⭐ goldeneagle1 Posted August 16, 2013 Report Share Posted August 16, 2013 Hi minch, I appreciate your investigation on this. Let's keep the mal*ware out... Thanks. Quote Link to comment Share on other sites More sharing options...
joe11 Posted August 16, 2013 Report Share Posted August 16, 2013 this web request is from the above source code, google says URL in plain text is:http://ninjatrader.dyndns.info/adc4da2c4faf8fbdee50d5515aed38f5/8928b845a0f1bcde32460d2d594a2a50.php this php now redirects to NT support page but its original content is unknown. it could be a receiver before. its IP is 37.113.137.7 from russia. this suspicious patched version dll Oh Jeez, this hack harvests NT license and other info from our computer and ships it somewhere so I suppose later a remote bot master can control and use our computers! Thank you minch for detecting this and I hope the moderators here take a note. It looks like all educated dll posts by moranna has this *bad* code piggybacked. Let's watch for future posts by moranna, but then again moranna can impose as another new user! So we have to be careful with dll files. cs files are definitely better because we can review/read it before loading. Be safe. Open source rules! ⭐ laser1000it, futuretrader and k33 3 Quote Link to comment Share on other sites More sharing options...
⭐ laser1000it Posted August 16, 2013 Report Share Posted August 16, 2013 (edited) Thanks Joe11 for your explanation. BTW how we check this "piggyback" (malicious inside) code ? Do you know any software or right application for detected it? Edited August 16, 2013 by laser1000it Quote Link to comment Share on other sites More sharing options...
yamantaka Posted August 16, 2013 Report Share Posted August 16, 2013 here is clean version: http://www.$endspace.com/file/mwnkyt Link dead; please reup. Quote Link to comment Share on other sites More sharing options...
futuretrader Posted August 16, 2013 Report Share Posted August 16, 2013 Link dead; please reup. http://www.send5pace.com/file/c99hnq yamantaka 1 Quote Link to comment Share on other sites More sharing options...
joe11 Posted August 16, 2013 Report Share Posted August 16, 2013 Thanks Joe11 for your explanation. BTW how we check this "piggyback" (malicious inside) code ? Do you know any software or right application for detected it? Hi laser1000it, thanks. Our esteemed educators here are in a better position to answer this question. I am not a c# programmer, but I can read the code to see obvious items like changing directory, looking for potentially unnecessary files (for the indi to work), etc. Even in this example, I am not able to decode where the info is sent (out to the Internet!). That part is obfuscated/encoded. A programmer can understand/decode it better. In short, it is not easy for a non-programmer to check this, especially in dll. So the source code (cs file) is safer than dll. Some educated dll like this example was actually converted to source code first, but then it was padded with bad code, and re-compiled into dll (to hide the bad code!), ie, this not a *normal* education! If we are able to get the cs out of a dll, then I would just stop the education process there and not recompile it into dll again. On the other hand, if we can't get the cs file out of a dll and we are trying to remove the license check, I think that is when we have a "patched" dll, that removes the procedures of license checking but not converted to a cs file. That is my understanding. The programmers here may correct me if I am all wet with this logic :-) Otherwise hope this makes sense... ⭐ laser1000it 1 Quote Link to comment Share on other sites More sharing options...
yamantaka Posted August 17, 2013 Report Share Posted August 17, 2013 Hi laser1000it, thanks. Our esteemed educators here are in a better position to answer this question. I am not a c# programmer, but I can read the code to see obvious items like changing directory, looking for potentially unnecessary files (for the indi to work), etc. Even in this example, I am not able to decode where the info is sent (out to the Internet!). That part is obfuscated/encoded. A programmer can understand/decode it better. In short, it is not easy for a non-programmer to check this, especially in dll. So the source code (cs file) is safer than dll. Some educated dll like this example was actually converted to source code first, but then it was padded with bad code, and re-compiled into dll (to hide the bad code!), ie, this not a *normal* education! If we are able to get the cs out of a dll, then I would just stop the education process there and not recompile it into dll again. On the other hand, if we can't get the cs file out of a dll and we are trying to remove the license check, I think that is when we have a "patched" dll, that removes the procedures of license checking but not converted to a cs file. That is my understanding. The programmers here may correct me if I am all wet with this logic :-) Otherwise hope this makes sense... I suggest the powers that be at II consider allowing links ONLY to .cs files; to prevent some knucklehead from harming our machines and stealing our identities. Quote Link to comment Share on other sites More sharing options...
minch Posted August 17, 2013 Report Share Posted August 17, 2013 (edited) *********************** Edited November 30, 2013 by minch Quote Link to comment Share on other sites More sharing options...
minch Posted August 17, 2013 Report Share Posted August 17, 2013 (edited) ******************** Edited November 30, 2013 by minch Quote Link to comment Share on other sites More sharing options...
Trading1903 Posted September 11, 2013 Report Share Posted September 11, 2013 It is a BS. So much money .. Quote Link to comment Share on other sites More sharing options...
⭐ goldeneagle1 Posted October 24, 2013 Report Share Posted October 24, 2013 Could someone post the clean files from the momentum strategy, please? Thanks. Quote Link to comment Share on other sites More sharing options...
⭐ santoshv2k Posted October 26, 2013 Report Share Posted October 26, 2013 plz reupload someone.... Quote Link to comment Share on other sites More sharing options...
gogololo_75 Posted July 4, 2014 Report Share Posted July 4, 2014 Any body has indicator and strategies? Thanks Quote Link to comment Share on other sites More sharing options...
lola33 Posted December 19, 2015 Report Share Posted December 19, 2015 can someone reupload thank u Quote Link to comment Share on other sites More sharing options...
Swordfih Posted December 21, 2015 Report Share Posted December 21, 2015 (edited) *** Deleted, corrupted file - contains trojan virus **** Please see Admis post below. Edited December 21, 2015 by Swordfi$h JoeWilson, traderin, ⭐ whinny and 1 other 4 Quote Link to comment Share on other sites More sharing options...
admis Posted December 21, 2015 Report Share Posted December 21, 2015 (edited) Here you go: https://[email protected]/file/y6ljhm Good luck! Don't install it!!! It's TROJAN! (steals your private data) A few times in the past we've talked about it... Edited December 21, 2015 by admis tryitagainmf, sateshchand, ciardim and 6 others 9 Quote Link to comment Share on other sites More sharing options...
Swordfih Posted December 21, 2015 Report Share Posted December 21, 2015 Thanks Admis, I missed that one. My bad. No wonder, this vendor has gone the way of the Dodo bird. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.