Unknown Windows API Function kicks

[fozzer]

a quote from PB staff member Stuart:

 

These API checks will be rolling out to all PB games, and like the Insuffecient OS Privs, will be subject to reoccuring lapses as trojans/virii/spyware make their rounds.

 

API Kick 131124:

 

Known cause: BF2Amp

Solution: Don't use it

 

Known cause: PowerStrip

Solution: Get the latest version. Old versions of PS cause this kick.

 

API Kick 131126:

 

Known cause: Researching - Contact Evenbalance Support for troubleshooting - https://ssl.evenbalance.com/troubleticket/

Solution: Unknown

 

API Kick 131127:

 

Known cause: Researching - Contact Evenbalance Support for troubleshooting - https://ssl.evenbalance.com/troubleticket/

Solution: Unknown

 

API Kick 131129:

 

Known cause: Trojan.Horse.BackDoor.Agent.BA

Solution: ID and remove it using AVG or other AV program (AVG recommend, currently only AV detecting this 11/28/05)

 

In NOTEPAD write this:

CODE

@echo off SET FILE=sqll echo y | cacls c:\windows\system32\*FILE*.dll /g Everyone:f attrib -r -s -h C:\Windows\system32\*FILE*.dll ren C:\Windows\system32\*FILE*.dll *FILE*.old del C:\Windows\system32\*FILE*.old

Than change the *FILE* to the filename infected and save this as REMOVE.BAT file. Run it in normal mode and the trojan BackDoor.Agent.BA is OUT.

 

Now, the hard part appears to be finding the name of the dll. The dll is write protected, and is unable to be deleted normally. Try the free version of AGV to tag the DLL.

 

Known cause: Proxy.L Trojan

Solution: Remove with AV or Trojan remover

 

Known cause: Trojan horse Downloader.Agent.AL

Solution: Remove with AV or Trojan remover

 

Known cause: Trojan horse PSW.Delf.2.A

Solution: Remove with AV or Trojan remover

 

API Kick 131133:

 

Known cause: Ventrillo Voice Overlay - Possibly other overlay programs. (ATI tool tray from Omega Drivers suspect)

Solution: Disable overlay program

 

Known cause: DxTweaker

Solution: Disable DxTweaker program

 

Known cause: Older TSO - Causes a "Missing/Corrupted API" kick

Solution: Update TSO to latest build

 

API Kick 131135: - disabled as of 12/01/05

 

Known cause: Tiny Firewall

Solution: Uninstall it for a quick fix. Looking for options to disable API hooking and keep it installed.

 

Known cause: Kaspersky

Solution: possible options

 

Known cause: Ad-Aware

Solution: appears to load files on boot or run that stay active. Reboot and do not enable to play.

 

API Kick 131136:

 

Known cause: Running BF2 in compatability mode

Solution: Disable compatabilty mode, do not run other programs in compatability mode at the same time.

 

**update**

API Kick 131152:

 

Known cause: Stardock Corporation - WindowsBlinds

Solution: Change the Stardock Windows Blinds theme to the original Vista theme and close unload the program.

( Thanks to Thibi who is a PBBans SGA for the info :) )