VARY Suspicious File

ok I’ve downloaded Localhost.exe 4 times deleted every time because of I’m scared of a virus in it
because my old virus scanner jest kept saying…

Infostealer.Lineage was in it so…
so i scraped my old one and got avast but i do not dare download that thing again!
so is it really a virus? most people say no it acts like a virus because it opens ports!

so is localhost.exe a virus?
most people I’ve meet have it and nothing happen to them but I’m not taking any chances.

please post and tell me what you think if its a virus or not!

I’d go with what BleepingComputer.com says:
http://www.bleepingcomputer.com/startups/localhost.exe-19792.html

been there done that and i am a mem of the forum too been asking for help for weeks!

:slight_smile: Hi :

Bleepingcomputer seems to provide very useful Info, but I am unimpressed
with the quality of their “Direct” Help to those asking in their Forums .

… i went to bleeping computer and they blocked me i was following all the rules…
so can someone please help me one this fourm!?

Why are you downloading the file in the first place ?
Where is it being downloaded from ?

If avast thought it infected it would a) intercept the download giving only abort connection as an option to block the file or b) alert when it was saved to disk. Does it do either of those things ?

Downloading the file (if it is you initiating the download) isn’t dangerous provided you aren’t trying to run it.

Hi Rsdogy,

This is the info on this executable:
File Behaviour

LOCALHOST.EXE has been seen to perform the following behavior:

* The Process is polymorphic and can change its structure
* Can Send email using SMTP protocols
* This Process sends MIME Email
* Creates a hidden window which can be used to run other programs without your knowledge
* This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
* Adds a Registry Key (RUN) to auto start Programs on system start up
* The Process is packed and/or encrypted using a software packing process
* This Process Deletes Other Processes From Disk
* The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
* Can communicate with other computer systems using HTTP protocols
* Communicates with other computers using FTP connections

LOCALHOST.EXE has been the subject of the following behavior:

* Created as a new Background Service on the machine
* Created as a process on disk
* Executed as a Process
* The process is hooked into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
* Has code inserted into its Virtual Memory space by other programs
* Terminated as a Process

Country Of Origin

The filename LOCALHOST.EXE was first seen on Jan 9 2008 in the following geographical regions of the Prevx community:

* The EUROPEAN UNION on Jan 9 2008
* CANADA on Jul 8 2008
* SPAIN on Jul 17 2008

File Name Aliases

LOCALHOST.EXE can also use the following file names:

* 31669457.EXE
* 16007819.EXE
* DC622.EXE

Filesizes

The following file size has been seen:

* 15,356 bytes
* 320,512 bytes
* 7,958,528 bytes
* 5,609,984 bytes

Vendor, Product and Version Information

Files with the name LOCALHOST.EXE have been seen to have the following Vendor, Product and Version Information in the file header:

* LocalOff; ; 1.8.6.0
* Wizet; MapleStory; 1, 0, 0, 1

File Type

The filename LOCALHOST.EXE refers to many versions of an executable program.

Virus

So what you need an executable that is a virus for? Are you convinced it will help you run GAMEZ and other undesirables? Are you contemplating to back-engineer it into something useful?

You know that people that are into illegal GAMEZ, P2P-ing etc. are easily framed, and big content industry is not very friendly towards the users that are into it, and hinder them in various ways (fake codecs, intentional malware, etc.), best advice I can give you: “stay clear of it, then it cannot bite you”,

polonus

I need it im Obviously a private server hoster and coder and i need this for once of my servers!
and yes im probably going to backward engineer to make a non virused exe of it but im jest wondering is it dangerous?
you guys are telling me stuff i already know i need opinions my last virus scanner before i changed over to avast
told me it was bad!

It acts like a trojen becuase it opens ports to upload/download private server data!
now is it dangerous, i dont want some web sites opinion i want your guys opinion!

Im downloading it for a server

im downloading it from media fire!

Hi Rsdogy,

You are dealing with a rootkit program. Who is back engineering a rootkitted proggie? Either a security analyzer or a malcreant. An analyzer would take it to an isolated box, have FileAlyzer, CodeBrowser, HookExplorer and Resource Hacker have a go at it, also Api Spy can come in handy -it makes hidden routines, so it makes hooks at various places and uses a hidden window. Everybody here like to cleanse it from their machines,

polonus

So its bad?

Hi Rsdogy,

It is bad from the start, it is malicious. If you wanna code that something that is similar but does not have the malware qualities,

polonus

ya but what to code i go no source or base and i do not know what i does exept it does something to the MS client!

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

Whilst that might not give the results you want to hear if multiple AV scanners detect it as malware (but at least you would know for sure), you would have to look to another solution for what it is you want it for.

Ok im not going to use localhost.exe becuase its a screwy trojen!

now for my solution…
does anyone know how to crack a npkcrypt?
its the crypt used to crypt maple story!

Even if anyone did, it is unlikely that on the official avast web site anyone would assist in cracking any application or product.

But this is a virused .exe once worked on i well repost as a safe version!
and plus this .exe is user created and has NO copyright!

now for my solution... does anyone know how to crack a npkcrypt? its the crypt used to crypt maple story!
Go directly to jail. Do not pass go, do not collect $200.

Here’s a crack:
http://www.youtube.com/watch?v=9T9aScuxSnA


Hmmm … I doubt you will get crack help here. Have you tried to find help on Maple Story forums?

http://forums.mapletip.com/

Maybe more help here …

http://www.mapletip.com/

From the Prevx site on npkcrypt …

Files with the name NPKCRYPT.SYS have been seen to have the following Vendor, Product and Version Information in the file header:

INCA Internet Co., Ltd.; nProtect KeyCrypt Driver; 2007. 6. 26. 1
INCA Internet Co., Ltd.; nProtect KeyCrypt Driver; 5. 0. 0. 0
INCA Internet Co., Ltd.; nProtect KeyCrypt Driver; 2003. 12. 12. 1
INCA Internet Co., Ltd.; nProtect KeyCrypt Driver; 2008. 1. 31. 1
INCA Internet Co., Ltd.; nProtect KeyCrypt Driver; 2007. 10. 19. 1



Also information is found at the link below that says npkcrypt belongs to INCA …

http://www.file.net/process/npkcrypt.sys.html

Quote from File Net …

The process nProtect KeyCrypt Driver belongs to the software nProtect KeyCrypt Driver or npkcrypt or QQ2005 Beta or PristonTale or QQ2005 Õýʽ°æSP or Lineage II or MapleStory by INCA Internet Co., Ltd.