Fucking MegaUpload just infected me due to one of their random pop-ups!
I just got infected on my backup machine from those assholes. My main machine was already protected, but the second one I don't surf with much, and it doesn't have the same levels of protection.
What happened: I hit several sites over the course of an hour, and something happened... something was working just slightly differently than before. I quickly looked inside of the c:\windows\system32 directory (sorted by date, reverse order) and lo and behold there was a damned new DLL from just minutes earlier. AVG didn't catch it.
I immediately disabled the network connection, then started to see what had gone on. Based on the Firefox history (you have to sort by LAST VISITED to see it in true time order) and what was in the Firefox cache, it could ONLY have come from a download I'd done at MegaUpload. First I got a Shockwave Flash file, then seconds later the infected DLL came in. Double checking the cache again, the only SWF file (other than all of the crap from MegaUpload itself) came from x-playing.com/spl.swf. After I'd already torched the rootkit and cleaned everything up, I download a fresh copy of that file direct from x-playing.com. It exactly matches the Shockwave file in my cache that hit me seconds before the virus did, so that certainly was the trojan downloader.
Jotti's malware scan doesn't see anything wrong with the SWF file, but that's just because I'm the first one to track it down and report it. I'll be submitting a full virus report to any of the vendors that will accept it. Jotti DOES recognize the trojan (Vundo.H and a bunch of other names), and the trojan pulled the standard trick of making multiple copies of itself with different names and changing the file contents so a CRC check fails.
Eventually, all of the vendors will catch this piece of shit AND it's SWF loader, but
IN THE MEANTIME, if you EVER use MegaUpload for downloading, DO THE FOLLOWING:
There's a Windows file just called 'hosts' (no extension) that you can use to utterly block access to any domain. It's located in either: C:\Windows\system32\drivers\etc\hosts or C:\Winnt\system32\drivers\etc\hosts
Open it up with Wordpad or another pure text editor. You'll see something that begins like this:
Code:
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Immediately after that last line, add this:
Code:
127.0.0.1 x-playing.com
Make sure there are 2 or more spaces between the 127.0.0.1 and the domain you want to block (x-playing.com in this case)
What did I just do? HOSTS is an old file that tells Windows where certain host names are located in the Internet. When Windows goes to resolve a host/domain name, it first checks to see if it already knows about it in the HOSTS file. If it does, it goes to the associated address. 127.0.0.1 is called a LOOPBACK address... it means "don't go anywhere".
I already had that line included in the HOSTS file on my main machine, 'cos I hate the stinkin' pop-ups that some of the cheezy file sharing services use. I block the content for every damned one I come across. If you want the same level of CRAP PROTECTION, add ALL of these to your HOSTS file:
EDIT: here's a couple of other ad sites that hit within seconds of the one that downloaded the SWF loader. Add these into your HOSTS file as well, as they may be involved in the infection:
You can add as many as you want, but when you get over about a thousand entries, Windows *might* slow down a little. If you get over ten thousand entries, ALL accesses to the Internet will slow down. Keep it short, and only block the really crap sites with the HOSTS file.
Lemme know if you have trouble. Oh, and ONLY open the HOSTS file with Notepad, Wordpad or another file that WILL NOT ADD any strange document formatting. MS Word frequently tries to be 'helpful' and will save a pure text file in Word DOC format, and that will thoroughly fuck up your HOSTS file.
-- Edited by Pipes FC on Tuesday 3rd of January 2012 06:56:29 PM
Snippy said
6:51 PM, 01/03/12
Welcome to Ravishment University
A forum for the ADULT discussion of fantasies concerning forced sex, rape fantasy, forced sex role play (FSRP), and non-consensual sex, also includes rape fantasy stories, rape role play and more. If you find this offensive, or you are not of legal age to participate in these discussions (typically 18 years or older), please do not enter.
Please note that there is a big difference between rape fantasies, and real rape. In a fantasy, you can decide what occurs, and no one is actually hurt. We wish to provide a forum where you can explore your fantasies in a welcoming and safe environment that is healthy for all involved. Both men and women have rape fantasies, but they're only fantasies. No one should EVER be raped for real. Anyone that does not agree with this is not welcome.
This site does not endorse rape, violence against women or blackmail in any way and all information herein is supplied for educational and entertainment purposes only. We understand the difference between fantasy and reality, and understand that rape is an abhorrent crime.
-- Edited by Snippy on Tuesday 3rd of January 2012 07:06:22 PM
FMB said
6:51 PM, 01/03/12
Nero has a very nasty avatar.... why is he attempting to check that woman's prostrate....?
Pipes FC said
6:53 PM, 01/03/12
We'll crap, I never even looked to see what the site was. Time to edit the original post.
Pipes FC said
6:53 PM, 01/03/12
You can thank google for that.
Uke said
6:56 PM, 01/03/12
Time ta Gag that Tin Woodsman!
Snippy said
7:08 PM, 01/03/12
Zeb Atlas wrote:
Gag that Uke!
Uke wrote:
FMB said
7:13 PM, 01/03/12
Pipes FC wrote:
You can thank google for that.
Google was reading Pipe's mind and giving him what he was thinking about....
Pipes FC said
7:17 PM, 01/03/12
Not really, more than once a soccer search has led me to that Stormfront forum. I was like WTF!! is this shit!!!
-- Edited by Pipes FC on Tuesday 3rd of January 2012 07:18:17 PM
The Krink said
1:59 AM, 01/04/12
I stay away from google entirely...within my own control. Many of the search engines have merged with google over the years. It's a good thing I accumulated the knowledge I needed over the net as it was. Today your on-line effort to find out things is recorded many-times over. It would be neat to just be able to find out things on your own without someone keeping track.
Uke said
2:05 AM, 01/04/12
Perusing porn. That's exactly what you were doing Pipes, admit it! You don't just want the missus ta find out...
Krink has a couple programs ta rid yer computer of all traces. Just say "Please help me Krink," and he will... Yep!
The Krink said
2:26 AM, 01/04/12
A very common virus in these parts is the one that wants to scan your hard drive for issues disguised as a window program. Tube8 will hit you with this one occasionally. There is no way to close down the "infiltration" unless you can shut down your CPU. I just hit the power off button and re-boot. Use the Crap Cleaner to clean out the debris. So far it's worked for me. I don't think once you land this virus that it can't be cleaned out. I've done so many times and my cures have worked. It's just a very prevelent virus that's just out there waiting for you. Don't have to screw-up to get it. My Windows XP has a setting to prevent "pop-ups" or to notify of one. That's where I'd start.
Uke said
11:44 AM, 01/04/12
Doesn't anybody edit the crap that rolls inta the BurningJournaldotcom desk these days? That's the big problem! Nobody reads!
Idaho spud truck rolls on side, mashing potatoes
From Associated Press
January 03, 2012 4:47 PM EST
IDAHO FALLS, Idaho (AP) A spud-hauling truck has rolled onto its side in Idaho, dropping its cargo like a hot potato.
The Idaho State Police says the truck driven by 23-year-old Newman Giles of Rigby crashed Tuesday in Idaho Falls, spilling the potatoes across two Interstate 15 exit ramps. It was hauling a 48-foot farm-bed trailer with the spuds at the time.
A spokesman at Eagle Farms says the potatoes were being brought to a plant when the trailer's tires caught the edge of the road, causing the truck to tip on its side in slow motion.
The state police say Giles and a passenger were wearing seat belts and were not injured.
Fucking MegaUpload just infected me due to one of their random pop-ups!
I just got infected on my backup machine from those assholes. My main machine was already protected, but the second one I don't surf with much, and it doesn't have the same levels of protection.
What happened: I hit several sites over the course of an hour, and something happened... something was working just slightly differently than before. I quickly looked inside of the c:\windows\system32 directory (sorted by date, reverse order) and lo and behold there was a damned new DLL from just minutes earlier. AVG didn't catch it.
I immediately disabled the network connection, then started to see what had gone on. Based on the Firefox history (you have to sort by LAST VISITED to see it in true time order) and what was in the Firefox cache, it could ONLY have come from a download I'd done at MegaUpload. First I got a Shockwave Flash file, then seconds later the infected DLL came in. Double checking the cache again, the only SWF file (other than all of the crap from MegaUpload itself) came from x-playing.com/spl.swf. After I'd already torched the rootkit and cleaned everything up, I download a fresh copy of that file direct from x-playing.com. It exactly matches the Shockwave file in my cache that hit me seconds before the virus did, so that certainly was the trojan downloader.
Jotti's malware scan doesn't see anything wrong with the SWF file, but that's just because I'm the first one to track it down and report it. I'll be submitting a full virus report to any of the vendors that will accept it. Jotti DOES recognize the trojan (Vundo.H and a bunch of other names), and the trojan pulled the standard trick of making multiple copies of itself with different names and changing the file contents so a CRC check fails.
Eventually, all of the vendors will catch this piece of shit AND it's SWF loader, but
IN THE MEANTIME, if you EVER use MegaUpload for downloading, DO THE FOLLOWING:
There's a Windows file just called 'hosts' (no extension) that you can use to utterly block access to any domain. It's located in either:
C:\Windows\system32\drivers\etc\hosts
or
C:\Winnt\system32\drivers\etc\hosts
Open it up with Wordpad or another pure text editor. You'll see something that begins like this:
Make sure there are 2 or more spaces between the 127.0.0.1 and the domain you want to block (x-playing.com in this case)
What did I just do? HOSTS is an old file that tells Windows where certain host names are located in the Internet. When Windows goes to resolve a host/domain name, it first checks to see if it already knows about it in the HOSTS file. If it does, it goes to the associated address. 127.0.0.1 is called a LOOPBACK address... it means "don't go anywhere".
I already had that line included in the HOSTS file on my main machine, 'cos I hate the stinkin' pop-ups that some of the cheezy file sharing services use. I block the content for every damned one I come across. If you want the same level of CRAP PROTECTION, add ALL of these to your HOSTS file:
EDIT: here's a couple of other ad sites that hit within seconds of the one that downloaded the SWF loader. Add these into your HOSTS file as well, as they may be involved in the infection:
You can add as many as you want, but when you get over about a thousand entries, Windows *might* slow down a little. If you get over ten thousand entries, ALL accesses to the Internet will slow down. Keep it short, and only block the really crap sites with the HOSTS file.
Lemme know if you have trouble. Oh, and ONLY open the HOSTS file with Notepad, Wordpad or another file that WILL NOT ADD any strange document formatting. MS Word frequently tries to be 'helpful' and will save a pure text file in Word DOC format, and that will thoroughly fuck up your HOSTS file.
If you've already been hit by this one, Malwarebytes Anti-Malware (a free download) will clean it up properly.
http://www.malwarebytes.org/mbam.php
scroll all the way down to get the latest updates file, or use this link:
http://www.gt500.org/malwarebytes/database.jsp
-- Edited by Pipes FC on Tuesday 3rd of January 2012 06:56:29 PM
A forum for the ADULT discussion of fantasies concerning forced sex, rape fantasy, forced sex role play (FSRP), and non-consensual sex, also includes rape fantasy stories, rape role play and more. If you find this offensive, or you are not of legal age to participate in these discussions (typically 18 years or older), please do not enter.
Please note that there is a big difference between rape fantasies, and real rape. In a fantasy, you can decide what occurs, and no one is actually hurt. We wish to provide a forum where you can explore your fantasies in a welcoming and safe environment that is healthy for all involved. Both men and women have rape fantasies, but they're only fantasies. No one should EVER be raped for real. Anyone that does not agree with this is not welcome.
This site does not endorse rape, violence against women or blackmail in any way and all information herein is supplied for educational and entertainment purposes only. We understand the difference between fantasy and reality, and understand that rape is an abhorrent crime.
-- Edited by Snippy on Tuesday 3rd of January 2012 07:06:22 PM
Nero has a very nasty avatar.... why is he attempting to check that woman's prostrate....?
Uke wrote:
Google was reading Pipe's mind and giving him what he was thinking about....
Not really, more than once a soccer search has led me to that Stormfront forum. I was like WTF!! is this shit!!!
-- Edited by Pipes FC on Tuesday 3rd of January 2012 07:18:17 PM
Many of the search engines have merged with google over
the years. It's a good thing I accumulated the knowledge
I needed over the net as it was. Today your on-line effort
to find out things is recorded many-times over. It would
be neat to just be able to find out things on your own without
someone keeping track.
Krink has a couple programs ta rid yer computer of all traces. Just say "Please help me Krink," and he will... Yep!
for issues disguised as a window program. Tube8 will hit you with this one occasionally.
There is no way to close down the "infiltration" unless you can shut down your CPU.
I just hit the power off button and re-boot. Use the Crap Cleaner to clean out the
debris. So far it's worked for me. I don't think once you land this virus that it can't be
cleaned out. I've done so many times and my cures have worked. It's just a very
prevelent virus that's just out there waiting for you. Don't have to screw-up to get it.
My Windows XP has a setting to prevent "pop-ups" or to notify of one. That's where
I'd start.
Doesn't anybody edit the crap that rolls inta the BurningJournaldotcom desk these days? That's the big problem! Nobody reads!
IDAHO FALLS, Idaho (AP) A spud-hauling truck has rolled onto its side in Idaho, dropping its cargo like a hot potato.
The Idaho State Police says the truck driven by 23-year-old Newman Giles of Rigby crashed Tuesday in Idaho Falls, spilling the potatoes across two Interstate 15 exit ramps. It was hauling a 48-foot farm-bed trailer with the spuds at the time.
A spokesman at Eagle Farms says the potatoes were being brought to a plant when the trailer's tires caught the edge of the road, causing the truck to tip on its side in slow motion.
The state police say Giles and a passenger were wearing seat belts and were not injured.
__________________________________________________________________