**WARNING** Somepage.com compromised **UPDATED 5/27**

[Bitesized]

So if these recently hacked people don't have the smart.dll file (Which I found and got rid of.) Is it a possibility that others and I could still be compromised and not even know it?

[Rellikard]

Just got finished talking with a GM and after I logged, he started(or supposedly) an account investigation + account recovery. Seven+ days w/o my account's worth getting all those non-rare/ex items I don't want to farm back. I just pray they don't go back so far that my BST is no longer 75. Just got it to 75 last Tuesday and account jacked on Thursday.

[Izildur]

following from my post i woke up this morning and decided to DL hack-this and found..


O20 - Winlogon Notify: Fly - smart.dll (file missing)


is this it ??? - If so looks like i found it on ad aware and put it in quarantine (as im sure nothing else deleated/found the file) - what should i do now.

[Baylin]

Ok so tried doing a format and unplugging my other hard drives (as they are most likely still infected) and the hack tool came back, not only on my computer, but also on my brothers. Neither of us lost our account information this time but the fact that these hack tools keep coming back after formatting is worrying. Mines was the same type of exe again A0001150.EXE, and my brothers was ntos.EXE.

Is it possible that both these hack tools have come from the original Gaelicum.A worm that infected me last week? I think the only way i am going to be able to get rid of the worm is by fully formatting and destroying the boot sectors on my HDD.

Any help of information on this issue would be greatly appreciated

[Littlelilly]

Ok so tried doing a format and unplugging my other hard drives (as they are most likely still infected) and the hack tool came back, not only on my computer, but also on my brothers. Neither of us lost our account information this time but the fact that these hack tools keep coming back after formatting is worrying. Mines was the same type of exe again A0001150.EXE, and my brothers was ntos.EXE.

Is it possible that both these hack tools have come from the original Gaelicum.A worm that infected me last week? I think the only way i am going to be able to get rid of the worm is by fully formatting and destroying the boot sectors on my HDD.

Any help of information on this issue would be greatly appreciated

Heya Bay hope you and your brother are ok .If i were you i would wipe it all and start again with a fresh install seems the only option if it keeps comming back Sorry i cant be of much help but thats the only thing i can think of you to do.
I hope it works out and get rid of the hack on yours and your brothers pc.

[Spekkio]

Ok so tried doing a format and unplugging my other hard drives (as they are most likely still infected) and the hack tool came back, not only on my computer, but also on my brothers. Neither of us lost our account information this time but the fact that these hack tools keep coming back after formatting is worrying. Mines was the same type of exe again A0001150.EXE, and my brothers was ntos.EXE.

Is it possible that both these hack tools have come from the original Gaelicum.A worm that infected me last week? I think the only way i am going to be able to get rid of the worm is by fully formatting and destroying the boot sectors on my HDD.

Any help of information on this issue would be greatly appreciated

Heya Bay hope you and your brother are ok .If i were you i would wipe it all and start again with a fresh install seems the only option if it keeps comming back Sorry i cant be of much help but thats the only thing i can think of you to do.
I hope it works out and get rid of the hack on yours and your brothers pc.

be careful you're not cross contaminating via old windows holes as soon as you bring the system online. have a friend create an SP3 install disk from a clean computer and do a fresh install from the ground up followed by an SP3 install to bring your patches up to date. it's not uncommon to haul your PC to the computer store for a virus cleaning and the howling, file stealing monkeys behind the counter just running a restore from the restore media, not installing any patches. bring it home, plug it into an internet connection w/o any protection and BAM, machine hosed again.

[Izzy]

Ok so tried doing a format and unplugging my other hard drives (as they are most likely still infected) and the hack tool came back, not only on my computer, but also on my brothers. Neither of us lost our account information this time but the fact that these hack tools keep coming back after formatting is worrying. Mines was the same type of exe again A0001150.EXE, and my brothers was ntos.EXE.

Is it possible that both these hack tools have come from the original Gaelicum.A worm that infected me last week? I think the only way i am going to be able to get rid of the worm is by fully formatting and destroying the boot sectors on my HDD.

Any help of information on this issue would be greatly appreciated

You need to format all computers on your network, while they are all disconnected from each other. DO NOT HAVE ANY COMPROMISED COMPUTER ON ANY NETWORK!!! UNPLUG YOUR ETHERNET WIRES NOW AND FORMAT THEM ALL!

[Spekkio]

http://apple.slashdot.org/apple/08/06/11/1855218.shtml
in addition to not using IE, avoid using Safari under Windows just as greatly. these two vulnerabilities will permit a nasty site to run executables on your computer just by visiting the nasty site if i understand correctly. as the forum rules above state, firefox and noscript are your friends, safari is likely just as nasty and dangerous as IE.

[Kiyuan98]

safari is likely just as nasty and dangerous as IE.

IE7 with IE7Pro?

[Tordall]

safari is likely just as nasty and dangerous as IE.

IE7 with IE7Pro?

Safari is actually worse. The apple (using safari) was the first to fall in the most recent pown to own competition. It fell to an exploit in Safari. To make matters worse, Apple took over two weeks to patch the problem. The Windows laptop lasted much longer and I don't think it fell to an IE exploit. I'm not sure if the Linux one ever fell.

Unfortunately (or fortunately depending on your perspective), the days when Mac (and Apple products in general) users could rely on not getting hacked b/c no one was interested are long over.

[Infini]

Firefox 3 just got released if yer a sane person you will get this NOWS! D:

http://www.Firefox.com

[Emmaline]

I miss search gear by stat and NM by zone from somepage.com, damn you wiki!

[saigax]

still infecteD?

[Aurania]

Of course it is still infected. That site has not been updated since March. As such, do you really think some person is sitting there monitoring the activity and ads being placed on it?

People continue to use this page, and worse, use it unprotected with IE7, old, bad flash, and letting scripts run rampant all over their C drives. I have seen three people I know get hacked in the last two weeks (one, luckily, had a good RL basically watching while it happened and was able to combat the situation, change PW, clean the computer and save his friend's account before the worst happened). Others, not so lucky. One just found out today. The other has been waiting a month for his rollback.

I administrate our linkshell site. I recently made a very lengthy post linking to many threads here, links to decent, free programs on CNET, the dangers of using IE, downloads to noscript, etc. I even posted a how-to.

It's like banging my head repeatedly against a wall, though, because my warnings are going largely ignored, as everyone thinks they are immune, then can't understand they they got hacked.

SE doesn't do anything, players in the know refuse to protect themselves, most of the playerbase is largely ignorant to the threats on the internet, and more and more people are hacked every single day.

I went all over {some page} (I have many, many ridiculous layers of protection - my PC is very much clean and shall remain that way) attempting to locate the service provider for the domain, thinking that if we can't get the attention of the site admins letting, then maybe we can cut the site off at the source by contacting its service provider.

Am I nuts here? Doesn't it make more sense to start helping ourselves, since no one else cares to? Is it possible to locate and get them shut down for the sheer number of malicious viruses being spread by that essentially defunct site? Maybe I am looking in the wrong places, but I couldn't find anything on that site that would let me know who I could contact about the problem.

Edit: I think I found their hosting service, btw. Can't be sure, but it sure as shit can't hurt to try, I suppose: http://www.theplanet.com/

Edit#2: I checked the AUP from the above hosting link. Under their legal area, they say this:

Violations & Complaints

As a provider of hosting services, The Planet provides resources with which our customers host thousands of websites. Please note that The Planet is not responsible for the content that customers publish on their websites nor can we police each and every webpage that is published using our resources. As such, we encourage you to report any potential violations of the law, our terms and conditions or the rights of others, using the resources set forth below. We will attempt to respond to, investigate and resolve each complaint we receive from you. Complaints may include reports of trademark infringement, copyright infringement, spam, phishing, fraud or hacking. Please carefully review the following information to ensure that your complaint is directed to the proper Planet representative — your failure to do so may delay or prevent our response to your complaint.

Spam, Phishing, Fraud, Hacking and Other Abuse Complaints

If you have a complaint regarding potential spam, phishing, fraud, hacking or other violations of our AUP , please direct those complaints to [email protected] .

Our Abuse Department is trained to respond to, investigate and take remedial measures regarding spam, phishing, fraud, hacking or other violations of our AUP — please do NOT direct these complaints to our Legal Department — doing so may delay or prevent our response to your complaint.

Sure, maybe it won't do a damn thing, and maybe I even have the wrong host. I am submitting a complaint anyway. I suggest others join me.

[Izzy]

Reporting things like this to the hosting company is a good idea. However, it's not going to stop the RMT hosting the exploits. The hosts are overseas and thus, there's nothing we can do about it from a legal standpoint. The best you could do is get the "innocent victim" fansites shut down, which really isn't what we want to do Q_Q.

[Raji]

Granted, but does anyone honestly think that Somepage (and the people who WERE running the site) qualify as innocent victims?

[Izzy]

Granted, but does anyone honestly think that Somepage (and the people who WERE running the site) qualify as innocent victims?

That's why I put it in quotes lol.

[Aurania]

Reporting things like this to the hosting company is a good idea. However, it's not going to stop the RMT hosting the exploits. The hosts are overseas and thus, there's nothing we can do about it from a legal standpoint. The best you could do is get the "innocent victim" fansites shut down, which really isn't what we want to do Q_Q.

Oh, I totally agree. My sole objective at this point is to get a site that is actively hacked, but with no one monitoring the situation, shut down, at least until people are active again to keep the situation in check (what comes to mind is your post when BG had an exploit recently - shit was shut down lightning fast, so BG is not really a liability here).

I know we can't cut them off at the source, but we can at least remedy what seems to be the most prevalent problem - people visiting sites that were basically hacked months ago, but never had the hacks removed.

I don't want anyone to touch the small, but active, fansites, because that definitely is not fair to the guy who is actively trying to combat the problem.