ReekingArchvile
Adept
Thought id share this 
Just wanted to let you guys know to avoid any and all files from str!d3er(srtider) and TEAM XPLOSiON .
Str1d3r/TEAM XPLOSiON have just today alone uploaded on mininova/h33t, "their" windows 7 activator, that are infected.
Twice within 12 hours.
To add a little more background on str1der/TEAM XPLOSiON:
Created a "patch"/rearm and uploaded to the world and claimed they made it themselves. It was revealed that the patch/rearm actually housed Orbit30's rearm. When confronted, admitted they used Orbit's file but still insisted he/they created it themselves. Conflicting response.
And now they are uploading infected files.
Do yourself and everyone else a favor and DO NOT USE Str1der/TEAM XPLOSiON files.
---------------------------------------------
News on the infection:
Quote:
A trojan named Troj/Qhost-AC, has been spotted on torrent sites labeled as a keygen for popular software. But in a strange surprise, the trojan would modify the users host file, rather than generating a key, changing popular torrent web sites like, The Pirate Bay, Suprbay (The Pirate Bay forum) and Mininova, the two most popular torrent sites on the internet to 127.0.0.1, making it impossible to visit these sites.
The Trojan caused pop-ups on users screens and played a sound file saying "downloading is wrong". The Trojan didn't install any other spyware or malware onto the victims PC, other than blocking the three web sites, something that many users thought was strange.
The torrent has since been removed from the web sites, but leaves many users asking who is behind this? Many users question it is another attack brought against by the RIAA or MPAA to prevent piracy among music, movies, and software. Not to mention, the leaked MediaDefender email from September 2007 that wanted to launch attacks against sites like The Pirate Bay, and bring about fake files and DoS attacks.
Luckily, the change to the host file brought about by the Trojan is easy to fix, simply by manually editing the host file to remove the added entries will fix the problem.
-------------------------------------------------
here is the list of members of this p2p group called TEAM XPLOSiON.
(pulled from the nfo for the win7 activator) (BTW the nfo is really for their Kingsoft.Office.2009.Professional.v6.3.0.1733 release)
Code:
~~> MasterUploader ~> [MasterUploader - TPB
~~> DOPEBOY ~> tamer1009 - TPB
~~> MAMBO04 ~> h33t - MAMBO04
~~> Str!d3r ~> h33t - str!d3r
htto://www.mininova.org/user/srtider (hah, the nfo has a typo. str!d3r for the loss)
~~> Mattlb0619 ~> h33t - Mattlb0619
-----------------------------------------------------
this is not related to the group above (at least I do not think so). There is an iso floating around (I found it on mininova) with the title Windows 7 Ultimate Editon (Pre-Cracked){Clean} iso. At all costs, avoid wasting your bandwidth because the iso is in fact not clean. My download finished while I was at work, so I went to mininova to see about comments on quality and etc. Good thing I did that before I made a fresh VM for the iso. One commenter stated the iso was not bootable, but contained a folder with the name of the original beta1, which did contain the beta files. However, the setup.exe is infected. It is so bad that it flags on 35 of 38 AV companies on virustotal.com
Here the link to the scanned setup.exe:
Code:
Virustotal. MD5: 9ed39b0e5dce9b051ebb6d8f255221a9 W32.Pinfi W32/Pate.b Virus.Win32.Parite.b
The original seeders were from the NE of the United States. One near Baltimore, the other near Philadelphia.
So, if you see Windows 7 Ultimate Editon (Pre-Cracked){Clean} iso on any site, do your best to get it removed. We have enough garbage to deal with already.
Got this from another forum
Just wanted to let you guys know to avoid any and all files from str!d3er(srtider) and TEAM XPLOSiON .
Str1d3r/TEAM XPLOSiON have just today alone uploaded on mininova/h33t, "their" windows 7 activator, that are infected.
Twice within 12 hours.
To add a little more background on str1der/TEAM XPLOSiON:
Created a "patch"/rearm and uploaded to the world and claimed they made it themselves. It was revealed that the patch/rearm actually housed Orbit30's rearm. When confronted, admitted they used Orbit's file but still insisted he/they created it themselves. Conflicting response.
And now they are uploading infected files.
Do yourself and everyone else a favor and DO NOT USE Str1der/TEAM XPLOSiON files.
---------------------------------------------
News on the infection:
Quote:
A trojan named Troj/Qhost-AC, has been spotted on torrent sites labeled as a keygen for popular software. But in a strange surprise, the trojan would modify the users host file, rather than generating a key, changing popular torrent web sites like, The Pirate Bay, Suprbay (The Pirate Bay forum) and Mininova, the two most popular torrent sites on the internet to 127.0.0.1, making it impossible to visit these sites.
The Trojan caused pop-ups on users screens and played a sound file saying "downloading is wrong". The Trojan didn't install any other spyware or malware onto the victims PC, other than blocking the three web sites, something that many users thought was strange.
The torrent has since been removed from the web sites, but leaves many users asking who is behind this? Many users question it is another attack brought against by the RIAA or MPAA to prevent piracy among music, movies, and software. Not to mention, the leaked MediaDefender email from September 2007 that wanted to launch attacks against sites like The Pirate Bay, and bring about fake files and DoS attacks.
Luckily, the change to the host file brought about by the Trojan is easy to fix, simply by manually editing the host file to remove the added entries will fix the problem.
-------------------------------------------------
here is the list of members of this p2p group called TEAM XPLOSiON.
(pulled from the nfo for the win7 activator) (BTW the nfo is really for their Kingsoft.Office.2009.Professional.v6.3.0.1733 release)
Code:
~~> MasterUploader ~> [MasterUploader - TPB
~~> DOPEBOY ~> tamer1009 - TPB
~~> MAMBO04 ~> h33t - MAMBO04
~~> Str!d3r ~> h33t - str!d3r
htto://www.mininova.org/user/srtider (hah, the nfo has a typo. str!d3r for the loss)
~~> Mattlb0619 ~> h33t - Mattlb0619
-----------------------------------------------------
this is not related to the group above (at least I do not think so). There is an iso floating around (I found it on mininova) with the title Windows 7 Ultimate Editon (Pre-Cracked){Clean} iso. At all costs, avoid wasting your bandwidth because the iso is in fact not clean. My download finished while I was at work, so I went to mininova to see about comments on quality and etc. Good thing I did that before I made a fresh VM for the iso. One commenter stated the iso was not bootable, but contained a folder with the name of the original beta1, which did contain the beta files. However, the setup.exe is infected. It is so bad that it flags on 35 of 38 AV companies on virustotal.com
Here the link to the scanned setup.exe:
Code:
Virustotal. MD5: 9ed39b0e5dce9b051ebb6d8f255221a9 W32.Pinfi W32/Pate.b Virus.Win32.Parite.b
The original seeders were from the NE of the United States. One near Baltimore, the other near Philadelphia.
So, if you see Windows 7 Ultimate Editon (Pre-Cracked){Clean} iso on any site, do your best to get it removed. We have enough garbage to deal with already.
Got this from another forum