Game Killer

**freedompeace** · 01-15-2010, 06:32 AM

I'm keeping an objective view of this; I've been IP banned by GordonCA admins for no reason (No reason specified)

Ever since the inception of GordonCA's hacks, there have been claims that it was a virus, and others that do not. This continues with Gordon's latest release.... Anyway, I'll stop this wall of text and get to the point.

So far, the evidence against Gordon:
1. Dropping suspicious randomly named files into %systemroot%\system32;
- > 1.2.6 : *.MPH (case-sensitive);
- > 1.2.7 : *.dll (case-sensitive);
2. MalwareBytes' Anti-Malware scans showing those files as "Trojan.Downloader"s; and
3. Online virus scans of the executable as being "Heur", "Packed", or "Elorado!".

This is not, and has never been enough evidence to accuse a program as a virus, especially one that was intended for exploiting other programs (namely, Combat Arms).

Upon testing, I have found that GordonCA v1.2.7 and below are in fact CLEAN. Those *.MPH and *.dll files are used once by the Gordon loader or a Gordon-originated thread with Combat Arms. After that, the file is no longer used. No references the file are made on the Windows registry, startup paths; no new programs references are added to the Windows registry, startup paths, scheduled tasks, or, even execute afterwards. Those suspicious looking files are one-time-use files intended for the proper operation of the hack.

The positive virus scans are simply false positives. I can code a simple do-nothing "ExitMe.dll" and have it flagged by 21 of 40 antiviruses as positive, while in reality, does NOTHING. (Scans thanks to VirusTotal)

In other words, GordonCA 1.2.7 is SAFE. There is no harm in using it.

Merry Hacking,
freedompeace

littlejoel · 01-15-2010, 06:35 AM

is gordon 1.27 for combat arms na or eu??

mikurej95 · 01-15-2010, 07:57 AM

too bad its patched now

leethacker · 01-15-2010, 08:18 AM

Go to the Combat Arms Europe section to find out.

blaiminator · 01-15-2010, 10:01 AM

You Guys Are Dumb ! You HAve Wait So Long To Learn Something Everyone Knew ... And Now they Are Patched So Lol ...

That Is Called A Fail...

Sorry...

Bewbs4free ( Here Blaiminator )

Eclipse · 01-15-2010, 10:30 AM

When I used 1.2.6, I never once got a mysterious .mph file.

And many people have decompiled it and looked at the coding and said it was clean.

and I doubt that it is patched..... just currently blocked.

"MalwareBytes' Anti-Malware scans showing those files as "Trojan.Downloader"s"
I took a .Mp3, changed the hex, and changed the filetype to .dll and malaware called it a suspicious file. lol

FP. mebe there shuld be a poll?

Atonement · 01-15-2010, 01:03 PM

thats some impressive researching and deduction going on there
props

Iamazn · 01-15-2010, 01:51 PM

-Then why did GCA need to put the files into the System folder?
-Why not the Temp folder?
-Or the desktop?
-Why the random names? Why not "GCA-Temp.MPH"?
-Why were they hidden?
-Why did MalwareBytes detect it as Malware? MalwareBytes usually never detects false positives. (usually)
-GCA 1.2.7 changes its "title" into random names. Those random names match the randomly named .MPH/.DLL files inside the System folders.

mocsubzero · 01-16-2010, 07:27 AM

Originally Posted by Iamazn

-Then why did GCA need to put the files into the System folder?
-Why not the Temp folder?
-Or the desktop?
-Why the random names? Why not "GCA-Temp.MPH"?
-Why were they hidden?
-Why did MalwareBytes detect it as Malware? MalwareBytes usually never detects false positives. (usually)
-GCA 1.2.7 changes its "title" into random names. Those random names match the randomly named .MPH/.DLL files inside the System folders.

U have a good point but some of us dont even care (not including me i dont like viruses o_o) some of these people wanna hack and would even have a virus on their pc for it :yipi::no:

alohadude3 · 01-16-2010, 07:47 AM

I believe it's a virus, also if you download this he can have access to your computer

M4st3rH4ck3r · 01-16-2010, 11:20 AM

Nobody listened when I said there safe....thanks someone smart. @Oloha: you got to be retarded to actually think Gordon can access your PC while using his hacks. It's safe trust me, nothing has happened to all the people that downloaded all his hacks since his like first release including me.

Airwaves · 01-16-2010, 11:25 AM

Thanks for the helpful post, 1.2.7 still works for me sometimes.

zersteren · 01-16-2010, 11:27 AM

i got windows 7 ultimate and i used both and never got any of those files placed from that program. Even though alot of the av's say its some sort of malware or virus, still ok enough to use i believe. Just don't know about vista or xp lol.

anicolon · 01-16-2010, 11:54 AM

i used gordon 1.2.7 and i got a account banned so now i use catalyst-hax it is better

piemix · 01-16-2010, 12:54 PM

Originally Posted by alohadude3

I believe it's a virus, also if you download this he can have access to your computer

LOL, keep dreaming dude... the file would have to be ALOT bigger for him to have access to your computer. You have no idea how he codes his hacks, AND u have no idea how to code anything.. if u think he can access ur computer with his hack that he runs off of his website ur retarded

Game Killer

GordonCA - virus or not?

GordonCA - virus or not?