1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Danger! Alert! Caution!

Discussion in 'UO Resources' started by Peppermace, Aug 24, 2009.

  1. Peppermace

    Peppermace Guest

    Hi people! I seem to have picked up a very scary bit of malware that you all should be aware is floating around the UO universe, because I got it on my computer thats used only for gaming on UO. I'm not sure where I picked it up exactly, it could have been through ICQ or an email. Here's the down low:
    _________________________________
    It's called this: 6to4v32.dll

    Here is a link describing it:
    http://www.pcthreat.com/parasitebyid-7893en.html
    _________________________________

    Stopzilla will identify it, but not remove it. You don't have to pay the fee, just use the scanner.

    http://www.stopzilla.com/products/stopzilla/home.do
    _________________________________

    Now some of you will respond "but STOPzilla said it was removed and my system is clean!!". Unfortunately that isn't the case. Virut spreads through every exe, scr, mp3, doc, dll, htm, ini, jpg, gif and pretty much every file on a computer. It’s polymorphic, which means it spreads faster than any antivirus can contain it. 99.99% of the time the only solution is a reformat and reinstall. It's so aggressive it even infects already infected files with itself.

    It also contains an IRC-based backdoor that provides unauthorized access to infected computers. That's bad. Once you get this, your computer will never be 100% secure again. In short. there is no solution for this other than a reformat.

    Be insanely paranoid about files you accept from other people, because they may have trojans like this without even knowing it and spread them to you.

    I hope I was a fluke and no one else meets up with this thing, but if you do find you have it, know that you could have lost financial information if you bank online or use paypal among the top worries and protect yourself if you think your system may have been compromised. Change all your passwords on a known clean computer that isnt networked to the infected computer.

    Good luck world, and stay SAFE!!
     
  2. I don't think this is the best way to advertize viruses and Trojans, and poorly written anti-virus programs like STOPzilla. (Get AVG or Kapersky instead.) There are thousands of these viruses and Trojans, and the one you mention doesn't even rank very high, but would fill this forum until there wasn't room for anything else if we were to post every one.
     
  3. UOKaiser

    UOKaiser Guest

    Stopzilla I havent tried or heard anything good about. But becareful of virus that disquise themselves as antivirus programs.Not saying Stopzilla is one of them I have no data on it.
     
  4. Jade of Sonoma

    Jade of Sonoma Babbling Loonie
    Stratics Veteran Stratics Legend

    Joined:
    Mar 18, 2004
    Messages:
    2,319
    Likes Received:
    166
    I am glad you caught that virus on your computer and dealt with it fast! It's also good you posted to let others know about the problem. There are always computer illiterate players who haven't yet learned about virus problems and how to protect their computers from such invasions.
    The solution lies in protecting your computer with a good program like Norton or McAfee Anti Virus which keeps upgrading automatically during the year, but those require renewing the subscription every year which is costly but worth having ... another expense many can't afford these days. So cheaper or free ways to keep computers protected is something for which one needs loads of reliable information!
    I inquired about this virus and learned from Queen Mum the following:

    The original maleware is TROJ DLOADER.XNI and is of a medium security threat

    well its been around for a while .... the trojan is known as Troj_WIMPIXO.BG which drops component files ... 6to4 and pcmstub .... it registers itself as a system service to ensure its automatic execution at every system startup ... pretty much it is received as an exe file related to an image file .... sooo as long as you have your protector programs up to date (anitvirus/malware programs) you should be fine ... aslo if your email is running scans for ya before opening an email .. you should be ok .... dont click on things ya dont need to.


     
  5. Skylark SP

    Skylark SP Available Storage: 0
    Stratics Veteran

    Joined:
    Jun 27, 2004
    Messages:
    10,746
    Likes Received:
    8
    Often these types of malware programs reveal themselves because their aggressive replication eats up system resources so severely the computer can't function. Some of these "hide" from the operating system pretty well but they can't hide the fact that 30 instances of whatever it is, even if hidden while running, brings the comp to a screeching halt, and you can see those resources are being tied up somewhere.

    I highly recommend disabling file sharing capability in ICQ, and any other chat program, if there is an option to do so. You can always turn it on if you really need someone to send you something, then turn it off again.

    Unless you use remote desktop, I also suggest turning your computer OFF when you are not going to be using it for long periods of time. With "always on" Internet connections, there is no reason to give someone a target when you are not actually using your computer. You can go a step further, particularly if you are the only user in the household, and have all your network devices connected to one UPS (battery backup) and simply switch off the UPS when you are done. No cable modem, router, or computer online then at all hours for someone's random port scanning pleasure.

    Your greatest line of defense, particularly in Windows systems, is keeping the operating system & anti-malware programs up to date. Setting the Windows Update feature to automatic is best for most users IMO. (You can set it to download automatically but prompt you before installing if you like the control but most users honestly don't know enough to make decisions...in spite of the Big Brother feel of letting Microsoft call the shots, in reality it is their OS and they know what security updates are indeed "critical" for you to have for the most part).

    As far as browser safety, most of the commercial anti malware packages have plug ins for "safe surfing". Nothing is 100% but these can help without being too severe an impact on browsing freedom. I was a fan of NoScript for Firefox until the latest version, after which I promptly uninstalled it from Firefox. IMO, they made it so crippling and now require so much decision making, they defeated the purpose. I prefer to use AdBlock Plus add on in conjunction with a locally configured HOSTS file on my PC that "black holes" known troublesome domains - they simply never resolve in your browser. MVPS.org maintains the host list and you can be put on email notification when they release a new list.

    http://www.mvps.org/winhelp2002/hosts.htm

    With nothing else used, the HOSTS file eliminates tons of ads and content frames fed from those types of nuisance sites - after it is in place you will see lots of empty frames in web pages with "can't display" and an X inside them.

    Being techie, I manually add sites I don't want to see to the list...keep in mind if you do that, you need to maintain your own personal list, and re-enter those sites after you replace it with updates from mvps.org.

    Nothing replaces "common sense" though when it comes to computer security.

    -Skylark
     
  6. Peppermace

    Peppermace Guest

    Thank you all for the advice and helpful comments.

    I would like to add that STOPZILLA was rated the third best antimalware program by the top ten, and it was the only program out of my array of seven that even saw it. If you don't like it, don't click it :p

    I also believe this information can be put to good use by the community here as this computer is only used for UO related activites, namely email and ICQ, and is not networked to my other machines, therefore, it was through one of these methods I received it. Now people know how to identify it and stop it.

    If anyone has advice on how I could have posted this better, information I may have left off etc, please tell me. I'm not accustomed to posting on this thread.