Item Search
     
BG-Wiki Search
+ Reply to Thread
Page 2 of 5 FirstFirst 1 2 3 4 ... LastLast
Results 21 to 40 of 96
  1. #21
    The Mizzle Fizzle of Nikkei's Haremizzle

    Join Date
    Feb 2006
    Posts
    22,040
    BG Level
    10
    FFXI Server
    Bismarck

    I tend to stay away from both of them anyway as is. I'm with Kuno on the whole map upload thing to BG wiki. That would completely sever the need to go to atlas and potentially expose your information.

  2. #22
    Chram
    Join Date
    Apr 2007
    Posts
    2,614
    BG Level
    7
    FFXI Server
    Cerberus

    Quote Originally Posted by Rai View Post
    Not true until FFXIAH adds information on if/where I can buy items from NPCs, or allows you to do a search based on individual item stats (read: STR, MDB, MDT, etc).
    try clicking the stat and/or using power search. If you want to know the more complex ways to search (like by stat descending, filtered by job, race, slot, etc) I can teach you how to do that via URL 'hacking' in PM.

    and click through to a wiki link if you want npc data.

    all that's missing from FFXIAH is craft rank on unknown subcrafts... which is what I use somepage for heh.

  3. #23
    Chram
    Join Date
    Apr 2007
    Posts
    2,614
    BG Level
    7
    FFXI Server
    Cerberus

    Quote Originally Posted by ringthree View Post
    Also, FFXIAH now has an at least as good if not better search function which was the last reason that people still used somepage.

    I will try to get all the maps up on the BGwiki but it may take a little while.
    if you have one of the map pack plugins, you have alot of doctored maps already available via that dat set. I suggest unpacking them into images with graphics converter 3 or photoshop + nvidia dds tools rather than risking a run down to ffxi-atlas if you're not sure you're airtight.

  4. #24
    Sandworm Swallows
    Join Date
    Dec 2006
    Posts
    7,329
    BG Level
    8

    Quote Originally Posted by Amele View Post
    if you have one of the map pack plugins, you have alot of doctored maps already available via that dat set. I suggest unpacking them into images with graphics converter 3 or photoshop + nvidia dds tools rather than risking a run down to ffxi-atlas if you're not sure you're airtight.
    Nah, I have most of the maps laying around, and I hate non-pristine stuff.

  5. #25
    Command Prompt Kitty
    C:\_

    Join Date
    Feb 2008
    Posts
    46
    BG Level
    1
    FFXI Server
    Odin

    I posted some information on infection here :

    forums.windower.net/index.php?showtopic=13230

    More forthcoming as I fiddle around with it.

  6. #26

    Can we make a big media fuss over this so SE can fix their policies on recovering hacked players? ;o

  7. #27
    Ranger
    2600klub

    Join Date
    Apr 2005
    Posts
    11,390
    BG Level
    9
    FFXIV Character
    Sonomaa Kihten
    FFXIV Server
    Gilgamesh
    FFXI Server
    Bahamut
    WoW Realm
    Durotan
    Blog Entries
    12

    if you could post that information here as well, Ive had some concerned PMs about the security of windower websites, people want to read but they worry

  8. #28
    Sandworm Swallows
    Join Date
    Dec 2006
    Posts
    7,329
    BG Level
    8

    Concerns over windower.net? I would think that would be one of the safer places. LOL

  9. #29

    Quote Originally Posted by ringthree View Post
    Concerns over windower.net? I would think that would be one of the safer places. LOL
    Politics aside, windower.net would be extremely high on my list of targets were I looking to infect a website.

  10. #30
    Command Prompt Kitty
    C:\_

    Join Date
    Feb 2008
    Posts
    46
    BG Level
    1
    FFXI Server
    Odin

    Infected myself via Virtual Machine (Windows XP SP3; Last Patches[July] )
    Infection Method - Direct (Downloaded and Ran 'taizi.exe')



    [ Virus Files and Names ]
    • c:\windows\system32\<randomly-generated-name>.dll - Trojan.PcClient-1603
    • c:\windows\system32\drivers\<randomly-generated-name>.sys - Trojan.Dropper-10666
    • taizi.exe - Unknown Dropper (Scanned; AV Did Not Warn)



    [ Trojan Abilities ]
    • Injects a DLL into other Programs (keystroke logging)
    --- • IMPORTANT : Keystroke logging works in any program (web browsers, email clients, pol, etc)
    • Text Capture (of keystrokes; confirmed)
    • Image Capture (of keystrokes?; unconfirmed, but loads files related to capturing images)
    • Video Capture (of keystrokes?; gameplay?; unconfirmed, but loads files related to capturing video)
    • Live Password Uploading (via web server)

    • Does NOT appear to capture text when using built-in POL virtual keyboard (captures external virtual keyboard strokes)
    • Does NOT appear to send POL files which contain saved passwords
    • Does NOT appear to use ADS (Alternate Data Streams) to hide data
    • Does NOT appear to gather POL ID data (after much testing it only seems to be after passwords and text, which is very confusing)



    [ Installs Service(s) ]
    • VSSC - (c:\windows\system32\<randomly-generated-name>.dll; ~93KBs size)
    • yuctvyaf - (c:\windows\system32\drivers\<randomly-generated-name>.sys; ~5KBs size)
    --- • NOTE : The DLL and SYS file appear to share the same randomly generated name.


    [ Installs Other File(s) ]
    • Text Log of Passwords - (c:\windows\system32\<randomly-generated-name>.key)
    --- • NOTE : The KEY log appears to share the same randomly generated name as the DLL and SYS files.
    • INI File [Unknown Usage] - (c:\windows\system32\<randomly-generated-string>.ini; 1KB size)
    • Host Information from PC.TXT - (c:\windows\temp\<randomly-generated-number>.exe; 1KB size)



    [ Creates Connection(s) ] :
    Code:
    www.crackwg.net/pcshare/pc.txt
    NOTE : Connects and downloads PC.TXT every 30 seconds until connected to host specified in file

    Code:
    59.34.148.248:7866/20080826/063853/753874.jsp
    NOTE : 59.34.148.248 is current host specified in pc.txt; Subject to change at any time
    NOTE : Connection to 59.34.148.248:7866 seems persistent and does not terminate unless connection is lost to the host. If connection to the host is lost, the trojan will attempt to connect to crackwg.net every 30 seconds and attempt to connect to the specified host in the PC.TXT file. Once connected to the specified host, it will cease attempting to connect to crackwg.net. The path to the JSP and the JSP file itself is randomly generated based on the current date and time.



    [ Other Data ]

    Initial Data Received from 59.34.148.248\*\*.JSP :

    Code:
    Send: Return Code: 0x00000000
    00000000  52 0D 12 12 8A 1A 12 12 12 D2 E5 19 F6 16 12 12    R...............
    00000010  A7 13 12 12 12 12 12 12 10 12 12 12 13 12 12 12    ................
    00000020  56 21 13 12 53 7B B9 14 8D 51 2F 58 A2 A5 F3 93    V!..S{...Q/X....
    00000030  68 B7 D6 11 12 12 12 12 12 12 12 12 12 12 12 12    h...............
    00000040  12 12 12 12 12 12 12 12 46 5B 55 57 40 59 24 12    ........F[[email protected]$.
    00000050  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000060  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000070  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000080  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000090  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000000A0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000000B0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000000C0  12 12 12 12 12 12 12 12 46 5B 55 57 40 59 24 12    ........F[[email protected]$.
    000000D0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000000E0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000000F0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000100  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000110  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000120  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000130  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000140  12 12 12 12 12 12 12 12 D4 C7 DF BA AD DF A9 B5    ................
    00000150  C5 FB 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000160  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000170  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    00000180  12 12 12 12 12 12 12 12 A9 F3 C6 A3 A2 F4 A3 AC    ................
    00000190  49 20 22 22 25 23 23 20 27 4F 12 12 12 12 12 12    I ""%## 'O......
    000001A0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000001B0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    000001C0  12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12    ................
    Subsequent Data Received :

    Code:
    Receive: Return Code: 0x00000000
    00000000  48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D    HTTP/1.1 200 OK.
    00000010  0A 44 61 74 65 3A 20 54 20 47 4D 54 0D 0A 43 6F    .Date: T GMT..Co
    00000020  6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 38 0D    ntent-Length: 8.
    00000030  0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65    .Connection: Kee
    00000040  70 2D 41 6C 69 76 65 0D 0A 43 61 63 68 65 2D 43    p-Alive..Cache-C
    00000050  6F 6E 74 72 6F 6C 3A 20 6E 6F 2D 63 61 63 68 65    ontrol: no-cache
    00000060  0D 0A 0D 0A 4D 1F 00 00 00 00 00 00                ....M.......


    [ Trojan Detection Methods ]
    Method I (Anti-Virus Protection) - ClamWin Anti-Virus quickly detected the DLL and SYS file, so I am certain that other Anti-Virus programs would detect them as well.

    Method II (Manual System Scan) - Should you not wish to put your account in the hands of your Anti-Virus, I would suggest downloading AutoRuns (http://technet.microsoft.com/en-us/s.../bb963902.aspx).

    - When you initially run the program, it will begin a scan. Tap the Escape button once and it will cancel the scan. Make sure that 'Verify Code Signatures' and 'Hide Signed Microsoft Entries' are selected in the 'Options' menu of the program, then execute another scan by clicking the Refresh icon. If you find the items in the image below that are selected in the red, you are infected. Areas of text marked with blue means that the file name is randomly generated and may be different than what appears in the screen shot.

    http://www.moofah.com/temp/media/ima...i-trojan-c.jpg

    - You can also search for the KEY and INI files manually within Windows Explorer or through Search.

    http://www.moofah.com/temp/media/ima...i-trojan-d.jpg

  11. #31
    Ranger
    2600klub

    Join Date
    Apr 2005
    Posts
    11,390
    BG Level
    9
    FFXIV Character
    Sonomaa Kihten
    FFXIV Server
    Gilgamesh
    FFXI Server
    Bahamut
    WoW Realm
    Durotan
    Blog Entries
    12

    there was a china based hacker forum that carried prepackaged virus scripts not long ago, I wonder if this is one of the new packages from them

    I would assume putting a block on that website and that ip address from a firewall would protect you at least a little bit

    and yes, because of windowers popularity it would be one of the first to be attacked, I know there are always attacks on BGs server, we pay for professional monitoring to make sure we stay safe from outside attack

  12. #32
    Sea Torques
    Join Date
    Mar 2007
    Posts
    586
    BG Level
    5

    WARNER: i wouldn't clicking any of the Spoiler tags without Firefox with Noscript and adblock loaded

    In the windower information it was referenced to where the TCPIP client of the virus is pointing to (I WOULDNT SUGGEST CLICKING, IM AT WORK SO I DONT CARE):
    Spoiler: show
    http://www.crackwg.net/pcshare/pc.txt


    The address is pointing to a pc.txt file and on screen is displaying "59.34.148.248:7866" but this is not my work IP as i have a static IP on my domain with 172.XX.XX.XXX IP

    I decided to take a look at the starting directory
    Spoiler: show
    http://www.crackwg.net/pcshare/
    and got this bad boy.

    I loled

  13. #33

    Why is a Chinese 404 funny?

  14. #34
    The Once and Future Wamoura
    Join Date
    Aug 2005
    Posts
    18,370
    BG Level
    9
    FFXIV Character
    Rocl Montaigne
    FFXIV Server
    Excalibur
    FFXI Server
    Bahamut
    WoW Realm
    Quel'Thalas

    Quote Originally Posted by Shuemue View Post
    Why is a Chinese 404 funny?
    Definitely read that as "furry" and found it amusing, does this make me a bad person?

  15. #35

    You sick fuck, what did 404 ever do to you?

  16. #36
    The Once and Future Wamoura
    Join Date
    Aug 2005
    Posts
    18,370
    BG Level
    9
    FFXIV Character
    Rocl Montaigne
    FFXIV Server
    Excalibur
    FFXI Server
    Bahamut
    WoW Realm
    Quel'Thalas

    Coincidentally, this image appears if you google Chinese 404 furry:

    http://www.dargate.com/225_auction/225_pics/404.jpg

    This is related and on-topic.

  17. #37
    You just got served THE CALLISTO SPECIAL
    SASSAGE KING OF DA WORLD
    cheap hawks gay

    Join Date
    Sep 2007
    Posts
    26,424
    BG Level
    10

    That is certainly not something I'd risk googling to find out.

  18. #38

    That's obviously where 404 stores his fursuit and his collection of Falisa's bodily fluids.

  19. #39
    You just got served THE CALLISTO SPECIAL
    SASSAGE KING OF DA WORLD
    cheap hawks gay

    Join Date
    Sep 2007
    Posts
    26,424
    BG Level
    10

    Ok that bit of mental imagery was certainly uncalled for, bad Shue.

  20. #40
    YOU ARE SEARED
    Dungeon Master of the House of Weave

    Join Date
    May 2007
    Posts
    4,453
    BG Level
    7
    WoW Realm
    Kilrogg

    If the virus is only uploading to that site, would it stand to reason that you could give crackwg.net a bogus IP in your HOSTS file and then be able to surf atlas worry-free (insofar as this particular bug is concerned)?

Quick Reply Quick Reply

  • Decrease Size
    Increase Size
  • Remove Text Formatting
  • Insert Link Insert Image Insert Video
  • Wrap [QUOTE] tags around selected text
  • Insert NSFW Tag
  • Insert Spoiler Tag

Similar Threads

  1. New Password Stealing Virus
    By Skjie in forum FFXI: Everything
    Replies: 4
    Last Post: 2008-12-17, 10:40