Majstor Posted June 18, 2018 Posted June 18, 2018 (edited) It's been some time that these don't work including latest 1.0.2.1 #6 EDIT: included the logs. I must add I manually added polarfox.vxSettingsApi_1.7.9.wotmod to get hangar settings for Battle Observer because it doesn't trigger antivirus for any ads (the version from BO 1.16.1 from wgmods.net) and I can't stand not having options for mods to tinker with (GUI options are hundred times more convenient than editing txt files). Aslains_WoT_Logs.zip Edited June 18, 2018 by Majstor Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 polarfox.vxSettingsApi_1.7.9.wotmod contains malware, I don't recommend to use it. Because your antivir cannot see it, it doesn't mean it's not downloading ads. Ads are invisible so you will not see them, that's however huge security breach, because now it's ads, and tomorrow it's coin miner, and god knows what else. XVM hitlog and damage log will not work with BO, Armagoman the autor of BO says. Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 (edited) Do you mind giving me more details about what kind of malware, what does it do? Also would WG allow such mod on their webpage wgmods.net? Edited June 18, 2018 by Majstor Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 Look at this traffic, it's triggered after 3rd full battle played with polarfox.vxSettingsApi_1.7.9.wotmod. There is also polarfox.vxSettingsApi_1.7.10.wotmod which doesn't seem to trigger this, but I'm not sure if I want to mess up with this particular mod file or Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 (edited) Did you test this with version from wgmods.net? It's possible that different sources have or not have malware in it since i've already seen different hashes on libraries from different sources. Yes I know this isn't fool proof way to determine whether file has malware in it or not. Also what program you used to check this traffic so I can check myself with this file? Edit: found it, nirsoft networktrafficview Edited June 18, 2018 by Majstor Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 I'm testing it with https://www.telerik.com/download/fiddler BO version from wg mod hub has this file so yeah, yes I tested it on this version from there. http://aslain.com/index.php?/topic/11549-popup-ads-in-game Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 I'm aware of that thread as you can see I posted a screen in that thread and what I'm saying is this doesn't happen anymore with polarfox.vxSettingsApi_1.7.9.wotmod from wgmods.net with hash MD5 84A0D4DFE2858430AF2A9CA441E26AD9. I have installed fiddler and am currently monitoring to see if anything pops up like it did for you. So far nothing showed up. It is possible that unless you used exact same hash .wotmod your version had malware in it while this one doesn't. It's also possible it still does. I'm monitoring will play 10-20 battles and will report results. Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 After 5-6 battles these are the results of monitoring in fiddler. Do you see anything fishy? Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 Looks good, it's fishy when you see cef_browser_process. To reproduce. 1. Delete marked folders in appdata, in this example path as you see on screenie: 2. Install BO with this polarfox.vxSettingsApi_1.7.9.wotmod (can be from WG MOD HUB) 3. Launch the game, go to options and set it to windowed mode (or you can do it by pressing SHIFT+ENTER on login screen) 4. Play full battle, do not exit from battle when you die, wait for battle results window to appear. 5. When you are in garage after the battle click on "Details" button at notifications channel to open results from previous battle 6. Check filddler for cef browser process.exe connections, if you don't see anything play another battle. You probaby have to repeat this step for 3 or 4 times. The traffic with ads begins at the moment when battle results is opened. Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 I followed your procedure. Deleted cache, i use windows mode, played full battles, waited for battle results window, again clicked on details button to get it again, but nothing triggered in fiddler. MD5 hash of polarfox.vxSettingsApi_1.7.9.wotmod is 84A0D4DFE2858430AF2A9CA441E26AD9 downloaded from https://wgmods.net/400/ There was one crash to desktop. That might be related and needs to be more investigated. There was one call to wotzone.ru that might be caused by this mod at login time. Otherwise nothing else seems to be triggered. Played 5-6 full battles so far. Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 Again, nothing there, weird, maybe it was turned off remotely, I will check again. I'm 100% certain it was there at the time when I checked this file (same crc like mine btw), since I reproduced it with totaly new laptop, and new wot installation on it, and someone else from different country also had weird traffic for that cef browser. So whoever put it there must have disabled it remotely, but I will check it again and let you know. Quote
Majstor Posted June 18, 2018 Author Posted June 18, 2018 In any case it is good advice to be cautious once it became known there was malware distributed with it at some point in time. Trust is hard to build but easy to destroy. Quote
Administrator Aslain Posted June 18, 2018 Administrator Posted June 18, 2018 That's right, played 5 battles and nothing, they turned it off on their side, so it's not triggering any ads currently, but that means the adware is still hidden in this file, just remotely disabled currenty. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.