Civ Duel Zone  

Go Back   Civ Duel Zone > PBEM and Pitboss Games > Socrates' Socialist Spam Society
Home

Reply
 
Thread Tools Display Modes
Old 01-03-2004, 15:31   #1
Socrates
Emperor
 
Socrates's Avatar
 
Join Date: Jan 2004
Location: Seattle, WA
Posts: 3,946
Default Socrates.com

Well, better start a thread in which I can tell what's going on in my little Paris's suburbs.

First, this month of March is gonna be filled with exams all along, so I won't for sure start any game before at least one month. My 2 current games can still go on, it will depend if I'm in a rush this or that day.

Now to the fucking part. I got a virus last week-end !!! I feel sorry for Skyfish, who got injured (but not too much, I hope ?) through me. What pieces of advice can you guys give me ? So far I haven't installed any anti-virus programs or anti-spam programs, thinking my Web surfing would be "clean". Now that I understand it's not guaranteed, I need to install stuff. I think we have McAfee at home, and AdAware is free : will those two be OK ? How can I get rid of my current virus ? It's called "I-Worm.Moodown.b", if it's the only source of problems so far !! Damn, I'm fucking angry now !
__________________
Sent from my Debian
Socrates is offline   Reply With Quote
Old 01-03-2004, 16:19   #2
ERIKK
Moderator
 
Join Date: Mar 2003
Location: Netherlands!.
Posts: 2,636
Default

A nice firewall and antivirus program would be nice!

How did Sky got affected? You emailed him a deadly attachment???
ERIKK is offline   Reply With Quote
Old 01-03-2004, 17:00   #3
anarres
anarchist butcher
 
Join Date: Mar 2003
Location: United States of Whatever.
Posts: 4,677
Default

krys, here are the manual removal instructions for your virus. Note that McAfee and Adaware a more than enough to stop 95% of virus'/spyware/adware, etc, but you have to keep them UPDATED, and you have to RUN THEM. McAfee should stay running, always. Adaware should be run at least once a week. BOTH products must be updated once a week (at least) to keep them protected.

Quote:
quote:
Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

1: Open Windows Task Manager.
On Windows 95/98/ME systems, press CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, then click the Processes tab.
2: In the list of running programs*, locate the malware file or files detected earlier.
3: Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
4: Do the same for all detected malware files in the list of running processes.
5: To check if the malware process has been terminated, close Task Manager, and then open it again.
6: Close Task Manager.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

1: Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2: In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>Win dows>CurrentVersion>Run
3: In the right panel, locate and delete the entry:
service = %Windows%\services.exe -serv
4: In the left panel, double-click the following:
HKEY_CLASSES_ROOT>CLSID>{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
5: Right-click the following key and add a new subkey named:
InProcServer32
6: In the right panel, double-click the (Default) entry and change its value to:
%System%\WEBCHECK.DLL
7: Close Registry Editor.
__________________
<b>Calculate the probability of culture flips: Flip Calc</b>
anarres is offline   Reply With Quote
Old 01-03-2004, 18:19   #4
Socrates
Emperor
 
Socrates's Avatar
 
Join Date: Jan 2004
Location: Seattle, WA
Posts: 3,946
Default

I think you got it right, anarres. Your quote tells me about that "services.exe", and that what was running each time I started my PC (I'm now sure of it) ; it auto-terminates each time after like 5 minutes (you know, the Windows crash, and BTW, I saw it taking some good parts of the RAM in the Windows Task Manager). The little fuck installed a lot of things inside Windows folder and sub-folders (easily seen with a search in the Windows folder for changed files during last week).

Now I did what you told me, in the Registry (what a mess, this stuff !). I hope it stops running, now, on PC starts. But I need to clean the PC with McAfee. If there seems to be stuff after that (or more complaints from contacts I have), then I'll just delete my whole HD once again... losing so much time transfering vital files to another PC before formatting...

I have found quite a lot of fake files : should I remove them myself ?

Here a little sample of some stuff : I can't believe hackers are so desperate in life to lose their time creating this.


18.66KB

Other stuffs are here and there too.
__________________
Sent from my Debian
Socrates is offline   Reply With Quote
Old 01-03-2004, 20:55   #5
Skyfish
 
Join Date: Apr 2003
Location: dead.
Posts: 2,349
Default

Horrible!
Get rid of all of it !


PS : I can see our dearest of hackers, Matrix, managed to infect you as well, it's a small world after all
__________________
<font color=\"brown\"> <b><i>\"NOT back from the dead\"</b></i>
</font id=\"brown\">
Skyfish is offline   Reply With Quote
Old 02-03-2004, 02:17   #6
Socrates
Emperor
 
Socrates's Avatar
 
Join Date: Jan 2004
Location: Seattle, WA
Posts: 3,946
Default

I think I got rid of that motherfucker now. I basically deleted everything by hand !! First deleted this 2nd services.exe in the WINDOWS folder. Then deleted the zips (I think : 24) in the same folder. Then deleted the dozens of 24-file bunches (image above is part of that) that were copied in every folder containing "share" in its name and each of their subfolders ! All of this after doing what anarres told me, and doing what was mentioned about this virus on the McAfee site.

Now if anyone encounters something wrong that could come from me (or one of my possible contacts...), please e-mail me as soon as possible. It should be OK, but you're never sure.

One important thing : to avoid possible confusion (I opened up the fake exe from an e-mail coming from a "sure" address at 1am, so I wasn't in special beware mode ), please sign all your e-mails !!! Write at least 1 word or 2 (I usually write "turn xxx"), and sign it, with your real name, nick or "nick's nick" (mine is "krys" ) to ensure this is an e-mail you actually wrote and sent. Any weird e-mail will be deleted immediately. I encourage you to the same.
__________________
Sent from my Debian
Socrates is offline   Reply With Quote
Old 02-03-2004, 11:26   #7
anarres
anarchist butcher
 
Join Date: Mar 2003
Location: United States of Whatever.
Posts: 4,677
Default

krys, the way to not get a virus in the future is not to open a .exe that is obviously a virus.
__________________
<b>Calculate the probability of culture flips: Flip Calc</b>
anarres is offline   Reply With Quote
Old 02-03-2004, 15:56   #8
Socrates
Emperor
 
Socrates's Avatar
 
Join Date: Jan 2004
Location: Seattle, WA
Posts: 3,946
Default

Yes, but... yes, but... Can anyone estwing him on the head ?

Seriously, I received that from a sure address, and that had more value than the weird and short body text and the damn attachment. Won't make it twice. All my friends are potential enemies, must be suspicious...
__________________
Sent from my Debian
Socrates is offline   Reply With Quote
Old 02-03-2004, 17:49   #9
anarres
anarchist butcher
 
Join Date: Mar 2003
Location: United States of Whatever.
Posts: 4,677
Default

Umm, nearly ALL virus' spread by sending email from your friends infected computers! []
__________________
<b>Calculate the probability of culture flips: Flip Calc</b>
anarres is offline   Reply With Quote
Old 02-03-2004, 18:06   #10
Lt. Killer M
Emperor
 
Lt. Killer M's Avatar
 
Join Date: Mar 2003
Location: HAWK!.
Posts: 4,365
Default

I actually got an email form an INEXISTENT email (a typo of my email on our homepage) TO the very same INEXISTENT email arriving at a different email....

the virus collects addresses on the web and uses them as camouflage. So the purpoted source sasy NOTHING!
__________________
One more turn..... just one more turn... one MORE!
Lt. Killer M is offline   Reply With Quote
Reply
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 12:35.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.