Pages: 1 [2] 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 00:48:00 -
[31]
Edited by: Armoured C on 23/07/2009 00:48:23 i suggest when there is a new one comes up in a post that a counter post be creater and continually bumped until the offending post is destroyed so that you dont even have to invesgatate. The people that are controlling them probably know that that post worked better than the obvious others that were more obvious.
we need to protect ourselves while CCP get on top of this.
rally up the posse boys i am going to stay up all night ( uk time ) and guard the forums
o7
PAGE TO SNIPER
PEW
support stop selling alliance tourney places post
Armoured C forum extrodinare |
|
CCP Fallout
|
Posted - 2009.07.23 00:50:00 -
[32]
Originally by: Armoured C Edited by: Armoured C on 23/07/2009 00:48:23 i suggest when there is a new one comes up in a post that a counter post be creater and continually bumped until the offending post is destroyed so that you dont even have to invesgatate.
I strongly suggest that you don't take this route. It is much better and easier to use the report feature, especially as there may be threads that we miss. Plus, bumping is also against the rules :)
Fallout Associate Community Manager CCP Hf, EVE Online Contact us |
|
Zeba
Minmatar Honourable East India Trading Company
|
Posted - 2009.07.23 01:09:00 -
[33]
Originally by: CCP Fallout
Originally by: Armoured C Edited by: Armoured C on 23/07/2009 00:48:23 i suggest when there is a new one comes up in a post that a counter post be creater and continually bumped until the offending post is destroyed so that you dont even have to invesgatate.
I strongly suggest that you don't take this route. It is much better and easier to use the report feature, especially as there may be threads that we miss. Plus, bumping is also against the rules :)
What can you say as it's armoured c. Spam is always the answer to him.
Originally by: Vaden Khale He's doing the moonwalk in HEE-hee-hell.
|
hedonism
|
Posted - 2009.07.23 01:11:00 -
[34]
Originally by: CCP Fallout
Originally by: Armoured C Edited by: Armoured C on 23/07/2009 00:48:23 i suggest when there is a new one comes up in a post that a counter post be creater and continually bumped until the offending post is destroyed so that you dont even have to invesgatate.
I strongly suggest that you don't take this route. It is much better and easier to use the report feature, especially as there may be threads that we miss. Plus, bumping is also against the rules :)
my account settings are set to not show pictures, yet when i report those threads it shows the pictures when it gives me the option to comment on why im reporting it, anyway to stop this?
|
reoveck
Amarr black hearts
|
Posted - 2009.07.23 01:12:00 -
[35]
can't ccp just ip ban these bots like any other forum?
|
Zeba
Minmatar Honourable East India Trading Company
|
Posted - 2009.07.23 01:16:00 -
[36]
Proxys make banning an ip irrelevant.
Originally by: Vaden Khale He's doing the moonwalk in HEE-hee-hell.
|
Schayol Sunkeeper
|
Posted - 2009.07.23 01:20:00 -
[37]
Edited by: Schayol Sunkeeper on 23/07/2009 01:21:01 edited first post to provide useful information
changed thread title to fit more in the face of changing keylogger threadnames
|
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 01:22:00 -
[38]
interesting while you post another has popped up and yet you post this instead of deleting it?
I love these forums and will go beyond to protect them. if you ban me for pointing something out to the people while we wait for you to delete it them so be it I will take the ban!
support stop selling alliance tourney places post
Armoured C forum extrodinare |
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 01:29:00 -
[39]
You can of course delete the posts I'm making along with the infected posts.
and 2 minutes with out it being deleted off the system and you advice me not to do this?? support stop selling alliance tourney places post
Armoured C forum extrodinare |
Reyold Bengali
Caldari
|
Posted - 2009.07.23 01:30:00 -
[40]
Edited by: Reyold Bengali on 23/07/2009 01:33:02 Another couple of good anti-spyware programs are Spyware Doctor (available for free in the Google Pack) and MalwareBytes Anti-Malware, which is free for private use. In the event of a really pernicious virus/spyware infection, downloading and running the latest version of ComboFix is usually a safe bet. ------- Never argue with an idiot. They'll drag you down to their level, then beat you with experience. |
|
Obsidian Hawk
RONA Corporation
|
Posted - 2009.07.23 01:33:00 -
[41]
I have completed my full system scans
they are on page one for reference, it is unknown at this time if they were related to the forum links or not. Either way I should be ok now I hope. I will hit up the test server first. --------------------------
WTB a sig, or moderation of my sig by all the hot CCP girls. |
Discrodia
Gallente Blood Red Dawn Novus Auctorita
|
Posted - 2009.07.23 01:33:00 -
[42]
I don't know what these links are, and I haven't clicked any, so I'm safe right?
(I'm just a little paranoid ) ___________________________________________
Discrodia > Annoying idiots in 0.0 is my business. Business keeps picking up. Discrodia > I also like misquoting stuff :D |
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 01:34:00 -
[43]
does google chrome comes with anything as you said the google pack ?
Ever since i ran a AV check my firefox has all of a sudden died and i cant get it working again. Says it is already running yet i check the task manager it isnt running at all and i checked processes as well. support stop selling alliance tourney places post
Armoured C forum extrodinare |
Reyold Bengali
Caldari
|
Posted - 2009.07.23 01:37:00 -
[44]
Originally by: Armoured C does google chrome comes with anything as you said the google pack ?
Ever since i ran a AV check my firefox has all of a sudden died and i cant get it working again. Says it is already running yet i check the task manager it isnt running at all and i checked processes as well.
Not sure if it comes with Chrome or not, but it's available directly from Google here: http://pack.google.com/intl/en/pack_installer.html. ------- Never argue with an idiot. They'll drag you down to their level, then beat you with experience. |
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 01:38:00 -
[45]
do i have to download the norton doctor id rather jab forks in my eye TBH support stop selling alliance tourney places post
Armoured C forum extrodinare |
D Gelalder
Gallente Core Antum
|
Posted - 2009.07.23 01:38:00 -
[46]
Had a look at this "key-logger" using some VM software, network sniffer and process monitor.
It does surprisingly little.. Kinda disappointing actually.
Anyways the system kinda works like this: (using vista)
1) Spammer posts links to site where user is "tricked" into "updating" his/her flashplayer. 2) user runs the downloaded keylogger ( voluntarily? ) 3) keylogger places a dll in "c:\user\<accountname>\AppData\Local\Temp\". File is called "msxm192eve.dll" 3) keylogger edits register under "HKEY_CURRENT_USER\SOftware\Microsoft\Windows\CurrentVersion\Run" and adds a new string called "EVEHpr" with a value that looks something like this: "RUNDLL32**** c:\user\<accountname>\AppData\Local\Temp\msxm192eve.dll,w". 4) keylogger then connects to a cn domain and tells them what OS you are using (lovely huh), gets a number in return. 5) keylogger waiting for idio.. user to enter his/her account detail.
Off Course.. this where the only file(s) I could find. But the sizes seem to match up and no additional files where downloaded.
Removal of this thing seems simple: (!disclaimer: do this at your own risk!) 1) go to the mentioned directory and the delete the msxm192eve.dll (if you can't find it use the search function) 2) fire up regedit and remove the above mentioned key.
Of course it is only a matter of time before the spammers adjust there program and invalidate this. So no guarantees.
Still the best way to get rid of any virus/trojan/keyloggers is to just reinstall your bloody system. That should teach you not to run random crap of the internet, without some precaution.
|
Reyold Bengali
Caldari
|
Posted - 2009.07.23 01:41:00 -
[47]
Edited by: Reyold Bengali on 23/07/2009 01:41:53
Originally by: Armoured C do i have to download the norton doctor id rather jab forks in my eye TBH
Nope, just the Google Updater and Toolbar, and Spyware Doctor. Uncheck any of the apps you don't want. ------- Never argue with an idiot. They'll drag you down to their level, then beat you with experience. |
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 01:43:00 -
[48]
Originally by: Reyold Bengali Edited by: Reyold Bengali on 23/07/2009 01:41:53
Originally by: Armoured C do i have to download the norton doctor id rather jab forks in my eye TBH
Nope, just the Google Updater and Toolbar, and Spyware Doctor. Uncheck any of the apps you don't want.
cheers for that it is installing now support stop selling alliance tourney places post
Armoured C forum extrodinare |
Schayol Sunkeeper
|
Posted - 2009.07.23 01:46:00 -
[49]
reformatted and added a few useful programs to the first post
|
Obsidian Hawk
RONA Corporation
|
Posted - 2009.07.23 01:55:00 -
[50]
Originally by: D Gelalder
Anyways the system kinda works like this: (using vista)
1) Spammer posts links to site where user is "tricked" into "updating" his/her flashplayer. 2) user runs the downloaded keylogger ( voluntarily? ) 3) keylogger places a dll in "c:\user\<accountname>\AppData\Local\Temp\". File is called "msxm192eve.dll" 3) keylogger edits register under "HKEY_CURRENT_USER\SOftware\Microsoft\Windows\CurrentVersion\Run" and adds a new string called "EVEHpr" with a value that looks something like this: "RUNDLL32**** c:\user\<accountname>\AppData\Local\Temp\msxm192eve.dll,w". 4) keylogger then connects to a cn domain and tells them what OS you are using (lovely huh), gets a number in return. 5) keylogger waiting for idio.. user to enter his/her account detail.
Off Course.. this where the only file(s) I could find. But the sizes seem to match up and no additional files where downloaded.
Removal of this thing seems simple: (!disclaimer: do this at your own risk!) 1) go to the mentioned directory and the delete the msxm192eve.dll (if you can't find it use the search function) 2) fire up regedit and remove the above mentioned key.
CCP Promote this man! --------------------------
WTB a sig, or moderation of my sig by all the hot CCP girls. |
|
Nyphur
Pillowsoft Total Comfort
|
Posted - 2009.07.23 02:21:00 -
[51]
Originally by: D Gelalder Had a look at this "key-logger" using some VM software, network sniffer and process monitor.
Excellent. So if the registry entry and file are not present, we're clean?
Originally by: D Gelalder Still the best way to get rid of any virus/trojan/keyloggers is to just reinstall your bloody system. That should teach you not to run random crap of the internet, without some precaution.
I had just reformatted because I was upgrading to a 64bit version of vista. Downloaded every windows update, installed Firefox 3.51 and the latest AVG Free. Less than a day later I accidentally clicked on the link ¼_¼. It was posted in a thread where I was looking to see if anyone had posted screenshots, only had the page open for a second before I realised it was **** and quit it. Then after reading the forums I learned it was actually a keylogger. While it was open I recall the little bar at the top of the window but I didn't get a chance to read it.
I assume I'm safe?
|
Armoured C
Gallente The Scope
|
Posted - 2009.07.23 02:27:00 -
[52]
Originally by: Nyphur
Originally by: D Gelalder Had a look at this "key-logger" using some VM software, network sniffer and process monitor.
Excellent. So if the registry entry and file are not present, we're clean?
Originally by: D Gelalder Still the best way to get rid of any virus/trojan/keyloggers is to just reinstall your bloody system. That should teach you not to run random crap of the internet, without some precaution.
I had just reformatted because I was upgrading to a 64bit version of vista. Downloaded every windows update, installed Firefox 3.51 and the latest AVG Free. Less than a day later I accidentally clicked on the link ¼_¼. It was posted in a thread where I was looking to see if anyone had posted screenshots, only had the page open for a second before I realised it was **** and quit it. Then after reading the forums I learned it was actually a keylogger. While it was open I recall the little bar at the top of the window but I didn't get a chance to read it.
I assume I'm safe?
I would run a scan just in case. Can never be to careful.
support stop selling alliance tourney places post
Armoured C forum extraordinaire |
Nyphur
Pillowsoft Total Comfort
|
Posted - 2009.07.23 02:29:00 -
[53]
Originally by: Armoured C I would run a scan just in case. Can never be to careful.
Virus scans come up clean, installing Spybot now. But these things work off a database of collected samples and some heuristic analysis, wouldn't it be very rare for them to even be able to find a new trojan/keylogger/virus that hasn't yet been catalogued?
|
LuckyQuarter
Gallente Lucky Galactic Expeditions
|
Posted - 2009.07.23 03:14:00 -
[54]
Unless you really know the full details of what any key logger or other virus installs on your system, you're only _safe_ option is to reform the entire operating system and reinstall. Anything else is just risking identity theft. You can not trust any anti-virus software to 100% protect you. Studies have shown that clever attackers can get by them. I appreciate the excellent info posted in this topic, but I'd hate for any novice computer users here to get the impression that having any virus/keylogger get through is easily fixable and isn't a big deal. With luck, the prior posts have fully documented what this logger did, but who knows? Keep in mind that tens of thousands, if not millions of computers are online now that have been hacked w/o users knowing -- these systems are used w/o owners knowing to break into yet other systems and are controlled remotely. Even if you don't care about your own system security, don't let your system be used to break into someone else's...
|
Jimer Lins
Gallente Noir. Noir. Mercenary Group
|
Posted - 2009.07.23 03:44:00 -
[55]
Back up your critical files (photos, documents, etc).
Get out your installation disks.
Reinstall your operating system, choosing a complete format of the hard drive.
If you are ever infected with a virus, keylogger or trojan, your best and safest option is to nuke the site from orbit. It's the only way to be sure. Otherwise you can never be totally certain your system is not compromised. No virus scanner, malware detector, spyware remover or other tool is guaranteed to catch everything.
Killboard - Declarations of War Podcast |
Nyphur
Pillowsoft Total Comfort
|
Posted - 2009.07.23 04:04:00 -
[56]
Just out of curiosity, does anyone know how infection occurs with this keylogger? Is it abusing some kind of vulnerability or does the user have to actually do something other than just click the link on the forums? Someone mentioned being tricked into "updating" your flash player or something?
|
Gasig Howlsen
Peces Of Eighte
|
Posted - 2009.07.23 04:58:00 -
[57]
Originally by: Nyphur Just out of curiosity, does anyone know how infection occurs with this keylogger? Is it abusing some kind of vulnerability or does the user have to actually do something other than just click the link on the forums? Someone mentioned being tricked into "updating" your flash player or something?
I am also interested in these details. : X
|
Jhagiti Tyran
Mortis Angelus
|
Posted - 2009.07.23 06:12:00 -
[58]
Edited by: Jhagiti Tyran on 23/07/2009 06:15:09
Originally by: Nyphur Just out of curiosity, does anyone know how infection occurs with this keylogger? Is it abusing some kind of vulnerability or does the user have to actually do something other than just click the link on the forums? Someone mentioned being tricked into "updating" your flash player or something?
It sounds like it gives a generic "update to the latest adobe/macromedia flash player to view this content" but instead of linking to the genuine update site or mirror it actually installs the malware instead of the real software and people dont pay attention and they just allow it when the permission pop up appears.
Never update browser add ons from links provided from websites always go to the software developer site instead. -
|
Siigari Kitawa
Gallente The Aduro Protocol
|
Posted - 2009.07.23 07:54:00 -
[59]
Unrelated to this current issue, I have actually had a problem for about 6 months:
I can't visit any Microsoft website -- except for hotmail, I cannot access MSN messenger unless I use Trillian.
I cannot visit certain anti-virus sites such as malwarebytes, pctools, norton, etc.
It's not my host file either. Help?
PS: clean on spybot.
|
Nyphur
Pillowsoft Total Comfort
|
Posted - 2009.07.23 07:58:00 -
[60]
Originally by: Siigari Kitawa Unrelated to this current issue, I have actually had a problem for about 6 months:
I can't visit any Microsoft website -- except for hotmail, I cannot access MSN messenger unless I use Trillian.
I cannot visit certain anti-virus sites such as malwarebytes, pctools, norton, etc.
It's not my host file either. Help?
PS: clean on spybot.
If it's not in your hosts and if the domains resolve to IPs correctly when you ping them from a command prompt (thus showing it's not a problem at your ISP's DNS), it definitely sounds like a virus that's actively preventing you from getting antivirus software. Backing up everything and reformatting is your best bet at that point. When you're done reformatting and reinstalling windows, do all the windows updates and install antivirus software before doing anything else. Then scan your backups, something might still be infected and there's no sense reformatting if you're just going to infect your computer again.
|
|
|
|
|
Pages: 1 [2] 3 4 :: one page |
First page | Previous page | Next page | Last page |