|
|
Silkroad Online
|
|
|
Silkroad Forums
|
|
|
Affiliates
|
|
|
View unanswered posts | View active topics
| Author |
Message |
|
AXII
|
Post subject: Trojan:Exploit.JS.ADODB.Stream.e from REV6 carreful guyz  Posted: Wed Jun 27, 2007 6:16 am |
|
| Regular Member |
 |
 |
Joined: Mar 2007
Posts: 280
Location:
|
http://www.viruslist.com/en/search?VN=E ... eferer=aol
Exploit.JS.ADODB.Stream
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
 |
|
Cerus
|
Post subject: Posted: Wed Jun 27, 2007 6:42 am |
|
| Banned User |
|
Joined: Nov 2006
Posts: 1002
Location:
|
Its time for every1 to stop visiting that site. 
_________________
<<banned from SRF for bot admission. -SG>>
|
|
| Top |
|
|
|
DarkJackal
|
Post subject: Posted: Wed Jun 27, 2007 6:52 am |
|
| Elite Member |
 |
|
Joined: Feb 2006
Posts: 6119
Location: A den~
|
|
Glad I never did lol.
_________________
|
|
| Top |
|
|
|
[SD]Kratos
|
Post subject: Posted: Wed Jun 27, 2007 7:00 am |
|
| Senior Member |
 |
|
Joined: Apr 2006
Posts: 4787
Location:
|
|
sorry, where is it written it is from rev6.com? lol
_________________
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 7:12 am |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
|
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\1WJPZFJ1\rev6[1].htm
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\U90CV9PK\rev6[1].htm
Also virus program didnt allow to enter site.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
|
|
snag12
|
Post subject: Posted: Wed Jun 27, 2007 7:41 am |
|
| Regular Member |
|
Joined: Jun 2007
Posts: 209
|
|
Time to scan our computers ^^
|
|
| Top |
|
|
|
TwelveEleven
|
Post subject: Posted: Wed Jun 27, 2007 7:53 am |
|
| Banned User |
|
Joined: Mar 2007
Posts: 3806
Location: Heaven
|
|
afaik, that's used to refresh your browser not 100% sure.
_________________
<<banned from SRF for proof of botting. -SG>>
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 8:09 am |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
|
BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
|
|
the.unseen.
|
Post subject: Posted: Wed Jun 27, 2007 8:32 am |
|
| Frequent Member |
 |
|
Joined: Feb 2006
Posts: 1102
Location:
|
AXII wrote: BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr. This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.
|
|
| Top |
|
|
|
Death2U
|
Post subject: Posted: Wed Jun 27, 2007 8:35 am |
|
| Banned User |
 |
|
Joined: Sep 2006
Posts: 1659
Location: 5th Dimension
|
|
Just a false positive... happens all the time.
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 9:42 am |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
ping_lo wrote: Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Application Data\Mozilla\Firefox\Profiles\ux2ml8nt.default\Cache\B9F4AF15d01
I guess it is enough for u my friend.I do not know what u do but i m sure that i wont enter rev6 again 
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
|
|
ScZz
|
Post subject: Posted: Wed Jun 27, 2007 10:08 am |
|
| Common Member |
 |
|
Joined: Mar 2007
Posts: 141
Location: somewhere over the rainbow
|
|
lol dont use IE
_________________
Tibet
|
|
| Top |
|
|
|
chesticles
|
Post subject: Posted: Wed Jun 27, 2007 10:09 am |
|
| Loyal Member |
 |
|
Joined: May 2007
Posts: 1978
Location:
|
|
its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.
_________________
Want to play Jade Dynasty and get a bunch of free stuff?
In USA-East, The Billows
My Inductor ID is 8390004X080400090002522Z0d21fe
Copy that code and paste it in the box when you make a new character.
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 10:14 am |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
ScZz wrote: lol dont use IE
i m also using opera and firefox.Same warning from both too.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
Last edited by AXII on Wed Jun 27, 2007 10:17 am, edited 1 time in total.
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 10:16 am |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
chesticles wrote: its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.
i did my friend.Ad blocker and no-script r always enable on me.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
|
|
chesticles
|
Post subject: Posted: Wed Jun 27, 2007 10:21 am |
|
| Loyal Member |
|
|
Joined: May 2007
Posts: 1978
Location:
|
AXII wrote: chesticles wrote: its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue. i did my friend.Ad blocker and no-script r always enable on me. im not getting any of this backdoor bs lol .So far your the only person to get it. Try Kaspersky if that doesnt pick up anything (which it wont cuz i have it) they its just your scanner giving a false-positive
_________________
Want to play Jade Dynasty and get a bunch of free stuff?
In USA-East, The Billows
My Inductor ID is 8390004X080400090002522Z0d21fe
Copy that code and paste it in the box when you make a new character.
|
|
| Top |
|
|
|
Devotia
|
Post subject: Posted: Wed Jun 27, 2007 1:17 pm |
|
| Active Member |
 |
|
Joined: Jan 2006
Posts: 822
Location:
|
Quote: The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.
Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway.
_________________
Being a bastard works.
|
|
| Top |
|
|
|
Infstdraynor
|
Post subject: Posted: Wed Jun 27, 2007 1:31 pm |
|
| Regular Member |
 |
|
Joined: Dec 2006
Posts: 263
|
Quote: Exploit.JS.ADODB.Stream is a generic detection name given to all Java Script programs that uses known exploits in Internet Explorer combined with the use of ADODB.Stream functionality in ActiveX. It contains a code that uses a vulnerability in the Internet Explorer to execute.
I guess FF is fine. Even though I failed to see any reason why rev6 would want to plant a backdoor on you.
|
|
| Top |
|
|
|
chesticles
|
Post subject: Posted: Wed Jun 27, 2007 2:14 pm |
|
| Loyal Member |
|
|
Joined: May 2007
Posts: 1978
Location:
|
Devotia wrote: Quote: The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed. Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway. uhoh lol someone doesnt like you on msn/yahoo hahaha
_________________
Want to play Jade Dynasty and get a bunch of free stuff?
In USA-East, The Billows
My Inductor ID is 8390004X080400090002522Z0d21fe
Copy that code and paste it in the box when you make a new character.
|
|
| Top |
|
|
|
PR0METHEUS
|
Post subject: Posted: Wed Jun 27, 2007 2:40 pm |
|
| Senior Member |
 |
|
Joined: Aug 2006
Posts: 4093
Location: Earth
|
the.unseen. wrote: AXII wrote: BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr. This could be due to the fact That Norton sucks, or it could be conflicting with your other programs. Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.
_________________
Missing the good times in SRO... 
SRO:
1x, STR Blader (Thebes)
54, STR blader (Venice)
0x, INT wizard (Venice)
19, INT spear (Venice)
34, STR rogue/bard (Venus)
0x, STR blader (Venus)
8x, INT bard/cleric (Gaia)
|
|
| Top |
|
|
|
BlackFox
|
Post subject: Posted: Wed Jun 27, 2007 2:48 pm |
|
| Banned User |
 |
|
Joined: Jan 2007
Posts: 6588
Location: Oo Some where i dont know!!
|
hmm
http://www.silkroadonline.net/sro_board/fmboard/fm_board.asp?bID=SB_Inform&sID=1&Page=6&Num=775
Quote: Regarding re**.com Notice
Date : 3/27/2007
inquiry : 13707
Recently many players got nervous about outflowing information and hacking damage from re**.com, because characters and items of certain players were searched in the corresponding website.
We have investigated the site, re**.com, and have found out the results listed below, so there is no need to feel uneasy regarding this issue.
* The site is written in special mark to prevent players from clicking the link.
[Results of Investigation]
1. Corresponding website is not a hacking site of our Silkroad Online server, but is rather a scanning site of players' PCs.
2. Scanning can be progressed by re**.com, using information achieved from their site visitation and registration, or when a bot program is used, through the help of a virus program.
3. The information that can be scanned is very simple, as shown in their website. Other important information such as password is safe from this scanning progress.
4. For secure game play, please restrict yourself from visiting re**.com, and run an anti-virus program at least once a week.
_________________
mwahahahahaha !!
|
|
| Top |
|
|
|
Fat_Smurf
|
Post subject: Posted: Wed Jun 27, 2007 3:02 pm |
|
| Banned User |
|
Joined: Jan 2007
Posts: 5887
Location: www.youporn.com
|
|
rev6 developped nubot.... they wont say ''yea their site is safe you can visit it without any problem'' ...
_________________
<<banned from SRF for bot admission. -SG>>
|
|
| Top |
|
|
|
the.unseen.
|
Post subject: Posted: Wed Jun 27, 2007 9:21 pm |
|
| Frequent Member |
|
|
Joined: Feb 2006
Posts: 1102
Location:
|
PR0METHEUS wrote: the.unseen. wrote: AXII wrote: BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr. This could be due to the fact That Norton sucks, or it could be conflicting with your other programs. Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate. I know but there are way better Anti-viruses, and Norton Aka symantc Corporate conflects with alot of other programs. And i have it also but I only use it for scanning and not on access use because nod32 and avg pro are better.
|
|
| Top |
|
|
|
Nyahgis
|
Post subject: Posted: Wed Jun 27, 2007 9:33 pm |
|
| Banned User |
|
Joined: Oct 2006
Posts: 680
Location:
|
|
Sunbelt Personal Firewall, get the full edition, not the free edition. Problem solved.
_________________
<<banned from SRF for bot admission. -SG>>
|
|
| Top |
|
|
|
TheRealAnswer1
|
Post subject: Posted: Wed Jun 27, 2007 10:11 pm |
|
| Active Member |
 |
|
Joined: Mar 2007
Posts: 764
Location:
|
I noticed a few times while visiting Rev6 a popup came up from my spysweeper saying that it has removed a potentially harmful threat from my system... Thought somethin was fishy 
_________________
***** - lvl 81 S/S Nuker | Status: Leveling
Current SP: 707,000
04/14/09
|
|
| Top |
|
|
|
AXII
|
Post subject: Posted: Wed Jun 27, 2007 10:22 pm |
|
| Regular Member |
|
|
Joined: Mar 2007
Posts: 280
Location:
|
|
I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.
_________________
AXII-LVL 89 Spear 5:1 int-OLYMPUS
AXIII-LVL 90 ROGUE-XBOW
_____________________________
|
|
| Top |
|
|
|
chesticles
|
Post subject: Posted: Wed Jun 27, 2007 10:26 pm |
|
| Loyal Member |
|
|
Joined: May 2007
Posts: 1978
Location:
|
Symantec, AVG, and Nod32 are known for giving alot of false-positive. I still stand by that is what this is and that Kaspersky is the best lol 
_________________
Want to play Jade Dynasty and get a bunch of free stuff?
In USA-East, The Billows
My Inductor ID is 8390004X080400090002522Z0d21fe
Copy that code and paste it in the box when you make a new character.
|
|
| Top |
|
|
|
lexies2
|
Post subject: Posted: Wed Jun 27, 2007 10:30 pm |
|
| Loyal Member |
 |
|
Joined: Oct 2006
Posts: 1739
Location: The staircase to heaven
|
|
| Top |
|
|
|
Devotia
|
Post subject: Posted: Wed Jun 27, 2007 10:52 pm |
|
| Active Member |
|
|
Joined: Jan 2006
Posts: 822
Location:
|
AXII wrote: I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.
The bigger the program the more people trying to find ways to get around it.
The more people that work on a task, the quicker, and more often, it will get done.
That's the major flaw with the big 3 AVs. Any virus writer who has a chance of releasing a high threat virus is going to try it against those AVs. Simply because if, say, Symantec catches it, that's 50% of the population immune at 0 hour. It's less likely he's going to try against, say Kaspersky (around 1% market share IIRC), not only for the small payoff for the effort, but because people who go out of their way to find, get, and update it are generally not the kind of people who open up random executables in their email.
_________________
Being a bastard works.
|
|
| Top |
|
|
Who is online |
Users browsing this forum: No registered users and 6 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
