Comments - AurisTrent

If you actually ran the installer, watch out for NetCat.A. It's rather nasty.

Info:
Spynomore.com

Three found in Avast! Pro (taken from Chronicles forum).
Img266.imageshack.us
Img519.imageshack.us
Img148.imageshack.us

I'll be scanning later with Kaspersky Anti-Virus 2009, Panda 2007, BitDefender, ESET NOD32 and Avira AntiVir - all among the top-rated premium scanners on the market. Would use TrendMicro Corporate Edition as well, but that seems like overkill.

Actually, it seems I have better things to do like *earning enough money to pay the rent*. I'm self-employed, y'see.

Scan results coming later today, early tomorrow at the latest.

By the way, AVG is a very low-end scanner. I'd suggest upgrading if you use that.

Scarebaiting would be if one or two people started a craze and it cascaded. The term "psycho-sematic" springs to mind.

However, your request is more than fair, however you're going to have to wait until tomorrow for the screenshots of scan results as I'll need to redownload the file and run the various tests again.

ActiveX control in the CD launcher menu, for starters. Can't determine exactly what it does, since I obviously wasn't stupid enough to give it permissions - and have no desire to, since once you click "OK" for an ActiveX control, that's it, it can do whatever it wants and you can't stop it. However, you can bet it's not in there for a legitimate purpose, because "Tim's" "legitimate" uses for the ActiveX control - as I've mentioned several times - are total BS. That Wikipedia link will tell you exactly what ActiveX does and exactly why it's not needed for "Tim's" launcher menu, and therefore exactly why it's more likely than not a malicious application.

KotFSetup.exe contains Trojan-Dropper-3446 which, it would appear, deposits several variants of eSafe Win32.Trojan within the system files.

I obviously don't need to mention NetCat.A, as anyone can see it within the install folder - NetCat.A is a widely known malware application which clones itself into system folders upon execution and can be used either to record and send keystrokes, or take snapshots of screen activity.

Bck/mIRCBased.BC appears in two of the files, however I'm not completely sure which ones as my own scan didn't pick it up and the screenshot displaying it has partial filenames truncated (plus my Spanish is a little rusty). However, the fact remains that it's there and it's a well-known trojan horse which allows backdoor access to your system. You may as well just run a VNC server and post the IP and password on a public forum.

Feel free to throw out the old "little jealous kiddies telling lies" line again, but I'm fairly sure people who'd never even heard of KotF until this "release" wouldn't have any reason to lie.

An ActiveX control's only function is to allow a website to download, install and execute an application on your computer. These applications are, more often than not, malicious. $10 says "virus".

See the following link for information on ActiveX: En.wikipedia.org

The trojan dropper components have been confirmed by people on at least 25 different websites, different scanners, Kaspersky and AVG included. I myself have scanned it with ten top of the line scanners. The trojan droppers are there, and it cannot be a false positive, not with the reports being so consistent.

Please don't be taken in by his half-baked excuses. He's simply taking advantage of the fact that none of you know enough about computers to be aware of all the safety procedures and such.

The reason he is unable to dispel all these accusations against him is because they're all true. The members of FileFront, are mostly right about the technical issues. The other users here on ModDB mostly have it right, and the few on The iSONEWS who have spoken out are right on the ball too.

The more I hear from "Tim" regarding computer issues, the more I'm convinced that he's either not that computer-proficient at all, or is just lying through his teeth and you're all believing him without giving it a second thought

I don't have any reason to care whether you download this mod or not. It's not me that suffers from having my computer riddled with the viruses in this file.

I just feel it is in your best interests to listen to those who know. By running these files, you could be giving "Tim" access to everything on your system, or every single keystroke. This means he can get passwords, bank/PayPal details... hell, he can get everything you do with your computer.

My advice, is to format your system immediately and never look at the KotF file(s) again. For your own safety.

And if you want me to prove my qualifications in the IT field, I'll gladly post a scan of my college certification.

Given that the mod is pretty much banned from ModDB, posting download links likely isn't the smartest idea....

Well, it seems that in response to ModDB archiving the mod, Mr Guney has once again played the "Everyone's so jealous!" card.

Maybe if he'd actually try and dispel these claims, rather than responding with the same old tired comment, he might actually regain some credibility.

Thus, I'm left with only two conclusions. Either:

a) Most of these accusations are right, and Mr Guney simply doesn't know enough about *anything* to prove them wrong.

or

b) Most of these accusations are right, and while Mr Guney may know enough about modding and computers in general to prove them wrong, he can't prove them wrong because they are actually correct.

Maybe his "fans" should ask him the same question - if everyone is just making up unfounded accusations because they're merely jealous, then why can't he disprove said accusations?

[continued from above due to character limit]

Someone who is trying to plant malware on your system, isn't going to exactly *tell* you they're trying to plany malware on your system, in fact, they'll deny it in increasingly desperate manners.

And before Mr Guney throws that jealousy accusation around, I've seen what he can do when HE creates things. No one with even the most basic modding capabilities has anything to be jealous of. The only "success" in his mod belongs to the people who created the content he is now trying to claim glory for.

I don't lie. I gain nothing from lying, so I have no reason to. I am not planning any projects even remotely Star Wars related, nor am I planning to mod for any more Star Wars games now that I have moved on to Unreal Tournament 3.

However, we all know what Mr Guney has gained from lying, and what else he could gain if people believe him blindly without thinking independently and checking things for themselves.

So please, use your own initiative, and remember: you can twist theories to fit facts, but you cannot twist facts to fit theories.

URLs to images above, as the links didn't copy over:
Img395.imageshack.us
I200.photobucket.com

For the sake of clarity, I'd like to address some of Mr Guney's comments from his forums; it would be pointless doing it there as nothing is allowed to be said unless it directly benefits him.

He says that he has the permissions of the creators of borrowed resources, however, each and every one who I have asked has stated that he indeed does not and that they requested multiple times that he remove their work. You can ask them yourselves if you want.

The "size" of the mod is not because of modded content. It is because he stuffed the file full of baseJA assets and large unmodded files from other mod sites in order to crank the filesize up. Why? I don't know. Feigning legitimacy, perhaps?
Img395.imageshack.us

The ActiveX control for his "new" CD menu. There is nothing in that which uses ActiveX, nor is there anything at all in the game engine that will ever use ActiveX. ActiveX and C are completely unrelated components. It's a malicious ActiveX control - I would stake my career on it.

His refutal of virus claims is preposterous, and I feel sorry for the people who believed him. There is proof - even on his very own forum - that the file contains elements listed in every virus database as trojan droppers. These files are not in their for legitimate reasons, as they have no legitimate usage - the only purpose a trojan dropper has is to open backdoor access into your system.
I200.photobucket.com

Of course, he WOULD give assurances that there are no viruses, but before you believe him, ask yourself this - if you were trying to plant malicious software on someone's computer, say for example a keylogger to steal WoW accounts, wouldn't you constantly go to any desperate lengths to assure people that any alerts are just false positives?

[continued below]

[continued from above due to character limit]

Someone who is trying to plant malware on your system, isn't going to exactly *tell* you they're trying to plany malware on your system, in fact, they'll deny it in increasingly desperate manners.

And before Mr Guney throws that jealousy accusation around, I've seen what he can do when HE creates things. No one with even the most basic modding capabilities has anything to be jealous of. The only "success" in his mod belongs to the people who created the content he is now trying to claim glory for.

I don't lie. I gain nothing from lying, so I have no reason to. I am not planning any projects even remotely Star Wars related, nor am I planning to mod for any more Star Wars games now that I have moved on to Unreal Tournament 3.

However, we all know what Mr Guney has gained from lying, and what else he could gain if people believe him blindly without thinking independently and checking things for themselves.

So please, use your own initiative, and remember: you can twist theories to fit facts, but you cannot twist facts to fit theories.

For the sake of clarity, I'd like to address some of Mr Guney's comments from his forums; it would be pointless doing it there as nothing is allowed to be said unless it directly benefits him.

He says that he has the permissions of the creators of borrowed resources, however, each and every one who I have asked has stated that he indeed does not and that they requested multiple times that he remove their work. You can ask them yourselves if you want.

The "size" of the mod is not because of modded content. It is because he stuffed the file full of baseJA assets and large unmodded files from other mod sites in order to crank the filesize up. Why? I don't know. Feigning legitimacy, perhaps?
Img395.imageshack.us

The ActiveX control for his "new" CD menu. There is nothing in that which uses ActiveX, nor is there anything at all in the game engine that will ever use ActiveX. ActiveX and C are completely unrelated components. It's a malicious ActiveX control - I would stake my career on it.

His refutal of virus claims is preposterous, and I feel sorry for the people who believed him. There is proof - even on his very own forum - that the file contains elements listed in every virus database as trojan droppers. These files are not in their for legitimate reasons, as they have no legitimate usage - the only purpose a trojan dropper has is to open backdoor access into your system.
I200.photobucket.com

Of course, he WOULD give assurances that there are no viruses, but before you believe him, ask yourself this - if you were trying to plant malicious software on someone's computer, say for example a keylogger to steal WoW accounts, wouldn't you constantly go to any desperate lengths to assure people that any alerts are just false positives?

[continued below]

Why, to increase the filesize, of course!

The pitiful five day's work that's in this thing would never have amounted to more than two or three hundred megabytes at the most, and he'd promised over a gig and a half (more content than Jedi Academy's engine can support).

I would wager a guess that he just stuck the base assets and whatever big files he could find on mod sites like FileFront and LucasFiles in order to make the mod look legitimate.

The simple fact remains that for the first three years at the very least, he claimed credit for 100% of the works displayed on his website despite 0% of it being his.

Case in point about him being a coder, did the base Jedi Academy include trojan droppers or ActiveX controls? If the answer to that is no, then you can bet there's no way these things are legitimate components.

Especially since Jedi Academy is a closed source product.

The entirety of Jedi Academy's base assets and a lot of unaltered release files downloaded straight from JK3Files and throwin into a pk3.

Oh yeah, and the keyloggers.

You do know that "Tim" didn't actually make *any* of the content in this, don't you?

Give the kudos to the actual modders, the ones who created the content. "Tim" made nothing, so he deserves no credit nor praise.

You did actually *play* the thing rather than just judging from that features list on the website.... right?

My scanner reports the presence of several suspected trojan dropper variants.

Also, why does it try to install an ActiveX control in order to allow the menu system to work? Every element of Jedi Academy is coded on C, and ActiveX has nothing to do with C nor can it be integrated into C applications.

My advice to anyone trying this file, is to change your hard drive and make sure your main hard drive is disconnected, before installing it, so that if the hinky stuff manifests, you can wipe it quickly and easily without losing all your files and such.

With all due respect, it's not your intellectual property at all, so you have no rights to be trying to milk money out of it.