Silkroad Online Forums

Yeah I guess the one thing I don't like about Norton/Symantec is it's almost impossible to completely uninstall it. It has a few rootkits in it from what I understand basically, and you need a batch file from Symantec (that I think they charge for) to completely remove Symantec/Norton products.

That's what I was told at least....

LoL you do have a virus...
But your the only one so why blame rev6?

I have a firewall and i never had any port request...
Basic principle of a trojan is to open a port connection and act as a trojan, just like in the movie where they build a big horse in wood.
There a way for the back door to communicate.
Funny how many people post stuff without knowledge, also rev6 release everything open source at 95% so all programmer know it safe.
Guess you can keep on scaring the newby.

If rev6 was able to make a virus so that people visit rev6 and get infected, there would be a HUGE problem with the internet security and 95% of the site would be unsecured.

So you claim they found a new exploit undiscovered by microsoft?
Are you sure they are that smart?

Other solution is that you don't know the real reason of your virus scanner to detect those file as dangerous.

Why don't you take the file detected as virus which would be plain html code and look at the source code in it?

Funny how your first reaction was blame rev6 for your msn virus, oh yea that virus is massively spread on msn and not on website, google your trojan a bit more and uninstall your msn and clear your cache file.

If symatect can't uninstall the virus it's a proof of there incapability.
Your the first one that received a virus in the last 6 month caused by rev6, something sound fishy doesn't it?

Many people here visit it daily, anyway stop making publicity about them, talk in bad or good but talk about them = publicity.

I visited them some time ago and I did a full scan with AVG, no threats were found.

http://www.silkroadonline.net/sro_board ... icID=30980

http://www.rev6.com - is exploiting Internet Explorer.
Zone Labs Security found Exploit.JS.ADODB.Stream.e when page loading.

I installed zone lab and tested it with internet explorer and nothing...
Funny it more like if there a movement of lie anti-rev6 and in the end...
It will only make publicity for them...

For everyone else posting, if you can find a virus alert and you can produce it, please tell us how to reproduce it, I'm really curious about it.

WTF- My virus program detected a trojan and i posted here to understand what it is.

Think about why should i have a problem with rev6?I m not a sro fanatic only enjoy the game and i dont get it why u insist about to defend this website.
Do u know who they r?
Do u really know what their purpose?
Their dark website doesnt look like trustable 4me.I really like rev6 but why should i take a risk?

Trojan Exploit.JS.ADODB.Stream.e

The Trojan - Exploit.JS.ADODB.Stream.e was first detected on 2nd October, 2006. Cyberoam Unified Threat Management solution’s virus signature database was up-to-date and ready to face it since Jul 27 2006. It deploys Kaspersky as a Gateway AV solution.

The Attack
The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.

i use Kaspersky and i visited few minutes ago rev6.com and got the same
Exploit.JS.ADODB.Stream.e like AXII

hi
this is what my AV says







and i found a keylogger guess i have to format my pc

No problems here viewing the site nor is my pc infected with anything, it must be that kaspersky program monging out

There the owner of the site posted this
http://rev6.com/virus.php

it's in plain text so that kaspersky won't block you from visiting it.

basically he got 2 pages:

http://www.rev6.com/route14.php
http://rev6.com/news.htm

If you visit those page individually you won't get a virus alert.

If you go on this page:
http://www.rev6.com/route14.php?site=news

You get a virus alert.
If you look at the source code you will find that
http://www.rev6.com/route14.php?site=news
Is identical to the 2 previous pages which don't have a virus
It include the news section inside the middle with a php include.

So pointless to say, kaspersky +AVG can't detect the real
Trojan Exploit.JS.ADODB.Stream.e virus
They have a bug in the detection of that virus.

kaspersky program --> monging out
Rev6 never released any virus I have been there since the beginning almost.
Pointless to say, your blaming then for kaspersky bug right now.

FYI ADODB is generally defined as one of two things.


As no mainstream browser implements python or PHP the first definition must be the correct one. Microsoft ADO being a microsoft thing is almost surely IE specific. Actually I know for a fact it is. You get it detected in FF etc though because your av software is scanning the cache. Firefox and every other non IE browser is not vulnerable to it. It could only work in IE. I know that if you ran wget on rev6.com you would get it detected as well. Lynx too.

Bah too late, they changed the website skin on rev6.com
The newer skin doesn't get detected as a virus.
But they kept the link to the old one which get detected as a virus.

And you are right, the cache show the plain html file as a virus, anyway pointless if you compare all the source file,
this is just like the silkroad.exe file being a keylogger. False alert.

Morningdew (employee A and Coffee guy) confirmed there was a trojan!

You are noobz ,EVRYONE!
There are many,many Indetectables(undetected) or also called *FUD*(Fully Undetected) RAT(RemoveAdministrativeTool)'S/Keyloggers

So...a normal virus/server would register in the registry FIRST and then start logging.
So all you need is SpyBot S&D.
Most of the AV's sux hard

and Rev6 is clean!

I don't know where you're getting your crazy acronyms from. Sure, there are many, many viruses or other malware that are not detectable by certain virus scanners. That's why it's a good idea to have multiple scanners, or at least have a good virus scanner PLUS a few spyware scanners. Not everything will register itself in the Registry.

All we need is Spybot S&D? That's bad advice right there. First you say that there are many types of viruses that are undetectable, then say all you need is one tool. That provides a false sense of security. There are plenty of things that Spybot doesn't detect that other scanners DO detect, and the same is true vice versa.

My advice would be to have a good AV scanner running (whether you like NAV, Avast, AVG, McAfee, NOD32, whatever...) and also do regular scans with spyware scanners like Spybot, Lavasoft Adaware, Spysweeper, or other tools that you like. It can't hurt to also do an occasional scan with an online scanner like housecall.trendmicro.com or similar in case your local scanners miss something, or they themselves get infected/disabled.

Not all of us are noobz....

He (she) would confirm life on the sun if it would get payed for that too.

ps.: ff/noscript/ccs/ab+/ad-watch/symantec av. ftw.

To be honest many of you are.

Most AV software is at best a waste of CPU/RAM/HD. And at worst it is a scam. This "always on AV" crap is mostly useless and reinforces bad computing habbits. Since it is always running and taking up resources in the background users feel that they are invulnerable. Often taking more risks and putting themselves into more danger than if they didn't have it. Only to wonder at the end why their AV did not save them. This only to them re-inforces the need to have always on av oddly enough. As it is a vicious circle that they never learn from.

Many "Trial versions" of AV software and indeed some full versions often return false positives to convince the user they "need" the software and that it is actually doing something for them. When in reality they are just being had another way.

Honestly the world would be a better place if everyone ditched symantic/norton/mcaffe/etc for a on demand scanner like clamwin which is free and just ran folding@home or some such in the background. Running an on demand scanner can protect you from legitimate threats while not re-enforcing bad computing habbits. Combine this with not using proven bad software like IE, not visiting sites you don't trust, confirming sites you trust, and caution about downloading executables or scrip from unknown sources. Toss in SBS&*D or Adaware free versions and you can avoid getting viruses more often than simply running a 24/7 scanner. I have used PCs for basically 20 years now if not a little over. And I am a very active user. I have never had a virus.

That is a very good point. I do agree that 24/7 always on virus scanners can encourage bad habits in computing. A lot of users simply will not take the extra step of manually scanning their system, or things they download to ensure they're not getting malware. Realtime scanners will help with this, but users should also perform manual scans.

It's like physical security. You don't want to leave your windows and doors wide open, with holes cut into your drywall for people to just come into your house, but have security guards constantly checking the surroundings. You want all those holes plugged up, doors/windows locked, AND security guards on 24/7 surveillance.

That is a pretty apt description of a windows system.



The problem with your analogy is this. Your guards are asleep on a binge of doughnuts and your guard dogs are chihuahuas. If you want something done right you gotta do it yourself. ^_^

You guys are honestly stupid. First of all, why use IE? It sucks. Second of all, the AVs you guys are using are completely sh!t. There is no reason to use them. The only decent AVs out there right now is Kapersky and NOD32. Kapersky has a better scanner than NOD32 but isn't that great at killing stuff. NOD32 has an excellent scanner and it can kill just about everything.

Also a trojan horse client is an application created//used for opening a port connetion to allow the "hacker" a connection to your computer, OR it is used to basically spy and steal data from your PC.

And for 1. I don't use an AV, it's pointless to me. 2. Firewalls are a thing of a past to me also.

The best way to protect your computer is to learn networking and know how to manage your ports. I don't ever have more than 10 ports open. The average is far over 50 ports open. This is why you fools get trojanned, spyware, keylogged, etc.

And don't tell me I don't know anything about computers. I know 6 computer programming languages.

Windows can be locked down pretty good if you know what you're doing.



I've been mostly relying on my "sleeping guards and chihuahuas", but also doing the occasional manual scan and I haven't had any problems with my Windows system. I know I should do more. I work in IT security. I know how bad Windows systems (and other platforms) can get. For my home system, it's just been good enough. I haven't had any infections on my network.

Personally I've never had a problem with Symantec. You say Kapersky has a better scanner than NOD32 but NOD32 can kill just about anything whereas Kapersky isn't that great at killing stuff?.......



That's not a very accurate description of a trojan horse. A trojan horse is simply something that appears to be something harmless, when it secretly has malicious features. For example, a copy of notepad.exe that also formats your hard drive when you save a document. It doesn't have to even open ports or anything.



You say you don't use firewalls, but you manage ports? Ports are managed by a firewall. Maybe you mean you don't use a software based firewall like ZoneAlarm? I just use a wireless NAT router with a firewall built in to manage my ports. Without that, there's always the Windows Firewall (although I don't like Windows Firewall). I only have 1 port open, and it's restricted by IP address.

It's all about defense in depth. It's best to have multiple layers. Good physical security, multiple logical security controls like firewalls, antivirus, intrusion detection systems, and actively managing your network security through manual virus scans, penetration/vulnerability scans and the like. Some of that is overkill for a home network though, but it's still good to have something to back up your manual security processes in case you miss something.

Yes u r good at computers and u r a selfish.How dare u charge people that they do not know about computers?What is the purpose of forums?People helping each other here.If u want to help post here.We dont need to learn about ur skills.If u want to contunie to insult others plz do not post here again.Also same thread whilw using firefox.

lol this threads turned well funny, it's like a "who's wearing the biggest anorak" competition

While your definition is technically correct. It is not that realistic. Most times with a trojan the attacker wants something more than to wipe out your PC. It is either about getting a back door on to your PC to steal your info or using your PC as part of a bot net to coordinate bigger attacks. So while technically correct his definition is the more realistic one.



Firewalls are a way of managing ports but not the only one. You can often times go in and just turn off a service. =P



In a corporate IT department where there are alot of PEBKAC calls yes. But that is only because of poor training and instincts on the users part. XD I just use 2 really good layers. Myself and my manual tools. 90% of attacks are not hard to avoid if you use common sense. the last 10% no amount of 24/7 scanners and firewalls would be able to save you anyway.