Civ Duel Zone

Civ Duel Zone (
-   Socrates' Socialist Spam Society (
-   - (

Socrates 01-03-2004 15:31
Well, better start a thread in which I can tell what's going on in my little Paris's suburbs.

First, this month of March is gonna be filled with exams all along, so I won't for sure start any game before at least one month. My 2 current games can still go on, it will depend if I'm in a rush this or that day.

Now to the fucking part. I got a virus last week-end !!! [cry] I feel sorry for Skyfish, who got injured (but not too much, I hope ?) through me. What pieces of advice can you guys give me ? So far I haven't installed any anti-virus programs or anti-spam programs, thinking my Web surfing would be "clean". [blush2] Now that I understand it's not guaranteed, I need to install stuff. I think we have McAfee at home, and AdAware is free : will those two be OK ? How can I get rid of my current virus ? It's called "I-Worm.Moodown.b", if it's the only source of problems so far !! Damn, I'm fucking angry now ! :(

ERIKK 01-03-2004 16:19

A nice firewall and antivirus program would be nice!

How did Sky got affected? You emailed him a deadly attachment??? ;)

anarres 01-03-2004 17:00

krys, here are the manual removal instructions for your virus. Note that McAfee and Adaware a more than enough to stop 95% of virus'/spyware/adware, etc, but you have to keep them UPDATED, and you have to RUN THEM. McAfee should stay running, always. Adaware should be run at least once a week. BOTH products must be updated once a week (at least) to keep them protected.


Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

1: Open Windows Task Manager.
On Windows 95/98/ME systems, press CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, then click the Processes tab.
2: In the list of running programs*, locate the malware file or files detected earlier.
3: Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4: Do the same for all detected malware files in the list of running processes.
5: To check if the malware process has been terminated, close Task Manager, and then open it again.
6: Close Task Manager.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

1: Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2: In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Win dows>CurrentVersion>Run
3: In the right panel, locate and delete the entry:
service = %Windows%\services.exe -serv
4: In the left panel, double-click the following:
5: Right-click the following key and add a new subkey named:
6: In the right panel, double-click the (Default) entry and change its value to:
7: Close Registry Editor.

Socrates 01-03-2004 18:19

I think you got it right, anarres. Your quote tells me about that "services.exe", and that what was running each time I started my PC (I'm now sure of it) ; it auto-terminates each time after like 5 minutes (you know, the Windows crash, and BTW, I saw it taking some good parts of the RAM in the Windows Task Manager). The little fuck installed a lot of things inside Windows folder and sub-folders (easily seen with a search in the Windows folder for changed files during last week).

Now I did what you told me, in the Registry (what a mess, this stuff !). I hope it stops running, now, on PC starts. But I need to clean the PC with McAfee. If there seems to be stuff after that (or more complaints from contacts I have), then I'll just delete my whole HD once again... losing so much time transfering vital files to another PC before formatting... [aargh]

I have found quite a lot of fake files : should I remove them myself ?

Here a little sample of some stuff : I can't believe hackers are so desperate in life to lose their time creating this.

Other stuffs are here and there too.

Skyfish 01-03-2004 20:55

[eek] Horrible!
Get rid of all of it !

PS : I can see our dearest of hackers, Matrix, managed to infect you as well, it's a small world after all [lol]

Socrates 02-03-2004 02:17

I think I got rid of that motherfucker now. [goodjob] I basically deleted everything by hand !! First deleted this 2nd services.exe in the WINDOWS folder. Then deleted the zips (I think : 24) in the same folder. Then deleted the dozens of 24-file bunches (image above is part of that) that were copied in every folder containing "share" in its name and each of their subfolders ! All of this after doing what anarres told me, and doing what was mentioned about this virus on the McAfee site.

Now if anyone encounters something wrong that could come from me (or one of my possible contacts...), please e-mail me as soon as possible. It should be OK, but you're never sure.

One important thing : to avoid possible confusion (I opened up the fake exe from an e-mail coming from a "sure" address at 1am, so I wasn't in special beware mode :D ), please sign all your e-mails !!! Write at least 1 word or 2 (I usually write "turn xxx"), and sign it, with your real name, nick or "nick's nick" (mine is "krys" :D ) to ensure this is an e-mail you actually wrote and sent. Any weird e-mail will be deleted immediately. I encourage you to the same.

anarres 02-03-2004 11:26

krys, the way to not get a virus in the future is not to open a .exe that is obviously a virus. ;)

Socrates 02-03-2004 15:56

Yes, but... yes, but... Can anyone estwing him on the head ? :D [estwing]

Seriously, I received that from a sure address, and that had more value than the weird and short body text and the damn attachment. Won't make it twice. All my friends are potential enemies, must be suspicious... [evil]

anarres 02-03-2004 17:49

Umm, nearly ALL virus' spread by sending email from your friends infected computers! [:o]

Lt. Killer M 02-03-2004 18:06

I actually got an email form an INEXISTENT email (a typo of my email on our homepage) TO the very same INEXISTENT email arriving at a different email....

the virus collects addresses on the web and uses them as camouflage. So the purpoted source sasy NOTHING!

All times are GMT +2. The time now is 13:21.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.