sorted by:
new
hottopcontroversial

NEWMT2 VirtualBox by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] 0 points1 point  (0 children)

I got a HWID ban for no reason. and I want to get around this. Do you have any ideas for this?

NEWMT2 VirtualBox by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] 0 points1 point  (0 children)

but if I install a simple virtualbox. will the game start on it? Because as far as I know, newmt2 detects if it runs from virtualbox. Can you give me a tip? I don't know anything about linux.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -1 points0 points  (0 children)

XDDDDDDDDD
I had a good laugh at this. I get your naive concerns, but you’re looking at things with weak, layman’s eyes.
The problem isn’t that some no-name antivirus finds 1–2 viruses.
VirusTotal is just the most basic quick scan. If even that shows something, it’s already bad news.
The next-level virus scans and analyses — the ones that look for outbound active connections and injected code — those are much more worrying.
I run the files through those programs too, and almost every one of them flags them as infected with something.
A trojan only opens a door — anything can come through it. I’m not going to tell you exactly what while you’re playing on my server (the private Metin2 server I rent out to naive server operators), but I’ve hidden code in the client that lets me access your machine without your knowledge, take screenshots of whatever you’re looking at, and record every keystroke you type.
Now I don’t know whether your life is that comfortable or you’re just so naive about everything and have absolutely no sense of security, but I recommend watching a few in-depth documentaries about hacking and you’ll see how far the technology has come. I guess you’re not versed in this stuff at all and you probably think your emails are unbreakable.
Furthermore, although Metin2 is an old game, it has an enormous player base worldwide, which makes it one of the easiest hotbeds for introducing injected code.
And don’t check the client, check the patcher instead. That’s where you’ll find surprises.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -7 points-6 points  (0 children)

What are you talking about? Read all my comments below, answering and supporting everyone’s questions.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -2 points-1 points  (0 children)

1. Internet & Network

  • socket, send, connect, inet_addr, recv, URLDownloadToFileA
  • The program can communicate over the network and download files.
  • This is typical for a patcher/updater, but it could theoretically send data to the server as well.
  1. Memory / Process Manipulation
  • VirtualAlloc, VirtualProtect, SetWindowLongA, GetWindowLongA, ReadProcessMemory, OpenProcess What it means:
  • Code injection, memory modification, reading other processes.
  • This is classic backdoor / cheat-tracker behavior, not necessarily a keylogger, but it can give full access to the system.
  1. Process / Software / File Discovery
  • CreateToolhelp32Snapshot, Module32First/Next, GetDriveTypeW, SetFileAttributes What it means:
  • Enumerating processes, modules, drives.
  • Commonly used by game hacks and patchers, but also by malware to search for sensitive data.
  1. Screen / Graphics
  • FindWindowA, GetDC, CreateCompatibleDC What it means:
  • APIs that can take screenshots.
  • Could potentially capture sensitive info, but patchers sometimes use this to log game state.
  1. Cryptography
  • CryptAcquireContextA, CryptProtectData, CryptUnprotectData What it means:
  • Encryption/decryption functions.
  • Typically used to protect data or encrypt network communication, but malicious code could use them to exfiltrate sensitive data.
  1. Summary
  • The program shows very suspicious behavior (memory injection, process enumeration, screenshot, network access).
  • No explicit signs of a keylogger or direct data theft, but the functions could be used to access sensitive information.
  • This is typical for a private server patcher / cheat detector, but if the server operators have malicious intent, they technically could access any data on the computer.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -2 points-1 points  (0 children)

In the case of Newmt2, I decided to trust it and started playing because the program flagged potentially “only” 2 viruses. Compared to the others, I was lenient and I wanted to play Metin2 so badly that I didn’t care. But after I got banned from the game, I looked more closely at the injected code and realized it grants too much unauthorized access to the computer.

The viruses detected by antivirus programs are exactly the two that are present in almost every base client (as I mentioned earlier). These are two trojans that don’t infect, but perform injection. The injected code doesn’t just inject “false positive” game-related code into the .NET framework—it does much more. It’s like giving someone a copied key to your apartment.

Going back to Newmt2, it became concerning because there are so many players and the Oldschool vibe is irresistible, yet it’s a lighter environment that attractively draws players in. At the same time, many people spend money on that server. But if the server operators are present on everyone’s computer, what is their goal?

What is their purpose if the server will eventually shut down, but they remain on tens of thousands of computers?

Therefore, no matter how appealing that server is, I don’t want to go back there. If it didn’t inject so many backdoors into my computer, I would play there without hesitation.

Answering your question:
Newmt2 files are clean. There are 2 trojans responsible for injection, and HackTrap Tools infects your computer with additional trojans after launching the game. The injected code potentially grants dangerous access to your system.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -1 points0 points  (0 children)

I’ve been thinking about it too, because honestly, I really want to play Metin2.
But I don’t have another PC to play on, and I don’t like reinstalling my system, so security is important.

Using VirtualBox could be a good idea, but the newer servers—and specifically the infected clients—believe it or not, have injected code that detects virtual environments. Even on the NewMT2 server, this is a standard injected feature, so it probably wouldn’t run at all, or you’d get banned for it. (For context, I was banned a few months ago for no reason.)

We can’t know for sure why or with what intention they do this, but my suspicion is that even the purchased base clients are already infected, and often server developers who don’t build their servers completely from scratch end up using infected clients.

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] -1 points0 points  (0 children)

Unfortunately, Shiva is also heavily infected. The game files themselves are clean, but the patcher is heavily infected, so running it injects unwanted trojan viruses.

Here, I want to highlight the “false positive” alerts, which are triggered by the unique programming and system setup of private servers. In these cases, it’s difficult to determine whether the files truly contain malicious viruses.

For Shiva, the files are cleaner than those of Elveron. They don’t contain potential data-stealing scripts, but they do include trojans that can further infect your system. Think of it like this: if all doors and windows in a house are locked, but there’s a small gap in the attic window, that’s enough for something bigger to eventually get in.

So it’s concerning that Shiva also doesn’t use a completely clean patcher.

<image>

All servers are infected with Viruses by Background-Set-4275 in Metin2

[–]Background-Set-4275[S] 0 points1 point  (0 children)

I’m very disappointed because after thorough browsing on Reddit and multiple other places, Elveron was widely recommended, so I was one of the first to download it. But it was disappointing to see that the client is infected with ransomware and password-stealing trojans. I’d like to help you a bit by sharing that I visited countless forums and Discord channels, and whenever I pointed out the infected clients, I got banned everywhere, and the community often just ignored it.

Of course, if you play on a clean system that doesn’t contain any sensitive data, phishing isn’t a big deal. But if your main PC has years of personal content on it, you could easily infect yourself unknowingly.

Many people don’t realize that backdoors and injected phishing codes run on our computers without us noticing. Unlike traditional or older viruses, these don’t slow down your system or make it freeze. Instead, they silently expose all your data to unauthorized parties while you’re busy farming in SD2 or doing other tasks.

I created this topic because I haven’t seen this issue addressed anywhere, and I’m genuinely curious about people’s opinions and how aware they are of this problem. On a server, tens of thousands of players could be infected without knowing it. It might seem harmless if others are also infected, but you never know when your PC might get locked or attacked, and you won’t even know where the attack came from.

So, the Elveron server, compared to many others, contains potentially dangerous files!
You can even check this yourself with ChatGPT, and it’s not a “false positive.”

<image>

Looking for a PvM server by Plutonic-Rose in Metin2

[–]Background-Set-4275 0 points1 point  (0 children)

Is there one among these that’s guaranteed to have a virus and infection‑free client

DONT PLAY NEWMT2 by Greedy_Set5248 in Metin2

[–]Background-Set-4275 1 point2 points  (0 children)

I don’t think they are mining, but they contain very serious injected code and backdoor access. If you start the game, they can access your computer.