1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice
  3. Greetings Guest, Having Login Issues? Check this thread!
    Dismiss Notice
  4. Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
    Dismiss Notice

Virus Warning: UO Player Tracker

Discussion in 'UHall' started by Ravynmagi, Feb 8, 2001.

Thread Status:
Not open for further replies.
  1. Ravynmagi

    Ravynmagi Guest

    Thanks for the warning.

    <font color=purple>Ravynmagi</font color=purple>
  2. Southern

    Southern Guest

    Thanks for deleting that thread, Ravyn.. Hopefully no one will be infected by it. [sigh]

    Proprietor, South's Maps & Market
    Great Lakes
    Eye yam aye tru beeleever inn hour edukashun sistum
  3. McAlghenny

    McAlghenny Guest


    She's here and at it again.

    I've already posted the alert there.


    <font color=green>McAlghenny</font color=green>, Recruit Warrior [WOS]
    <font color=blue>Angus</font color=blue>, Miner/Smith/Tinker
    <font color=purple>Armstrong</font color=purple>, Mule
    <font color=red>Napa Valley</font color=red>
  4. pipuis

    pipuis Guest

    You may want to look at the other forums I think it is showing up on all the boards. If this is the same one.

    "Not all who Wander are Lost" JRR Tolkien
  5. Ingesticide

    Ingesticide Guest

    No Text

    "We live on a placid island of ignorance in the midst of black seas of infinity,
    and it was not meant that we should voyage far."
    -H.P. Lovecraft</center>
  6. Its not there anymore.

    <center>Owen Lighthood - Moderator!
    "A troll once tried to spam my forums.
    I ate his liver with some fava beans and a nice chianti. . ." </center>
  7. Succabus

    Succabus Guest

    wow, thanks for the timely warning!

  8. Southern

    Southern Guest

    All --

    While visiting CoB a few minutes ago, I noticed someone named &quot;Leanne&quot; posted a message about a new utility available called &quot;UO Player Tracker&quot;.

    Me, being the suspicious person I am, followed the link and grabbed the file to check it for possible infection(s)..

    And whaddya know, the program is infected with the BackDoor.SubSeven Virus.

    If you have downloaded this program from a message you've seen somewhere else, *immediately* head over to McAfee.Com's virus clinic and read the following information:


    It contains detailed information on how to remove this trojan from your system.

    Now I need to figure out where to send this link to in order for something to be *DONE* about it.. [sigh]

    Proprietor, South's Maps & Market
    Great Lakes
    Eye yam aye tru beeleever inn hour edukashun sistum
  9. Southern

    Southern Guest

    Followup Information about this Trojan:

    After installing it on my test machine, it has made the following modifications:

    in C:\WINDOWS\WIN.INI, it added the string:

    It also added the BKQVJTURLON.EXE file to my C:\WINDOWS directory.

    It ALSO added the *.EXE file to my Registry, under the HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RUN section. *sigh*

    And again to the registry under HKey_Local_Machine\Software\Microsoft\Windows\CurrentVersion\RunServices.

    *still looking...*

    in my C:\WINDOWS\SYSTEM.INI, it's added the line:

    shell=Explorer.exe bkqvjturlon.exe

    Back to the Registry again.. This time under:

    it added the string:
    \nmeusxj.exe %1 %*

    ALL of this will need to be cleaned.. and the information from McAfee.Com will only be a starting point.

    Again, the McAfee page that will show you how to get rid of most of this infection is located at:


    Proprietor, South's Maps & Market
    Great Lakes
    Eye yam aye tru beeleever inn hour edukashun sistum
  10. Kered.

    Kered. Guest

    Let's keep bumping this one. Thanks for the helpful information.
  11. Guest

    Guest Guest


    Hell that's why it's the only Stratics forum that I can load even with DSL with any speed whatsoever. However kudo's to Southern for stickying the post...

    Now if we can only get them to limit the number of posts per thread... then the boards might actually load /shared/forum_images/beige/icons/biggrin.gif

    Note: If you want an example in extreme pain, try loading the Fisherman's Forum expanded

    Thanks to EVERYONE who kept the Floortiles idea alive!
  12. shadowspirit

    shadowspirit Lore Keeper
    Stratics Veteran Stratics Legend

    Feb 26, 2004
    Likes Received:
    THey have even tryed posting on tradespot and a few other boards trying to get people to download it

  13. Troy McClure

    Troy McClure Guest

    Wow thanks! I've had SubSeven v. 1.2 on my comp for about a month now, just haven't bothered to deal with it... maybe I can get rid of it now! *hic*

    Yeah yeah, a full month. blah blah blah. I'm lazy okay? get over it!(besides, it's mostly dormant and Norton has been telling me it's not doing anything subservient)

    pH34r mY L33t rP sK!LLz!!

    *gives you a hug*
  14. what is with this recent rash of hacker/virii attacks? very very odd...apparently there too many people with too much time on their hands =&gt;

  15. Chamberzord

    Chamberzord Guest

    "apparently there too many people with too much time on their hands"

    hmmmm /shared/forum_images/beige/icons/wobble.gif

    <font color=green>Definatly a</font color=green> [​IMG]<font color=green>Walking Contradiction</font color=green>
  16. Guest

    Guest Guest

    I don't want to know what happens if some of us old-timers would get hacked and our houses transfered.... lots and lots of money gone (houses, rares, high end weaps/armor...).

    No signature is a good signature.
  17. Midnite

    Midnite Guest

    I am unable to post through my office. But I can read all I want. I saw the post and was reading the fact sheet on the program. It was too good to be true. I figured something was fishy about the whole thing.


    - Yes, you were looted - Take a deep breath - Don't call a GM it's part of the game - Re-equip - and have a great day!
  18. This program was originally called UO Plugin 5.0. I guess it's some kind of trojan horse.

  19. Grieven

    Grieven Guest

    Southern i once herd the FBI takes thies cases :)
    maby they were infected one to many times...
    also! i have a friend that was a F'n genius with comps. i mean the guy knew everything MS certifyed and was 16 *giveing* collage course lessions... need i say more? but he was busted for hacking :) gave an *butt* hole a few viruses and then shorty after was offored a job. he wont tell me where though :( but thats just my 2 cents.

    Wooo Hooo! Look at'm go!
  20. dunkking

    dunkking Guest

    so lets just hope i dont get anything mentioned above (i dont what the heck you guys are talking about but i think its bad)

  21. Isn't there a way by looking at view source to see the ISP this person is posting from? Then you can report him/her.

    I just don't understand these people. *shakes head*

    Thanks for your warning. I know a little about computer but this one looks ugly to get rid of.
  22. Garr_gl

    Garr_gl Guest

    Ok im such a computer newbie.How can you tell if you got sumthing like that?Im not even sure what one does
  23. Guest

    Guest Guest

    (Norton, McAfee, F-Prot, etc.) virus program installed on your machine, get the latest signature files (download about once a week) and keep active protection on, you'll probably never have a virus problem.

    Anti-virus software also picks up on joke programs, macros, and trojans (like "back orofice" and "subseven".

    ---Tell me more about this Earth custom called "kissing"---

    And hey, If I'm certifiable, where's my damned certificate, eh?
  24. Raevyn

    Raevyn Guest

    I absolutely LOVE the sig Owen
  25. DaveKay

    DaveKay Guest

    This is posted by the same guy that posted the UO Plug-in 5.0 last week. He posted all over Tradespot, and was reported with all IP addresses and links to OSI and the federal agency for online crimes (or whatever it is). Also, they said that the guy's ISP was being very cooperative in giving any information they needed to get a hold of the guy. =)
  26. Taminjun

    Taminjun Guest

    well alot of the times you can when you restart your computer depending on how you connect to the internet.
    I have a cable modem. Those and DSL lines are not compatible with the subserve7 trojan. Unless it has been updated.
    when you restart the computer sometimes a screen pops up saying, "unable to initialize the modem", cannot determine IRC port, modem failed to connect to server, and other little warnings like that.
    I recommend getting a little program that monitors internet usage (I can get a web page if you need it) it tracks all the pages you are going to and all of your internet activity. so taht if someone is getting into your computer it would show that you are doing something(even though its not you) then you know that someone is using your system.
  27. Southern

    Southern Guest

    I'm going to unsticky this post this evening, so if anyone wants to save any information out of this thread (such as how to remove the trojan), please do so -- as soon as it's unsticked, it will probably automatically fly to page 15 or something. /shared/forum_images/beige/icons/smile.gif

    Proprietor, South's Maps & Market
    Great Lakes
    Eye yam aye tru beeleever inn hour edukashun sistum
  28. Guest

    Guest Guest

  29. Neva Darcan

    Neva Darcan Guest

    I find it odd that every time I click to read this thread (And only this thread) my linksys firewall log in screen pops up.

Thread Status:
Not open for further replies.