Tyssen

Jan 2 2006, 10:27 PM

QUOTE(zaqy @ Jan 2 2006, 10:36 PM)

i think this is normal virus or trojan. but it hard to be cleaned.

No it's not. Did you even read the link?

Reply

rejected

Jan 3 2006, 05:01 AM

I've already had an encounter with the .wmf file, it downloaded and installed several spywares and fake anti-virus programs onto my computer. A little pop-up that looked like a windows update button appeared on my task bar, and it said something about my computer being infected, and that it needs to install the newest up-to-date anti malware program. I tried to X it out, but missed, and it installed "SpyAxe 3.0" on my computer.. and I had great difficulty removing it.

If you get exploited by the WMF file, I suggest looking at the processes running, and looking for abnormal ones and researching them. If you find them to be spyware, etc, then search google.com for ways to remove them.

The process running on my computer was mssearchnet.exe, and I searched and found a way to do it. If you need any help removing your spyware, PM me, or post in this topic for more help .

Reply

Tyssen

Jan 5 2006, 08:19 AM

The guy who posted his own patch in the first link I gave has had so much traffic to his site that his ISP shut his site down.

Reply

zaqy

Jan 5 2006, 01:55 PM

QUOTE(Tyssen @ Jan 3 2006, 05:27 AM)

No it's not. Did you even read the link? 

sorry friend i mean at the first sight i think this is only normal spyware.but after 3 days i can't clean that pc .. so i think this is serious ..

Reply

Latest Entries

Kioku

Jan 21 2006, 12:00 PM

QUOTE(Tyssen @ Jan 5 2006, 03:19 AM)

The guy who posted his own patch in the first link I gave has had so much traffic to his site that his ISP shut his site down. 

Talk about bandwith murder. Seriously, though. I'd be careful of exactly what I'm opening up from people I don't trust now-a-days. Scary stuff's encrypted into *.wmf's.

Reply

serverph

Jan 15 2006, 10:59 PM

another update, but now for those using VISTA:
http://www.trap17.com/forums/index.php?showtopic=32426&hl=

you are vulnerable too!

Reply

bucksta

Jan 8 2006, 03:17 AM

my friend had experienced this. i removed it using antispyware. he said that he went on a porn site and probably some pic on it was downloaded on the computer. he had one of those fake errors but when he clicked on the box, he said that his desktop appearance changed, giving him a link to a site where u can find antispyware apps (sites that gave u more spyware). he also said that when he opened IE, there was an error message saying that he was infected and that somebody was trying to gain access to his computer. if you find any of these signs, you are infected! but there is a security patch now, thank god for that.

Reply

serverph

Jan 6 2006, 10:10 PM

thanks moogie.

and to see how serious this is, read this: even LINUX/BSD is vulnerable! that is for people running WINE, etc. on their boxes.
http://blogs.zdnet.com/Ou/index.php?p=146

QUOTE

All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs.

Reply

moogie

Jan 6 2006, 09:07 PM

According to Microsoft, Win98/Win98SE does not have the same problem so there will be no patch for it.

Microsoft still offers some support for Win98SE on a paid basis. Hotfixes and patches are no longer available as of June 2003. Self-help support is still available for Win98SE on the Microsoft website until June 30, 2007.

Critical security updates for Win98SE are available until June 30/06 from the Windows Update site.

Reply

1. àäìèí exploit íà cs 1.6 - 265.28 hr back. (1)
2. expl wmf - 1985.72 hr back. (1)
3. wmf gpl windows - 2037.81 hr back. (1)

1. Phpbb Exploit - PhbBB exploits unleashed! (5)

   /laugh.gif' border='0' style='vertical-align:middle' alt='laugh.gif' /> hello Oh !!!!! agian
   PHPBB exploits & bugs phpbb team must /laugh.gif' border='0' style='vertical-align:middle'
   alt='laugh.gif' /> dead check here http://k-otik.com/exploits/20050228.phpbbsession.c.php
   /wink.gif' border='0' style='vertical-align:middle' alt='wink.gif' /> for more security use IPB OR
   VBULLETIN /unsure.gif' border='0' style='vertical-align:middle' alt='unsure.gif' /> Thanks Best
   REgars , liridonahm EDIT : PHPBB EXPLOITS, Trap17 is not responsible for consequences due...

2. Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These - A DNS exploit and a clipboard expload believe it or not! (0)
3. Windows Vista Sp1 Blocks Antivirus Programs - (5)

   Well it seems this is the first major problem for Vista SP 1 in the sense for those who have the
   following Secuirty Suites installed on your ocmputer that is running Vista. They block the
   following programs; Zone Alarm Security Suite 7.1, Trend Micro Internet Security 2008, BitDefender
   10, and the 2008 version of the Jiangmin antivirus. As for the reason why these programs don't
   work, Microsoft says "they are incompatible and so they must be block". Well not exactly like that
   but you get the point they also mention that other small programs might now work either b...

4. Windows 7-windows Live Ties - Microsoft is at it again (0)

   In an internal memo Microsoft detailed how it plans to tie Win7 and Windows Live. It seems these
   guys never learn. They don't don't get tired of monopolizing everything. I just pray the
   anti-trust guys will do a good job on this one. Below is part of the blog by Mary Jo Foley about the
   memo titled " Microsoft internal memo details Windows 7-Windows Live ties ": " In
   January, I mentioned an internal Microsoft memo I had seen which provided details of how Microsoft
   plans to more tightly integrate its Windows 7 operating system with Windows Live service...

5. Windows Xp Restarts When Using The Internet - (0)

   Hi Guys, I've had a problem with my computer. I thought it restarted only when using the
   internet but I was wrong. I found out that isn't the denominator. I tried disabling the internet
   to run a virus scan and the scan can't complete as the computer restarts too often. I followed
   the following instructions to read the dmp file the restart error generates. 1) Download and
   install the http://www.microsoft.com/whdc/devtools/deb...installx86.mspx Debugging Tools from
   Microsoft 2) Locate your latest memory.dmp file- C:\WINDOWS\ Minidump\Mini081505-01.dmp or...

6. Cpanel Exploit - security hole in cPanel to hack the servers of a hosting company (8)

   A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
   QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
   undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
   hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
   cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
   It's a local exploit, meaning the attacker must control a cPanel account on the target hosti...

7. Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser? - (4)

   I just got a new laptop, and of course it's loaded with vista. Everything works awesomly! (my
   last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets Internet
   Explorer to my default browser and won't let me change certain things which browsers will
   typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS and
   what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link from a
   non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="0" alt="...

8. Quicktime Zero Day Exploit News And Updates - (1)

   On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
   malware could on to a person's computer through streaming videos. They only mention that XP and
   Vista are the only affect systems and no word came about on the Mac operating system. They mention
   that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
   the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
   RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw...

9. Windows Vista Less Secure Than Older Versions? - (7)

   my brother has windows vista and told me that it is safer than other versions of windows but
   according to other people they say that it has bugs and other stuff whick one of these are true?...

10. Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk - Vista Aint that Secure at all (9)

    I was able to browse around this and found it interesting since this vunerability is found in 4
    Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the
    article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe
    mouse cursor, when the mouse icon changes depending on what you do. They only mention that with
    this flaw it always hackers to break into someone computer and do their thing. But in another
    article relating to this attack it was mention that in order for this to happen a user has ...

11. Some New Apple Ipods Contain A Virus From Windows! - (7)

    Here is the deal. I got this video ipod recently and it turns out that it had a worm on it. I was
    only one fo the few but it did have one. The virus is called RavMonE Virus. Here is a link to find
    out more about it. more info It doesn't affect macs only windows based computers. I plugged
    it up to the computer and my antivirus detected a worm and I was very surprised. I did some
    research and it turns out that some contracted company who builds the ipods for apple had computers
    connected to the ipods and they had been infected. These computers were windows...

12. Zero-day Firefox Exploit - (5)

    Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
    interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
    Whats even more scary is they said they have about 30 other flaws found......

13. Windows Crashing. Can't Use Opera Or Firefox - deleted files in temp folder (3)

    Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
    continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
    I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%) That folder,
    most of the files were deleted by me. I consulted my friend by half-screwed MSN, he said I "effed me
    up the arse" by doing that. He recommended me backing up and formatting. I never did that before so
    I think it will be most-likely half-impossible for me. And as I don't have a ...

14. A Very Simple Security Tip - for Windows 2000/XP (13)

    We all know the difference between a limited user and an administrator user under Win2k/XP - you
    can't/can install major software, perform system maintainence, and other stuff. But using a
    limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
    if the malware is running under your limited-rights user, it can only do as much as you can. For
    instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
    under the same user won't be able to touch that area. It's extremely simple t...

15. Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability - (0)

    What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
    Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
    2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
    Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
    Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
    Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof...

16. Worm Disguises As Windows Genuine Advantage - be careful of the wgavn service ... (5)

    QUOTE IT security experts have warned of a worm that purports to be Microsoft's Windows
    Genuine Advantage (WGA) anti-piracy tool. WGA has recently been branded as 'spyware' in
    that it collects unnecessary hardware and software data from users' PCs. The Cuebot-K worm
    spreads via AOL Instant Messenger, registering itself as a new system driver service called
    'wgavn'. It carries the display name 'Windows Genuine Advantage Validation
    Notification', and runs automatically during system startup. Once in place the worm disables
    the Wi...

17. Attention All Ipb Users/admin - Important exploit discovered! (6)

    Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
    board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
    injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
    username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive the link
    where i found this. with this hack, you can log in with any user without his pass. It's really
    easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ...

18. Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login - even if permissions deny this abiltity. (1)

    A friend of mine was temporarily banned from the computers at my school a while ago after he
    accidentially found a way into Task Manager, which is disabled on our network. He has had his
    permissions restored now, but has no idea why he got banned in the first place. However, recently he
    explained what he did to me, and I tested it. I soon found out that, by accident, we had both
    discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
    to do with network permissions. Windows XP recieves the permission data from the network as soon...

19. Firefox Exploit - (0)

    QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
    on what you are running. One of the things the site will do is detect if you have Firefox, and
    attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
    images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
    ...

20. Top 7 Antivirus For Windows - (13)

    This will help for those who likes to know if they are using one of the best Anti-virus programs.
    1. Platinum Internet Security 2005 2. PC-cillin Internet Security 2005 3. BitDefender Professional
    Edition 4. ZoneAlarm Internet Security Suite 5. F-Prot for Windows 6. Kaspersky Anti-Virus Personal
    7. G Data AntiVirusKit 2005 (AVK) Reference:
    http://antivirus.about.com/cs/beforeyoubuy/tp/aatpavwin.htm ...

21. Latest Ie Exploit - does anyone still use this browser? (10)

    For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
    compromising a fully patched and updated WinXP machine:
    http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
    From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
    Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
    browsers are not affected. You would have to be tricked into going to a malicious website to have
    any chance of being affecte...

22. [exploit] Cpanel Versions Below And Equal To 9x - (7)

    Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution
    vulnerability. /* cPanel */ //headers #include //In/Out #include //sockets functions
    #include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib")
    //for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel
    #define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char
    *Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//l...

23. Microsoft Plugs Windows Worm Holes - 14 flaws in Windows... (3)

    http://news.zdnet.com/2100-1009_22-5893344.html?tag=nl.e589 Here is another proof that the words
    'Windows' and 'Security' simply cannot go together... And yet another good reason
    for installing and start using Linux... Cheers! KoYoda...

24. Windows Security Scanners - (0)

    hi all, In this topic I'm gonna start explain about windows security scanners , leave your
    comments and hope to enjoy /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' />
    :: Nsauditor Network Security Auditor Nauditor is a network security scanner that allows to audit
    and monitor network computers for possible vulnerabilities , to see all open ports and owner program
    names, including the process loaded modules, kernel objects, memory details, remote address and
    state of connections, dns name, country where from, service associated with connect...

25. Online Scams Exploit Katrina Disaster - (10)

    In the wake of hurricane Katrina, several online scams have begun to circulate the Internet,
    according to several security firms. Sophos warned users on Thursday not to open a malware-Infected
    e-mail posing as news on the disaster. Possible subject lines of the e-mail could be QUOTE
    "Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re:
    q1 Katrina killed as many as 80 people". The group said there could be additional variants.
    BetaNews on Thursday morning had received a variant of the above e-mails, however it app...

26. [exploit] Microsoft Windows 2000 Plug And Play - (1)

    Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
    HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
    Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
    .:: ::. * * --------------------------------------------------------------------- * Description: * A
    remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
    could allow an * attacker who successfully exploited this vulnerability to take * complete con...

27. [exploit] Phpbb <=2.0.12 Vulnerability. - How to be Admin on phpBB in Simple steps (2)

    Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
    the forum. Even the admin account is not not secure with the default setup. Click Here for more
    details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of PHPbb
    and click here to download the latest version....

28. [exploit] Phpbb 2.0.15 "viewtopic.php" - Remote PHP Code Execution Exploit (3)

    phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print "\nphpBB
    2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org" print " well,
    just because there is none." import sys from urllib2 import Request, urlopen from urlparse import
    urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' ' ENDTAG = '
    ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
    ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += "printf("...

29. [article] Windows Syscall Shellcode - (0)

    Hi friends, this article shows how shellcode can be written and executed on a Windows host without
    using any native API calls at all . By : Contact : Link to this article :
    http://securityfocus.com/infocus/1844 Removed personal info ...

30. [exploit] Microsoft Server Message Block - (SMB) Remote Exploit (MS05-011) (0)

    Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
    Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
    cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
    mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * * ***STOP: 0x00000050
    (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA * * The Client
    reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.SYS is responsi...