RCE works by establishing a connecton to you through a packet, if you're able to join the individual they can RCE, I too don't have dmz enables, no port forwards and also run a VPN that's encrypting everything since 28960 since NOTHNG is for hells sake.

I run malware bytes as well and run exploit detecting, yet my pentesting friends that debug this game can still RCE me.

Originally posted by unit:

RCE works by establishing a connecton to you through a packet, if you're able to join the individual they can RCE, I too don't have dmz enables, no port forwards and also run a VPN that's encrypting everything since 28960 since NOTHNG is for hells sake.

I run malware bytes as well and run exploit detecting, yet my pentesting friends that debug this game can still RCE me.

I know how RCE works lol but either way that isn't the issue at hand. The issue at hand is why is Infinity Ward not doing anything for the average player? Why is the Steam team seeing our requests on this page in regards to exploits and hacking, yet they don't do a single thing? Being the victim of RCE is not the same thing as joining a modded lobby. If this was a newer game backed by gaming or social media influencers and this was occurring, it would be fixed the same week.

Originally posted by White Owl:

Originally posted by unit:

RCE works by establishing a connecton to you through a packet, if you're able to join the individual they can RCE, I too don't have dmz enables, no port forwards and also run a VPN that's encrypting everything since 28960 since NOTHNG is for hells sake.

I run malware bytes as well and run exploit detecting, yet my pentesting friends that debug this game can still RCE me.

I know how RCE works lol but either way that isn't the issue at hand. The issue at hand is why is Infinity Ward not doing anything for the average player? Why is the Steam team seeing our requests on this page in regards to exploits and hacking, yet they don't do a single thing? Being the victim of RCE is not the same thing as joining a modded lobby. If this was a newer game backed by gaming or social media influencers and this was occurring, it would be fixed the same week.

you said it yourself, if it was a newer game, they would've cared. Nothing we can do, man have lost hope.

Originally posted by unit:

Originally posted by White Owl:

I know how RCE works lol but either way that isn't the issue at hand. The issue at hand is why is Infinity Ward not doing anything for the average player? Why is the Steam team seeing our requests on this page in regards to exploits and hacking, yet they don't do a single thing? Being the victim of RCE is not the same thing as joining a modded lobby. If this was a newer game backed by gaming or social media influencers and this was occurring, it would be fixed the same week.

you said it yourself, if it was a newer game, they would've cared. Nothing we can do, man have lost hope.

That's literally straight BS, I bet if one higher ranking member from Steam were to be alerted of this, it would be fixed quicker. Which they were alerted to this but they stopped getting involved once Infinity Ward said they patched it (they obviously did not).

If there are any suspected security issues, you need to send a detailed email to security@valvesoftware.com

Originally posted by White Owl:

Originally posted by unit:

RCE works by establishing a connecton to you through a packet, if you're able to join the individual they can RCE, I too don't have dmz enables, no port forwards and also run a VPN that's encrypting everything since 28960 since NOTHNG is for hells sake.

I run malware bytes as well and run exploit detecting, yet my pentesting friends that debug this game can still RCE me.

I know how RCE works lol but either way that isn't the issue at hand. The issue at hand is why is Infinity Ward not doing anything for the average player? Why is the Steam team seeing our requests on this page in regards to exploits and hacking, yet they don't do a single thing? Being the victim of RCE is not the same thing as joining a modded lobby. If this was a newer game backed by gaming or social media influencers and this was occurring, it would be fixed the same week.

This game is > 10 years old. No one is buying this game anymore. Hence the dev's have 0 reason to improve this game against cheaters, modders, whatever. It is just like every business: they only put effort in a product, if and only if, they can gain something.

Don't get me wrong, MW2 is one of my favourite games too and I am sick of the modders, but don't expect Infinity Ward to do something if they have no reason to. Same goes for Steam.

Originally posted by Plan B (NL):

No one is buying this game anymore.

huh?

Originally posted by White Owl:

As far as I'm concerned a patch came out which apparently fixed this issue, it obviously did not. Yesterday after playing for around 2 hours I joined multiple modded lobbies. In some cases my game would freeze while joining or would freeze after being banned from the lobby. I've had this happen just a few weeks ago so I knew to completely restart my system and do a virus scan. Specifically I used TDSSKILLER and malwarebytes. Both programs were able to detect auto run files and even DLLs in my system 32 that were clearly malicious.

How can Infinity Ward actually allow this to occur? I don't have any port forwarding setup on my router, I don't have DMZ enabled, and lastly I have real time protection, tamper protection, controlled folder access protection, and even every setting turned on for exploit protection. There is obviously an issue and there is no way anyone who actually likes the game can read this post and not get at the very least concerned.

This isn't game specific, game exploits can be done through various games

The easiest thing to do is create a seperate non-admin account (or even a guest account) for playing steam games in general

Out the box, a standard user account can't execute anything without elevation and you can also automatically block elevation via GP, so whatever your friends are using on you is likely only going to touch the game/game files/your dummy user account - if they were good enough to do any further then they should be claiming the million dollar prize from Microsoft for finding an exploit in Windows

About game stats or any other player data, you should back them up on the cloud, it wouldn't be the first time a game developer lost player stats ^^
Then any unwanted changes are made can easily be reverted using version history

Originally posted by ^6JohnnyBoi_i^0.:

Originally posted by White Owl:

As far as I'm concerned a patch came out which apparently fixed this issue, it obviously did not. Yesterday after playing for around 2 hours I joined multiple modded lobbies. In some cases my game would freeze while joining or would freeze after being banned from the lobby. I've had this happen just a few weeks ago so I knew to completely restart my system and do a virus scan. Specifically I used TDSSKILLER and malwarebytes. Both programs were able to detect auto run files and even DLLs in my system 32 that were clearly malicious.

How can Infinity Ward actually allow this to occur? I don't have any port forwarding setup on my router, I don't have DMZ enabled, and lastly I have real time protection, tamper protection, controlled folder access protection, and even every setting turned on for exploit protection. There is obviously an issue and there is no way anyone who actually likes the game can read this post and not get at the very least concerned.

This isn't game specific, game exploits can be done through various games

The easiest thing to do is create a seperate non-admin account (or even a guest account) for playing steam games in general

Out the box, a standard user account can't execute anything without elevation and you can also automatically block elevation via GP, so whatever your friends are using on you is likely only going to touch the game/game files/your dummy user account - if they were good enough to do any further then they should be claiming the million dollar prize from Microsoft for finding an exploit in Windows

About game stats or any other player data, you should back them up on the cloud, it wouldn't be the first time a game developer lost player stats ^^
Then any unwanted changes are made can easily be reverted using version history

I've already tried running the game on a account with only enough privileges to open iw4mp.exe, nothing else, yet I was infected agian last night. This time a single DLL file placed in my system32 with what appears to be a randomized file name. This problem is more than just what you think, it can be done through multiple ways. Including a method via the film clip viewer in Black Ops 1 and Black Ops 2.

lol you're best bets a vm, theres a few tools that patch the RCE PartyClient_HandleGoMsg rme, GamerProfile_SetPlaylistNum(a2, v15); that you can use whilst optimistically waiting for infinity ward to do something.

Originally posted by White Owl:

I've already tried running the game on a account with only enough privileges to open iw4mp.exe, nothing else, yet I was infected agian last night. This time a single DLL file placed in my system32 with what appears to be a randomized file name. This problem is more than just what you think, it can be done through multiple ways. Including a method via the film clip viewer in Black Ops 1 and Black Ops 2.

How do you know a file was placed in your system32 folder? Do you have some software monitoring files newly created there or so?
If so, what software do you use, i'd be interested to see for myself - also, are you testing this with a specific person or did it happen randomly to you?

Originally posted by ^6JohnnyBoi_i^0.:

Originally posted by White Owl:

I've already tried running the game on a account with only enough privileges to open iw4mp.exe, nothing else, yet I was infected agian last night. This time a single DLL file placed in my system32 with what appears to be a randomized file name. This problem is more than just what you think, it can be done through multiple ways. Including a method via the film clip viewer in Black Ops 1 and Black Ops 2.

How do you know a file was placed in your system32 folder? Do you have some software monitoring files newly created there or so?
If so, what software do you use, i'd be interested to see for myself - also, are you testing this with a specific person or did it happen randomly to you?

This happened randomly on different occasions, this also happened months ago as well. This is not actions based off just one person, it's literally multiple people. I used TDSSKILLER and Hitman pro to find the first set of malware. The last piece of malware I was infected with could not be found by any tool, I manually found it after being paranoid. Other than the fact that multiple programs detected batch files, exe's, and DLL's.. you can simply look with your own eyes to find odd files. I know this isn't targeted because I've purpously played the game on a completely seperate account with no connection to this one, including with a VPN that I've never used before, I was still infected at random so it's not targeted.

Originally posted by White Owl:

This happened randomly on different occasions, this also happened months ago as well. This is not actions based off just one person, it's literally multiple people. I used TDSSKILLER and Hitman pro to find the first set of malware. The last piece of malware I was infected with could not be found by any tool, I manually found it after being paranoid. Other than the fact that multiple programs detected batch files, exe's, and DLL's.. you can simply look with your own eyes to find odd files. I know this isn't targeted because I've purpously played the game on a completely seperate account with no connection to this one, including with a VPN that I've never used before, I was still infected at random so it's not targeted.

Okay, to my knowledge this hasn't happened to me before to me
What symptoms did you experience from this? Someone supposedly dropped a DLL file on your PC, then what happened?

I don't want to minimise what you are saying, but do you have any form of proof this is definitely from playing the game?

I think simply looking with your eyes is no good, given how many files the OS contains.. https://i.ibb.co/crCYQvq/image.png

Also, I just checked and I have over 4000 DLL files alone within system32.. but i'll try using the softwares you mentioned to see if anything is found ^^

No symptoms except for my internet speed drastically decreasing, from 100mb download to 5mb. My PC was also slower in general and random notification bubbles were appearing. Lastly web sites kept opening up with a modder's youtube and porn as well. Other than that there would be no way to tell what happened or what was stolen off my device. Also looking with your eyes is a good strategy, if a DLL file was created as soon as your PC is frozen through a lobby, that is a pretty good sign. Lastly the form of proof I have would be someone telling me they were going to "♥♥♥♥ my PC" up, then my PC freezes, and malware is found. That isn't a random event, other than that the fact that I ran a scan the day before and never accessed any website or application. The scan found nothing, yet after all these incidents occur, it found malware. Besides this has happened before to me and many other players, I know how to indentify what is occurring. I don't have to second guess myself when I know what is occurring. However I understand your concerns as not everyone is infected or even comes across players who do this, I guess I just get unlucky.

Originally posted by White Owl:

I know how to indentify what is occurring. I don't have to second guess myself when I know what is occurring. However I understand your concerns as not everyone is infected or even comes across players who do this, I guess I just get unlucky.

Oke, I guess I wanted to know if it was easy to identify as I could put some resources together to do this for other players who are not so technical
If you had not run the virus scan everyday would you have known to check the system32 folder?
I have just checked my system32 folder and can see files are not created there very often, so I guess this is a good indicator (a dll file being created around the time of the crash)

Ty for the detailed POV