[Giuseppe]

Situation about onetap.xyz | remade.cc

Before starting, to be honest I don't know what exactly is happening but I'm trying to understand... You can correct me if I'm wrong in something

Edit: nerdie only added the actual rat at 28th of August ( Thanks PancakeWithPotato about the information )
​

As it seems like, the owner & dev of remade.cc | onetap.xyz nerdie said on his server that he didn't do anything malicious, he only did a "rat" to troll some turkish people and send some things to a private server he created. But at the shit started when nerdie added zenq to the private server and from what nerdie said, zenq was a "trusted" guy, but zenq started to mess with some turkish people, playing tts sounds, showing message box, blocking users inputs, etc. But once 50 users were logged, zenq used "!password" command, which grabbs all of the users's passwords and sends them to the private server, "!grabtokens" were also used, which logged all discord tokens on the user/victim computer/browser and sent them to the privte server.


So what I understood from this situation is that nerdie put a rat to mess with some people and an ip grabber. But when zenq password grabber and probably more things into the cheat which sent all the stolen data to a database, and his bot the "Cheese Dealer" prints the stolen data by the command "!password". I didn't catch the virus because the virus was added after the first version.

Resuming: nerdie was collecting people's ip and sending them to a private server, but when he added zinc, he ( zinc ) started to use the "!password" and "!grabtokens" to rat, collect and share people's private information with another guy which was in the private server ( mihai ) through nerdie's cheat, I already BANNED nerdie and deleted everything related to him from hackvshack.net.
​

How to REMOVE the VIRUS

Startup: press win + r and search for shell:startup.
Startup folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

1. Search in these two paths for "Client-build.exe" And delete it
2. Reset all of your passwords ( Thanks blackmith420 about the information )



Proofs:




​

 

[PancakeWithPotato]

Good thread.
Also, the malware got added aug 28, so if you did not run it since then, you are prob safe, but check, just to be safe.
Another thing, is that nerdie claimed he did not to anything malicious, but he bought nitro from someone else's account. (Sorry for the wording, kinda tired)

 

[DrCoomer]

I knew it lol, of course it was a virus.

 

[PancakeWithPotato]

I knew it lol, of course it was a virus.

U just cant have nice things these days, smh

 

[Plisskien]

Giuseppe ty a lot for this statement, it will help a lot of people to understand this whole situation, good job

 

[Zinc]

Zinc here, I’m very angry sad that this happened, don’t run unrepeatable shit guys!

 

[DrCoomer]

U just cant have nice things these days, smh

Sorry man, it just makes me mad when this random paste that is a "loader" turns out to be a rat and every one is shocked.

 

[Giuseppe]

Zinc here, I’m very angry sad that this happened, don’t run unrepeatable shit guys!

Dude XDD ngl, this got me confused for one second I tought it were you that ratted because in a message nerdie said zinc but them he said zenc and I found out that it was zenc not you. I even got confused like: zinc? I even messaged nerdie lmao

 

[zenquil]

Hello everyone, i'm zenq. I wanted to make this reply because i have some proof about nerdie using members information for malicious intent also. The rat was implemented on the 28th of august 2022 - 30th of august 2022. Those screenshots were made by me and my friend "mihai" who participated in the act of this rat situation.
Nerdie was blaming me more although he did the same things as i did. He had used "!password" and "!grabtokens" to get people information. Also he was using "!webcampic" that takes a pic from the victims cam and sends it in the private discord server.
I am not saying that i am innocent, absolutely not. I am just saying that nerdie was more to blaim because he added the rat in the first place.
Also i attached all the commands the rat had.
zenq out.

 

[lakzyhackss]

HAHAHAHAH I knew it DO YALL REMEMBER WHEN I SAID THIS HACK IS SUS AND I DONT TRUST IT CUZ HE MIGHT HAVE RATTED IT AND STUFF HAHAHAHAH Y'ALL GOT OWNED AND I LITTERALLY TOLD Y'ALL ?NEXT TIME TRUST ME WHEN I SAY SOMETHING , I litteraly predicted it , admins can tell if they have the logs , I've litterally said it word by word nah bro this man is an idiot , in their discord i saw some beta users talking about grabber stuff and now here it is lol

 

[lakzyhackss]

Twotap.sus owns ur passwords and all

 

[lakzyhackss]

I feel bad for ratted users btw

 

[Giuseppe]

HAHAHAHAH I knew it DO YALL REMEMBER WHEN I SAID THIS HACK IS SUS AND I DONT TRUST IT CUZ HE MIGHT HAVE RATTED IT AND STUFF HAHAHAHAH Y'ALL GOT OWNED AND I LITTERALLY TOLD Y'ALL ?NEXT TIME TRUST ME WHEN I SAY SOMETHING , I litteraly predicted it , admins can tell if they have the logs , I've litterally said it word by word nah bro this man is an idiot , in their discord i saw some beta users talking about grabber stuff and now here it is lol

no. He added the virus at 28th of August...

 

[zenquil]

no. He added the virus at 28th of August...

Giuseppe you did good that you removed nerdie from here. I sincerely apologize for my behavior and for all the users that were ratted these 2 days. Nerdie could've avoided this if he would've only removed the rat after a few hours that. There was also another rat scandal just early august, when he added a rat the same as this one and added more people to have "fun" with people's PC's, he removed it after one day. Also nerdie's private server with the people's information is still up.

 

[Giuseppe]

zenquil is that true?

 

[zenquil]

zenquil is that true?


View attachment 2137

Giuseppe nope i used my cc, i wanted to see how nerdie will react.
I don't think i have to prove that i used my cc.

 

[Giuseppe]

Giuseppe nope i used my cc, i wanted to see how nerdie will react.
I don't think i have to prove that i used my cc.

can you send me your discord? I tried letting this situation dying but as it seems like I can't so I'm going to investigate it

 

[zenquil]

can you send me your discord? I tried letting this situation dying but as it seems like I can't so I'm going to investigate it

Giuseppe sure. zenq#0069

 

[Giuseppe]

Closed this thread for investigation...​

 

[Giuseppe]

Result:​

1. Mihai was responsible for freeing the kid photo, carding and selling some "things".​
2. Nerdie created the rat, faked it and stole some money.​
3. Zinq stole some accounts, logged into some paypal accounts and stole some money.​