Jump to content

Hitlog version #1 isn't showing up and repair module timers aren't showing either

Recommended Posts

It's been some time that these don't work including latest #6


EDIT: included the logs.


I must add I manually added polarfox.vxSettingsApi_1.7.9.wotmod to get hangar settings for Battle Observer because it doesn't trigger antivirus for any ads (the version from BO 1.16.1 from wgmods.net) and I can't stand not having options for mods to tinker with (GUI options are hundred times more convenient than editing txt files).


Edited by Majstor
Link to comment
  • Administrator

polarfox.vxSettingsApi_1.7.9.wotmod contains malware, I don't recommend to use it. Because your antivir cannot see it, it doesn't mean it's not downloading ads. Ads are invisible so you will not see them, that's however huge security breach, because now it's ads, and tomorrow it's coin miner, and god knows what else.


XVM hitlog and damage log will not work with BO, Armagoman the autor of BO says.

Link to comment
  • Administrator

Look at this traffic, it's triggered after 3rd full battle played with polarfox.vxSettingsApi_1.7.9.wotmod. There is also polarfox.vxSettingsApi_1.7.10.wotmod which doesn't seem to trigger this, but I'm not sure if I want to mess up with this particular mod file







Link to comment

Did you test this with version from wgmods.net? It's possible that different sources have or not have malware in it since i've already seen different hashes on libraries from different sources. Yes I know this isn't fool proof way to determine whether file has malware in it or not. Also what program you used to check this traffic so I can check myself with this file?


Edit: found it, nirsoft networktrafficview

Edited by Majstor
Link to comment

I'm aware of that thread as you can see I posted a screen in that thread and what I'm saying is this doesn't happen anymore with polarfox.vxSettingsApi_1.7.9.wotmod from wgmods.net with hash MD5 84A0D4DFE2858430AF2A9CA441E26AD9.


I have installed fiddler and am currently monitoring to see if anything pops up like it did for you. So far nothing showed up. It is possible that unless you used exact same hash .wotmod your version had malware in it while this one doesn't. It's also possible it still does. I'm monitoring will play 10-20 battles and will report results.

Link to comment
  • Administrator

Looks good, it's fishy when you see cef_browser_process.


To reproduce.


1. Delete marked folders in appdata, in this example path as you see on screenie:




2. Install BO with this polarfox.vxSettingsApi_1.7.9.wotmod (can be from WG MOD HUB)

3. Launch the game, go to options and set it to windowed mode (or you can do it by pressing SHIFT+ENTER on login screen)

4. Play full battle, do not exit from battle when you die, wait for battle results window to appear.

5. When you are in garage after the battle click on "Details" button at notifications channel to open results from previous battle

6. Check filddler for cef browser process.exe connections, if you don't see anything play another battle. You probaby have to repeat this step for 3 or 4 times. The traffic with ads begins at the moment when battle results is opened.


Link to comment

I followed your procedure. Deleted cache, i use windows mode, played full battles, waited for battle results window, again clicked on details button to get it again, but nothing triggered in fiddler. MD5 hash of polarfox.vxSettingsApi_1.7.9.wotmod is 84A0D4DFE2858430AF2A9CA441E26AD9 downloaded from https://wgmods.net/400/


There was one crash to desktop. That might be related and needs to be more investigated. There was one call to wotzone.ru that might be caused by this mod at login time. Otherwise nothing else seems to be triggered. Played 5-6 full battles so far.





Link to comment
  • Administrator

Again, nothing there, weird, maybe it was turned off remotely, I will check again. I'm 100% certain it was there at the time when I checked this file (same crc like mine btw), since I reproduced it with totaly new laptop, and new wot installation on it, and someone else from different country also had weird traffic for that cef browser. So whoever put it there must have disabled it remotely, but I will check it again and let you know.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.