Iamazn

._.

Theres still a FEW questions that remain. freedompeace says GCA is clean, but I dont think so. Why?
-WHY does GCA put the "one time use files INSIDE the SYSTEM folder? Why not the desktop? The TEMP folder?
-WHY are the files HIDDEN and RANDOMLY named? Why not "GCATemp"?
-WHY are the files STILL in the SYSTEM folder AFTER Combat Arms closes?

Stealez

GCA=Full-fledged keylogger.

Don't be crying you kiddies when your dad/mom yells at you because they have gotten a huge bill on their bank account.

<3

alohadude3

then don't blame me when your comp gets owned by gordon

cobra1973

it is not a gordon hack it is nexon fu cking all of us gordon has been gone for a along time so do not download the hack it is a melwere and nexon put it out there for us to give it to us

BuckingFitch

the safest thing to do is to not download it.
just dont risk it...

freedompeace

I'm keeping an objective view of this; I've been IP banned by GordonCA admins for no reason (No reason specified)

-WHY does GCA put the "one time use files INSIDE the SYSTEM folder? Why not the desktop? The TEMP folder?
Here could be one possible explanation. The TEMP and DESKTOP folders change on each computer, on each operating system. Gordon codes his hack in C++, which does not have the simple "My.Computer.FileSystem.SpecialDirectories.Tem p" function that Visual Basic does. Unlike the TEMP and DESKTOP folders, SYSTEM32 stays the same throughout all 32-bit OS's, the only architecture it was designed and compiled for.

-WHY are the files HIDDEN and RANDOMLY named? Why not "GCATemp"?
Hidden : They're not on mine o.o
Randomly named : That is a common practice to randomly name files, so that you run a much lower risk of returning an exception when copying a file to a directory where that filename already exists.

-WHY are the files STILL in the SYSTEM folder AFTER Combat Arms closes?
When GordonCA, or any DLL of that matter, is injected into a running executable, a new thread is created for that DLL to run. This thread is not separate from the game, it is within the game itself. When you close the game, all threads within Engine.exe are termintated, and therefore the thread is unable to execute any ending processes, like clean up.

Iamazn

1.
-It cant be that hard to find the TEMP/Desktop Folders.
-Couldnt Gordon just find the Folder where GCA is located, and put the randomly named, hidden, suspicious MPH/DLL files there?

2.
-They were hidden on mine
-Why would a file be named GCATemp?
-Just add some error handling.
-Randomly naming a file + making it hidden is very suspicious.

3. Cant counter that

freedompeace

1. Whatever works, and is easiest - he's not being paid for it uch: It would be quite a pain to have to locate those folders yourself...

2.
"They were hidden on mine". Hmmm... Well, whatever. I hide files too
"Why would a file be named GCATemp?" That would mean?
"Just add some error handling." Again, the error handling is a pain in the arse, especially for something free. Copying a new file is ultimately easier.
> What kind of error handling did you have in mind, anyway? Even if you did find that the file already existed, you'd have to hash check it to see if it was the real one, or another identically named file.

3. Yay :3

killerofmen

if you want to see those "hidden files" got to control panel/folder options/view/ an tick the show hidden files and folders , an then those .MPH files will be there for you to see, scan each 1 (if you want to , i did jus cause i was bored) an sure i got "suspicious" an the like from virustotal , but when scan with AVG Pro,Avast and Norton came back all clean (which i KNEW they would) an i talk to gordon every now an then too an he doesnt seem to me to me the type to dupe/scam/hack anyone BUT nexon!!!

Dagga

It is DEFINITELY a virus, we should refrain from releasing it to this forum. I had to install a clean version of Windows 7. Am not sure if its only this effective with Windows 7, but Norton warned me about GCA1.2.7 being a virus. I ignored it. Several hours after, the 'blue screen of death' appeared. I restarted but the problem persisted. After that I reinstalled Windows 7 Ultimate 64-bit. And all was good.

ckw100

Really, I downloaded GCA just to see what it had. I decompiled all of its cintents... it contains NOTHING of a virus. Although.. seemingly... they can't code worth a shit and like to steal from other hacks

combat11

My Virus protection caought something after it got patched o-o

freedompeace

Yes yes yes, we all know how to show hidden files and folders; there are 19,400,000 indexes on Google of how to do that.

The BSOD can be caused by reasons other than the hack.

I highly doubt you did that...

Yet another false positive. Your new antivirus' definitions heuristics detected some part of Gordon's hack as a virus.

ckw100

I really didn't decompile the WHOLE thing... lol I made that a little unclear as it seems I said I did. But I went through the things I could. And really I have no more suspition. but I did "lol" at the things that were in it.

Viper98

It is a little sus as none of the gordan hacks have ever registered as suspicious or as a virus. To Malware /norton and other scans ( i know Norton is a pos).. But eh.. Its not even that big anymore it removed itself off my comp and i had to clean it up after that so. Stuff downloading it again and using it one time then having to clean my whole computer again any thread with the topic of gca 1.2.7 should be Locked or deleted its getting old. and its patched as a i hear anway. Lets just wait till 1.2.8 if its coming out to Prove that its a virus or not?

So your saying that Nexon Hacked Gordons Account on the site and Posted a hack..... Gj...