SOLVED: BANS OF INNOCENT USERS

[arm-off-please-help]

Here are the Programs that I had running in the background when i got banned:
-Bitdefender
-Comodo Firewall
-Virtual Clone Drive
-Adobe Updater
-Nvidia Control Center thingy

Also yesterday I remembered I use ENB Mod for Microsoft Flight Simulator. Although I can't imagine this has any impact on PR.. But I guess it may be worth noticing.

[Hokunin]

Maybe it is just a matter of random luck, due to PB soft peculiarities? Here is what hackers wrote on similar case long time ago in their forums(I just stumbled upon this while googling the issue):

"There are definitely innocent players being kicked for this and other violations here and there. I have seen more and more posts on forums, including one of a MBL contributor on PsB.

Especially with PB's new pattern _searching_ (removing the offset part when identifying a hack), which btw is done by PnkBstrB.exe globally in all running processes (at least for the 'x' violations), this is more likely to happen.
There are signatures (including the one for #50120) that could very well be present in any other program - and again, the offset doesnt matter anymore.

I will give an example. This is the signature for #50120 converted to asm (offset random here, doesnt matter):

Code:

1000113A 83EC 20 SUB ESP,20
1000113D 53 PUSH EBX
1000113E 8BD9 MOV EBX,ECX
10001140 807B 05 00 CMP BYTE PTR DS:[EBX+5],0
10001144 0F84 A7000000 JE 50120.100011F1
1000114A 56 PUSH ESI
1000114B 57 PUSH EDI
1000114C 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+8]
1000114F 8B17 MOV EDX,DWORD PTR DS:[EDI]
10001151 8D43 2C LEA EAX,DWORD PTR DS:[EBX+2C]
10001154 50 PUSH EAX
10001155 FF73 38 PUSH DWORD PTR DS:[EBX+38]
10001158 8D45 E0 LEA EAX,DWORD PTR SS:[EBP-20]
1000115B 50 PUSH EAX
1000115C 8BCF MOV ECX,EDI
1000115E FF52 48 CALL DWORD PTR DS:[EDX+48]
10001161 D943 10 FLD DWORD PTR DS:[EBX+10]
10001164 807B 4C 00 CMP BYTE PTR DS:[EBX+4C],0
10001168 D865 E0 FSUB DWORD PTR SS:[EBP-20]
1000116B 8D73 08 LEA ESI,DWORD PTR DS:[EBX+8]
1000116E 8D43 28 LEA EAX,DWORD PTR DS:[EBX+28]
10001171 D95D F0 FSTP DWORD PTR SS:[EBP-10]
10001174 50 PUSH EAX
10001175 D943 14 FLD DWORD PTR DS:[EBX+14]
10001178 8D43 24 LEA EAX,DWORD PTR DS:[EBX+24]
1000117B D865 E4 FSUB DWORD PTR SS:[EBP-1C]
1000117E 50 PUSH EAX
1000117F D95D F4 FSTP DWORD PTR SS:[EBP-C]
10001182 D945 F0 FLD DWORD PTR SS:[EBP-10]


Ok, it is unlikely to be used by any other program, but it does not 100% look like a hack, does it? Whatever, there is always the probability that this byte sequence is randomly (or not) present in any running process - and if so, it is irresponsible to issue global bans for that.

And btw, did I ever mention PB is stupid? Instead of scanning your entire system for signatures, which can be bypassed easily (see my quick update for Dave's hack), and therefore invading and using up your system resources, PB should rather detect what the hacks actually do.
But Evenbalance seems just too dumb and lazy to accomplish that. It is really a wonder they get paid for that."

[brezmans]

Props to Brezmans I think are in order for taking up the fight for everybody banned.....something to consider next time you are thinking about having a crack at server admins

People love to hate server admins, and I don't blame them

If I wasn't certain that our clan member wasn't hacking and was thus wrongly banned, I probably would not have bothered as much, but even then this banwave seems a bit off in many respects.

Just to maybe keep you guys in the loop: Linkman (one of the HOG clanleaders) and me are working with some of the pbbans staff on this and we are forwarding as much info as we can to them to help them reproduce the false positive. At this point we have one of the evenbalance staffmembers looking into it too, so it's not pointless at all if you have been banned to post here and give us as much information about your system as possible, either here or through PM, we will make sure to send it over together with your guid.

[[KSK]Eichhoernsche]

Hi guys,

seems to me that this is not related to the nvidia stuff - I also got banned and I have a Radeon 4870 and definetly NO aimbot

These were the running processes:




This is my hardware Setup:
https://dl.dropboxusercontent.com/u/951 ... 93833.html

Hope you can use this information.
Please notice that I also had BitDefender as AntiVirus program. And this was the only thing that updated itself. It couldn't be the graphics driver I didn't update this quite a while.
I got banned 1200min so maybe I could try tomorrow to play without having bitdefender started.

Cheers...

[Hokunin]

Eichhoernsche, welcome to the club )

And I'm afraid no, you won't be able to play tomorrow, you are globally banned by evenbalance. You'll just get another 1200 min.

I guess there'll be more and more banned PR players until the case is solved...

[DesmoLocke]

I didn't think it was a Nvidia driver issue. It's looking like a BitDefender issue?

Might want to change the title of this thread to something more appropriate then.
.

[brezmans]

I forwarded your info to the pb guys, Einchhoernschen, also appeal your ban at evenbalance please, we need everyone appealing so they can look into the specs individually.

[[KSK]Eichhoernsche]

Thanks! Yep, did that already...

[ShockUnitBlack]

Depending on what happens here, is there a possibility PR might end up Punkbuster-less?

[Vista]

Depending on what happens here, is there a possibility PR might end up Punkbuster-less?

No... That would be a hacker's paradise.

[Moszeusz6Pl]

No... That would be a hacker's paradise.

Unless we would get another anti hacking system.

[brezmans]

Punkbuster has not actually caught many hackers in PR in the past years. Most hackers were caught by analyzing battlerecorders and gameplay.

Also, the bans that are being discussed in this thread are no punkbuster global bans. If the server is not streaming to pbbans or ggc-stream, it would only be a 2 min kick for a punkbuster violation, it is the streaming services that decide to put people who trigger these violations on a master banlist. Server admins have the option to exclude certain violations from this master banlist or to not use this list at all.

Global punkbuster bans are issued by evenbalance, the company that provides the punkbuster software. PB violations-bans are issued by streaming services like pbbans and ggc-stream which are entirely optional and are issued on the base of these violations which are in turn triggered by the punkbuster software.

A pb violation =/= a pb ban.

[godfather_596]

First the steam overlay and then this...... I don't feel like downgrading I'll wait.

[rici_ol]

Hi, i?m also used Bitfdefender... shit

[Mineral]

As far as I'm aware PRTA doesn't stream to these services, so you should be safe on the server.(except for the kicks).

Maybe it's better if PR server admins turn off the streaming for a few days?

[Bo0gieMan]

If i already updated how can i downgrade?

[brezmans]

The nvidia drivers are not the problem, there is no need to worry about that. To be honest, I don't even know where this rumor came from, it seems to be completely unrelated.

[Spec]

Changed thread title. Are we having any clue, beyond guessing, what's causing it by now?

[KiloJules]

It came up after idk how many people got banned on NwA server afaik and it quickly came up that all/most/many of them had NVIDIA cards and recently updated. Sure not really scientific but it seemed to be the case when the problem first came up.

[General_Elbi]

From what I've read so far, I think it's more likely BitDefender which is causing the trouble. arm-off-please-help stated that he had Nvidia driver version 314.22 installed rather than 320.18 when he got banned. So we have people being banned with both versions 314.22 and 320.18. Since I myself have version 314.22 installed and have not been banned yet (and I do NOT have BitDefender installed), I conclude that the Nvidia driver cannot be the reason.

Furthermore, unless I've missed a thread, everyone who got banned so far stated that he got BitDefender installed (e. g. [KSK]Eichhoernsche, arm-off-please-help, Hokunin).

I think a very interesting question would be if there is anyone out there who got banned and did NOT have BitDefender installed? If so I'm going to refuse my hypothesis... Until then I suspect BitDefender to be the reason.