a large number of files.
- Built-in viewing of the found file in text and hex modes

The scanner is intended only for checking game modifications unpacked from the archive, in any other case it is useless.
Also it is NOT intended for installers and auto-installers.

ATTENTION!!!
I would like to warn you right away that this program will not protect your accounts 100%, like any other antivirus or scanner. When they write 100% protection on the cover of the antivirus, for me this is already a signal to remove the antivirus from the disk. But this scanner will be able to speed up the check for already known stealers and will help you not to fall for the bait of inexperienced distributors.
The best antivirus is your head and decisions - download or not download. Download mods only from trusted sites and where they monitor the security of the archive.

Some program conventions:

IN DEVELOPING

HttpAnalyzer is a network traffic analyzer. If you were looking for a functional tool whose purpose is to monitor HTTP and HTTPS traffic in real time, then I think you should like this program, this is a kind of sniffer that can clearly display all the necessary information about connections!

In general, HTTP Analyzer can do a lot of things, I think you can read in more detail on the official website, I wrote the main idea.