| Pages: [1] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
thesleeper
Caldari
Infraction
   |
Posted - 2008.02.20 13:40:00 -
[1]
Hmmm, I just got a dialog box asking me whether i want to Run, or Save
wmplayer.exe (65kb)
when i opened the www.eve.is site (definately correct URL).
Is this usual? Or am I underrrrr atttaccckssss and its on my side? :)
- the sleeper service - |
Teyrala
Center for Advanced Studies
|
Posted - 2008.02.20 13:42:00 -
[2]
sounds dodgy.
run an antivirus/antispyware app now
|
thesleeper
Caldari
Infraction
|
Posted - 2008.02.20 13:45:00 -
[3]
 Originally by: Teyrala
sounds dodgy.
run an antivirus/antispyware app now
I use nod32. Was only from this site, nothing found on scan.
Ah well, I'll start to worry if it actually happens again, but so far only once.
- the sleeper service - |
ShA DoW
KrayZ Dams Inc.
R0ADKILL
|
Posted - 2008.02.20 14:29:00 -
[4]
Not to alarm you but that sounds like a Trojan to me. (in this case the Troj/Psyme-AT)
Quote:
Troj/Psyme-AT is a JavaScript Trojan which exploits the ADODB Stream vulnerability associated with Microsoft Internet Explorer to silently download an executable file from a remote server to the local computer.
The executable is saved as wmplayer.exe and wmplayer.exe.bak to the following locations (if they exist), replacing legitimate versions of wmplayer.exe:
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programas\Windows Media Player\wmplayer.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Programmer\Windows Media Player\wmplayer.exe
D:\Program\Windows Media Player\wmplayer.exe
D:\Programme\Windows Media Player\wmplayer.exe
D:\Programmi\Windows Media Player\wmplayer.exe
D:\Programfiler\Windows Media Player\wmplayer.exe
D:\Programas\Windows Media Player\wmplayer.exe
D:\Archivos de programa\Windows Media Player\wmplayer.exe
Troj/Psyme-AT can arrive on the computer by browsing websites whose HTML pages
contain the script or by loading a HTML page that contains a link to an infected page. For example a HTML page may contain:
data=html:file://C:\\unknown.mht!http://unknown.com/dial.chm::/x.htm
src=http://unknown.com/dial.chm::/x.htm
where dial.chm is a compiled HTML help file containing x.htm and x.htm is a HTML file containing the Troj/Psyme-AT script.
Check this link for more info
|
Grimpak
Gallente
Trinity Nova
|
Posted - 2008.02.20 16:09:00 -
[5]
Originally by: thesleeper
Originally by: Teyrala
sounds dodgy.
run an antivirus/antispyware app now
I use nod32. Was only from this site, nothing found on scan.
Ah well, I'll start to worry if it actually happens again, but so far only once.
run SpyBot ASAP.
it's not an antivirus, but it's a great complement to the antivirus you have
---
Trinity Nova Mercenary Services Web Site - Nominated for the 2008 E-ON Magazine Awards |
|
|
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |