Security Help For Ppls..
S_Badguy
Join Date: 2003-12-03 Member: 23925Members
Join Date: 2003-12-03 Member: 23925Members
<div class="IPBDescription">. subjected to the "hidden image" thread</div> np xshrike.. ntm one badass avatar you got there =p
mmm blood ^_^
Being a network tech squire for os3 lvl hardening with government requirements mainly dealing with banks... I know my ****.
Unless they try again and again.. you should only be infected once.. just be sure to scan again in a day or two.
ALSO be sure to head over to microsoft update if you run windows media player 9 and or windows XP. Get all the critical patches, and perform that vulnerability patch workaround I provided...
in IE.. Tools -> Internet Options... -> [TAB] Advanced -> [Multimedia] Dont display online media content in the media bar
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->That will teach me to look at any link posted my someone with only 2 posts. I used AVG and it found 1 virus is that all there is?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
GOOD.. the admins nuked the thread, but I want to make sure that everyone who subjected themself to the "hidden image" thread understand that their system may have been compromised...
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The kind of attack this vulnerability assesses will alow your system to be compromised with some mallicious code. I highly reccomend if you do not have norton antivirus 2003 or 2004, you use this completely free tren micro virus scan engine. Trend micro rivals the potency of norton.
<a href='http://housecall.trendmicro.com/' target='_blank'>http://housecall.trendmicro.com/</a><!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
so I attached some important quotes from before
mmm blood ^_^
Being a network tech squire for os3 lvl hardening with government requirements mainly dealing with banks... I know my ****.
Unless they try again and again.. you should only be infected once.. just be sure to scan again in a day or two.
ALSO be sure to head over to microsoft update if you run windows media player 9 and or windows XP. Get all the critical patches, and perform that vulnerability patch workaround I provided...
in IE.. Tools -> Internet Options... -> [TAB] Advanced -> [Multimedia] Dont display online media content in the media bar
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->That will teach me to look at any link posted my someone with only 2 posts. I used AVG and it found 1 virus is that all there is?<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
GOOD.. the admins nuked the thread, but I want to make sure that everyone who subjected themself to the "hidden image" thread understand that their system may have been compromised...
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->The kind of attack this vulnerability assesses will alow your system to be compromised with some mallicious code. I highly reccomend if you do not have norton antivirus 2003 or 2004, you use this completely free tren micro virus scan engine. Trend micro rivals the potency of norton.
<a href='http://housecall.trendmicro.com/' target='_blank'>http://housecall.trendmicro.com/</a><!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
so I attached some important quotes from before
Comments
I'm running housecall as we speak. errr... type.
<span style='color:red'>GODSEND!</span>
whiped that infected file np.
never click on links you dont trust, nor click on a link submited by someone with 2 posts and is o/t in NS > General Discussion. <<< key rule which'll save your arse more then once.
never click on links you dont trust, nor click on a link submited by someone with 2 posts and is o/t in NS > General Discussion. <<< key rule which'll save your arse more then once.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
And get FireBird at <a href='http://www.mozilla.org/products/firebird/' target='_blank'>http://www.mozilla.org/products/firebird/</a> - it stops many viruses and popups, and generally rules IE.
how do i solve it now?
~Jason
**EDIT**
WM Player Vs. 7.01 in the c:/program files/ directory. OS = Win98
Norton Systemworks V 5.0
Norton Antivirus V 8.017 - No virus Detected.
Trend Micro - 1 virus Detected. (Finished Scan; Virus type: "Non Cleanable" - I'll delete it now.)
If you are vulnerable, malicious code is executed by the attacker on your system.
This appears to only occur on people who are running windows media player 9 and have it installed to the c:\program files\windows media player\ directory.
If norton and trend micro do not show you are infected.. then your system has not been compromised.
There is a small possibility it could be in the near future though.
Like I said earlier to prevent further use of this vulnerability..
<!--QuoteBegin--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->in IE.. Tools -> Internet Options... -> [TAB] Advanced -> [Multimedia] Dont display online media content in the media bar<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
that is a workaround that prevents the automatic execution of files through the built in media player.
Some people are immune to this sort of attack because of more complex router configurations, firewalls, proper patching, and or not running windows media player 9...
windows media player 9.. to my knowledge is the pinnacle of the particular exploit you have seen.
This like I have now said numerous times assesses your system for vulnerabilities.. it does NOT execute the malicious code itself. The particular vulnerabilities is looks for though can allow the uploading of malware.. eg: virii, trojans... not one specific infection
File Name: "JS PETCH.A" (Confirmed by Agent Orange to be The SPECIFIC virus.)
Copies of File Found: 1
Type: Non-Cleanable (Deleting now)
If you see this PH34R, thanks majorly. I would not have caught it without you, and frankly I was kinda panicky. I owe you man.
Good luck Agent Orange, I'm gonna scan again tomorrow and maybe if anything shows up; the day after that, I suggest you do too.
scratch that. 138 times.
scratch that. <b>138 times.</b> <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
Looking at what @gent Orange just put on his reply from his update, he might need any help you can give him...
I searched google and found a jeefo.a remover. Running it as we speak.
and I checked windows update to see if somehow I missed a critical security update but I'm runnin smooth on that <!--emo&:D--><img src='http://www.unknownworlds.com/forums/html/emoticons/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif'><!--endemo-->
I hope that guy is banned from the forums
Another good browser, with a few more options than mozilla. Also mostly invulnarable to attacks like these.
Also, guys, don't click on links people provide on irc, unless it's a link you know is fine, or if the link name matches what you're talking about. Beware of people who join, link that, and leave.
Another good browser, with a few more options than mozilla. Also mostly invulnarable to attacks like these.
Also, guys, don't click on links people provide on irc, unless it's a link you know is fine, or if the link name matches what you're talking about. Beware of people who join, link that, and leave. <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
You neglect to mention built in ads <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
Yea.. IE is a big security hole, any other browser is better
You neglect to mention built in ads <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif'><!--endemo-->
Yea.. IE is a big security hole, any other browser is better <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
One ad, and it's right next to your arrow keys so you don't notice it anyway ;D. I registered my Opera, it gives you a lot more options.
posted in this thread:
<a href='http://www.unknownworlds.com/forums/index.php?s=&act=ST&f=10&t=58363' target='_blank'>http://www.unknownworlds.com/forums/in...ST&f=10&t=58363</a>