|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
09-01-2007, 05:03 AM
|
#1 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
XP exploit on either Torrentz or TorrentSpy
First I went to TorrentSpy and then Torrentz.
Upon loading torrentz.com my firewall immediately caught mshtml2.exe attempting to connect to the internet. The file was located in C:\Documents and Settings\Owner\Local Settings\Temp and it was just created, but I went immediately from TorrentSpy to Torrentz so I don't know which one put it there. Here is the IP info it was trying to connect to: Search results for: 63.251.135.24 Internap Network Services NETBLK-PNAP-11-99 (NET-63-251-0-0-1) 63.251.0.0 - 63.251.255.255 ClickSpring LLC INAP-BSN-CLICKSPRING-0971 (NET-63-251-135-0-1) 63.251.135.0 - 63.251.135.63 I have XP all up to date, so I'm not sure how this got on there and ran on it's own. |
|
|
|
09-01-2007, 05:33 AM
|
#2 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Looks like I posted too soon.
"C:\Program Files\ISM" was also created by this and the following files tried to connect: ism.exe abacus.isprime.com ismmodule3.exe 76.9.9.190 76.9.9.190 also goes to OrgName: ISPrime, Inc. OrgID: IPRM Address: 25 Broadway Address: 6th Floor, Suite #2 City: New York StateProv: NY PostalCode: 10004-1086 Country: US |
|
|
|
|
09-01-2007, 05:43 AM
|
#3 |
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
|
No such things here,i double checked all system folders and cant found anything.Probaly beacuse nod32 kills such things.
|
|
|
|
|
09-01-2007, 06:00 AM
|
#4 |
|
Confirmed User
Join Date: May 2007
Location: So fucking gone
Posts: 1,839
|
mshtml2.exe is a ad-ware. You must have installed it at some point prior to this
__________________
Trafficadept | Best traffic I have ever tested | web "@t" cuul.org |
|
|
|
|
09-01-2007, 06:03 AM
|
#5 |
|
Sofa King Band
Join Date: Jul 2002
Location: Outside the box
Posts: 29,903
|
Either you downloaded those files or you're using IE and your security settings are seriously slacking!
|
|
|
|
|
09-01-2007, 06:10 AM
|
#6 | |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Quote:
This might be from a rogue advertiser in the rotation, so it's not going to happen on every single visit. I recall the same thing happening on MySpace some time ago. Millions were infected. |
|
|
|
|
|
09-01-2007, 06:13 AM
|
#7 |
|
Confirmed User
Join Date: May 2005
Posts: 893
|
you are in some seriously deep shit
go here http://www.google.com/search?hl=en&q...=Google+Search you may need to replace the hard drive or even the computer. don't forget to have your ISP reverse flush the lines to be sure you get rid of all of it. |
|
|
|
|
09-01-2007, 06:20 AM
|
#8 | |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Quote:
Everything is marked either prompt or disable except these.... Run ActiveX controls and plug-ins: Enable Script ActiveX controls marked safe for scripting: Enable Active scripting: Enable Allow paste operations via script: Enable Scripting of Java applets: Enable Should I set the first one to prompt instead? |
|
|
|
|
|
09-01-2007, 06:23 AM
|
#9 | |
|
Sofa King Band
Join Date: Jul 2002
Location: Outside the box
Posts: 29,903
|
Quote:
Anything to do with active x should be by prompt only. |
|
|
|
|
|
09-01-2007, 06:24 AM
|
#10 | |
|
Confirmed User
Join Date: May 2007
Location: So fucking gone
Posts: 1,839
|
Quote:
always, same goes for Scripting of Java applets: Enable and Active scripting: Enable and make sure you PC is updated with the latest patches, including your IE
__________________
Trafficadept | Best traffic I have ever tested | web "@t" cuul.org |
|
|
|
|
|
09-01-2007, 06:29 AM
|
#11 | |
|
Confirmed User
Industry Role:
Join Date: Dec 2004
Location: Denver
Posts: 6,559
|
Quote:
__________________
 |
|
|
|
|
|
09-01-2007, 06:31 AM
|
#12 |
|
So Fucking Banned
Industry Role:
Join Date: Apr 2002
Location: ¤ª"˜¨๑۩۞۩๑¨˜"ª¤
Posts: 18,481
|
Now that I think about it, I had to switch at least one of those to enable to get an online virus sanner to work. I'm pretty sure it was Norton's, because I had never used that one before. It wasn't Kaspersky, Panda, BitDefender or TrendMicro. I had always used those without problems.
So it's ironic that a security company would say their online scan doesn't work with your current settings (I had it/them on prompt), then you make the changes to get the virus scanner to work and you get infected. That right there is evidence that the security companies WANT you to get infected so you'll buy their products. |
|
|
|
|
09-01-2007, 06:53 AM
|
#13 | |
|
Confirmed User
Join Date: May 2007
Location: So fucking gone
Posts: 1,839
|
Quote:
Welcome to 2004, the year "root kits" were discovered.
__________________
Trafficadept | Best traffic I have ever tested | web "@t" cuul.org |
|
|
|
|
