Information Advanced Screenshare Guide (Free-To-Use)

Discussion in 'Off Topic' started by Thrintios, Mar 2, 2019.

Thread Status:
Not open for further replies.
  1. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    Updated - 02/03/19
    Screenshare Guide open to everyone, not everything is in this as I like to keep some stuff private.

    AnyDesk
    Whenever you open AnyDesk and connect to their session, click on the lightning bolt at the top right and select ''request elevation''.
    Doing this allows you Administrator permissions and allows you to use Task Manager and other applications launched in Administrator Mode.

    Minecraft
    Once you're in the AnyDesk, open their Minecraft game. Go onto your account and temporarily unfreeze the player so you can use the Main Menu. (Only do this if the server you're staff on has a Freeze GUI which prevents them from pressing ESC/Chatting).
    Once they're unfrozen press ESCAPE - Options - Snooper Settings. Scroll all the way near the bottom until you see 'launched_version'. If anything suspicious appears, ban them.

    Recording
    Click the UP Arrow at the bottom right of their taskbar.
    Hover over every application & look at their names. Open Nvidia GeForce Experience (check if they have it, not only by hovering over everything, just go through their pc and search for it). Open it, click on the InGame Overlay at the top (or press Alt + Z for ShadowPlay) and make sure the recording is off.
    If they have RADEON (which is for AMD), open it and click on the ''RELIVE'' button and make sure its off.

    Task Manager
    When you've opened their task manager, check for anything suspicious.
    Look for recording softwares that could still be opened.
    Look for 'ClickyGone', 'WinHide', 'HocusPocus' too.
    If you find anything sketchy, contact me if you're curious as to what it is.

    Recycle Bin
    Press Win + R on your keyboard to open RUN
    Type in: C:\$Recycle.Bin
    If nothing shows up, click on view at the top, click on Options at the right, go to the View tab, click on 'Show hidden files, folders and drives' and also uncheck 'Hide protected operating system files (Recommened)'
    If they have modified their Recycle Bin before the screenshare or near the same time, you may ban them under any circumstances.

    .minecraft folder
    Go to their .minecraft folder and open their mods folder (this is only if they're on Forge).
    Check the file size of all mods, and make sure they are correct.

    Batty's Coordinates PLUS Mod for Forge-1.7.10_1.6.0 (18kb)
    ReiMinimap without Entity/Player Radar (179kb)
    VoxelMap-No-Radar-Mod-1.7.10 (455kb)
    OptiFine_1.7.10_HD_U_D6 (1,194kb)
    Batty’s Coordinates (13 kb)
    ArmorStatusHUD (25-26kb)
    StatusEffectHUD (23-24kb)
    ShinyPots-1.1 (5kb)
    MotionBlurMod (7kb)
    Keystrokes Mod (11kb)
    DirectionHUD (23-24kb)
    bspkrsCore (193-194kb)
    TcpNoDelayMod (5-6kb)
    ToggleSneak (20-24kb)
    PlayerAPI (276kb)
    CPS Mod (9kb)

    All of the mods have to be around this size.
    If any mods are way different sizes, decompile the mod with 'Luyten' and go through all packages to look for suspicious code, unless you're 100% sure; you can ban them.
    If bspkrsCore is corrupted when you try to open it, you may ban them too.
    After checking the mods folder, go back to the .minecraft folder

    IMPORTANT: Open launcher_profiles.json - CTRL + F - Search for displayName
    People who cheat on alts with VPN and people who have a banned account or have a Dynamic IP will be caught this way. (Those people bypass /alts), which is why you ALWAYS want to do this.
    Go in-game and /history all of the account names you found with the previous step and check if any of them are banned, if so; ban them for Ban Evasion.

    If they have a gc.txt file in their .minecraft, check the date modified. If it was recent, you may ban them for Cringed Client.

    Minecraft Launcher
    Open a new minecraft launcher (like you would do when you want to play Minecraft), and navigate to 'Launch Options', Click on their current ran version (that you looked at in Snooper Settings), and if they have '-noverify' in the JVM Arguments, you may ban them.

    Recent Files
    Press Windows Key + R, type in %appdata% and press enter.
    Scroll down to Microsoft, then click Windows and then click Recent Items.
    Look through their recently opened items and search for anything suspicious.
    If you find something used recently, ban them.

    Razer Synapse
    Press Windows Key + R, type in C:\ProgramData and press enter.
    Go to 'Razer', then 'Synapse', then 'Accounts', then click on their account folder.
    Once in the accounts folder, check the date modified on the Macros folder.
    If it was edited before or near the screenshare, you may ban them.

    Last Activity Viewer
    Download LastActivityViewer on their computer.
    Open the program and look through their recently opened files; ban for anything suspicious found.

    UserAssistViewer
    Download UserAssistViewer on their computer.
    Open the program and look through their recently opened files; ban for anything suspicious found.

    WinRar Recent Files
    Go to their desktop, Right-Click and press 'New', click on WinRar Archive.
    Once open, right click on the program on their taskbar.
    If they have opened anything suspicious on that list, you may ban them.

    Downloads and Desktop
    Go to their downloads folder first, scroll through all of their downloads and search for any suspicious programs (example: hG402.exe etc), check the date modified and if it was recent you may ban them.
    Go to their desktop, look at the files on it and look for any suspicious programs or items on their desktop.

    Search Everything
    ○ Download Search Everything on their computer.
    ○ Let everything load and then search this suggested list, if anything appears, check the date modified and if it was recent you can ban them. Search for the following:
    ○ Clicker, AutoClicker, XRay, Vape, Incognito, Vea, Kurium, OneTap, Nero, Demon, Fusk, Merge, Misplace, Drek.
    ○ If anything is found and used recently, ban them.

    Process Hacker

    1. Smartscreen.exe

    ○ Download Process Hacker 2 on their computer.
    ○ Type 'smartscreen.exe', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type Vape in the text box and click ok. (If something pops up, ban them).

    2. MsMpEng
    ○ Type 'msmpeng', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type Manthe Industries, LLC in the text box and click ok. (If something pops up, ban them).
    ○ Also copy and paste the following string: 1AC14E77-02E7-4E5D-B7442EB1AE5198B7)RUNDLL32.EXEd3dx9.dll,EntryPointlaunch

    3. Explorer.exe
    ○ Type 'explorer.exe', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type the following string: Oshi-core-1.1.jar (if it pops up, ban them).
    ○ Type the following string: C:\users\(account name on their pc).
    ○ After typing the string above, create a new filter and type .exe, then .jar, then .zip.
    If you find anything suspicious in these 3 searches and is used recently/can't be found back, ban them.

    Now enter the following string: PcaClient
    Double Click on the one that starts with ''TRACE, ....''
    A whole list will appear highlighted in BLUE, search through all the programs listed in blue for anything suspicious. Example: C:\users\Stefan\Desktop\hgKGE.exe - if you find anything like this, ban them.

    4. Javaw.exe
    ○ Type 'javaw.exe', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type in whatever string you may have - I'm not going to give you strings.

    ○ Go back to Process Hacker 2, type in javaw.exe again, then click on 'Find Handles or DLLs'
    and copy and paste the following: reflective_dll.x64.dll

    5. chrome.exe
    ○ Type 'msmpeng', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. - Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type the following strings: vape.gg, clicker, autoclicker, demon.gg, drek.io, tap.wtf, apolloclicker.pw, cdn.apolloclicker.pw

    6. dwm.exe
    ○ Type 'dwm.exe', double click it, and click memory.
    ○ Uncheck the box that says 'hide free regions' and click the 'strings' button.
    ○ In 'Minimum Length', type 4. - Make sure Image & Mapped are ticked, then press OK.
    ○ Click filter in the bottom left corner of the window that popped up (Click "contains (case-insensitive)").
    ○ Type the following strings: auto click, autoclick, clicker, veneclicker, 7clicker, nacl (look for nacl 32), silent clicker, agent.jar
    IMPORTANT: When you finish the last step with Process Hacker, make sure to clear your strings!
    - On the top bar, click Options, then press the 'Reset' button

    Regedit.exe
    Press Windows Key + R, type in regedit, and press enter.
    Whenever regedit opens, in the top navigation bar, copy and paste this in:
    Computer\HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\AppCompatFlags\Compatibility\Store
    ○ Whenever it finishes opening the directory, you will be given a list of programs.
    ○ Look through all programs and make sure there's nothing suspicious.
    Example: C:\Users\Stefan\Downloads\RJVjMswM.exe

     
    • Useful Useful x 6
    • Like Like x 2
    • Winner Winner x 1
  2. Xymelin

    Xymelin Penguin Extremist
    2018 | Funniest VIP 202002                  Christmas Christmas Halloween                 

    Joined:
    Dec 30, 2017
    Messages:
    748
    Likes Received:
    555
    Trophy Points:
    93
    Ratings:
    +566 / 3
    great job
     
    • Like Like x 1
  3. Sponsor

    Sponsor Papa Polarbear

    Joined:
    Dec 26, 2016
    Messages:
    2,193
    Likes Received:
    298
    Trophy Points:
    83
    Ratings:
    +474 / 19
    Great guide Thrintios, this will be useful for everyone!
     
    • Like Like x 1
  4. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    Thanks to both of you.
     
  5. CaptainMeoow

    CaptainMeoow Penguin
    Christmas Christmas 2018 | Loyal

    Joined:
    Aug 22, 2016
    Messages:
    120
    Likes Received:
    127
    Trophy Points:
    43
    Ratings:
    +217 / 6
    Such a cute, helpful community member! xoxo
     
    • Agree Agree x 3
    • Like Like x 1
  6. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    xoxo
     
    • Like Like x 1
  7. SearchForMe

    SearchForMe Penguin Extremist
    OG VIP Halloween

    Joined:
    Apr 28, 2018
    Messages:
    648
    Likes Received:
    171
    Trophy Points:
    43
    Ratings:
    +282 / 17
    noice. Well made with useful info. Thank you! :)
     
    • Like Like x 1
  8. ProbablyAvi

    ProbablyAvi Penguin
                    

    Joined:
    Sep 29, 2018
    Messages:
    108
    Likes Received:
    53
    Trophy Points:
    28
    Ratings:
    +76 / 0
    Great Guide!
     
    • Like Like x 1
  9. analyser

    analyser VIP
    VIP                                                                    

    Joined:
    Aug 8, 2018
    Messages:
    747
    Likes Received:
    275
    Trophy Points:
    63
    Ratings:
    +425 / 14
    Gr8 guide, i saved everything on my pc for emergencies xd
     
    • Like Like x 1
  10. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    Thanks to both of you.

    Completely fine as this guide is free to use! :)
     
    • Agree Agree x 2
    • Like Like x 1
  11. Unalert

    Unalert VIP
    VIP

    Joined:
    Jul 3, 2018
    Messages:
    290
    Likes Received:
    80
    Trophy Points:
    43
    Ratings:
    +138 / 3
    Ty!!!
     
    • Like Like x 1
  12. Advertzz

    Advertzz Guest

    Ratings:
    +0 / 0
    boi
     
    • Like Like x 1
  13. Zaak

    Zaak Penguin Extremist

    Joined:
    Nov 17, 2017
    Messages:
    621
    Likes Received:
    110
    Trophy Points:
    43
    Ratings:
    +196 / 25
    *Gets Demoted for using it*
     
  14. Zphre

    Zphre VIP
    VIP

    Joined:
    Mar 12, 2017
    Messages:
    1,123
    Likes Received:
    1,293
    Trophy Points:
    113
    Ratings:
    +1,495 / 11
    A thing or two I learned looking at your ss-guide, great job man!
     
    • Like Like x 1
  15. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    Which things did you learn?
     
  16. Losmen

    Losmen Co-Owner
                    

    Joined:
    Sep 2, 2017
    Messages:
    472
    Likes Received:
    97
    Trophy Points:
    43
    Ratings:
    +201 / 12
    We basically have all these.
     
  17. H4RIS

    H4RIS Known Penguin

    Joined:
    Apr 30, 2017
    Messages:
    301
    Likes Received:
    68
    Trophy Points:
    28
    Ratings:
    +181 / 23
    tbh the best ssers are cheaters , and its the truth
     
    • Agree Agree x 2
  18. Thrintios

    Thrintios Penguin Extremist

    Joined:
    Jul 31, 2018
    Messages:
    673
    Likes Received:
    414
    Trophy Points:
    63
    Ratings:
    +664 / 27
    ;)
     
  19. Lukas

    Lukas Mini Polarbear
    fLICKGAME

    Joined:
    Apr 19, 2017
    Messages:
    1,582
    Likes Received:
    415
    Trophy Points:
    83
    Ratings:
    +723 / 76
    Back then u couldn't even find huzuni ok
     
    • Like Like x 1
  20. Advertzz

    Advertzz Guest

    Ratings:
    +0 / 0
    dont expose me
     
Thread Status:
Not open for further replies.
  • About Us

    ColdNetwork is an online Minecraft: Java Edition network. We are constantly working on Improvements to ensure the best experience for our Players. This is the only official website for ColdNetwork.
  • © 2022 ColdNetwork

  • Visit Our Store

    In-game items and perks can be purchased on our online store to help improve your gameplay. Thanks for the support!

    Store