- Joined
- February 16, 2018
- Messages
- 736
- Points
- 88
- Age
- 20
Unalert's ScreenShare Guide (Beginners)
—————————–—————————–—————————–———————
Hello there everyone, since we got 10 up votes for making a simple screen-share guide on the vote poll, I will be teaching you the basics and skills I gained over the years.
If you find this guide useful leave a wonderful response as this would make my day.
This is what you will be learning today and receiving:
➤ Large String List (2018-2019 Strings)
➤ Variety of Screen Share tools (Nirsoft, Voidtools, Luyten)
➤ Personally most useful beginner SS guide
If you didn't understand some of the points in this guide, I have a 2019 guide that I worked on last year (Didn't care much about Grammar but if your interested in seeing more details then visit it here (Oh I recommend skipping Powershell as its extremely useless and inefficient)
~Unalert
——————————–—————————–—————————–——————
➤ How to check when Recycle bin was modified? (Windows 8 & 10)—————————–—————————–—————————–———————
Hello there everyone, since we got 10 up votes for making a simple screen-share guide on the vote poll, I will be teaching you the basics and skills I gained over the years.
If you find this guide useful leave a wonderful response as this would make my day.
This is what you will be learning today and receiving:
➤ Large String List (2018-2019 Strings)
➤ Variety of Screen Share tools (Nirsoft, Voidtools, Luyten)
➤ Personally most useful beginner SS guide
If you didn't understand some of the points in this guide, I have a 2019 guide that I worked on last year (Didn't care much about Grammar but if your interested in seeing more details then visit it here (Oh I recommend skipping Powershell as its extremely useless and inefficient)
~Unalert
——————————–—————————–—————————–——————
There is Two methods to check when a Recycle bin has been modified.
Method 1: Press Windows Button and R (At the same time) Type “C:\$Recycle.bin” First click view at the top click “Options” Once in options click “view” Make sure “Show hidden files” is enabled Then uncheck “Hide protected operating system files (Recommended)”
Look at the "Recycle Bin" and not the other files. (Now look at the date Modified, 9:13 yesterday is when I deleted my files.)
Method 2 (Windows XP -Windows 10): Open Winrar -> Select the white bar, type in C:\$Recycle.bin and press enter.
Always look at the Recycle Bin Icon and not the files...
➤ Minecraft Mods/Version Clients:
When you’re on their Minecraft head over to “Snooper Settings” scroll down and find “launched_version” and see what version they’re using (If it's Wurst, Huzuni, Sigma etc...) Ban them for Cheats Found In SS.
Escape -> Options -> Snooper Settings
If they’re using Forge navigate to their .minecraft folder and check the mod sizes of the mods they’re using.
Here is some mod sizes for 1.7.10-1.8.9 (over 300 mods totally, control F and put the name and press enter and check the size if its the same then its clean if its not inspect it) Download Here
To check if the mod is a cheat or not, use the program called "Luyten" it's basically reads all the classes in a .jar (Unless its obfuscated) Here is an example of a cheat in Luyten:
Follow these instructions to know how to use Luyten, run Luyten and move the sketchy
Jar into Luyten and you should notice the different files, if so click on the + that's in the boxes and go threw some of the classes, if you notice anything sketchy like "Reach, Autoclicker, Aimbot" click on the .class and go threw the code, if you find any sort of Click aim, fly etc ban them for cheats found in SS. (Note the client shown on the right is a version client called Phantom, normally its disguised as Optifine; so you want to move .jar into Luyten.
(Optifine in the version folder, if your curious what do I check in the version folder, check it if its optifine and compare the size to the original)
Tips:
- If the mod is not in this list, download the MOD online and compare its size.
- If the mod is not on the Internet and not in this list, use Luyten and go threw the mod carefully to not miss anything.
- There is a mod cheat client named Fastcraft, I only encountered it once which was in a 8000 KB Mod just remember to use Luyten.
- If the mod is too large, use Luyten to check it normally the larger the better the chance its a cheat. (If the size of the mod is different from the size in the mod list)
- And this should only be done if the player is using Forge/Optifine and not Badlion and Lunar.
- If you get an error like this on the right, I'd normally ban for "obfuscated mod" back then, this happens because the mod is not decompiled c
correctly. (If its called CheatbreakerHUD_V3 ban them as its a well known cheat that self destructs and does this)
➤ Temp files (%Temp%)
The “%temp%” folder contains files that are only needed temporally. Unfortunately, these files don't always get deleted.
Generic Jar AutoClickers leave dump files in “%TEMP%”
Here are some common AutoClicker Dumps:
JNativeHook (7 Clicker, Spooker Clicker, or any sort of Jar clicker.)
Air.exe (Air Clicker) (If you find this in their temp folder ban them as its an autoclicker.
DLL-0175-1149-1881.dll (Fred’s Finger Clicker)
Clicks_tmp.mp3 (Nhasing)
You want to go thru the Temp Folder (Windows Button + R) type in “%temp%” click ok; make sure to make the date modified arrow downward.
(Date modified arrow downward shows you from most recent to most oldest)
For Instance:
Check the Date of when the player opened Minecraft using LAV , UAV (UAV & LAV will be explained later) and Compare it to the AutoClicker Dump Date, if it was before Minecraft (Like an Hour or Three depends on your server rules.) Ban for AutoClicking, If the AutoClicker Dump is after, Ban for AutoClicking.
➤ UserAssistView & LastActivityView:
UAV & LAV keeps track of programs that are executed. Normally UAV & LAV is used to find Autoclickers, Inject Clients, etc.
(UAV AND LAV Shows exe's but not jars)
LastActivityView:
Go threw all the exe's look for any suspicious EXE, Even “Steam.exe” , “OBS.EXE” open the file and make sure it's Steam.
To Copy the exact file path, double click on this white bar ↓↓↓
After double clicking on the white bar you should see a box called Properties (Example on the left)
Select the File Path and Copy it (Control + C)
(Open the File with RUN.EXE *Win + R*) and if a client comes up you may ban them
UserAssistView:
Using UAV is just a little bit different, You just need to double click on ‘Date Modified” (Arrow Downward)
To copy file path just double click on it like LAV, not so different but you will encounter sometimes that the file path is just random number then the .exe, if that happens use Search everything which is here (Make sure when you search on "Search Everything" look at the directory / file location as you can have two exe's in different locations for example Minecraft.exe in desktop and Minecraft.exe in downloads; which one should you check if the directory isn't clear? Check both of them if the file path is just letters/numbers.
Tip: Unalert? Why don't you just use LAV as its easier, I personally use UAV as it can run way faster on slower machines plus it can sometimes show exe's that don't show up in LAV. Both of these programs are not so different, they both use Prefetch hence why I didn't explain what Prefetch is for...
➤ How to check player alt accounts for ban evasion (Premium Players)?
- First step would just be opening the Minecraft Launcher and checking all the accounts obviously.
- Now here is a little trick not a lot of people know about,
- It’s very easy, You just need to open your ``.minecraft' folder, scroll down till you find “usercache” and “usernamecache” normally it will show up as white paper. You must open it with notepad, to do so you must on the file -> Properties -> Change -> Select Notepad ->Apply. (These steps are the same as the top one but just choosing notepad) (It should look that in the right, as you can see you will have lists of different accounts or only one; depends on how many alts the user has.)
➤ Process Hacker:
Make sure Process Hacker is in Administrator mode.
I will be giving you only one interesting process which is "Pcaclient" as its pretty public at this point:
Explorer.exe Search up “explorer.exe” Double click on explorer.exe, click on general and check the start time if this was started around the time that you froze him you can ban him/her for restart explorer before screenshare. Then proceed to memory, click on strings, check image & mapped, minimum length 4 and click ok. Click filter, then contains (case-insensitive) After following the steps above type in “pcaclient” Click on save and then save it to their desktop Once you open it look for any suspicious files
if you find any copy the file name. open Search everything. paste the file path in there. if you can’t find it try to take out some parts. if the file is deleted you can ban them.
Now for any other strings/processes, here is some 2018-2019 Strings (This is outdated so if I see people using vape strings I'll cry goes for Cucklord drip etc) Only string that still works is manthe in MsMpEng.exe. (Anti virus = Msmpeng) MsMpEng does not come with windows 7 as its a windows 10 defender.
Enjoy the strings: here (If your curious should I follow the same steps you did earlier, only steps you need to do is "Then proceed to memory, click on strings, check image & mapped, minimum length 4 and click ok. Click filter, then contains (case-insensitive)" and paste the string in the process)
Tip: Click on hacker in the top left of process hacker Click options then click on the reset button this is very important make sure to do it when you are done Screen Sharing.
I hope you find this useful
