Pages: [1] 2 3 4 5 6 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Ombey
|
Posted - 2006.08.31 08:32:00 -
[1]
After putting up a character for sale here, I got contacted by email from a character called Nastrinous Tebu, with screenshots in a RAR file- he wanted to know my opinion on how much the char in the screenshots was worth, a char called MatrixICE. A curious request, but I gave him a guestimate. The RAR file must've contained a trojan.
This morning I find my character has been robbed of a large amount of money, it's been transferred to taylor04. I have a few ISK left.
Another account of mine that I just checked, was hanging in space in a shuttle- not where I left him. He had journal accounts shuffling money between taylor04 and Nastrinous Tebu
Now, the trojan file (I think) is a file called PackedUP.exe, in c:\windows\system32- it is run from the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run part of the registry.
If you have had ANY dealings with these characters that involved them sending you an attachment, please check your computers. MatrixICE may or may not have been involved with this, but look at this thread.
I have petitioned this with CCP, so no doubt I'll get my ISK back, but I'll also have to waste time rebuilding my PC just to be on the safe side.
I wanted to warn you all, to stop this happening again. If you search on Eve-Search, you'll find these characters all over the sell orders. --
ombeve |
Grey Area
Caldari
|
Posted - 2006.08.31 08:33:00 -
[2]
Get yourself a decent virus scanner...if it can't pick up an .exe file as obvious as that, whatever you are using now is pointless.
Try AVG free...it's (as the name suggests) free, and it captures pretty much everything. The company that makes it is called GriSoft...if I can find a link I'll post it. --- Monty Pythons spoof of the EVE Forums; Palin: "Is this the right room for an argument?" Cleese: "I've told you once." |
Ethidium Bromide
ZEALOT WARRIORS AGAINST TERRORISTS Curatores Veritatis Alliance
|
Posted - 2006.08.31 08:35:00 -
[3]
actually CCP should disclose the information on those accounts and initiate legal steps.
thanks for the warning Ombey!
Originally by: George Petsch Nochricht: Dei schwarer StroinlSser trifftn Karli[Baatzis] und ruiniert erm so richtig de Dosn, 1343.7 schhodn, oida.
My sig is blue not pink although i can't argue with the slave part - Xorus
|
Ombey
|
Posted - 2006.08.31 08:35:00 -
[4]
Originally by: Grey Area Get yourself a decent virus scanner...if it can't pick up an .exe file as obvious as that, whatever you are using now is pointless.
Try AVG free...it's (as the name suggests) free, and it captures pretty much everything. The company that makes it is called GriSoft...if I can find a link I'll post it.
I have a decent virus scanner- McAfee VirusScan v8.0, fully up to date, and a firewall. --
ombeve |
End Yourself
Core Domination
|
Posted - 2006.08.31 08:36:00 -
[5]
Edited by: End Yourself on 31/08/2006 08:44:43 Working with admin rights 4tw!
Quote: I have petitioned this with CCP, so no doubt I'll get my ISK back, but I'll also have to waste time rebuilding my PC just to be on the safe side.
Make sure you also change all other passwords used on that pc. mail, ebay, amazon......
And once you are done with the reinstall you might want to reconsider using an unpriviledged user account to work with.
--- Fighting for peace is like screwing for virginity.
|
Jinx Barker
Gallente Federal Bank
|
Posted - 2006.08.31 08:37:00 -
[6]
I hope you filed under exploit - so CCP can look at it right away.
|
Maltrox
Minmatar The Arrow Project The ARR0W Project
|
Posted - 2006.08.31 08:46:00 -
[7]
Edited by: Maltrox on 31/08/2006 08:48:11 Hey Ombey,
Drop me a line. I would like to have a look at that .exe file if you still have the original attachment.
Sounds like a fun trojan to break apart to see how it works.
============
www.antivir.com Home of Avast! 4 Home Edition Anti Virus, Email Scanner, Boot Scanner and much more
www.free.grisoft.com Home of AVG free virus scanner, email scanner
www.safer-networking.org/ Home of SpyBot Search and Destroy spyware scanner/remover
(Do not use with Shaw Secure, contact Maltrox for details. There is a known technical detail with SpyBot breaking Shaw Secure installations and I would be happy to explain in private)
|
Ethidium Bromide
ZEALOT WARRIORS AGAINST TERRORISTS Curatores Veritatis Alliance
|
Posted - 2006.08.31 08:51:00 -
[8]
Originally by: End Yourself
And once you are done with the reinstall you might want to reconsider using an unpriviledged user account to work with.
DAMN, WOMAN! i never thought of that will have to get that set up asap!
/me blows a kiss at end yourself
Originally by: George Petsch Nochricht: Dei schwarer StroinlSser trifftn Karli[Baatzis] und ruiniert erm so richtig de Dosn, 1343.7 schhodn, oida.
My sig is blue not pink although i can't argue with the slave part - Xorus
|
Pairadice
Caldari Paradise Venture
|
Posted - 2006.08.31 08:53:00 -
[9]
Why on earth would you run an .exe from someone you had no idea who it was? I mean come on this is Intraweb 101 here.
|
Ombey
|
Posted - 2006.08.31 15:08:00 -
[10]
Originally by: End Yourself Edited by: End Yourself on 31/08/2006 08:44:43 Working with admin rights 4tw!
Quote: I have petitioned this with CCP, so no doubt I'll get my ISK back, but I'll also have to waste time rebuilding my PC just to be on the safe side.
Make sure you also change all other passwords used on that pc. mail, ebay, amazon......
And once you are done with the reinstall you might want to reconsider using an unpriviledged user account to work with.
Good idea, I have tried this already and I don't have write access to the registry or the c:\windows\system32, which would have nipped this in the bud.
Just waiting on CCP now... --
ombeve |
|
branodn lee
Minmatar Arcana Imperii Ltd.
|
Posted - 2006.08.31 15:11:00 -
[11]
Quote: This morning I find my character has been robbed of a large amount of money, it's been transferred to taylor04. I have a few ISK left.
this is kinda funny to me since i know taylor04 personaly and hes not got anything to do with any hacking. im willing to bet this isnt even a hacking problum. im willing to bet ombey is juat a little peved that taylor bet his but in game and got ransumed for that isk that was sent to taylor. now if thats not it then taylor was hacked to. ive know this guy for 2 years and trust him fully. dont go blameing someone unless you have proff its his hack.
|
Shreyaz
Millennium E.R.A
|
Posted - 2006.08.31 15:13:00 -
[12]
Edited by: Shreyaz on 31/08/2006 15:13:45 double posting ftl _____________________________ Tiocfadh Ar La |
Shreyaz
Millennium E.R.A
|
Posted - 2006.08.31 15:13:00 -
[13]
Originally by: Pairadice Why on earth would you run an .exe from someone you had no idea who it was? I mean come on this is Intraweb 101 here.
i dont see him saying he ran the .exe _____________________________ Tiocfadh Ar La |
Razor Jaxx
Blind Vengeance
|
Posted - 2006.08.31 15:15:00 -
[14]
Originally by: Pairadice Why on earth would you run an .exe from someone you had no idea who it was? I mean come on this is Intraweb 101 here.
I have to agree with this. I assume it was a self-extractable archive - in which case you should not have run it. If you don't display program extensions (a VERY bad idea imo), you could've been handled a file like 'archivename.rar.exe', which would then display as 'archivename.rar' and not attract your attention. As far as I know, there is no way a non-executable file can spawn a trojan install (I consider scripts as a form of executable).
This being said, CCP needs to come down and come down hard on the perpetrators. While I fully support scamming etc. using game mechanics only, this, on the other hand, calls for exemplary punishment.
- [ BL1ND killboard ]
|
Ombey
|
Posted - 2006.08.31 15:15:00 -
[15]
Originally by: branodn lee
this is kinda funny to me since i know taylor04 personaly and hes not got anything to do with any hacking. im willing to bet this isnt even a hacking problum. im willing to bet ombey is juat a little peved that taylor bet his but in game and got ransumed for that isk that was sent to taylor. now if thats not it then taylor was hacked to. ive know this guy for 2 years and trust him fully. dont go blameing someone unless you have proff its his hack.
Run along troll.
--
ombeve |
Ombey
|
Posted - 2006.08.31 15:17:00 -
[16]
Edited by: Ombey on 31/08/2006 15:17:59
Originally by: Razor Jaxx
Originally by: Pairadice Why on earth would you run an .exe from someone you had no idea who it was? I mean come on this is Intraweb 101 here.
I have to agree with this. I assume it was a self-extractable archive - in which case you should not have run it. If you don't display program extensions (a VERY bad idea imo), you could've been handled a file like 'archivename.rar.exe', which would then display as 'archivename.rar' and not attract your attention. As far as I know, there is no way a non-executable file can spawn a trojan install (I consider scripts as a form of executable).
This being said, CCP needs to come down and come down hard on the perpetrators. While I fully support scamming etc. using game mechanics only, this, on the other hand, calls for exemplary punishment.
No, I'm afraid I am to blame for the trojan actually getting onto my PC- the RAR contained SCR files. I was thinking SCReenshot (like a moron), and just opened them. I have been kicking myself, believe me.
--
ombeve |
Experiment 00456
Gallente Brigand Coalition
|
Posted - 2006.08.31 15:18:00 -
[17]
Yeah, the user doesn't always have to execute the exe file for the virus to take affect.
|
Eternal Death
|
Posted - 2006.08.31 15:19:00 -
[18]
McAaffe aint all that good tbh, I think Sophos have the edge on them with updates being released several times a day - it can take McAffe several days to implement a new detection - then you have to wait for the 5PM release!
|
branodn lee
Minmatar Arcana Imperii Ltd.
|
Posted - 2006.08.31 15:20:00 -
[19]
Edited by: branodn lee on 31/08/2006 15:21:33 sorry im not trolling but i will not let you bad mouth a friend of mine becouse of something you have no idea on. if ccp says he did it then i will have to go with that but untill ccp says hes done something wrong you shouldnt bad mouth people.
|
Ombey
|
Posted - 2006.08.31 15:21:00 -
[20]
Originally by: branodn lee you shouldnt bad mouth people with your alt. why not use a main.
--
ombeve |
|
Dave Rumswiller
|
Posted - 2006.08.31 15:22:00 -
[21]
I recommend AVG antivirus - it's free and I've preferred it to Avast!, Norton and McAfee
|
Jags
Minmatar M. Corp Lotka Volterra
|
Posted - 2006.08.31 15:22:00 -
[22]
Ombey is his main. He makes all the 2d maps.
|
Captain Hudson
Caldari Bravehearts
|
Posted - 2006.08.31 15:23:00 -
[23]
Edited by: Captain Hudson on 31/08/2006 15:24:11 Edited by: Captain Hudson on 31/08/2006 15:23:41
Originally by: branodn lee Edited by: branodn lee on 31/08/2006 15:21:33 sorry im not trolling but i will not let you bad mouth a friend of mine becouse of something you have no idea on. if ccp says he did it then i will have to go with that but untill ccp says hes done something wrong you shouldnt bad mouth people.
LoL. not checking character info 4tl
Quote:
I Hope your computer melts and you can never play eve again
|
Death Kill
Caldari direkte
|
Posted - 2006.08.31 15:23:00 -
[24]
Hope they get banned for life, and I hgope we get to see an uppdate on the situasion ombey.
Recruitment |
branodn lee
Minmatar Arcana Imperii Ltd.
|
Posted - 2006.08.31 15:23:00 -
[25]
ok i eat that statment about main and alt. lol
|
Artthana
Minmatar
|
Posted - 2006.08.31 15:25:00 -
[26]
Off with their heads.
|
Therin Dracul
|
Posted - 2006.08.31 15:25:00 -
[27]
SCR files are supposedly screensavers, but since screensavers in windows are just an executable file that windows runs, any scr file is also an exe file.
Just a word for people in the future.
also; pif, prf, bat are also extensions that can be exe files in disguise.
|
taylor04
|
Posted - 2006.08.31 15:28:00 -
[28]
hi, i got the same screenshots from this bastage
ill logon now and see whats happened, if thereis anyiskon my account that isnt mine ill definitly return it
logging in now http://img133.imageshack.us/img133/5241/cheerbear7lv.jpg |
Weps
Caldari Provisions
|
Posted - 2006.08.31 15:29:00 -
[29]
Originally by: Experiment 00456 Yeah, the user doesn't always have to execute the exe file for the virus to take affect.
<---- BS.
OP: .scr files are exe files, but you already figured that one out. It wasnt a virus either, just a keylogger. But still, you sure got guts to not blame someone or something else.
|
Zarch AlDain
Friends of Everyone
|
Posted - 2006.08.31 15:29:00 -
[30]
It's possible taylor was also hacked I suppose... I guess CCP will find out when they investigate...
Zarch AlDain
|
|
|
|
|
Pages: [1] 2 3 4 5 6 :: one page |
First page | Previous page | Next page | Last page |