R
-
Hail Guest! We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
-
Greetings Guest, Having Login Issues? Check this thread!
-
Hail Guest!, Please take a moment to read this post reminding you all of the importance of Account Security.
-
Hail Guest! Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!
Virus Warning: UO Player Tracker
- Thread starter Ravynmagi
- Start date
- Watchers 0
- Status
S
Southern
Guest
Thanks for deleting that thread, Ravyn.. Hopefully no one will be infected by it. [sigh]
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
M
McAlghenny
Guest
http://boards.stratics.com/cgi-bin/...207808&page=0&view=collapsed&sb=5&part=1&vc=1
She's here and at it again.
I've already posted the alert there.
-Mac
---------------------------------------
<font color=green>McAlghenny</font color=green>, Recruit Warrior [WOS]
<font color=blue>Angus</font color=blue>, Miner/Smith/Tinker
<font color=purple>Armstrong</font color=purple>, Mule
<font color=red>Napa Valley</font color=red>
She's here and at it again.
I've already posted the alert there.
-Mac
---------------------------------------
<font color=green>McAlghenny</font color=green>, Recruit Warrior [WOS]
<font color=blue>Angus</font color=blue>, Miner/Smith/Tinker
<font color=purple>Armstrong</font color=purple>, Mule
<font color=red>Napa Valley</font color=red>
P
pipuis
Guest
You may want to look at the other forums I think it is showing up on all the boards. If this is the same one.
"Not all who Wander are Lost" JRR Tolkien
"Not all who Wander are Lost" JRR Tolkien
I
Ingesticide
Guest
No Text
<center>
"We live on a placid island of ignorance in the midst of black seas of infinity,
and it was not meant that we should voyage far."-H.P. Lovecraft</center>
<center>
"We live on a placid island of ignorance in the midst of black seas of infinity,
and it was not meant that we should voyage far."-H.P. Lovecraft</center>
O
Owen Lighthood
Guest
Its not there anymore.
<center>Owen Lighthood - Moderator!
"A troll once tried to spam my forums.
I ate his liver with some fava beans and a nice chianti. . ." </center>
<center>Owen Lighthood - Moderator!
"A troll once tried to spam my forums.
I ate his liver with some fava beans and a nice chianti. . ." </center>
S
Succabus
Guest
wow, thanks for the timely warning!
S
Southern
Guest
All --
While visiting CoB a few minutes ago, I noticed someone named "Leanne" posted a message about a new utility available called "UO Player Tracker".
Me, being the suspicious person I am, followed the link and grabbed the file to check it for possible infection(s)..
And whaddya know, the program is infected with the BackDoor.SubSeven Virus.
If you have downloaded this program from a message you've seen somewhere else, *immediately* head over to McAfee.Com's virus clinic and read the following information:
http://vil.mcafee.com/dispVirus.asp?virus_k=10171&
It contains detailed information on how to remove this trojan from your system.
Now I need to figure out where to send this link to in order for something to be *DONE* about it.. [sigh]
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
While visiting CoB a few minutes ago, I noticed someone named "Leanne" posted a message about a new utility available called "UO Player Tracker".
Me, being the suspicious person I am, followed the link and grabbed the file to check it for possible infection(s)..
And whaddya know, the program is infected with the BackDoor.SubSeven Virus.
If you have downloaded this program from a message you've seen somewhere else, *immediately* head over to McAfee.Com's virus clinic and read the following information:
http://vil.mcafee.com/dispVirus.asp?virus_k=10171&
It contains detailed information on how to remove this trojan from your system.
Now I need to figure out where to send this link to in order for something to be *DONE* about it.. [sigh]
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
S
Southern
Guest
Followup Information about this Trojan:
After installing it on my test machine, it has made the following modifications:
in C:\WINDOWS\WIN.INI, it added the string:
run=bkqvjturlon.exe
It also added the BKQVJTURLON.EXE file to my C:\WINDOWS directory.
It ALSO added the *.EXE file to my Registry, under the HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RUN section. *sigh*
And again to the registry under HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunServices.
*still looking...*
in my C:\WINDOWS\SYSTEM.INI, it's added the line:
shell=Explorer.exe bkqvjturlon.exe
Back to the Registry again.. This time under:
HKey_Classes_ROOT\exefile\shell\open\command
it added the string:
\nmeusxj.exe %1 %*
ALL of this will need to be cleaned.. and the information from McAfee.Com will only be a starting point.
Again, the McAfee page that will show you how to get rid of most of this infection is located at:
http://vil.mcafee.com/dispVirus.asp?virus_k=10171&
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
After installing it on my test machine, it has made the following modifications:
in C:\WINDOWS\WIN.INI, it added the string:
run=bkqvjturlon.exe
It also added the BKQVJTURLON.EXE file to my C:\WINDOWS directory.
It ALSO added the *.EXE file to my Registry, under the HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RUN section. *sigh*
And again to the registry under HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunServices.
*still looking...*
in my C:\WINDOWS\SYSTEM.INI, it's added the line:
shell=Explorer.exe bkqvjturlon.exe
Back to the Registry again.. This time under:
HKey_Classes_ROOT\exefile\shell\open\command
it added the string:
\nmeusxj.exe %1 %*
ALL of this will need to be cleaned.. and the information from McAfee.Com will only be a starting point.
Again, the McAfee page that will show you how to get rid of most of this infection is located at:
http://vil.mcafee.com/dispVirus.asp?virus_k=10171&
Southern
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
K
Kered.
Guest
Let's keep bumping this one. Thanks for the helpful information.
G
Guest
Guest
...
Hell that's why it's the only Stratics forum that I can load even with DSL with any speed whatsoever. However kudo's to Southern for stickying the post...
Now if we can only get them to limit the number of posts per thread... then the boards might actually load /shared/forum_images/beige/icons/biggrin.gif
Note: If you want an example in extreme pain, try loading the Fisherman's Forum expanded
Thanks to EVERYONE who kept the Floortiles idea alive!
Hell that's why it's the only Stratics forum that I can load even with DSL with any speed whatsoever. However kudo's to Southern for stickying the post...
Now if we can only get them to limit the number of posts per thread... then the boards might actually load /shared/forum_images/beige/icons/biggrin.gif
Note: If you want an example in extreme pain, try loading the Fisherman's Forum expanded
Thanks to EVERYONE who kept the Floortiles idea alive!
THey have even tryed posting on tradespot and a few other boards trying to get people to download it
T
Troy McClure
Guest
Wow thanks! I've had SubSeven v. 1.2 on my comp for about a month now, just haven't bothered to deal with it... maybe I can get rid of it now! *hic*
Yeah yeah, a full month. blah blah blah. I'm lazy okay? get over it!(besides, it's mostly dormant and Norton has been telling me it's not doing anything subservient)
pH34r mY L33t rP sK!LLz!!
*gives you a hug*
Yeah yeah, a full month. blah blah blah. I'm lazy okay? get over it!(besides, it's mostly dormant and Norton has been telling me it's not doing anything subservient)
pH34r mY L33t rP sK!LLz!!
*gives you a hug*
I
imported_Wulfgar
Guest
what is with this recent rash of hacker/virii attacks? very very odd...apparently there too many people with too much time on their hands =>
C
Chamberzord
Guest
"apparently there too many people with too much time on their hands"
hmmmm /shared/forum_images/beige/icons/wobble.gif
<font color=green>Definatly a</font color=green>
<font color=green>Walking Contradiction</font color=green>
hmmmm /shared/forum_images/beige/icons/wobble.gif
<font color=green>Definatly a</font color=green>
G
Guest
Guest
I don't want to know what happens if some of us old-timers would get hacked and our houses transfered.... lots and lots of money gone (houses, rares, high end weaps/armor...).
No signature is a good signature.
No signature is a good signature.
M
Midnite
Guest
I am unable to post through my office. But I can read all I want. I saw the post and was reading the fact sheet on the program. It was too good to be true. I figured something was fishy about the whole thing.
Middy
- Yes, you were looted - Take a deep breath - Don't call a GM it's part of the game - Re-equip - and have a great day!
Middy
- Yes, you were looted - Take a deep breath - Don't call a GM it's part of the game - Re-equip - and have a great day!
L
Lothian Of EYIF
Guest
This program was originally called UO Plugin 5.0. I guess it's some kind of trojan horse.
<center>
</center>
<center>
</center>
G
Grieven
Guest
Southern i once herd the FBI takes thies cases 
maby they were infected one to many times...
also! i have a friend that was a F'n genius with comps. i mean the guy knew everything MS certifyed and was 16 *giveing* collage course lessions... need i say more? but he was busted for hacking gave an *butt* hole a few viruses and then shorty after was offored a job. he wont tell me where though but thats just my 2 cents.
Wooo Hooo! Look at'm go!
maby they were infected one to many times...
also! i have a friend that was a F'n genius with comps. i mean the guy knew everything MS certifyed and was 16 *giveing* collage course lessions... need i say more? but he was busted for hacking
gave an *butt* hole a few viruses and then shorty after was offored a job. he wont tell me where though but thats just my 2 cents.
Wooo Hooo! Look at'm go!
D
dunkking
Guest
so lets just hope i dont get anything mentioned above (i dont what the heck you guys are talking about but i think its bad)
I
imported_Shari
Guest
Isn't there a way by looking at view source to see the ISP this person is posting from? Then you can report him/her.
I just don't understand these people. *shakes head*
Thanks for your warning. I know a little about computer but this one looks ugly to get rid of.
I just don't understand these people. *shakes head*
Thanks for your warning. I know a little about computer but this one looks ugly to get rid of.
G
Garr_gl
Guest
Ok im such a computer newbie.How can you tell if you got sumthing like that?Im not even sure what one does
A
aussie_[oc]
Guest
ooo
G
Guest
Guest
(Norton, McAfee, F-Prot, etc.) virus program installed on your machine, get the latest signature files (download about once a week) and keep active protection on, you'll probably never have a virus problem.
Anti-virus software also picks up on joke programs, macros, and trojans (like "back orofice" and "subseven".
---Tell me more about this Earth custom called "kissing"---
And hey, If I'm certifiable, where's my damned certificate, eh?
Anti-virus software also picks up on joke programs, macros, and trojans (like "back orofice" and "subseven".
---Tell me more about this Earth custom called "kissing"---
And hey, If I'm certifiable, where's my damned certificate, eh?
R
Raevyn
Guest
I absolutely LOVE the sig Owen
D
DaveKay
Guest
This is posted by the same guy that posted the UO Plug-in 5.0 last week. He posted all over Tradespot, and was reported with all IP addresses and links to OSI and the federal agency for online crimes (or whatever it is). Also, they said that the guy's ISP was being very cooperative in giving any information they needed to get a hold of the guy. =)
T
Taminjun
Guest
well alot of the times you can when you restart your computer depending on how you connect to the internet.
I have a cable modem. Those and DSL lines are not compatible with the subserve7 trojan. Unless it has been updated.
when you restart the computer sometimes a screen pops up saying, "unable to initialize the modem", cannot determine IRC port, modem failed to connect to server, and other little warnings like that.
I recommend getting a little program that monitors internet usage (I can get a web page if you need it) it tracks all the pages you are going to and all of your internet activity. so taht if someone is getting into your computer it would show that you are doing something(even though its not you) then you know that someone is using your system.
I have a cable modem. Those and DSL lines are not compatible with the subserve7 trojan. Unless it has been updated.
when you restart the computer sometimes a screen pops up saying, "unable to initialize the modem", cannot determine IRC port, modem failed to connect to server, and other little warnings like that.
I recommend getting a little program that monitors internet usage (I can get a web page if you need it) it tracks all the pages you are going to and all of your internet activity. so taht if someone is getting into your computer it would show that you are doing something(even though its not you) then you know that someone is using your system.
S
Southern
Guest
I'm going to unsticky this post this evening, so if anyone wants to save any information out of this thread (such as how to remove the trojan), please do so -- as soon as it's unsticked, it will probably automatically fly to page 15 or something. /shared/forum_images/beige/icons/smile.gif
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
Proprietor, South's Maps & Market
Great Lakes
Eye yam aye tru beeleever inn hour edukashun sistum
G
Guest
Guest
Test
N
Neva Darcan
Guest
I find it odd that every time I click to read this thread (And only this thread) my linksys firewall log in screen pops up.
Odd.
Odd.
- Status