Item Search
     
BG-Wiki Search
Page 24 of 47 FirstFirst ... 14 22 23 24 25 26 34 ... LastLast
Results 461 to 480 of 931
  1. #461
    RIDE ARMOR
    Join Date
    Jun 2007
    Posts
    9
    BG Level
    0

    Quote Originally Posted by Kaces View Post
    Mafai's friend had the disappearing act occur as well, maybe we're onto something -- but it doesn't explain the other hackings. I still haven't found anything on the sites via changes in file/registry on my VMs... So, can all of this be explained by retards not giving us the full story and visiting sites in RMT tells? ~______~

    Anyway, done with tests today -- will be back tomorrow to try out the Ethereal filtering.
    Well i cant talk for any1 else but like i said before i didnt visit any of those RMT sites or anything besides my EMail and my online banking i only go to FFXIAH.com Wiki and BG. I dont even go to alla or anything cause my sisters accoung was hacked over a yr ago. I think the best bet is playing on somthing besides PC until ppl find what this is. I apprciate everone trying to find out what it is btw.

  2. #462
    Aselin
    Guest

    Quote Originally Posted by Sabertiger View Post
    Not exactly.

    I was playing FF via PC x2, browsing wiki via PC x3, when the internet connection died (shared connection with the network), found the suspicious line on PC x3, but POL crashed on PC x2. So yes, it went across network boundaries, at least on my machines.

    EDIT: Oh, ran HJT on the PC x2 that was running FF, did not find the suspect line. That was interesting.

    XP Home SP3(lolIknow) and XP Pro SP3(again lolwindows I know eh).

    My next Computer Science project at school: Write a Linux emulator that runs FFXI (unless someone knows of one?)
    You can do that with WINE, it isn't perfect but it works:

    WineHQ - Run Windows applications on Linux, BSD, Solaris and Mac OS X

    WineHQ - Final Fantasy XI Online Final Fantasy XI

  3. #463
    E. Body
    Join Date
    Mar 2006
    Posts
    2,333
    BG Level
    7

    Quote Originally Posted by Akisu View Post
    So you're saying that you didn't use the machine for web browsing that was infected? And it spread over the network? Well then, that's a whole new ballgame if that's accurate.


    Side note: What's up with BG? After reformatting, I never reinstalled flashplayer, and it's asking me to install flash each page view, does a main component of BG use flashplayer? Nothing seems to have lost functionality without flash installed on my end. Just a question, not saying it's releated, just didn't notice it this morning, lol.
    i would be VERY surprised if it's spreading from machine to machine, as that would be way outside of the level of sophistication i would expect from the RMT. if it is happening, we need to switch up our ballgame, but as this is the first report, i would say it's far too early to draw that conclusion. let's start by analyzing the trojan's output by infecting a computer and using a dummy account or bad uname/password to try to log in while capturing the traffic across the wire, paying special attention to the destination. if we can find where the traffic is going to, (and if they were dumb enough to not encrypt their traffic) we can start to get a handle on this or at the very least try to protect ourselves by blocking any outgoing traffic to their remote servers.

  4. #464
    Relic Shield
    Join Date
    Apr 2009
    Posts
    1,514
    BG Level
    6

    Pretty sure I read that the Clampi trojan goes through infecting networks in that article posted in this thread about it.

  5. #465
    Cerberus
    Join Date
    Dec 2004
    Posts
    469
    BG Level
    4
    FFXI Server
    Quetzalcoatl

    Shut up about the proxy line in the hijackthis logs, all it means is that you bypass the proxy for sites on the local network. Since >99% of people don't use a proxy on their home computer, the line is meaningless.

  6. #466
    Aselin
    Guest

    Quote Originally Posted by Solefald View Post
    Shut up about the proxy line in the hijackthis logs, all it means is that you bypass the proxy for sites on the local network. Since >99% of people don't use a proxy on their home computer, the line is meaningless.
    Then why on a clean install of Windows XP or Vista or 7, it's not there in the first place?

    How does it get there? Because, one I don't have it. My Win 7 installation doesn't have it. My friend's computer with Vista 64-bit doesn't have it and it's two weeks new. Another friend with Windows XP SP3 x86 doesn't have that line when I asked to scan her computer with HJT and she goes to FFXI Wiki and plays FFXI.

    The question: What programs puts it in there and why on 5 UNRELATED computers of 5 different players have the same line appear in HJT?

    The exception is the last 2 or 3 posters above me.

  7. #467
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Quote Originally Posted by Solefald View Post
    Shut up about the proxy line in the hijackthis logs, all it means is that you bypass the proxy for sites on the local network. Since >99% of people don't use a proxy on their home computer, the line is meaningless.
    THANK YOU!

    Also, since EVERY network connection on your network went down...I'm going to go with a router crash.

    Jesus Christ the amount of overreactions and fear mongering in this thread is fucking astronomical. It's most likely another Java/Javascript/Flash exploit that was recently/has not been patched yet.

  8. #468
    New Spam Forum
    Join Date
    Mar 2008
    Posts
    171
    BG Level
    3
    FFXI Server
    Ragnarok

    For reference I use google chrome with priovoxy proxy server(gimp adblock+ for chrome)
    I also use firefox for sites that don't work with chrome, don't have no script or anything.
    Perhaps this can give some comparative data.
    Anyone know how comparatively safe chrome is? I know it's got a good bit of security features and is probably not targeted yet.

    HJT:
    Spoiler: show

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:30 PM, on 8/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
    C:\Program Files\Privoxy\privoxy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8118
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7695 bytes


    Sophos Anti-Rootkit

    Spoiler: show

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:30 PM, on 8/25/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.ex e
    C:\Program Files\Privoxy\privoxy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8118
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
    O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Seku\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7695 bytes


  9. #469
    Puppetmaster
    Join Date
    Jul 2008
    Posts
    50
    BG Level
    2
    FFXI Server
    Phoenix

    Quote Originally Posted by Izzy View Post
    It's most likely another Java/Javascript/Flash exploit that was recently/has not been patched yet.
    Indeed. I believe it actually was patched as of August 19th, because I can't re-infect my laptop using the latest flash player patches.

    As I previously posted:
    Adobe - Security Bulletins: APSB09-10 Security Updates available for Adobe Flash Player, Adobe Reader and Acrobat

  10. #470
    Hyperion Cross
    Join Date
    Jan 2007
    Posts
    8,889
    BG Level
    8
    FFXIV Character
    Kai Bond
    FFXIV Server
    Gilgamesh

    Quote Originally Posted by Izzy View Post
    THANK YOU!

    Also, since EVERY network connection on your network went down...I'm going to go with a router crash.

    Jesus Christ the amount of overreactions and fear mongering in this thread is fucking astronomical. It's most likely another Java/Javascript/Flash exploit that was recently/has not been patched yet.
    R8 up, etc, A+++

    Even if it the proxy line is there it means fuck all, since it only points to your own PC. If anyone find something else in it, by all means let us know.

    The theories are growing very epileptic.

    As for what puts it (the line/registry entry) there, well the amount of over-the-top protect you guys apply to your PCs probably slipped it there some way or another. Or it is random, or it is installed by your ISP CD, whatever.

  11. #471
    Cerberus
    Join Date
    Sep 2008
    Posts
    407
    BG Level
    4
    FFXI Server
    Unicorn
    WoW Realm
    Draenor

    For the people who have been hacked WITH a token they will allways do a rollback it seems.

    http://i252.photobucket.com/albums/h...okenreroll.jpg


    EDIT. just read through the log again, and i asked "why is it being done" .... i wasnt really thinking there.

  12. #472
    Falcom is better than SE. Change my mind.
    Join Date
    Jun 2006
    Posts
    17,291
    BG Level
    9

    Quote Originally Posted by Metta View Post
    For the people who have been hacked WITH a token they will allways do a rollback it seems.

    http://i252.photobucket.com/albums/h...okenreroll.jpg


    EDIT. just read through the log again, and i asked "why is it being done" .... i wasnt really thinking there.
    What? Am I reading that right?

  13. #473
    Melee Summoner
    Join Date
    Jun 2007
    Posts
    24
    BG Level
    1

    Quote Originally Posted by Quince View Post
    Man i wish i knew i bought gil, i wouldnt have spent 7-8 hrs farming each day just to try to get better gear. Just to clarify i only go to those three sites, like Akisu said it crashed on my pc thought it maybe was a bad dat or somthing i was running file check and logged into my xbox. Only to find that i was in Port Windy with 3/4ths of my gear missing. So i hope this helps any1. When ffxi did crash it didnt give me any type of error it would just shutdown.
    Wow, your post made me remember something about when my account was jacked. It acted the exact same way, only this was right before token. I'd just randomly crash in multiple places and I thought it was a bad dat or something. I never had any issue with logging back in right after though... Maybe what I had is an earlier version of the new thing... Scary

  14. #474
    Relic Weapons
    Join Date
    Oct 2005
    Posts
    370
    BG Level
    4
    FFXI Server
    Ragnarok

    Quote Originally Posted by Metta View Post
    For the people who have been hacked WITH a token they will allways do a rollback it seems.

    http://i252.photobucket.com/albums/h...okenreroll.jpg


    EDIT. just read through the log again, and i asked "why is it being done" .... i wasnt really thinking there.
    Someone needs to confirm this with like...5 other GMs and their bosses before I can rest easier knowing my char is safe from losing items.

  15. #475
    Melee Summoner
    Join Date
    Feb 2008
    Posts
    29
    BG Level
    1
    FFXI Server
    Bismarck

    Well, router didn't crash.

    My internet connection mysteriously and inexplicably disconnected me from my ISP and in turn FF, after scanning with HJT for the better part of the day, and NOT seeing the proxy line... then wow, guess what? Seconds after I see the disconnect, I run HJT scan, and OMG! there it is. Oh and, no, router didn't kill my net.


    I've been unable to reinfect the PC after removing it, and the removal seems to have zero effect on anything else. Sure, it probably is some simple flash exploit that's got some nasty code behind it, doesn't make it any less of a threat. Hopefully, it is just a flash bug that's being proliferated via time rotating banner on some FF site, and it was patched in that recent flash patch or will be soon. That would easily explain difficulty causing the same circumstances to repeat themselves. Simple flash exploit or not, any script that can potentially disconnect me while simultaneously snatching my account information, maintaining access to the account, ganking anything worth a fuck off of it, and leaving me with a half empty account, is worthy of alarm. I'm not saying freak out and don't log in at all, I'd just say be cautious and aware of what's possibly going on.

    Maybe some of you don't give a shit about your accounts, but others do. Your opinion is what it is, doesn't make people securing their PCs wrong, or providing plausible answers to a problem wrong. Mind you, none of us ever said we had this thing pinpointed 100% and knew what was causing it, where it was coming from, etc. (at least I haven't O_o) It's all been speculation and best guesses. If one of you sitting here talking shit would kindly post and educate the rest of us on exactly what's causing this, how it's getting into PCs, crashing POL, and possibly bypassing security in place, then by all means, post. Until you've had your connection killed and your POL crash logging back in, or can tell me, precisely, how it happened, don't bother talking shit. kthx

  16. #476
    Warrior Tank
    Join Date
    Nov 2007
    Posts
    607
    BG Level
    5
    WoW Realm
    Burning Blade

    Quote Originally Posted by Mistress Stowastiq View Post
    One would think. But when browsing simple things and getting denied, people want to see the content. How many people actually can tell the difference between a trustworthy site and one that is not? They go to IE because FF did not let them see some content with all of the script blockers, planning on going back after viewing that one bit of content. Viewing a game site with sneak peek vids of ffxiv is pretty boring with full blockers on, you have to open various permissions to see anything.
    If a website is pathetic enough to only support IE in this day and age then I don't want to supply them with traffic and instead let websites like this die. So, get your information elsewhere. Almost everything on the internet is mirrored elsewhere or a similar service exists. Don't support bullshit sites that won't get with the times.

    Also, decent websites are able to run perfectly with scripts disabled and leave javascript completely optional. Sadly this isn't the case for most sites yet.

  17. #477
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Quote Originally Posted by Sabertiger View Post
    Maybe some of you don't give a shit about your accounts, but others do.
    It's not that I don't give a shit about my account. It has to do with not overreacting and giving out information that isn't going to help someone.

    By telling people, "Just remove that line in the registry and you'll be safe.", you're giving someone a HUGE sense of security even though it most likely did nothing at all. It's actually going to cause more people to get hacked by making them think they've fixed the exploit.

  18. #478
    Bagel
    Join Date
    Feb 2006
    Posts
    1,304
    BG Level
    6

    Quote Originally Posted by byte View Post
    If a website is pathetic enough to only support IE in this day and age then I don't want to supply them with traffic and instead let websites like this die. So, get your information elsewhere. Almost everything on the internet is mirrored elsewhere or a similar service exists. Don't support bullshit sites that won't get with the times.

    Also, decent websites are able to run perfectly with scripts disabled and leave javascript completely optional. Sadly this isn't the case for most sites yet.

    I can think of at least one site I've had to visit for work before quite regularly that isn't at ALL compatible with any other web browser other than IE. No choice in going there - but it's the only fucking site I've ever visited using that piece of shit browser believe me. Sad thing is - it's actually the site used to enter data of kids' public school exams and having to have IE open drove me fucking nuts all the time I was marking their tests.

    Sometimes company executives are idiots who didn't quite get the memo about Firefox and Chrome yet - and they're always the bastard companies that decide to shove all admin online only so you've got no fucking choice.

  19. #479
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Quote Originally Posted by Cesaria View Post
    I can think of at least one site I've had to visit for work before quite regularly that isn't at ALL compatible with any other web browser other than IE. No choice in going there - but it's the only fucking site I've ever visited using that piece of shit browser believe me. Sad thing is - it's actually the site used to enter data of kids' public school exams and having to have IE open drove me fucking nuts all the time I was marking their tests.

    Sometimes company executives are idiots who didn't quite get the memo about Firefox and Chrome yet - and they're always the bastard companies that decide to shove all admin online only so you've got no fucking choice.
    The NYC financial portal (Dept of Education, Health, etc.) ONLY supports IE. It's fucking annoying as hell.

  20. #480
    Cerberus
    Join Date
    Dec 2004
    Posts
    469
    BG Level
    4
    FFXI Server
    Quetzalcoatl

    IE is a perfectly fine browser and has about a good a security record as Firefox's ever since version 7. The problem with it is all the damn toolbars and addons that try to install themselves on it, many of which are spyware. I would love to make Chrome my main browser but it's not mature enough yet. Matter of fact, they just put out a Chrome update to fix a major security flaw discovered by, amusingly enough, Mozilla.

Page 24 of 47 FirstFirst ... 14 22 23 24 25 26 34 ... LastLast

Similar Threads

  1. What in the fuck is going on with Ancient Currency prices?
    By Avarice in forum FFXI: Everything
    Replies: 22
    Last Post: 2009-01-12, 05:21
  2. Ok what the hell is up with Roc?
    By S N K in forum FFXI: Everything
    Replies: 49
    Last Post: 2008-06-28, 21:00
  3. Oldschool players with JP Accounts & The new Expansion
    By Lyramion in forum FFXI: Everything
    Replies: 39
    Last Post: 2007-11-24, 01:31