Silkroad Online Forums

Ok i downloaded ksro from the official website installed it. It did a 5 second update but when i clicked start my zone alarm blocked a keylogger program called kdfmgr.exe.

I was like wtf so i uninstalled it and reinstalled it into a new directory and found that it installed these files into that directory too.

Now im pissed thinking ksro had a keylogger into the installation file, just to double check i downloaded on another computer which never had sro or ksro or any game installed on it before and the same thing happened.

WTF is going on did KSRO get hacked and someone modified the installation file.

i downloaded SilkroadOnline_v2.03.exe yesterday the latest verstion from the official site, http://kr.silkroad.yahoo.com/dataroom/download.asp

My isro copy is still runing fine can someone test it out for me and see if your geting the same shit.

perhaps u got it when u download somekind of hack/bot on normal sro

owning_since_1981 wrote:perhaps u got it when u download somekind of hack/bot on normal sro

eh no never downloaded or visted anything like that

Is zone alarm just being strange? Is there a way to check that that file actually is a keylogger?

Ahhh, ur one happened in ksro, my one was in isro ingame, my kaspersky anti vrius reported a keylogger, I clicked terminate and it closed my sro, i think its a bug

http://virusscan.jotti.org/

Upload it there, see what it says.

My suggestion:

Find the kdfmgr.exe, zip it up, and send it to http://www.virustotal.com/en/indexf.html.

This link shows it to be a Lineage 2 password stealer/keylogger, but it's best to be sure.

If someone can download the new installer from ksro and check it out for me please.

My ISRO is working fine no problems with it its only ksro installation with the new installer the old installer worked fine.

----

EDIT

HELP SOME DOWNLOAD THE NEW INSTALLER PLSSSS LET ME KNOW IF ITS CURRUPTED

jackietang33
Posted: Fri Apr 27, 2007 11:04 am Post subject:
Ahhh, ur one happened in ksro, my one was in isro ingame, my kaspersky anti vrius reported a keylogger, I clicked terminate and it closed my sro, i think its a bug

same thing happened to me...I was like wtf Isilkroad keylogger...the isro download i have was from like 2006...I really hope its just a bug...cause when i do a normal scan (also uses kaspersky anti virus) it doesn't say any thing but if i start isro it warms me of keylogger I'll post screenshot later if I have time. To feel safe I'll scan it again.

Some Virus scanners go off for no reason
when i was with project raptor (CNC General zero hour mod) Nortan anti virus would detect a worm within its programming of corse there was nothing like that in there but nortan was the only virus scanner that detcted it

Zone Alarm most be doing the excat same thing except with KSRO

i would try the file Axeoo but i CBA atm
anyways hope ur having fun on Xian

Grtz Van

Dropper/KorGameHack.20336

Summary

Dropper/KorGameHack.20336 is a dropper creating trojan horse that steals the user account information of a specific online game. When the dropper is executed, it creates kdfmgr.exe (14,848 bytes) , vdete.exe (20,336 bytes) in the Windows system folder. which is the trojan stealing the user's key strokes and sending to a specific email address.


weirdddddddd ehhhh?

Most of the time it will say characteristics of a keylogger. Doesnt mean it is actually one but never can be too sure. To the person who said something about getting it from bots/hacks lol SRO isnt the only way to get keyloggers

its not a keylogger o.o
its something called kdefense
check ur ksro folder

Yes get ready for it in isro too soon.
It's a keylogger well actually something that monitors keyboard directly.
It is an extension or replacement for gameguard.

U can see the small icon in the taskbar if u alt-tab out.

ps.: By the way gameguard is a rootkit too, it is always active deep in the os
at every boot, the .sys is loaded and it's in the windows dir.

hmm
http://findarticles.com/p/articles/mi_q ... _n12920713
http://www.kings.co.kr/HTTP/products/products01_01.php

Note: Some of reported threats might be legitimate but in most cases they are dangerous.

Threat name Win32.X
Filename [System32Root]\kdfmgr.exe
Filesize Unknown
Status Known to RemoveIT Pro as dangerous.


oh shit

kdfmgr.exe is part of a Korean program called Kdefense. If you google it you get sites that tell you it's a keylogger well it's not. It's a false positive disregard it and just play your ksro.

That's not the official one.

Official is v. 1.468 I think...

They changed it for whatever reason, because I remember I originally downloaded v 2.something.

Anyways. Yup.

Search only on korean sites, it's not used in any english game yet.
K-Defense : http://www.ewithus.co.kr/3_5_1.htm

GodsAngel wrote:kdfmgr.exe is part of a Korean program called Kdefense. If you google it you get sites that tell you it's a keylogger well it's not. It's a false positive disregard it and just play your ksro.

@ Axeoo7 Yea If you download on theirs real homepage I dont think Is a kelogger, But sometimes can spyware/antivirus think is a kelogger or whatever.But when you download this on other site so never now what can be on it..

Im so confused because their were files called kdefence or something and the icon had kd anyway not sure now what it is but im not gonna mess with ksro anymore till i find out.

That site that was given the upload never worked and ive deleted the installation file and folder so im not going back to ksro ever again.

Axeoo7 wrote:Im so confused because their were files called kdefence or something and the icon had kd anyway not sure now what it is but im not gonna mess with ksro anymore till i find out.

That site that was given the upload never worked and ive deleted the installation file and folder so im not going back to ksro ever again.

Lol man,Its just part of the new security system they have,kdfmgr.exe its just a program that dont let foreign ppl write pass and login,if you try write them,you will just get some wierd letters like s~~ç~.so dont worry its just part of the new security update they got,when the game start just ctrl alt del go to Processes,look for kdfmgr.exe and End task,simples as that,just play your ksro and be happy,ITS NOT A KEYLOGGER,its part of ksro now.

Cya

Axe it aint a keylogger, I am a programmer and I can tell you for a fact it isnt a keylogger, it is infact part of an intergrated system to stop people who are non-korean from playing KSRO, once you edit the game files to set to english you should be good to go. (btw its me Memphist )

^^ got any way to switch language settings on the keyboard like
it could be done before k-def.

Used to switch alt+shift+(number) from english>korean>japanese>...
Used applocale to display ingame text korean in english setup xp.

k-def screwed it up.

Now game is set to english in pk2, and found no way to type korean anymore.