1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Password stealer??

Discussion in 'UO Napa Valley' started by Jonny boy mccoy, Jan 6, 2010.

  1. Jonny boy mccoy

    Jonny boy mccoy Adventurer
    Stratics Veteran Stratics Legend

    Joined:
    Aug 7, 2006
    Messages:
    60
    Likes Received:
    0
    So i was doing my Virus scan this morning. and Found out this in the image So Im gussing now uo Is stealing accounts now maby???
     

    Attached Files:

  2. OxAO

    OxAO Guest

    uosasetup_105.exe is the enhanced client download.

    your virus scan didn't recognize the exe script file most likely.
     
  3. Jonny boy mccoy

    Jonny boy mccoy Adventurer
    Stratics Veteran Stratics Legend

    Joined:
    Aug 7, 2006
    Messages:
    60
    Likes Received:
    0
    it dose ive had it for a week now the viruses just showed up after the update for my viruses program
     
  4. Jonny boy mccoy

    Jonny boy mccoy Adventurer
    Stratics Veteran Stratics Legend

    Joined:
    Aug 7, 2006
    Messages:
    60
    Likes Received:
    0
    After looking up w32/pws.bpiz on Google didn't find anything so i looked up the first part w32/pws and found this This family of Trojan horses is capable of stealing various passwords. Trojans have a program "configurer" (configuration component) that allows malefactors controlling these viruses to adjust server components as they desire. All trojans work the same way . So with that in mind why is uo using that worm to install uosa client? and some FYI i went to the site downloaded the file again and ran a scan before installing it showed up again.
     
  5. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    UOSASetup_105.exe is NOT the client, but the setup utility to get the client from Mythic server.

    I just downloaded it about 5 minutes ago to my pc here in the office. We use the geekiest-most-expensive-enterprise-virus-and-security software/server/service on the planet... Sophos.

    Scanning the above mentioned file and it comes up clean.


    to the OP -

    You may have that trojan hidden somewhere else on your computer and it attached to the downloaded file. questions I would have (being an admin & tech):
    1 - what browser did you use
    2 - are you on a wireless LAN
    3 - what virus software are you using

    The file itself is contaminated with an infection, not that the file is the infection. I seriously and highly doubt any business would want to steal its user's passwords.


    I strongly suggest that you unplug from the internets, go into safe mode, and once again run your viral check but on a deep level and not a "quick" scan. Any virus software worth its salt (yes, even the freebie AVG) has a low level scan method. But you have to do it OFFLINE - I've seen nasties morph and change all within minutes after a scan starts and it gets its instruction via the connection.


    *edit*
    And here is what Sophos has to say about the infection:
    http://www.sophos.com/search/search...te_search&submit.x=0&submit.y=0&action=search

    You may find that infection in other things... icq files, msoutlook files and possibly mssql files (if you use those programs).

    Of note, there are instructions for removing the trojan on the Sophos site as well... but if you are not failiar with editing your HKregistry, you will have issues.... so enlist the help of a neighborhood geek and make sure you have a good supply of Mt. Dew.
     
  6. Jonny boy mccoy

    Jonny boy mccoy Adventurer
    Stratics Veteran Stratics Legend

    Joined:
    Aug 7, 2006
    Messages:
    60
    Likes Received:
    0
    1 - what browser did you use . google is what i am using
    2 - are you on a wireless LAN .nope not wireless
    3 - what virus software are you using black ice with iolo system shield
    ive tried the removal allrdy but yet its not the right one for the virus i had got??
     
  7. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    sorry - long post.... much to read....


    Browser: google (you mean Chrome?)

    We've banned Chrome in our facilities for there are still too many security issues with the software. I'm a stringent Google supporter, but here at work, and for the rest of my standard browsing, I use Firefox or Opera. Therein may be your initial problem. I have an isolated testing environment for our web application with chrome, and have issues.... just FYI on that.



    LAN - good, you are hardwired so that eliminates other issues with "roaming" viruses & infections from unsecured WANs. Advise your admin (if you have one) that there is a security issue and they need to updated their firewall configurations. If you are on a home-based LAN then you should make sure your firewall software is up-to-date as well as any other necessary security updates for windows. From what I've (quickly) read over, Iolo is NOT firewall software, it is a PC optimization toolkit. The Iolo software (specifically the Mechanic stuff) has had a slew of problems and they just cannot seem to get things working right anymore.


    Blackice security -
    You do realize Blackice has been discontinued by IBM and the last update to the virus file was in September 2008?? (http://www.pcmag.com/article2/0,2817,2167544,00.asp). also look at the cnet download page for it - the second comment.... (http://download.cnet.com/BlackICE-PC-Protection/3000-2092_4-10040175.html) :
    You may THINK you are being protected... but is time for you to start looking for another solution dude. Sophos has been protecting against that particular trojan since Dec. 2008... you've probably had this one for a very long time - but didn't even know it. :(

    *edit*
    And even the saveblackice.com pushes people to switch to their own SPF software... just so you know, you are using "dead" software...




    Don't worry, you don't need to hose your system (I hope!)... but I STRONGLY advise that you get something new with up-to-date definitions and then run a low-level scan check in safe mode disconnected from the internet. You may be down for a couple of days.... depending on how infected your system is with other stuff. If you system is bad, you may even have issues with downloading and installing a new piece of virus software...



    I pay for my virus stuff, but then I'm a developer and need the high levels of security that comes with guarantees. If you are just a home gamer, AVG's free software is good (is version 9.5 now?) and the avast! (is really called that) software is also nice and free. BUT UNINSTALL ANY OTHER VIRUS SOFTWARE FIRST! If you go and get avast! and install it over the Blackice you will have problems. You should only have 1 virus proggie and 1 firewall proggie.

    On a personal note, I do not like McAffee (Norton) software... too intrusive and very hard to remove if you want to switch.

    You can also hit up tech forums for info and help (http://forums.majorgeeks.com/forumdisplay.php?f=20 is a VERY good place to start) - but anything free means your help comes from volunteers... and at their leisure, not so much yours.


    Without seeing your system, I'd say if this is the FIRST you've experienced this particular worm, then you are kinda "safe". I'd start using another (proven) browser though for stuff... and hopefully you don't use Outlook for your email, as worms look for email SOFTWARE to propagate. If you use your browser for internet based email (hotmail, yahoo & google) then you are pretty safe from spreading the worm for all internet based email services are scanned and scanned again for viruses constantly.

    It could be that it jumped onto the SA installation utility from some other (low use) infected program on your system as it tries to find a way to spread - as many worms communicate with their source via the internet and get updates and patches with new instructions on a constant basis (morphing worms) - which is why you will not find the extension of the trojan... it is constantly changing. This is why you need to disconnect from the 'net, reboot your machine in safe mode to clean it out.

    I'm sure the Mythic servers are pretty tight (they have to be or their weekly audits would cause havoc with EA!) and do not offer up infected files.


    Hopefully this is a home setup and not college-dorm setting. Dorms are constantly running into issues as they share LANs....
     
  8. Lord Nabin

    Lord Nabin High Council Sage - Greater Sosaria
    Professional Premium Stratics Veteran Supporter Glorious Lord ACW

    Joined:
    Sep 3, 2007
    Messages:
    4,086
    Likes Received:
    2,270
    *Head is Spinning*

    Wow where is the Ale! Good info Kirthag sorry to here about the problem Jonny. Best of luck
     
  9. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    nonono... no ale... geeks get Mt. Dew (mentioned in my first response!)
     
  10. Gus of Llanowar

    Stratics Veteran

    Joined:
    May 24, 2008
    Messages:
    563
    Likes Received:
    1
    Mt. dew and blackrock? sounds like a new ad comapign. And FYI i have no idea what you said up there. Im not a comp geek but i do like Mt. Dew so can i hang with you :)
     
  11. Jonny boy mccoy

    Jonny boy mccoy Adventurer
    Stratics Veteran Stratics Legend

    Joined:
    Aug 7, 2006
    Messages:
    60
    Likes Received:
    0
    yea my black ice is out of date but its a software protector and has wiped the system clean anytime there is a new virus out i have to add it to the data base. this in return will scan adn stop them now .this in turn is updated by me ,iolo has a nice firewall in the professional 9 and is a great system tool all over i do run a back up avg when i need to not the free one either. you was right the worm was attaching it self from a website that was giving out to me So everyone be careful from what you get from people in game !! i debug the virus and found that it Has a command line that links it self to uosa ............................... do not visit mobiward.com for its pocket keepers for pda !!!!!!!!!!!!! its the origin of the virus !!
     
  12. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    ahh.. so you do know what you're doing. :) greetings fellow geek! *passes a Mt. Dew*

    Of note, might wanna remove that link from your post... or change it so it is not a hotlink anymore....
     
  13. KalVasTENKI

    KalVasTENKI Babbling Loonie
    Stratics Veteran

    Joined:
    Jul 23, 2009
    Messages:
    2,427
    Likes Received:
    0


    Well said. Great post. 5/5 :thumbup1:
     
  14. Lord Nabin

    Lord Nabin High Council Sage - Greater Sosaria
    Professional Premium Stratics Veteran Supporter Glorious Lord ACW

    Joined:
    Sep 3, 2007
    Messages:
    4,086
    Likes Received:
    2,270
    OK Here Ya go!!!
     
  15. Gawin

    Gawin Guest

    We Geeks now have a NEW best friend better then dew.... ALL HAIL KEURIG COFFEE MAKERS!!!!!!!!!!!!
     
  16. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    I will admit... I've not been drinking as much Dew lately as straight-black-home-brew has been easier (and cheaper) to get a hold of. ^.^

    Made a pot so black it made my dad shiver! goooood coffeeeeeee!
     
  17. altarego

    altarego Guest

    Umm...google's chrome, as a browser, is only as unsafe as the operating system you run it on. In fact, it was the only web browser to outperform both IE and Firefox in a recent volley of security hack tests:

    http://arstechnica.com/security/new...-browser-left-standing-in-pwn2own-contest.ars

    The fact that you are wired makes your life a bit easier (as opposed to wireless). But the real issue here is having a slim and efficient virus/malware detector and firewall.

    For most users, including *everyone* that's not actually serving content off their box, or in a corporate environment, the standard windows firewall and Microsoft Security Essentials (freeware) is plenty enough protection.

    That said, if you downloaded the above-mentioned file from a trusted website (i.e. from uoherald's link) then it's most likely a false positive and OK to use. If you downloaded it from a different site, then just delete it and download it from here:

    http://www.uoherald.com/downloads/

    No need to get all pseudo-tech on this issue. Sometimes, IT people tend to fan flames in order to make themselves feel like they're actually worth their salary - like alchemists of old.
     
  18. Kirthag

    Kirthag Former Stratics Publisher
    Professional Stratics Veteran Alumni Stratics Legend Campaign Benefactor Evergreen

    Joined:
    Feb 25, 2004
    Messages:
    4,269
    Likes Received:
    1,640
    My salary is less than $35k US a year... I do not make the big money. :p

    I'm not "IT people"... I have no college education, and only 1 real certificate, RHCT (Red Hat Certified Tech).

    Your quoted article is from March, 09 - but doesn't cite WHICH versions of the software were cracked.

    In this article, dated August 09 - the Chrome Browser suxxor:
    http://www.eweek.com/c/a/Security/I...-Others-in-Browser-Security-Smackdown-254742/


    But then we can all quote editorials all day in a tit-for-tat.

    Security wise... he's been manually patching is obsolete virus checker which most likely is is root issue. I agree the windows stuff (for windows) is sufficient... I never not once told anyone to get Sophos... actually I like avast! and my kids use that on their machines (not on my LAN tho).


    *shrug*

    We all have our fave ways of doing things... advice was asked for and advice was given and the dude is dealing with his situation. No need to get abrasive about it by bashing "people" you know nothing about...

    To clarify, I'm not saying you dunno IT "people" but do not generalize... you make room for errors and insults that are loosely cloaked but still get peeps upset. If you believe I'm painting a picture worse than necessary, then say, "Kirth is blowing things out of proportion." Won't be the first time someone says it.. won't be the last. I spoke from experience... nada mucho.


    *edit*
    I prefer FF/Opera. I don't use IE because I absolutely HATE Bing's interference in my reading of forums and white papers with Bing popup links on various keywords - drives me bonkers! Reminds me of the old AOL popup days.