So i was doing my Virus scan this morning. and Found out this in the image So Im gussing now uo Is stealing accounts now maby???
-
Hail Guest! We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
-
Greetings Guest, Having Login Issues? Check this thread!
-
Hail Guest!, Please take a moment to read this post reminding you all of the importance of Account Security.
-
Hail Guest! Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!
Password stealer??
- Thread starter Jonny boy mccoy
- Start date
- Watchers 2
O
OxAO
Guest
uosasetup_105.exe is the enhanced client download.
your virus scan didn't recognize the exe script file most likely.
it dose ive had it for a week now the viruses just showed up after the update for my viruses program
After looking up w32/pws.bpiz on Google didn't find anything so i looked up the first part w32/pws and found this This family of Trojan horses is capable of stealing various passwords. Trojans have a program "configurer" (configuration component) that allows malefactors controlling these viruses to adjust server components as they desire. All trojans work the same way . So with that in mind why is uo using that worm to install uosa client? and some FYI i went to the site downloaded the file again and ran a scan before installing it showed up again.
UOSASetup_105.exe is NOT the client, but the setup utility to get the client from Mythic server.
I just downloaded it about 5 minutes ago to my pc here in the office. We use the geekiest-most-expensive-enterprise-virus-and-security software/server/service on the planet... Sophos.
Scanning the above mentioned file and it comes up clean.
to the OP -
You may have that trojan hidden somewhere else on your computer and it attached to the downloaded file. questions I would have (being an admin & tech):
1 - what browser did you use
2 - are you on a wireless LAN
3 - what virus software are you using
The file itself is contaminated with an infection, not that the file is the infection. I seriously and highly doubt any business would want to steal its user's passwords.
I strongly suggest that you unplug from the internets, go into safe mode, and once again run your viral check but on a deep level and not a "quick" scan. Any virus software worth its salt (yes, even the freebie AVG) has a low level scan method. But you have to do it OFFLINE - I've seen nasties morph and change all within minutes after a scan starts and it gets its instruction via the connection.
*edit*
And here is what Sophos has to say about the infection:
http://www.sophos.com/search/search...te_search&submit.x=0&submit.y=0&action=search
You may find that infection in other things... icq files, msoutlook files and possibly mssql files (if you use those programs).
Of note, there are instructions for removing the trojan on the Sophos site as well... but if you are not failiar with editing your HKregistry, you will have issues.... so enlist the help of a neighborhood geek and make sure you have a good supply of Mt. Dew.
I just downloaded it about 5 minutes ago to my pc here in the office. We use the geekiest-most-expensive-enterprise-virus-and-security software/server/service on the planet... Sophos.
Scanning the above mentioned file and it comes up clean.
to the OP -
You may have that trojan hidden somewhere else on your computer and it attached to the downloaded file. questions I would have (being an admin & tech):
1 - what browser did you use
2 - are you on a wireless LAN
3 - what virus software are you using
The file itself is contaminated with an infection, not that the file is the infection. I seriously and highly doubt any business would want to steal its user's passwords.
I strongly suggest that you unplug from the internets, go into safe mode, and once again run your viral check but on a deep level and not a "quick" scan. Any virus software worth its salt (yes, even the freebie AVG) has a low level scan method. But you have to do it OFFLINE - I've seen nasties morph and change all within minutes after a scan starts and it gets its instruction via the connection.
*edit*
And here is what Sophos has to say about the infection:
http://www.sophos.com/search/search...te_search&submit.x=0&submit.y=0&action=search
You may find that infection in other things... icq files, msoutlook files and possibly mssql files (if you use those programs).
Of note, there are instructions for removing the trojan on the Sophos site as well... but if you are not failiar with editing your HKregistry, you will have issues.... so enlist the help of a neighborhood geek and make sure you have a good supply of Mt. Dew.
1 - what browser did you use . google is what i am using
2 - are you on a wireless LAN .nope not wireless
3 - what virus software are you using black ice with iolo system shield
ive tried the removal allrdy but yet its not the right one for the virus i had got??
2 - are you on a wireless LAN .nope not wireless
3 - what virus software are you using black ice with iolo system shield
ive tried the removal allrdy but yet its not the right one for the virus i had got??
sorry - long post.... much to read....
Browser: google (you mean Chrome?)
We've banned Chrome in our facilities for there are still too many security issues with the software. I'm a stringent Google supporter, but here at work, and for the rest of my standard browsing, I use Firefox or Opera. Therein may be your initial problem. I have an isolated testing environment for our web application with chrome, and have issues.... just FYI on that.
LAN - good, you are hardwired so that eliminates other issues with "roaming" viruses & infections from unsecured WANs. Advise your admin (if you have one) that there is a security issue and they need to updated their firewall configurations. If you are on a home-based LAN then you should make sure your firewall software is up-to-date as well as any other necessary security updates for windows. From what I've (quickly) read over, Iolo is NOT firewall software, it is a PC optimization toolkit. The Iolo software (specifically the Mechanic stuff) has had a slew of problems and they just cannot seem to get things working right anymore.
Blackice security -
You do realize Blackice has been discontinued by IBM and the last update to the virus file was in September 2008?? (http://www.pcmag.com/article2/0,2817,2167544,00.asp). also look at the cnet download page for it - the second comment.... (http://download.cnet.com/BlackICE-PC-Protection/3000-2092_4-10040175.html) :
*edit*
And even the saveblackice.com pushes people to switch to their own SPF software... just so you know, you are using "dead" software...
Don't worry, you don't need to hose your system (I hope!)... but I STRONGLY advise that you get something new with up-to-date definitions and then run a low-level scan check in safe mode disconnected from the internet. You may be down for a couple of days.... depending on how infected your system is with other stuff. If you system is bad, you may even have issues with downloading and installing a new piece of virus software...
I pay for my virus stuff, but then I'm a developer and need the high levels of security that comes with guarantees. If you are just a home gamer, AVG's free software is good (is version 9.5 now?) and the avast! (is really called that) software is also nice and free. BUT UNINSTALL ANY OTHER VIRUS SOFTWARE FIRST! If you go and get avast! and install it over the Blackice you will have problems. You should only have 1 virus proggie and 1 firewall proggie.
On a personal note, I do not like McAffee (Norton) software... too intrusive and very hard to remove if you want to switch.
You can also hit up tech forums for info and help (http://forums.majorgeeks.com/forumdisplay.php?f=20 is a VERY good place to start) - but anything free means your help comes from volunteers... and at their leisure, not so much yours.
Without seeing your system, I'd say if this is the FIRST you've experienced this particular worm, then you are kinda "safe". I'd start using another (proven) browser though for stuff... and hopefully you don't use Outlook for your email, as worms look for email SOFTWARE to propagate. If you use your browser for internet based email (hotmail, yahoo & google) then you are pretty safe from spreading the worm for all internet based email services are scanned and scanned again for viruses constantly.
It could be that it jumped onto the SA installation utility from some other (low use) infected program on your system as it tries to find a way to spread - as many worms communicate with their source via the internet and get updates and patches with new instructions on a constant basis (morphing worms) - which is why you will not find the extension of the trojan... it is constantly changing. This is why you need to disconnect from the 'net, reboot your machine in safe mode to clean it out.
I'm sure the Mythic servers are pretty tight (they have to be or their weekly audits would cause havoc with EA!) and do not offer up infected files.
Hopefully this is a home setup and not college-dorm setting. Dorms are constantly running into issues as they share LANs....
Browser: google (you mean Chrome?)
We've banned Chrome in our facilities for there are still too many security issues with the software. I'm a stringent Google supporter, but here at work, and for the rest of my standard browsing, I use Firefox or Opera. Therein may be your initial problem. I have an isolated testing environment for our web application with chrome, and have issues.... just FYI on that.
LAN - good, you are hardwired so that eliminates other issues with "roaming" viruses & infections from unsecured WANs. Advise your admin (if you have one) that there is a security issue and they need to updated their firewall configurations. If you are on a home-based LAN then you should make sure your firewall software is up-to-date as well as any other necessary security updates for windows. From what I've (quickly) read over, Iolo is NOT firewall software, it is a PC optimization toolkit. The Iolo software (specifically the Mechanic stuff) has had a slew of problems and they just cannot seem to get things working right anymore.
Blackice security -
You do realize Blackice has been discontinued by IBM and the last update to the virus file was in September 2008?? (http://www.pcmag.com/article2/0,2817,2167544,00.asp). also look at the cnet download page for it - the second comment.... (http://download.cnet.com/BlackICE-PC-Protection/3000-2092_4-10040175.html) :
You may THINK you are being protected... but is time for you to start looking for another solution dude. Sophos has been protecting against that particular trojan since Dec. 2008... you've probably had this one for a very long time - but didn't even know it.
*edit*
And even the saveblackice.com pushes people to switch to their own SPF software... just so you know, you are using "dead" software...
Don't worry, you don't need to hose your system (I hope!)... but I STRONGLY advise that you get something new with up-to-date definitions and then run a low-level scan check in safe mode disconnected from the internet. You may be down for a couple of days.... depending on how infected your system is with other stuff. If you system is bad, you may even have issues with downloading and installing a new piece of virus software...
I pay for my virus stuff, but then I'm a developer and need the high levels of security that comes with guarantees. If you are just a home gamer, AVG's free software is good (is version 9.5 now?) and the avast! (is really called that) software is also nice and free. BUT UNINSTALL ANY OTHER VIRUS SOFTWARE FIRST! If you go and get avast! and install it over the Blackice you will have problems. You should only have 1 virus proggie and 1 firewall proggie.
On a personal note, I do not like McAffee (Norton) software... too intrusive and very hard to remove if you want to switch.
You can also hit up tech forums for info and help (http://forums.majorgeeks.com/forumdisplay.php?f=20 is a VERY good place to start) - but anything free means your help comes from volunteers... and at their leisure, not so much yours.
Without seeing your system, I'd say if this is the FIRST you've experienced this particular worm, then you are kinda "safe". I'd start using another (proven) browser though for stuff... and hopefully you don't use Outlook for your email, as worms look for email SOFTWARE to propagate. If you use your browser for internet based email (hotmail, yahoo & google) then you are pretty safe from spreading the worm for all internet based email services are scanned and scanned again for viruses constantly.
It could be that it jumped onto the SA installation utility from some other (low use) infected program on your system as it tries to find a way to spread - as many worms communicate with their source via the internet and get updates and patches with new instructions on a constant basis (morphing worms) - which is why you will not find the extension of the trojan... it is constantly changing. This is why you need to disconnect from the 'net, reboot your machine in safe mode to clean it out.
I'm sure the Mythic servers are pretty tight (they have to be or their weekly audits would cause havoc with EA!) and do not offer up infected files.
Hopefully this is a home setup and not college-dorm setting. Dorms are constantly running into issues as they share LANs....
Lord Nabin
High Council Sage - Greater Sosaria
Professional
Supporter
Stratics Veteran
Stratics Legend
UNLEASHED
Glorious Lord
*Head is Spinning*
Wow where is the Ale! Good info Kirthag sorry to here about the problem Jonny. Best of luck
Wow where is the Ale! Good info Kirthag sorry to here about the problem Jonny. Best of luck
Mt. dew and blackrock? sounds like a new ad comapign. And FYI i have no idea what you said up there. Im not a comp geek but i do like Mt. Dew so can i hang with you
yea my black ice is out of date but its a software protector and has wiped the system clean anytime there is a new virus out i have to add it to the data base. this in return will scan adn stop them now .this in turn is updated by me ,iolo has a nice firewall in the professional 9 and is a great system tool all over i do run a back up avg when i need to not the free one either. you was right the worm was attaching it self from a website that was giving out to me So everyone be careful from what you get from people in game !! i debug the virus and found that it Has a command line that links it self to uosa ............................... do not visit mobiward.com for its pocket keepers for pda !!!!!!!!!!!!! its the origin of the virus !!
Lord Nabin
High Council Sage - Greater Sosaria
Professional
Supporter
Stratics Veteran
Stratics Legend
UNLEASHED
Glorious Lord
OK Here Ya go!!!ahh.. so you do know what you're doing.
Of note, might wanna remove that link from your post... or change it so it is not a hotlink anymore....
G
Gawin
Guest
We Geeks now have a NEW best friend better then dew.... ALL HAIL KEURIG COFFEE MAKERS!!!!!!!!!!!!
I will admit... I've not been drinking as much Dew lately as straight-black-home-brew has been easier (and cheaper) to get a hold of. ^.^
Made a pot so black it made my dad shiver! goooood coffeeeeeee!
A
altarego
Guest
Umm...google's chrome, as a browser, is only as unsafe as the operating system you run it on. In fact, it was the only web browser to outperform both IE and Firefox in a recent volley of security hack tests:
http://arstechnica.com/security/new...-browser-left-standing-in-pwn2own-contest.ars
The fact that you are wired makes your life a bit easier (as opposed to wireless). But the real issue here is having a slim and efficient virus/malware detector and firewall.
For most users, including *everyone* that's not actually serving content off their box, or in a corporate environment, the standard windows firewall and Microsoft Security Essentials (freeware) is plenty enough protection.
That said, if you downloaded the above-mentioned file from a trusted website (i.e. from uoherald's link) then it's most likely a false positive and OK to use. If you downloaded it from a different site, then just delete it and download it from here:
http://www.uoherald.com/downloads/
No need to get all pseudo-tech on this issue. Sometimes, IT people tend to fan flames in order to make themselves feel like they're actually worth their salary - like alchemists of old.
http://arstechnica.com/security/new...-browser-left-standing-in-pwn2own-contest.ars
The fact that you are wired makes your life a bit easier (as opposed to wireless). But the real issue here is having a slim and efficient virus/malware detector and firewall.
For most users, including *everyone* that's not actually serving content off their box, or in a corporate environment, the standard windows firewall and Microsoft Security Essentials (freeware) is plenty enough protection.
That said, if you downloaded the above-mentioned file from a trusted website (i.e. from uoherald's link) then it's most likely a false positive and OK to use. If you downloaded it from a different site, then just delete it and download it from here:
http://www.uoherald.com/downloads/
No need to get all pseudo-tech on this issue. Sometimes, IT people tend to fan flames in order to make themselves feel like they're actually worth their salary - like alchemists of old.
My salary is less than $35k US a year... I do not make the big money.
I'm not "IT people"... I have no college education, and only 1 real certificate, RHCT (Red Hat Certified Tech).
Your quoted article is from March, 09 - but doesn't cite WHICH versions of the software were cracked.
In this article, dated August 09 - the Chrome Browser suxxor:
http://www.eweek.com/c/a/Security/I...-Others-in-Browser-Security-Smackdown-254742/
But then we can all quote editorials all day in a tit-for-tat.
Security wise... he's been manually patching is obsolete virus checker which most likely is is root issue. I agree the windows stuff (for windows) is sufficient... I never not once told anyone to get Sophos... actually I like avast! and my kids use that on their machines (not on my LAN tho).
*shrug*
We all have our fave ways of doing things... advice was asked for and advice was given and the dude is dealing with his situation. No need to get abrasive about it by bashing "people" you know nothing about...
To clarify, I'm not saying you dunno IT "people" but do not generalize... you make room for errors and insults that are loosely cloaked but still get peeps upset. If you believe I'm painting a picture worse than necessary, then say, "Kirth is blowing things out of proportion." Won't be the first time someone says it.. won't be the last. I spoke from experience... nada mucho.
*edit*
I prefer FF/Opera. I don't use IE because I absolutely HATE Bing's interference in my reading of forums and white papers with Bing popup links on various keywords - drives me bonkers! Reminds me of the old AOL popup days.