Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 11:31:00 -
[1]
Edited by: Tissa on 02/02/2007 11:51:24 Several of us have reported getting a trojan from a third party eve site that a lot of us visited over this D.v thing.
The virus *may be called gtb11.tmp.cab and was in C:\Documents and Settings\(user)\Local Settings\Temp
It got through firefox with me.
*if it's not this one please scan anyway, as there have been several reports of this
*Edits.
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
Dark Shikari
Caldari Imperium Technologies Firmus Ixion
|
Posted - 2007.02.02 11:36:00 -
[2]
Edited by: Dark Shikari on 02/02/2007 11:55:34
I highly doubt you "got it through Firefox."
Anyways if its in your temp folder and nowhere else, it likely means it wasn't installed anywhere, so its not a threat.
Heck it might even have been a cached file while browsing.
-[23] Member-
EVE-Trance Radio! (DSTrance channel ingame) |
D'onryu Shoqui
Vengeance of the Fallen Curse Alliance
|
Posted - 2007.02.02 11:39:00 -
[3]
does firefox even use any of the windows temp folders? i would have expected it to have its own cache directorys?
------------------------------ My opinions are my own and not that of the alliance i belong to. |
hotgirl933
|
Posted - 2007.02.02 11:41:00 -
[4]
either way best bet is to avoid visiting certain websites and what makes u think it may be a trojan
|
Dark Shikari
Caldari Imperium Technologies Firmus Ixion
|
Posted - 2007.02.02 11:44:00 -
[5]
Edited by: Dark Shikari on 02/02/2007 11:41:44
Originally by: D'onryu Shoqui does firefox even use any of the windows temp folders? i would have expected it to have its own cache directorys?
It does, which is what struck me as very strange.
I'd be very hesitant to blame the browser unless you're absolutely sure you didn't get it any other way, such as from a program installer.
Also, what antivirus program do you have? Some have a habit of coming out with tons of false positives.
If you're using AVG, Trend Micro, or others I would scan it with a more reliable scanner (like Kaspersky's free scanner on their site) before posting about it.
-[23] Member-
EVE-Trance Radio! (DSTrance channel ingame) |
Sir MilBanacky
Stronghold corp Curse Alliance
|
Posted - 2007.02.02 11:45:00 -
[6]
Edited by: Sir MilBanacky on 02/02/2007 11:43:14
Originally by: hotgirl933 either way best bet is to avoid visiting certain websites and what makes u think it may be a trojan
LOL Nice Try trying to keep people from reading the BOB Hacked Forums guys. If people want to go there let them. and no the so called Trojan doesnt exist.
I just went there and nothing downloaded here Hmmm
|
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 11:46:00 -
[7]
Originally by: Dark Shikari Edited by: Dark Shikari on 02/02/2007 11:34:00
I highly doubt you "got it through Firefox." Its far more likely that you got it through your own mistake,
You are probably right, I only have the details from my scan and not the others that have found it. I felt that posting about this as soon as possible would be better than in several hours time.
But...there is a virus knocking about so please people do a full scan of your HD this one is a nasty little begger.
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
Dark Shikari
Caldari Imperium Technologies Firmus Ixion
|
Posted - 2007.02.02 11:46:00 -
[8]
Originally by: Tissa
Originally by: Dark Shikari I highly doubt you "got it through Firefox." Its far more likely that you got it through your own mistake,
You are probably right, I only have the details from my scan and not the others that have found it. I felt that posting about this as soon as possible would be better than in several hours time.
But...there is a virus knocking about so please people do a full scan of your HD this one is a nasty little begger.
Which Antivirus program did you catch it with? I want to check its not a false positive.
-[23] Member-
EVE-Trance Radio! (DSTrance channel ingame) |
Abye
Caldari SniggWaffe
|
Posted - 2007.02.02 11:48:00 -
[9]
Originally by: Dark Shikari Edited by: Dark Shikari on 02/02/2007 11:41:05
Originally by: D'onryu Shoqui does firefox even use any of the windows temp folders? i would have expected it to have its own cache directorys?
It does, which is what struck me as very strange.
Actually it makes more sense to write temporary data to a directory that is supposed to hold temporary data. Makes it a lot easier to run with limited user rights.
Programs that need to write to their program folder need to die out. Oh wait, Eve writes to the program folder, too :/
|
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 11:50:00 -
[10]
I use Avast as XP 64 hasn't given me a whole lot of alternatives.
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
|
Nadarius Chrome
Minmatar
|
Posted - 2007.02.02 11:50:00 -
[11]
Did your AV program give it a name? If so, look it up on a website like http://www.symantec.com/home_homeoffice/security_response/threatexplorer/index.jsp to see what it does, where (else) it drops files and how it infects your system in the first place.
|
Dark Shikari
Caldari Imperium Technologies Firmus Ixion
|
Posted - 2007.02.02 11:52:00 -
[12]
Originally by: Tissa I use Avast as XP 64 hasn't given me a whole lot of alternatives.
Check it with the Kaspersky online file scanner and see if it gives the same results.
Avast has a habit of coming up with false positives.
-[23] Member-
EVE-Trance Radio! (DSTrance channel ingame) |
B0rn2KiLL
MicroFunks
|
Posted - 2007.02.02 11:57:00 -
[13]
Originally by: Dark Shikari Edited by: Dark Shikari on 02/02/2007 11:34:00
I highly doubt you "got it through Firefox." Its far more likely that you got it through your own mistake, as I have never seen a Firefox buffer-overflow exploit actually used. The price you'd have to pay on the black market to get one before it was fixed would probably be astronomical, as generally the Mozilla Foundation does not announce the attacks until they are fixed.
Also, if its in your temp folder and nowhere else, it likely means it wasn't installed anywhere, so its not a threat.
Heck it might even have been a cached file while browsing.
atleast the guy's trying to warn us, just check your cache for the damn file. ---
new sig, Hijack it and ill eat u. *Imaran hands B0rn2KiLL a fork - Come get some!11
|
Zissou
5 November
|
Posted - 2007.02.02 12:02:00 -
[14]
Google Tool Bar? (gtb)? |
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 12:12:00 -
[15]
As I said in the now edited OP, I am not sure this is the virus. I could go into more details on what type the one knocking about is and what it does but tbh I don't want to start some kind of f***e w** as there is enough drama on here as it is.
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
Zissou
5 November
|
Posted - 2007.02.02 12:19:00 -
[16]
Originally by: Tissa As I said in the now edited OP, I am not sure this is the virus.
So your AV software doesn't provide details?
Originally by: Tissa I could go into more details on what type the one knocking about is and what it does but tbh I don't want to start some kind of f***e w** as there is enough drama on here as it is.
How would informing us what it is and what it does cause more drama?
Most strange.
|
Xendie
Forsaken Empire The Forsaken Empire
|
Posted - 2007.02.02 12:22:00 -
[17]
Originally by: Zissou
Originally by: Tissa As I said in the now edited OP, I am not sure this is the virus.
So your AV software doesn't provide details?
Originally by: Tissa I could go into more details on what type the one knocking about is and what it does but tbh I don't want to start some kind of f***e w** as there is enough drama on here as it is.
How would informing us what it is and what it does cause more drama?
Most strange.
looks like another bob alt trying to stop people from reading all the dirty laundry of bob.
Quote: Nertzius > having fun being incompetitent?
Quote: jake sisko > its f-e's bob dev alt making lag
|
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 12:33:00 -
[18]
Good greaf and I thought it was me with my tin foil hat on too tight. Gentlemen you win that one hands down.
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
Maam
|
Posted - 2007.02.02 13:27:00 -
[19]
The forums are quite un-bloody-believable sometimes!
The guy comes here to warn of a quite believable problem, that may be caused by visting someone's site who I understand is an underground haxxor type.
Instead of thanking him, or just heeding his warning to try a scan, you all rip him to shreds!
How DO you all manage to function in real life? Sheesh.
|
WrathchildeVOTF
|
Posted - 2007.02.02 13:39:00 -
[20]
A couple of basics for anti-virus.
Your AV program should report the name/class of the virus it thinks it detects. Look up the virus name at McAffee of Norton's website, and get the details. There is usually a standard name for the infected file, search for it on your system. If all points match up, you may well have the virus indicated.
If things don't seem to line up, try using another AV program (Yes, Kaspersky's is a very nice program. I tend to like TrendMicro a lot also) to see if it reports the same virus. Most of these AV engines use different scanning logic, and may report different results.
DON'T PANIC! Put on your JooJanta 2000 Peril Sensitive SunglassesÖ
If you do believe you have an infected machine, I would highly reccommend accessing any MMO accounts through a DIFFERENT COMPUTER and immediately changing your account passwords. There are a lot of keyloggers that can be dropped on your system, and better safe than sorry.
To the OP, I would agree with another posted that the file you referenced was the cab file for the Google Toolbar (Be Evil). You really don't want that memory hog running anyway.
|
|
Nexaos
|
Posted - 2007.02.02 13:47:00 -
[21]
Originally by: Maam
Instead of thanking him, or just heeding his warning to try a scan, you all rip him to shreds!
things like;
Originally by: Tissa I could go into more details on what type the one knocking about is and what it does but tbh I don't want to start some kind of f***e w** as there is enough drama on here as it is.
dosn't really help
|
Kumu Honua
|
Posted - 2007.02.02 14:01:00 -
[22]
Edited by: Kumu Honua on 02/02/2007 13:57:36 I went to that "3rd party website" and have no such file on my system.
Perhaps it was that tab to the ****ography site instead?
|
Maya Rkell
Forsaken Empire The Forsaken Empire
|
Posted - 2007.02.02 14:04:00 -
[23]
Edited by: Maya Rkell on 02/02/2007 14:00:50
Originally by: Xendie looks like another bob alt trying to stop people from reading all the dirty laundry of bob.
No Xendie, it's quite real. A hacker...infects visitors to his forum with a trojan? NEVER! But yea, anyway, he does. Make sure your AV software is up to date if you visit. It might only be on registration, I haven't analysed the log than finely yet.
//Maya |
bow locks
UK Corp Lotka Volterra
|
Posted - 2007.02.02 14:04:00 -
[24]
The website referred to is a HACKERS website.
someone remind me what 2 plus 2 is?
Just do as the man says, and, hey, be careful out there. Or not, the choice is yours.
(btw for the record my work computer picked nothing up - but then it doesnt tell me everything)
|
Xanidra
LifeLine Solutions
|
Posted - 2007.02.02 14:13:00 -
[25]
Originally by: bow locks
(btw for the record my work computer picked nothing up - but then it doesnt tell me everything)
your at work, and you go looking for a virus. . lol
|
Marcus TheMartin
Gallente Tuxedo.
|
Posted - 2007.02.02 14:13:00 -
[26]
Originally by: Maya Rkell Edited by: Maya Rkell on 02/02/2007 14:00:50
Originally by: Xendie looks like another bob alt trying to stop people from reading all the dirty laundry of bob.
No Xendie, it's quite real. A hacker...infects visitors to his forum with a trojan? NEVER! But yea, anyway, he does. Make sure your AV software is up to date if you visit. It might only be on registration, I haven't analysed the log than finely yet.
Well I expected as much from going to the forum oh well time to run a virus scan
Half Assed Rhymage
|
Tissa
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 14:24:00 -
[27]
Originally by: bow locks
Just do as the man says
*raises eyebrow and reminds herself to sell Mr. Locks corpse to Eric.
;)
My views do not represent those of my corp or alliance. (Joined UKC 19/09/06) |
Saint Viper
Minmatar UK Corp Lotka Volterra
|
Posted - 2007.02.02 14:28:00 -
[28]
Originally by: Tissa
Originally by: bow locks
Just do as the man says
*raises eyebrow and reminds herself to sell Mr. Locks corpse to Eric.
;)
Your a man and you did not tell us!!!!! Damn after all this time my fantasies are shattered.
|
Lucio
Gallente UK Corp Lotka Volterra
|
Posted - 2007.02.02 14:35:00 -
[29]
Should have tried reverse psychology there, if you'd posted that the site was perfectly safe and everyone should read it, they'd be legions of comments telling people to stay away :)
Anyhow, I know that I've been unable to get a result with my virus scanner (ZoneLabs) but I'll still be checking my home system to see whether or not the file is there :) ************************************************
Wohoo! No more negative sec status. It's a shame it took me TWO YEARS of Carebearing to get rid of a lousy -1.2 |
Xendie
Forsaken Empire The Forsaken Empire
|
Posted - 2007.02.02 14:51:00 -
[30]
Originally by: Maya Rkell Edited by: Maya Rkell on 02/02/2007 14:00:50
Originally by: Xendie looks like another bob alt trying to stop people from reading all the dirty laundry of bob.
No Xendie, it's quite real. A hacker...infects visitors to his forum with a trojan? NEVER! But yea, anyway, he does. Make sure your AV software is up to date if you visit. It might only be on registration, I haven't analysed the log than finely yet.
my computer is perfectly clean. and that thingy is a cached install file from google toolbar btw.
Quote: Nertzius > having fun being incompetitent?
Quote: jake sisko > its f-e's bob dev alt making lag
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |