| View previous topic :: View next topic |
| Author |
Message |
Cal Hurst
Atlantic Legend
Joined: 29 Dec 2003
Posts: 8025
Location: Massachusetts
|
 Posted: Tue Apr 03, 2007 9:18 pm Post subject: Do NOT visit www.uo-x.com |
 |
I've read in many places that it has trojans there. It appears to advertise Kingdom Reborn, but then it asks you to download something called UOviewer.exe. It is a keylogger. They -will- steal your UO accounts, and more importantly, anything else you wish to keep safe on your computer.
_________________
 |
|
| Back to top |
|
 |
Toren Smythe
Seasoned Veteran
Joined: 20 Dec 2006
Posts: 478
|
| Posted: Tue Apr 03, 2007 11:05 pm Post subject: |
|
Thanks for the info man. I'll be sure to steer clear.
_________________
 |
|
| Back to top |
|
|
Keyes
Journeyman
Joined: 14 Jan 2007
Posts: 240
Location: Canada, Eh
|
| Posted: Wed Apr 04, 2007 12:52 am Post subject: |
|
I honestly thought that was common knowledge... That sites been around for a couple months now hasnt it?
_________________
- Fear. Pain. Hatred. Power. This is the art of Ruin - Ruin, Lamb of God. |
|
| Back to top |
|
|
Halister Marner
Site Programmer
Joined: 05 Oct 2006
Posts: 2225
|
| Posted: Wed Apr 04, 2007 1:02 am Post subject: |
|
| Quote: | Domain Name: UO-X.COM
Registrant:
na
Milla H (uo-x@hushmail.com)
Brunnenweg 22
Braunschweig
Nordrhein-Westfalen,234234
DE
Tel. +1.01701834738
Creation Date: 18-Mar-2007
Expiration Date: 18-Mar-2008 |
It's been around for about 2 weeks, most likely active for less then a week.
_________________
"There are those who dream to escape reality, and there are those who dream to change it." |
|
| Back to top |
|
|
Keyes
Journeyman
Joined: 14 Jan 2007
Posts: 240
Location: Canada, Eh
|
| Posted: Wed Apr 04, 2007 1:16 am Post subject: |
|
Maybe Im thinkin of a diff website then...
_________________
- Fear. Pain. Hatred. Power. This is the art of Ruin - Ruin, Lamb of God. |
|
| Back to top |
|
|
Mave Gerhart
Lore Keeper
Joined: 06 Jan 2004
Posts: 796
Location: Mercenary Keep - Dark Cove, Fel
|
| Posted: Wed Apr 04, 2007 8:05 am Post subject: |
|
Just for informations sake, I was sent a link to that site on ICQ by someone named "goodboy" #119-155-695. I didn't go to it because I am rediculously suspicious about ICQs but just a heads up, don't accept any ICQs from this number.
_________________
Honor is the sword I wield...
"If you have to explain why it makes RP sense, then odds are it doesn't" -Leshok (or his DM)
[01:48] Deathwisp: well I always rub the fuzzy part before I pull it off
[01:48] Mave: ...what?
[01:49] Deathwisp: you know, the fuzzy... nvm |
|
| Back to top |
|
|
Halister Marner
Site Programmer
Joined: 05 Oct 2006
Posts: 2225
|
| Posted: Wed Apr 04, 2007 1:35 pm Post subject: |
|
I haven't had time to monitor the viruses install process due to work, luckily someone on Stratics has already done that.
| Quote: | After observing the file's behaviour, it seems to be embedding malware on to systems using the "ICQ" name as cover. It's also reading from address books. It is notably storing files at the following locations:
C:\WINDOWS\icqy.exe
C:\WINDOWS\ver.txt
This then makes the following registry change for autorun:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ "ICQ" = (C:\WINDOWS\icqy.exe)
icqy.exe should be removed immediately should you have clicked and executed this file. |
I was also informed of a presence of "u.exe" and "uviewer.exe" in the main C:\ directory by someone who was infected, which may or may not be unrelated.
_________________
"There are those who dream to escape reality, and there are those who dream to change it." |
|
| Back to top |
|
|
Halister Marner
Site Programmer
Joined: 05 Oct 2006
Posts: 2225
|
| Posted: Wed Apr 04, 2007 5:27 pm Post subject: |
|
Stratics now has details posted on it's removal for anyone who needs to check their computers.
The post is here.
The virus has been added to the bases for KAV, their online scanner is located here.
_________________
"There are those who dream to escape reality, and there are those who dream to change it." |
|
| Back to top |
|
|
Ceinwyn ab'Arawn
Transcendent Spammer
Joined: 13 Dec 2004
Posts: 5017
|
| Posted: Thu Apr 05, 2007 8:22 am Post subject: |
|
This old Ebayer is sending that uo-x link around too.. sent me twice in 2 minutes.
name of Vrer icq 224-017-527 |
|
| Back to top |
|
|
Molly
Moderator
Joined: 29 Dec 2003
Posts: 3627
Location: The ARPC Boards or Sanctus, Luna, Malas (VA USA)
|
| Posted: Thu Apr 05, 2007 10:59 am Post subject: |
|
I recieved it from someone I trusted and went to the link. Because I have a very strong fear of viruses I have many stops in my system. I feared ever so that it passed by my security so I spent the last 48 hours checking and rechecking and didn't find anything. I have not turned on my icq since the atempt.
If you recieve an icq from me with a link other than the Atlantic board links (which won't happen unless it is for a halmark card or ecard of some sort) please icq me first before going to it.
Thanks.
_________________
Grand Duchess Molly Kaldhel
Oracle of Truth
The House Gauntlet
Sanctus, Luna, Malas
https://www.youtube.com/watch?v=xXoGDbJ5nLU
_______________________
"In politics, if you want anything said, ask a man. If you want anything done, ask a woman."
-Margaret Thatcher- |
|
| Back to top |
|
|
|
FAQ
Search
Calendar
Links
Wiki
Register
Usergroups
RSS Feed
Portal
Profile
