Railroaders place to shoot the shit.

Members Login
Username 
 
Password 
    Remember Me  
Burning Journal -> Daily Journal -> Pop up blocker, I can't believe this worked!
Post Info TOPIC: Pop up blocker, I can't believe this worked!
Pipes FC


Enemy of the State

Status: Offline
Posts: 3338
Date:
Pop up blocker, I can't believe this worked!
Permalink  
 

Fucking MegaUpload just infected me due to one of their random pop-ups!

I just got infected on my backup machine from those assholes.  My main machine was already protected, but the second one I don't surf with much, and it doesn't have the same levels of protection.

What happened: I hit several sites over the course of an hour, and something happened... something was working just slightly differently than before.  I quickly looked inside of the c:\windows\system32 directory (sorted by date, reverse order) and lo and behold there was a damned new DLL from just minutes earlier.  AVG didn't catch it.

I immediately disabled the network connection, then started to see what had gone on.  Based on the Firefox history (you have to sort by LAST VISITED to see it in true time order) and what was in the Firefox cache, it could ONLY have come from a download I'd done at MegaUpload.  First I got a Shockwave Flash file, then seconds later the infected DLL came in.  Double checking the cache again, the only SWF file (other than all of the crap from MegaUpload itself) came from x-playing.com/spl.swf.  After I'd already torched the rootkit and cleaned everything up, I download a fresh copy of that file direct from x-playing.com.  It exactly matches the Shockwave file in my cache that hit me seconds before the virus did, so that certainly was the trojan downloader.

Jotti's malware scan doesn't see anything wrong with the SWF file, but that's just because I'm the first one to track it down and report it.  I'll be submitting a full virus report to any of the vendors that will accept it.  Jotti DOES recognize the trojan (Vundo.H and a bunch of other names), and the trojan pulled the standard trick of making multiple copies of itself with different names and changing the file contents so a CRC check fails.



Eventually, all of the vendors will catch this piece of shit AND it's SWF loader, but

IN THE MEANTIME, if you EVER use MegaUpload for downloading, DO THE FOLLOWING:

There's a Windows file just called 'hosts' (no extension) that you can use to utterly block access to any domain.  It's located in either:
C:\Windows\system32\drivers\etc\hosts
or
C:\Winnt\system32\drivers\etc\hosts

Open it up with Wordpad or another pure text editor.  You'll see something that begins like this:

Code:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

Immediately after that last line, add this:
Code:
127.0.0.1  x-playing.com

Make sure there are 2 or more spaces between the 127.0.0.1  and the domain you want to block (x-playing.com in this case)

What did I just do?  HOSTS is an old file that tells Windows where certain host names are located in the Internet.  When Windows goes to resolve a host/domain name, it first checks to see if it already knows about it in the HOSTS file.  If it does, it goes to the associated address.  127.0.0.1 is called a LOOPBACK address... it means "don't go anywhere".

I already had that line included in the HOSTS file on my main machine, 'cos I hate the stinkin' pop-ups that some of the cheezy file sharing services use.  I block the content for every damned one I come across.  If you want the same level of CRAP PROTECTION, add ALL of these to your HOSTS file:

Code:
127.0.0.1       syndication.exoclick.com
127.0.0.1       www.adtology3.com
127.0.0.1       pagead2.googlesyndication.com
127.0.0.1       landing.etology.com
127.0.0.1       adultfriendfinder.com
127.0.0.1       passion.com
127.0.0.1       www.google-analytics.com
127.0.0.1       www.sponsorads.de
127.0.0.1       login.tracking101.com
127.0.0.1       www.cams.com
127.0.0.1       www.megavideo.com
127.0.0.1       www.sexmission.us
127.0.0.1       iscoolmovies.com
127.0.0.1       bin-layer.de
127.0.0.1       www.usenext.de
127.0.0.1       www.flirt-fever.de
127.0.0.1       www.myfreecams.com
127.0.0.1       adson.awempire.com
127.0.0.1       www.sedoparking.com
127.0.0.1       www.livejasmin.com
127.0.0.1       getmyvideonow.com
127.0.0.1       www.besthqmovies.com
127.0.0.1       cams.com
127.0.0.1       www.mit-iqexam.com
127.0.0.1       us.myfuntext.com
127.0.0.1       www.free-hd-divx.com
127.0.0.1       www.fulltiltpoker.com
127.0.0.1       x-playing.com
127.0.0.1       www.marketgid.com
127.0.0.1       www.desktopsmiley.com
127.0.0.1       showing.com

EDIT: here's a couple of other ad sites that hit within seconds of the one that downloaded the SWF loader.  Add these into your HOSTS file as well, as they may be involved in the infection:

Code:
127.0.0.1  s.megaclick.com
127.0.0.1  magistrare.com

You can add as many as you want, but when you get over about a thousand entries, Windows *might* slow down a little.  If you get over ten thousand entries, ALL accesses to the Internet will slow down.  Keep it short, and only block the really crap sites with the HOSTS file.

Lemme know if you have trouble.  Oh, and ONLY open the HOSTS file with Notepad, Wordpad or another file that WILL NOT ADD any strange document formatting.  MS Word frequently tries to be 'helpful' and will save a pure text file in Word DOC format, and that will thoroughly fuck up your HOSTS file.


If you've already been hit by this one, Malwarebytes Anti-Malware (a free download) will clean it up properly.
http://www.malwarebytes.org/mbam.php
scroll all the way down to get the latest updates file, or use this link:
http://www.gt500.org/malwarebytes/database.jsp
 


-- Edited by Pipes FC on Tuesday 3rd of January 2012 06:56:29 PM

__________________

 DJ will never be the Republicunt nominee. Permalynx this. Snippy 2/2/2016

 
Snippy


Force Majeure

Status: Offline
Posts: 13401
Date:
Permalink  
 

Welcome to Ravishment University
avatar?id=1466889&m=76&t=1325602509
ruth5c.jpg

A forum for the ADULT discussion of fantasies concerning forced sex, rape fantasy, forced sex role play (FSRP), and non-consensual sex, also includes rape fantasy stories, rape role play and more. If you find this offensive, or you are not of legal age to participate in these discussions (typically 18 years or older), please do not enter. 

Please note that there is a big difference between rape fantasies, and real rape. In a fantasy, you can decide what occurs, and no one is actually hurt. We wish to provide a forum where you can explore your fantasies in a welcoming and safe environment that is healthy for all involved. Both men and women have rape fantasies, but they're only fantasies. No one should EVER be raped for real. Anyone that does not agree with this is not welcome. 

This site does not endorse rape, violence against women or blackmail in any way and all information herein is supplied for educational and entertainment purposes only. We understand the difference between fantasy and reality, and understand that rape is an abhorrent crime.



-- Edited by Snippy on Tuesday 3rd of January 2012 07:06:22 PM

__________________

Never Going Back!
FMB


Board Modification Mediator

Status: Offline
Posts: 3402
Date:
Permalink  
 

Nero has a very nasty avatar.... why is he attempting to check that woman's prostrate....?



__________________

 Karma, I have a list of people you missed. 
Pipes FC


Enemy of the State

Status: Offline
Posts: 3338
Date:
Permalink  
 

We'll crap, I never even looked to see what the site was. Time to edit the original post.


__________________

 DJ will never be the Republicunt nominee. Permalynx this. Snippy 2/2/2016

 
Pipes FC


Enemy of the State

Status: Offline
Posts: 3338
Date:
Permalink  
 

You can thank google for that.

__________________

 DJ will never be the Republicunt nominee. Permalynx this. Snippy 2/2/2016

 
Uke


Cured

Status: Offline
Posts: 12540
Date:
Permalink  
 

Time ta Gag that Tin Woodsman!

__________________

Hmm. That address doesnt look right.
It looks like the link pointing here was faulty.

Gah. Your tab just crashed.
Snippy


Force Majeure

Status: Offline
Posts: 13401
Date:
Permalink  
 

Zeb Atlas wrote:

Gag that Uke!

 Uke wrote:

ruth5c.jpg



__________________

Never Going Back!
FMB


Board Modification Mediator

Status: Offline
Posts: 3402
Date:
Permalink  
 

Pipes FC wrote:

You can thank google for that.

 Google was reading Pipe's mind and giving him what he was thinking about.... winkconfusewink



__________________

 Karma, I have a list of people you missed. 
Pipes FC


Enemy of the State

Status: Offline
Posts: 3338
Date:
Permalink  
 

Not really, more than once a soccer search has led me to that Stormfront forum. I was like WTF!! is this shit!!!



-- Edited by Pipes FC on Tuesday 3rd of January 2012 07:18:17 PM

__________________

 DJ will never be the Republicunt nominee. Permalynx this. Snippy 2/2/2016

 
The Krink


The Forum Celestial Advisor

Status: Offline
Posts: 7774
Date:
Permalink  
 

I stay away from google entirely...within my own control.
Many of the search engines have merged with google over
the years. It's a good thing I accumulated the knowledge
I needed over the net as it was. Today your on-line effort
to find out things is recorded many-times over. It would
be neat to just be able to find out things on your own without
someone keeping track.



__________________

If you are in a horror movie, you make bad decisions, its what you do.
Uke


Cured

Status: Offline
Posts: 12540
Date:
Permalink  
 

Perusing porn. That's exactly what you were doing Pipes, admit it! You don't just want the missus ta find out...

Krink has a couple programs ta rid yer computer of all traces. Just say "Please help me Krink," and he will... Yep!

__________________

Hmm. That address doesnt look right.
It looks like the link pointing here was faulty.

Gah. Your tab just crashed.
The Krink


The Forum Celestial Advisor

Status: Offline
Posts: 7774
Date:
Permalink  
 

A very common virus in these parts is the one that wants to scan your hard drive
for issues disguised as a window program. Tube8 will hit you with this one occasionally.
There is no way to close down the "infiltration" unless you can shut down your CPU.
I just hit the power off button and re-boot. Use the Crap Cleaner to clean out the
debris. So far it's worked for me. I don't think once you land this virus that it can't be
cleaned out. I've done so many times and my cures have worked. It's just a very
prevelent virus that's just out there waiting for you. Don't have to screw-up to get it.
My Windows XP has a setting to prevent "pop-ups" or to notify of one. That's where
I'd start.

__________________

If you are in a horror movie, you make bad decisions, its what you do.
Uke


Cured

Status: Offline
Posts: 12540
Date:
Permalink  
 

Doesn't anybody edit the crap that rolls inta the BurningJournaldotcom desk these days? That's the big problem! Nobody reads!

Idaho spud truck rolls on side, mashing potatoes
From Associated Press
January 03, 2012 4:47 PM EST

IDAHO FALLS, Idaho (AP) A spud-hauling truck has rolled onto its side in Idaho, dropping its cargo like a hot potato.

The Idaho State Police says the truck driven by 23-year-old Newman Giles of Rigby crashed Tuesday in Idaho Falls, spilling the potatoes across two Interstate 15 exit ramps. It was hauling a 48-foot farm-bed trailer with the spuds at the time.

A spokesman at Eagle Farms says the potatoes were being brought to a plant when the trailer's tires caught the edge of the road, causing the truck to tip on its side in slow motion.

The state police say Giles and a passenger were wearing seat belts and were not injured.

__________________________________________________________________

Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


__________________

Hmm. That address doesnt look right.
It looks like the link pointing here was faulty.

Gah. Your tab just crashed.
Freddie Krueger


Unstable & Irrational

Status: Offline
Posts: 4835
Date:
Permalink  
 

Snippy doesn't eat potatoes, they have eyes.

__________________

I started ophph with nuthin, and I can safely say I have most of it left....
<img
Uke


Cured

Status: Offline
Posts: 12540
Date:
Permalink  
 

Oh yeah. Forgot that part...

__________________

Hmm. That address doesnt look right.
It looks like the link pointing here was faulty.

Gah. Your tab just crashed.
1 2  >  Last»  | Page of 2  sorted by
 
Quick Reply

Please log in to post quick replies.
Burning Journal -> Daily Journal -> Pop up blocker, I can't believe this worked!
Chatbox
Please log in to join the chat!