|
The Space Engine IRC Thread
|
|
| HarbingerDawn | Date: Monday, 01.10.2012, 18:24 | Message # 31 |
 Cosmic Curator
Group: Administrators
United States
Messages: 8717
Status: Offline
| Quote (Antza2) Why don't you give it a try, Harb?
The process involves pressing more than one button, and I'm way too lazy for that. I'll get around to it eventually.
All forum users, please read this!
My SE mods and addons
Phenom II X6 1090T 3.2 GHz, 16 GB DDR3 RAM, GTX 970 3584 MB VRAM
|
| |
| |
| Antza2 | Date: Monday, 01.10.2012, 18:28 | Message # 32 |
 World Builder
Group: Global Moderators
Finland
Messages: 1049
Status: Offline
| Quote (HarbingerDawn) The process involves pressing more than one button, and I'm way too lazy for that. I'll get around to it eventually.
Typing two words and clicking twice can be exhausting. Take your time. 
Go to antza2.deviantart.com for cool photos!
|
| |
| |
| Thurs | Date: Tuesday, 02.10.2012, 00:46 | Message # 33 |
 Astronaut
Group: Users
United States
Messages: 49
Status: Offline
| Hi all,
I am running Google Chrome with no extensions and no firewall or virus protection on my computer (don't get any funny ideas). No problems here. I am not sure how a large, well-known IRC network gave you a virus from their website. I am thinking either unchecked quality of ads on the site or something completely unrelated.
Also I've been pretty idle on the IRC, apologies, life is pretty busy right now.
Oh yeah, it's trivial to embed a little IRC chatbox into a website. In fact, I could paste the code right here if SpaceEngineer was interested.
Edited by Thurs - Tuesday, 02.10.2012, 00:46 |
| |
| |
| HarbingerDawn | Date: Tuesday, 02.10.2012, 00:50 | Message # 34 |
|
Cosmic Curator
Group: Administrators
United States
Messages: 8717
Status: Offline
| Quote (Thurs) no extensions and no firewall or virus protection on my computer
You really should get some kind of antimalware protection, it's senseless to go without it. At the risk of sounding like a broken record, I highly recommend checking out avast.
All forum users, please read this!
My SE mods and addons
Phenom II X6 1090T 3.2 GHz, 16 GB DDR3 RAM, GTX 970 3584 MB VRAM
|
| |
| |
| Thurs | Date: Tuesday, 02.10.2012, 01:37 | Message # 35 |
|
Astronaut
Group: Users
United States
Messages: 49
Status: Offline
| Ha sorry, this devolves into a little bit of writing. I understand what you're saying (I used to use Avast!) but I'm past the point of caring too much any more about viruses and trojans.
When I upgraded to Windows 7 a couple years ago I just decided to try forgoing antivirus all together after a few years (well over a decade - though I think my first encounter was with McAffee...horribly slow beast) of using AVGfree, Avast!, or ClamWin....Since there were only a few instances where they ever detected viruses in years of operation. It took a year without running a firewall or antivirus to get anything at all, which was a pretty nasty bug but could be contained and destroyed after booting into safe mode and running hijackthis.
Since that incident I've had nothing, since I rarely download anything or visit shady websites. Could I get ensnarled by a cutting edge browser exploit on a popular ad server? Possibly. But I know what to do in that case, even if it is rather inconvenient. In the end, all of my important data is on a web-inaccesible harddrive on a different computer and/or in the "cloud", and this one boots into a variety of operating systems on different hard drives. Until a trojan blows my power supply, I don't really feel the (even small) overhead of antivirus programs is really worth it for me.
Conclusions: apathy, hijackthis.exe, malwarebytes, backups, don't lose your OS install disc
Edited by Thurs - Tuesday, 02.10.2012, 01:39 |
| |
| |
| smjjames | Date: Tuesday, 02.10.2012, 01:41 | Message # 36 |
|
World Builder
Group: Users
United States
Messages: 913
Status: Offline
| Better safe than sorry, and the AntiSpyware would clean up tracking cookies and stuff that could slow down your computer.
Still, I agree with you, I have no clue how he got that virus. Maybe he got it through something else and the timing was coincidence.
Anyways, how about something that ChatZilla (Firefox plugin) can connect to?
Edited by smjjames - Tuesday, 02.10.2012, 01:44 |
| |
| |
| Kviki | Date: Tuesday, 02.10.2012, 03:10 | Message # 37 |
 Explorer
Group: SE team
Croatia
Messages: 289
Status: Offline
| I don't have an antivirus and even the microsoft firewall is forced off, yet I've never been infected by anything, I am antivirus-free for about ~4 years now. This just seems like bad luck for DoctorOfSpace.
The way I do it is:
Know what you're downloading
Know who you're downloading from
Visit URLs you trust
Never keep important files on a Windows-PC
(I've never used IRC and don't even know what it is! Might be time to check it out.)
Edit: The only time I've been infected is when I foolishly installed a program I needed, it intentionally contained spyware (the authors of the spyware are actually a company gathering data, and sponsored the program I've installed) and it even stated so in the Terms of use + offered a checkbox whether to include the SW or not. I simply clicked next next next and got infected! 
 
Edited by Kviki - Tuesday, 02.10.2012, 03:19 |
| |
| |
| Antza2 | Date: Tuesday, 02.10.2012, 07:26 | Message # 38 |
|
World Builder
Group: Global Moderators
Finland
Messages: 1049
Status: Offline
| Quote (Thurs) Oh yeah, it's trivial to embed a little IRC chatbox into a website.
I second
Go to antza2.deviantart.com for cool photos!
|
| |
| |
| DoctorOfSpace | Date: Tuesday, 02.10.2012, 12:04 | Message # 39 |
 Galaxy Architect
Group: Global Moderators
Pirate
Messages: 3600
Status: Offline
| Quote (smjjames) Maybe he got it through something else and the timing was coincidence.
It is possible but I was only on this site and then clicked connect. Had nothing downloading nor was I on any other webpage.
It is quite the mystery 
Edit:
Can't seem to get rid of the thing now. I deleted it yesterday and it came back today on its own. Started playing classical music.
Intel Core i7-5820K 4.2GHz 6-Core Processor
G.Skill Ripjaws V Series 32GB (4 x 8GB) DDR4-2400 Memory
EVGA GTX 980 Ti SC 6GB
Edited by DoctorOfSpace - Tuesday, 02.10.2012, 14:22 |
| |
| |
| Thurs | Date: Tuesday, 02.10.2012, 15:45 | Message # 40 |
|
Astronaut
Group: Users
United States
Messages: 49
Status: Offline
| @DoctorOfSpace
The virus you have can apparently be transmitted through network shares, do you have a home network with a few computers on it?
Quote Removal
1) Disable and delete all system restore points.
2) Open task manager > Click "Processes" tab > Check "Show processes from all users" at the bottom.
3) Look through the list of processes for "5c.exe". If found, click "End Process".
4) Look through the list for any processes with these names (NOTE: PLEASE MAKE SURE YOU DOUBLE CHECK THE NAMES LISTED!;
- lsasss.exe
- 50cent.exe
- nav32sp.exe
- prot.exe
- suge.exe
5) End any of those processes if they're found. Pay careful note to "lsasss.exe". It's has 3 letter "s" at the end, not 2.
6) Click the start button and search for any of the files listed above. If found, delete them.
7) Also Search for and delete "oi00r1z.dll".
8) Once done, type "regedit.exe" in the start menu run box and press return
9) Delete the following keys (key name is highlighted in bold, path name precedes it, do NOT delete the path itself);
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices > Windows Monitor Services
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run > Windows Monitor Services
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run > Windows Monitor Services
Again, SwiftIRC is one of the largest IRC providers, they were even embedded in the Runescape game for chat purposes....Weird that you got a virus. Good luck.
|
| |
| |
| DoctorOfSpace | Date: Tuesday, 02.10.2012, 16:06 | Message # 41 |
|
Galaxy Architect
Group: Global Moderators
Pirate
Messages: 3600
Status: Offline
| Quote (Thurs) The virus you have can apparently be transmitted through network shares, do you have a home network with a few computers on it?
Yeah I don't have any of those exe files running or any of those registry entries. I do know someone on my network is using an old Xp machine with no AV on it. I downloaded Avast again and now have 2 AV programs running but I am not finding anything after manually deleting it.
Quote (Thurs) Weird that you got a virus.
Quite weird and the date on the exe yesterday was from when I connected to the IRC. It may be a coincidence but can't find any other way I could've got infected. Hopefully Avast can detect it if it runs again.
Intel Core i7-5820K 4.2GHz 6-Core Processor
G.Skill Ripjaws V Series 32GB (4 x 8GB) DDR4-2400 Memory
EVGA GTX 980 Ti SC 6GB
|
| |
| |
| smjjames | Date: Tuesday, 02.10.2012, 16:12 | Message # 42 |
|
World Builder
Group: Users
United States
Messages: 913
Status: Offline
| Quote (DoctorOfSpace)
Yeah I don't have any of those exe files running or any of those registry entries. I do know someone on my network is using an old Xp machine with no AV on it. I downloaded Avast again and now have 2 AV programs running but I am not finding anything after manually deleting it.
Maybe check and see if any other computers on your network have rhat virus (if it's possible, it may not be a home network you're talking about here).?
|
| |
| |
| DoctorOfSpace | Date: Tuesday, 02.10.2012, 16:15 | Message # 43 |
|
Galaxy Architect
Group: Global Moderators
Pirate
Messages: 3600
Status: Offline
| Quote (smjjames) Maybe check and see if any other computers on your network have rhat virus (if it's possible, it may not be a home network you're talking about here).?
Already checked my laptop and the older machine. Neither of them are infected with this specific virus. I disabled sharing on my main PC and changed my network password but still I have a feeling the virus will pop back up tomorrow morning and play some other weird sounds. The sounds are like listening to someone broadcasting from a microphone.
Intel Core i7-5820K 4.2GHz 6-Core Processor
G.Skill Ripjaws V Series 32GB (4 x 8GB) DDR4-2400 Memory
EVGA GTX 980 Ti SC 6GB
|
| |
| |
| smjjames | Date: Tuesday, 02.10.2012, 16:24 | Message # 44 |
|
World Builder
Group: Users
United States
Messages: 913
Status: Offline
| You know, when I did a search for winmonitor the other day, I found a CNET download that looks like it could very well be the WinMonitor.exe and among other remote monitoring stuff, it taps into the computers microphone and listen in on it. I'm not going to link it because while the page itself is safe, I didn't click on the download link to see what the file was because I'm suspicious of it, plus there are links for various more popular monitoring programs (mainly keyloggers). I just don't want anybody to ignorantly click the download link over there.
I have no idea if CNET willingly allows viruses to be downloaded, but yeah, they do have keyloggers, so, download at your own risk.
|
| |
| |
| DoctorOfSpace | Date: Tuesday, 02.10.2012, 16:32 | Message # 45 |
|
Galaxy Architect
Group: Global Moderators
Pirate
Messages: 3600
Status: Offline
| Quote (smjjames) You know, when I did a search for winmonitor the other day, I found a CNET download that looks like it could very well be the WinMonitor.exe and among other remote monitoring stuff, it taps into the computers microphone and listen in on it. I'm not going to link it because while the page itself is safe, I didn't click on the download link to see what the file was because I'm suspicious of it, plus there are links for various more popular monitoring programs (mainly keyloggers). I just don't want anybody to ignorantly click the download link over there.
I have no idea if CNET willingly allows viruses to be downloaded, but yeah, they do have keyloggers, so, download at your own risk.
With this information I was able to locate a file in my system folder called Libs.exe. it was an archive that extracts to WinMonitor.exe and keeps trying to install it. Not even Avast detected this, I removed it but once again I doubt its over.
Intel Core i7-5820K 4.2GHz 6-Core Processor
G.Skill Ripjaws V Series 32GB (4 x 8GB) DDR4-2400 Memory
EVGA GTX 980 Ti SC 6GB
|
| |
| |
ENG
New site
United States 
Finland 
Croatia 
Pirate