oh didnt realise OP was updated.
edit: im told alla and atlas arent safe too
oh didnt realise OP was updated.
edit: im told alla and atlas arent safe too
I sent an email to the abuse department for whats listed as somepage's host. I know the company I work for would nuke this domain for hosting something like this, but seeing as how somepage's A record seems like just a redirect to other servers i'm not sure what will happen.
Though, this has proven to me one thing:
Dear square enix: Please block the above listed IP Address's from your servers. Hugs and kisses: Me.
It won't block the frame, but it will not execute that JavaScript even with JavaScript enabled.Originally Posted by nithyan
I did a registry search and found all 4 of the files listed in the OP and deleted them. I was still able to log into my character. My next course of action is to make a big text file of random characters and stick my new PW in there somewhere then copy/paste it to change it. Is this the right way to go?
Originally Posted by Spira
Can anyone confirm the validity of this statement? Or are we just being paranoid and spouting rumors?
Zam is fine, I can't check atlas as it's having some database issues. Last I checked it though, which was earlier today, it was fine also.
After seeing how many people have been having problems, and that Symantec Products aren't finding this trojan, I thought I might inform them of this. Unfortunately, the response time is quite a bit lacking.
Response
---------------------------------------------------------------
Hello XXXXXXX,
We have received your request for assistance and a Symantec Authorized Online Customer Service agent will contact you by e-mail within 96 hours to help answer your questions. The subject line of our agent's email will contain the following information:
Problem Type:
Request reference number: 071212-000661
If you do not see a Symantec response within 96 hours in your inbox, please also look in your spam or junk folder as we have seen in many instances that our response lands in these folders.
This information is used for tracking purposes. If you need to send additional information to the agent related to your request please do so however please do not change the subject line of the message.
Please feel free to browse Symantec's rich source of self-help information, which may be accessed through the Website linked below:
http://www.symantec.com/techsupp/support_options.html
Thank you for contacting the Symantec Authorized Customer Service
Regards,
Technical Support Specialist
Symantec Authorized Online Customer Service
A quick question in regards to the possible key loggers, if they attempt to access the interwebs will a firewall identify it as an unknown process and flag it to the user ?
I use ffxiah / somepage / wikis on a regular basis and when that " zomg you have x ammount of virus' " add popped up on ffxiah i had enough sense to block it but i havent checked for the files listed within this post yet (ive only just read the post whilst at work) is anyone aware of having these files on their pc but have not had their account compramised b.c their firewall blocked it? or are the keylogger programs able to bypass firewalls ?
Out of curiousity, is there much discusion of accounts being stolen within the JP comunity ? are they losing accounts also ?
3rd party firewall yes, at least if it's a decent firewall and it's not set on some basic firewall settings, but it is most likely the windows XP/Vista firewall will let the rogue application go through without a warning...Originally Posted by Rya
Was curious, and did a whois on miorsocft. Not sure if this'll help or not, but I found it interesting.
Edit: Apparently you can't put bold in code stuff... >.>Code:Domain name: miorsocft(dot)com Registrant Contact: LiXin Xin Li [email protected] 0597-2133110 fax: 0597-2133110 XinLuoQu LongYan FuJian 364000 cn Administrative Contact: Xin Li [email protected] 0597-2133110 fax: 0597-2133110 XinLuoQu LongYan FuJian 364000 cn Technical Contact: Xin Li [email protected] 0597-2133110 fax: 0597-2133110 XinLuoQu LongYan FuJian 364000 cn Billing Contact: Xin Li [email protected] 0597-2133110 fax: 0597-2133110 XinLuoQu LongYan FuJian 364000 cn DNS: ns5.cnmsn.net ns6.cnmsn.net Created: 2007-11-22 (Edit: I found this date quite interesting) Expires: 2008-11-22 Registry Status: clientTransferProhibited Registry Status: clientDeleteProhibited
Edit 2: Didn't want to make a second post, but couldn't we get Microsoft to go after these people? Wasn't it proven that words can be read correctly with the letters all mixed up as long as the first and last letters were in the right spot? If MS can get MikeRoweSoft.com taken down and whatever else happened to the poor guy, they should have a field day with whatever company this is.... Just a thought. lol
The domain is registered in China, there's piss all chance of anyone getting it taken down.
i'm having trouble deleting kb1ss1p.dll. It says access is denied. Make sure the disk is not full or write protected and that the file is not in use
edit: dll not sys
http://download.bleepingcomputer.com/sp ... illBox.exeOriginally Posted by Spira
That's what I use. Just type or browse to the path of the file, tell it to remove the file on startup, and you should be all set once you reboot. There was also a program listed in the tech support forums not too long ago. More than likely the file is in use.
They talked about how copy/paste also likely gets picked up by keyloggers or whatever they're using. No copy-paste. Although if your computer is clean I guess it's a moot point, but... if your computer is clean it's clean.Originally Posted by Xerlic
I'm not an expert, but I gather people are saying cleaning your computer, then changing your password, and then keeping said computer clean will be enough (maybe lol). With emphasis on the keeping clean part.
On the S-E fault issue - IMHO, it's not their fault, it's YOURS if your computer is compromised, and people need to stop saying that S-E needs to do something about third-party sites or things they have no control over. This needs to be taken up with the ad providers or the sites or whatnot. It's their responsibility when accounts are getting stolen to figure out how to remedy the situation, though. Obviously their current account recovery system isn't enough.
for undeletable files http://ccollomb.free.fr/unlocker/ It just saved my ass.
viewtopic.php?f=36&t=27188
Firefox looks like:
http://img403.imageshack.us/img403/4044/firefox1iw1.jpg
IE looks like:
http://img141.imageshack.us/img141/6660/ie1ni3.jpg
If you use IE, you would have never seen this in the first place. Plus, I keep trying to give myself the virus/malware/spyware here at work but I can't. I also don't have Realplayer installed. Was it confirmed that this was a Realplayer exploit?
Yep. You need to have RealPlayer installed, and be viewing the page in IE in order to be vulnerable.Originally Posted by Izzy
How exactly is it the players fault if a fan site has a malicious script that exploits an error in 3'rd party application which isn't detectable by some of the more prominent anti virus software? Are they at fault because real player sucks? Are they at fault because Norton and Mcafee are resource hogging pieces of shit? Or are they at fault because after their work is stolen they have no recourse other than to suck it up?Originally Posted by Kyupi/Kij
Somepage's main ad system is google ads. That company might choose to 'do no evil' but I garuntee you they sure as hell don't hold themselves responsible for the pages they advertise on. Some page's host however is dyndns.com. They may be more than a bit interested to know that one of their websites is either purposely infecting people or is compromised. I already sent an email, but if its like any abuse department they get hundreds of those. The whois information for some page hasn't been updated since 2006, so if it was given over to an RMT website either they haven't updated that, or aren't going to.
However, the whois for somepage list's someone's phone#.
Anyone wanna call? I don't want IGE spamming my phone too.Code:http://www.networksolutions.com/whois/results.jsp?domain=some page.com (Take out the space
Edit: spaces for that word filter.
This is awesome. Fortunately, I have admin access to my linkshell's forum, so I put this info with links to here in my linkshell's forum. :D Thank you BG! Hopefully it will help any of my linkshell friends from being hacked, unfortunately, one already has.
Originally Posted by Airenn
I use most of this list Airenn's list. However, a good portion of my shell mates do not use this stuff.Originally Posted by Christophe
Looking towards the future, how do all of you feel about some of the other Anti-Virus software? Skip Norton and McAfee, I think those are crap. How about other popular free downloads, such as AntiVir? Since Taj recommends nod32, I won't bother asking about it. I think a lot of the anti-virus freeware often seems too new and immature to be good, but maybe there something acceptable that I haven't heard of.
Also, what about some of Comodo's software? iirc, Comodo's anti-virus doesn't stand up to others, but what about their firewall and behavior blocker? How does the behavior blocker in Comodo Firewall Pro compare to ProcessGuard?
btw...
http://h1.ripway.com/undertone/firefox.png
<3 NoScript & AdBlock.
Hilariously enough:
Apparently they've been editing links on any FFXI wiki they can get their hands on to point to the same exploit page. I'd assume it gets reverted quickly, but Bancat might want to put some safety checks in place on bgwiki.