PDA

View Full Version : Spyware Detected - Please Read



Nidhogg
05-08-03, 18:06
A 3rd-party program (ostensibly a skill guide) was posted onto the Newbie forum recently that has now been confirmed to contain spyware capable of transmitting your login information out onto the net; this, of course, without your knowledge.

We removed the thread and banned the user immediately upon receiving the first report but you need to check if you've downloaded and installed this program:

Skill-Chart.sfx.exe

If so you must scan your machine for spyware (use Google to find a good, free spyware detector).

From this point forth, any and all 3rd-party programs posted to Newbie Talk will be removed immediately. May we remind you again to beware 3rd-party software - you don't know the people involved and we now have proof that spyware is out there.

Thanks for your attention.

N

P.S. I will stick this thread once it gains some traction (just in case people don't spot it up in the stickies)

\\Fényx//
05-08-03, 18:08
hehe i saw odin's foul mouthed outburst earlier about this..



jeez he's a fucking savage of a mod he is :p

msdong
05-08-03, 18:12
cant belief ppl suck so much .....

thewarrior008
05-08-03, 18:14
w00t tats it i KNEW tat would happen coz laately SO many 3rd party programs were released

GT_Rince
05-08-03, 18:22
Originally posted by Nidhogg
(use Goggle to find a good, free spyware detector)


Is that www.goggle.com ? :D

Duder
05-08-03, 18:24
Originally posted by GT_Rince
Is that www.goggle.com ? :D


Damm you rince.








:rolleyes: ;)

phunqe
05-08-03, 18:28
Well, at least better than my mother who spelled it www.glolge.com

Kl0wn
05-08-03, 18:34
now all we need to know it if those people who lost char on pluto used that program :D

Nidhogg
05-08-03, 18:35
Originally posted by GT_Rince
Is that www.goggle.com ? :D Bah. Typo fixed.

Don't take this thread off-topic please. Thanks.

N

Odin
05-08-03, 18:40
Well the good thing is that it was caught quite early.

thewarrior008
05-08-03, 18:41
and the bad thing is that there are 3rdparty programs which are spy ware and which were not detected yet.

Lord Mansion
05-08-03, 18:43
Thank you for the warning.

lullysing
05-08-03, 18:48
remember when i was saying that people should beware 3rd party software? Especially after the hacking/deleting of characters began ? what did i say then?

Don't trust 3rd party software.

Helen Angilley
05-08-03, 18:49
Originally posted by lullysing
remember when i was saying that people should beware 3rd party software? Especially after the hacking/deleting of characters began ? what did i say then?

Don't trust 3rd party software.

Eh, people will _always_ blame KK even if the evidence against them (The person, not KK) is slapping them in the face, stamping on their groin and throwing their pet across the room.

Hippieman
05-08-03, 18:55
That muther eh I better not start especially as foul as I am today with only 3 hours sleep. Anyways thanks for the warning, got ad-aware 6 running then another program to clean the remains up.

Lord Mansion
05-08-03, 18:56
Originally posted by Helen Angilley
Eh, people will _always_ blame KK even if the evidence against them (The person, not KK) is slapping them in the face, stamping on their groin and throwing their pet across the room.

You are like a broken record, it has already been made clear that some people had never given out their login details and not downloaded any programs recently that could be considered "Spyware". (yet their accounts were still messed with).

But lets stay on-topic.

Using programs released by unknown parties = dangerous.

lullysing
05-08-03, 18:57
Originally posted by Helen Angilley
Eh, people will _always_ blame KK even if the evidence against them (The person, not KK) is slapping them in the face, stamping on their groin and throwing their pet across the room.

Strange how this reminds me of my tech support gig...

- Cust: It's your crappy servers
- Me : I would ask you to please update the drivers for you modem and not use the generic windows drivers.
- Cust: I don't have to do anything! fix your servers you stupid !@#$!
-Me : I'm sorry maam, but everyone else is connecting fine right now, and you are the only person that has reported a problem about this perticular server.

.....
I'll stop now before this becomes another rant worthy of alt.sysadmin.recovery . Let's just say some people will, no matter what you do, ALWAYS theink they're right and that YOU don't know jacksquat.

Helen Angilley
05-08-03, 18:59
Originally posted by Lord Mansion
You are like a broken record, it has already been made clear that some people had never given out their login details and not downloaded any programs recently that could be considered "Spyware". (yet their accounts were still messed with).

But lets stay on-topic.

Using programs released by unknown parties = dangerous.

Doesn't explain those people who did give out their details, download third party programs...etc.

Funnily enough, these were the first people to report their "hacked" accounts.

Even funnier, soon after that more and more people jumped on the "KK has security problems" bandwagon.

Lord Mansion
05-08-03, 19:03
Originally posted by Helen Angilley
Doesn't explain those people who did give out their details, download third party programs...etc.

Funnily enough, these were the first people to report their "hacked" accounts.

Even funnier, soon after that more and more people jumped on the "KK has security problems" bandwagon.

I agree that giving out your login details and downloading a program from an unknown source is very risky.

But please do NOT generalize.

\\Fényx//
05-08-03, 19:06
H4X3D !

Ryuben
05-08-03, 19:06
keep on topic ffs

thanks for the heads up odin :) and instead of deleting them could we get certain ones that are looked into by KK and ok'ed would make the comunity happier and safer in the long run :)

Nidhogg
05-08-03, 19:10
Originally posted by Lord Mansion
You are like a broken record, it has already been made clear that some people had never given out their login details and not downloaded any programs recently that could be considered "Spyware". (yet their accounts were still messed with).We have one confirmed case of spyware so far. How do you know these people have not 'downloaded any programs recently that could be considered "Spyware".'? This isn't a dig, just a reminder for everyone of the roach theory - if one bad thing happens, the chances are that other bad things are also happening below the surface.

With no disrespect to anyone, we recommend that you do not use any third-party software at all.

N

Odin
05-08-03, 19:11
No I don't believe those problems were 3rd party hacks. I do believe however those problems arose out of the windows holes that became public in mid July that allowed any script kiddie to take over your computer and install anything they wanted on there. Hence why I am harping to people to get their puters updated. The Screensaver guys at TechTv were showing what could be done with it and it was pretty scary. Not to mention even governments have been issuing warnings to update computers over this one.

Progenitor
05-08-03, 19:14
How long until we get the customer only fourms?

At least then KK will know the idenity of the people posting and can slam the Ban HammerTM on them fast and hard if they post spyware type programs.

-p

Lord Mansion
05-08-03, 19:14
Originally posted by Nidhogg
We have one confirmed case of spyware so far. How do you know these people have not 'downloaded any programs recently that could be considered "Spyware".'? This isn't a dig, just a reminder for everyone of the roach theory - if one bad thing happens, the chances are that other bad things are also happening below the surface.

With no disrespect to anyone, we recommend that you do not use any third-party software at all.

N

Hello NidHogg,

I am 100% certain my account problems were NOT related to SpyWare nor to the sharing of login details. I can only speak for myself though.

EDIT: btw: Have you been able to reach Odin about my "issue"?

Odin
05-08-03, 19:16
Originally posted by Progenitor
How long until we get the customer only fourms?

At least then KK will know the idenity of the people posting and can slam the Ban HammerTM on them fast and hard if they post spyware type programs.

-p

They already are. However Newbie talk doesn't fall under that category.

Progenitor
05-08-03, 19:21
Originally posted by Odin
They already are. However Newbie talk doesn't fall under that category.

Doh! My bad.

Talk about your smooth installation - other than the post a few months back about doing that little register thing to tie the accounts together I haven't had to do anything else.

Nicely done.

-p

Cyphor
05-08-03, 19:26
Does anyone have a link to a free detection and removal device?

The ones i've tried seem to offer a free scan then want you to regester to remove the spyware :confused:

Glyc
05-08-03, 19:26
any info on what files it installed? for people who d/led it to check it out (shrug). aaw didnt find anything.

Beefheart
05-08-03, 19:33
Just search google for a product called Ad-aware by lavasoft and another called Spybot search & destroy. I use them both (even though i find spybot to be the best)

lullysing
05-08-03, 19:34
The names are:

o ad-aware
o spybot search and destroy


google is your friend.

Pill
05-08-03, 19:38
if you're on a network, some programs like SpyWare Nuker, will completely destroy your network, forcing you to have to set it up again. Also, some programs like spyware nuker deletes entire programs, rather than just the file.

Judge
05-08-03, 22:43
Thanks for the heads up guys, I have got ad-aware so I will do some searches with that. I can't remember if I did download that skillchart, possibly.

Arcadius
05-08-03, 22:59
That's why I don't friggin DL third party programs, no matter how tasty they seem.



Btw, why isn't this a sticky?

Tregard
05-08-03, 23:10
Whew! I Dl'd the thing but hadn't had a chance to run it yet. It is now bye-bye!

/edit

By the way, Ad-Aware is at http://www.lavasoft.de

end edit/

Arcadius
05-08-03, 23:11
Originally posted by lullysing
The names are:

o ad-aware
o spybot search and destroy


google is your friend.


omfg, the amount of shit I had on my comp. :eek:


Thanks man.

Kl0wn
05-08-03, 23:18
people are all afraid of spyware, but once you run a program on a computer , spyware or not, your running into trouble

Always use program that you can have a legal right over the abuser. If not, don't store anything important on your pc. Simple rule i tend to follow.

In my bad day, i would create pogram that would run in the background or who will serve two purpose (like a screensaver scanning known password file and sending them or just cracking then sending the stuff over).

My rule for the internet are:
- Don't run/view anything from an email attachement
- Always use program that you have enough information to track down the author.(like valid information on the Host name to seek out the person, using a whois command)
- Stay away from strange website, sometime you may got caught in trap bigger than what you expected (i remember some gov creating server to track down hacker or people like that, could end up with some policemen in your home, already happenned alot in here)
- Don't run any kind of server.

{MD}GeistDamnit
05-08-03, 23:19
Wow glad I'm such a paranoid person and never take "freeware".but thanks Nid for the heads up and thanks to all of KK for sniffing it out ;)

FlashFF
05-08-03, 23:20
Adaware 6 is great

with that said...

Id like to confirm to u all once again (as I do whenever the topic of Sypware is brought up) - Neocron Launcher pro is (to my knowledge) spyware free.
I know this because I Coded the Exe
If a GM or Mod would like the code, One simple email, and the full code will be emailed, ready to be compiled and checked for differences. :p

On another not, If you do download 3rd pary software, and if this software requires you to use a password in any way (set up an account, etc.) make the password DIFFERENT from your NC password.

No 3rd party software should have access to the official NC database, and therefore cant NEED your NC password.

Hope you all understood all of that :)


Damned smileys

TEBO
05-08-03, 23:35
Good job guys! :angel:

A lot of stupid b'stards out there! :mad:

BramTops
06-08-03, 05:49
Stuff like this is really bad... I'm making an add-on myself (see signature) and... yeah! It's just plain simple to add some dirty code to hack passwords etc... :(

And all you have is "my word" on it's all safe e.d....

People should thouroughly check about what they download/install/run from the internet. As each file can contain stuff you really dont want on your pc... But that's a more "general" rule... not something NC specific.


Fortunatly, if someone is spreading malicious code he will sooner or later be discovered and banned from the community/game. Dont know about the others... but I'm here to stay! :D

Berzerker
06-08-03, 07:42
hm any chance that a validation program for these progs could be set up?. There are some good peaple out there who just want to help us gamers. It would be a shame if everybody gets scared off of third party progs that are good an harmless. I would gladly host any third party progs that have been validated.

nonamebrandeggs
06-08-03, 07:48
Think about how the Blizz guys feel everyday....

MjukisDjur
06-08-03, 08:55
Never ever use thirdparty programs. A fancy startup box or whatever isnt worth the risk.

Shit like this makes me think of something like:
I only told 3 people my god damn password and have only xp+office+some neat neocron starter installed and now I lost my mc5 chips and all my l33t weapons... KK FIX OR I WILL WHINE ON THE FORUM FOREVER AND BIATCHHH AND MY FRIENDS WILL COME TO AND TELL EVERYONE HOW IT MUST BE KK:s FAULT

Havent exactly happened yet (cough cough) but give it 5-10 weeks
May I say that people are stupid that trust everyting that is clickable? Well, say it anyway : stupid fucks :)
Dont download everything that looks cool without proper scans and reviews

stfu now mjukisdjur...

Skinfitz
06-08-03, 09:18
You can have all the spyware / anti-virus / firewalling software you like, however it will not protect you from malware that the software has not been taught to recognise.

For example, someone writes a program specifically designed to steal Neocron passwords. (I won't detail how this could be achieved suffice it to say it would not be difficult). All that needs to be done is to convince people who play NC to run the program. For example, hide it in something genuinely useful like a skills guide or something.

The program will not be picked up as malware unless someone recognises it for what it is and reports it to the relevant anti-malware vendors. Even then it depends on people having the up-to-date definitions for said software. That takes time, and in that time many people could have their accounts compromised.


Interested in computer security? Check out DNSCON6 (http://www.dnscon.org) running in Blackpool weekend starting 15th August 2003.

BramTops
06-08-03, 15:13
The only way you CAN be sure is when the sourcecode has been checked (by KK or open-source for example).... Or when many people use it for longer period of time. You can bet your ass that WinAMP (for example) doesn't contain any malicious code that steals your passwords and send it back to nullsoft. It would be discovered within 24 hours (coz of the huge amount of people using this) and nullsoft will get a very bad name (and they dont want that, do they?).

Anywayz, to say "never install any 3rd party software coz then you're plain stupid" IS stupid. There are dozens of "3rd party software" programs on your computer. Hell, even an unpatched windows is easy to hack....


I've created a "3rd-party add-on" myself and I dont want anyone to think it isn't safe (about 450 runners are using it already)....

Tyranny
06-08-03, 15:23
OMG!!! Thanks for bringing this to my attention! I am always dubious with 3rd party software and like to know the source is respectable. However I used Ad-ware (as suggested) in my lunch break and to my amazement it found loads, guess where 90% of them were? In my missus' profile..... she gonna get a slap and instruction when I get home hehe.

Again thanks guys :D

BramTops
06-08-03, 15:28
Be advised though that AdAware only detects the software it has in it's database. IT WILL NOT DETECT SPYWARE IT DOESN'T KNOW!

AdAware is good to get rid of many annoying programs like Gator etc... But it doesn't make your pc any safer!!!!

If you're affraid of your pc getting hacked, use a virusscaner and a firewall!!! AdAware is no substitution for this!

Tyranny
06-08-03, 15:33
Yeah I have virus scanner and firewall but I was just shocked by what Ad-ware found (and where o_O )..... oh and Spybot found a fair bit too.

Berzerker
06-08-03, 15:39
Gater should be burned at stake. Any way I swear by spybot. It cought a lot that adware din't. Possibly I was between updates of Adware. Still. I just more happy using that. 3rd party stuff is usually fine. Don't let this scare you off. Or you would never d/l mods for your other games. We just need a official fan site or something to d/l validated stuff. Most games have a trusted site everybody uses to d/l mods foir there games. those are the sites that check the software they put for D/L

Slick
06-08-03, 16:15
There was a couple of people on uranus trying to get people to download programs like this a few weeks ago, we sent screenshots to an admin, i dont know if he followed it up tho.

Original monk
06-08-03, 16:33
use ad-aware 6 and reboot computer, then use spybot search and destroy and reboot computer again, its possible spybot runs before youre computer starts up so it can kill spyware before its started, i dont know if its 100% good for this kind of spyware but it sure removes them daamn 500 pop-ups poppin up while youre playing :) in the spybot search&destroy program dont forget to push the imunize button (where the bricks are) to protect for next times them spyware try's to invade, also (against pop-ups) dont use filesharing programs like morpheus, grokster, etc, and if you do, put off the "use 3rth party software" at the installation, i also noticed that if ya used spybot and adaware some spyware or pop ups can still come true, my mate has the "im jessi and i wonna marry you pop up" every 5 minutes, crashing em when he plays neocron, anyone has a program to remove this one ??

(and the most anoying pop up i ever had was the "STOP pop ups NOW" pop-up)

MayhemMike
06-08-03, 17:29
Thats gotta be a h4x

Glyc
06-08-03, 18:14
but back to topic (not just a general thread about spyware),

does anyone know what this program did? or what to do to remove it? what files etc it installed/modified.

someone want to reverse engineer it? im sure someone got the skills. but maybe this guy was too good :p

(just a hope it will galvanise u into finding out for the community members who foolishly tried installing it).

:mad: <----- me foolish

Cubico
06-08-03, 18:26
Not sure if anyone asked this question before:

I am sure this is an important message, why dont you send this as an ingame email to all runners?

Nidhogg
06-08-03, 18:53
Originally posted by Cubico
Not sure if anyone asked this question before:

I am sure this is an important message, why dont you send this as an ingame email to all runners? Because it was only posted on the forums and therefore only affects forum users.

N

Arcadius
06-08-03, 19:47
Originally posted by Nidhogg
Because it was only posted on the forums and therefore only affects forum users.

N


Can I see the thread where the person posted this and odin replied?

Which thread is it?

Nidhogg
06-08-03, 20:02
Originally posted by Arcadius
Can I see the thread where the person posted this and odin replied?

Which thread is it? The thread in question consisted of only two posts (neither of which were Odin's). One post was from the creator of the software and the other was from a forum user who tried it out. The first was banned and reported, the second was PM'd and emailed a warning to check their machine. The thread itself has been removed for obvious reasons.

N

\\Fényx//
06-08-03, 20:07
hehe first time i ever saw Odin swear was when he publicly called this guy a fucker :lol:

Berzerker
06-08-03, 22:25
Originally posted by Original monk
, my mate has the "im jessi and i wonna marry you pop up" every 5 minutes, crashing em when he plays neocron, anyone has a program to remove this one ??



That sounds like he got something running in the background, That is not part of his system. Has he got Gator installed? That is one of the worse spyware ofendors out there. Bring up the task manager take at look at your running applications tab. If there is something running you don't recognise you should take a closer look at it. Also check prossess tab look for anything suspisios like Gator, Comet cursers stuff like that. Be aware that you probly will not reconise a lot of the prosses that are running. Thats normal. JUst do a search on anything you think is iffy. Then check it's properties. Email addons are another dodgy thing. Alot of those taskbar,system tray and email third party apps out there is spyware.

Odin
06-08-03, 22:53
Originally posted by \\Fényx//
hehe first time i ever saw Odin swear was when he publicly called this guy a fucker :lol:

Just proves you don't listen to me much. I swear too much if anything :p

G.0.D.
06-08-03, 22:58
that sucks, gonna make less people want to use my programs... ones that are really helpfull


mind you my last version (alpha) of neocrack stopped peoples neocrons from launching :lol: :lol: (not dilibretly...)
(and yes all they had 2 do was uninstall it...)
(and no the next version will not have this problem...)

Skinfitz
07-08-03, 01:52
Originally posted by Berzerker
That sounds like he got something running in the background, That is not part of his system. Has he got Gator installed? That is one of the worse spyware ofendors out there. Bring up the task manager take at look at your running applications tab. If there is something running you don't recognise you should take a closer look at it. Also check prossess tab look for anything suspisios like Gator, Comet cursers stuff like that. Be aware that you probly will not reconise a lot of the prosses that are running. Thats normal. JUst do a search on anything you think is iffy. Then check it's properties. Email addons are another dodgy thing. Alot of those taskbar,system tray and email third party apps out there is spyware.

Its the Windows Messenger Service. Under XP, simply emable the firewall.

For other systems, ensure that the NetBIOS ports are firewalled (137UDP / 139TCP / 1025TCP Im drunk give me a break).

Get ZoneAlarm which is good. For win2k disable the Windows Messenger Service (no, not Windows messenger, but the service which is under admin tools / services / Windows Messenger Service)

neophotographer
07-08-03, 02:02
Ad Aware........89 items...... :eek:

I love this thread already......

Stacey

P.S. Whenever I download stuff I do a complete scan on the file before I install it, then I also do a complete virus scan on my computer I use up to date everything of norton anti-virus. and yet I had 3 keystroke senders on my comp..........if you're reading this thread and haven't got these I don't care if you know everything about comps and such GET THEM JUST TO BE SAFE! no harm in downloading and running a scan. (btw norton didn't detect anything else of this...for a fun comment here's something for you that was on my comp)


Capable of installing components and selling your hard drive space, CPU cycles, and bandwidth

enjoy.

Once again:
Stacey

\\Fényx//
07-08-03, 02:04
Originally posted by neophotographer
Ad Aware........89 items...... :eek:

I love this thread already......

Stacey

P.S. Whenever I download stuff I do a complete scan on the file before I install it, then I also do a complete virus scan on my computer I use up to date everything of norton anti-virus. and yet I had 3 keystroke senders on my comp..........if you're reading this thread and haven't got these I don't care if you know everything about comps and such GET THEM JUST TO BE SAFE! no harm in downloading and running a scan. (btw norton didn't detect anything else of this...for a fun comment here's something for you that was on my comp)


Capable of installing components and selling your hard drive space, CPU cycles, and bandwidth

enjoy.

Once again:
Stacey


whoa..... shes teh smartie here :p


[Edit]

Originally posted by Odin
Just proves you don't listen to me much. I swear too much if anything :p

you also dont remember much :p you didnt fix my spy's SL :( thing is i deleted the DM saying you couldnt fix the SL :rolleyes: anyway after a grand total of 47 missions... ive got my SL from minus 34 to minus 33.... yay... now please tell me again that thats the way its meant to be... i just want to hear it one more time so it sinks in that its not b0rked :D

FBI
07-08-03, 02:15
As BramTops said, all you peoples have is our word. I'm a man
that believes if you can't live by your word then you don't deserve
to have respect.

With that said, I'm shocked someone would do this, to the NC
community especially. Sometimes you have to just think to your
self, "Can I trust this person?", "Has he been around for a long
time, made countless contributions to the game?" etc.

I've been making utilities for neocron, just for fun in my freetime.
like when i'm waiting for the servers to come up/patch. Like my
server stat cgi's, it's trivial i guess but it wasn't pointless. Turns
out BramTops found it useful and that made it worth while. Sure
several people complimented me which also makes it worthwhile.

But, all i can say is if anyone downloads a utility off me, you have
my word there won't be some lame kiddy trojan, adaware or any
of that crap. I've been here too long to lose respect instantly.

Kudos for KK, glad you got him. good riddens!!!!!!!!!!!!!!!!!!

[P]

Dardalion
07-08-03, 02:47
I think I was butt fucked by this :(

Just finished a complete re-install

* Starts downloading patches again *

grmbl f8ckin haxxors

G.0.D.
09-08-03, 23:51
make a backup of the patches incase u needa do that again... it saves a day of patching...

lullysing
10-08-03, 00:32
Dealing every day with poor, pooooorrr people having installed Kazaa, Morpheus AND bearshare on the same computer, while running an unpatched windows2000 pro pirate version on dedicated DSL/cable, i can tell you that..
*chorus*
<h1>Malware sucks</h1>

Ka0s^
10-08-03, 01:17
well i rran spybot and it found 8 DSO's (the IE hole that lets u run scripts or any .exe on ur box without u knowing). I consider myself to be pretty up to Date on this stuff, I had the patch to prevent the Hole the day it came out....

Just goes to show :wtf:

*runs off to put firewall into full stealth mode*

ZoneVortex
10-08-03, 02:19
This officially sucks. After having suffered the "pop-ups ONLY while Playing Neocron" problem for quite some time now I was very pleased to see this thread. I thought maybe I'd be saved from having my game minimize itself/lag out due to 10s of popups coming up every 5 minutes, but nope, I'm more screwed than before.

I downloaded the umm...which one....SpyBot S&D. I run it. About 600 spyware programs on my comp. I delete em all. I tell it to run when I reboot. I reboot. It runs. It deleted everything to the point where "There are no potentially dangerous spyware programs on your computer at this point". Hoorah! I decide to give it a run for its money (even though it was free). First 5 minutes of playing Neocron TWICE the amount of popups that had ever came up over the month I've had this problem come up. And just keep.....coming.....up.

Run it again....finds no spyware.

However, Neocron is more popped-up than ever and I'm just annoyed.

I have a firewall on my router and the whole shabang, however nothing I do helps. And I still think the absolute WEIRDEST part is that the pop-ups _only_ come up while I'm running Neocron.

Skinfitz
10-08-03, 02:28
Originally posted by ZoneVortex
...First 5 minutes of playing Neocron TWICE the amount of popups that had ever came up over the month I've had this problem come up. And just keep.....coming.....up.That's because the popups have absolutely nothing to do with spyware.

Run it again....finds no spyware.See?


I have a firewall on my router and the whole shabang, however nothing I do helps. And I still think the absolute WEIRDEST part is that the pop-ups _only_ come up while I'm running Neocron.
Odd that you only get them when playing NC.

Ok - your actual problem is that your machine is receiving network broadcast messages from assholes on the net. You can solve this in several ways:

1. Unbind Client for Microsoft Networks from your Internet interface (whether that's LAN cable going into Cable modem or just a dial up modem). I'd strongly recommend that the MS Client is NEVER used on an interface connected to the Internet. As I write there is a worm doing the rounds that WILL compromise a WinXP / Win2000 / WinNT machine that is unpatched and has MS Client bound to an interface exposed to the Intenet.

2. Get a firewall. Zonealarm is good, however XP has its own built in firewall.

3. Disable the Windows Messenger Service. Note that this is NOT "Windows Messenger" but is a service that listens for network broadcast messages and displays them. It has a legitimate use in big networks where admins may send out a "please save your work - server going down for reboot" however it has no place on a gaming machine. To disable: Go to control panel > administrative tools > Services. Find the service in the list called "Messenger".

Right click it, choose properties.

Change startup type to "disabled".

Click "Stop".

Click "ok".

And never be bothered with idiots spamming in this way again :):angel:

ZoneVortex
10-08-03, 02:35
Originally posted by Skinfitz
That's because the popups have absolutely nothing to do with spyware.See?

Odd that you only get them when playing NC.

Ok - your actual problem is that your machine is receiving network broadcast messages from assholes on the net. You can solve this in several ways:

1. Unbind Client for Microsoft Networks from your Internet interface (whether that's LAN cable going into Cable modem or just a dial up modem). I'd strongly recommend that the MS Client is NEVER used on an interface connected to the Internet. As I write there is a worm doing the rounds that WILL compromise a WinXP / Win2000 / WinNT machine that is unpatched and has MS Client bound to an interface exposed to the Intenet.

2. Get a firewall. Zonealarm is good, however XP has its own built in firewall.

3. Disable the Windows Messenger Service. Note that this is NOT "Windows Messenger" but is a service that listens for network broadcast messages and displays them. It has a legitimate use in big networks where admins may send out a "please save your work - server going down for reboot" however it has no place on a gaming machine. To disable: Go to control panel > administrative tools > Services. Find the service in the list called "Messenger".

Right click it, choose properties.

Change startup type to "disabled".

Click "Stop".

Click "ok".

And never be bothered with idiots spamming in this way again :):angel:

Alright thanks for the help. I'd already disabled the messenger service and it didn't help, and I can't patch windows XP just for certain technicalities which completely blows. I suppose I'll download ZoneAlarm to go over XP's firewall and my router's firewall just incase.

Thanks again.

Skinfitz
10-08-03, 03:06
Originally posted by ZoneVortex
Alright thanks for the help. I'd already disabled the messenger service and it didn't help, and I can't patch windows XP just for certain technicalities which completely blows. I suppose I'll download ZoneAlarm to go over XP's firewall and my router's firewall just incase.

Thanks again.

If you have disabled the messenger service, then your machine is simply not able to receive the broadcast messages - I would be concerned about this if I were you. Up to date antivirus would be a good move.

I've been thinking about the part about you not getting broadcast messages unless you are running Neocron. I just remembered a guy asking me the same thing the other week except his problem was with Medal of Honour. You see, a firewall will catch and block any incoming traffic from systems that you do not already have an in progress IP connection with, however they will pass traffic from systems that you initiated communications with.

For example, if the NC server tried to talk to your machine traffic would be blocked, however because you initiate communications with the server, the firewall will allow subsequent traffic from that server.

The way that the annoying popup messages (hereafter known as net broadcast messages) are sent is that they are sent to entire subnets at once. For example, if you IP on the net is 194.129.178.23 with a subnect mask of 255.255.255.0 and I send a broadcast message to 194.129.178.255 .. OR .. 194.129.178.0 (known as broadcast addresses) then your machine, along with all the other machines on that subnet (i.e. 194.129.178.1 through 194.129.178.254) will receive the broadcast. What's worse is that some systems (especially routers) will relay the broadcast on. I believe this is what is causing your problem. Someone will be sending broadcast messages to Level 3's (NC's ISP) systems (firewalls / routers) (possibly from behind their main firewalls) and something there will be relaying them on. As far as your machine is concerned they are coming from the NC server which your firewall will pass as it treats it as legitimate traffic. It could actually be the NC servers themselves relaying the messages.

I warn you now though - firewall or no firewall if you do not patch XP it is just a matter of time before your system is pwned.

If you really really wont patch it, at least unbind client for MS Networks from your interface connected to your router otherwise its going to be game over.

{MD}GeistDamnit
10-08-03, 03:08
Originally posted by Odin
Just proves you don't listen to me much. I swear too much if anything :p

haha odin an employee called someone a fucker? that is funny anyone got a link? :D

ZoneVortex
10-08-03, 03:13
Trust me I want to patch but it's simply that if I do patch off the Microsoft site I might be fined.....if you get my drift :(

Does anyone have the new XP security patches on a private FTP where I could get them in peace?

Devils Thrill
10-08-03, 04:41
if you have an illegal version of xp, the only way to patch is to download the patches one by on.

you should use Microsoft Baseline Security Analyzer v1.1 to see what patches you dont have, then download them, by now there are about 20 patches out for XP

but useing the auto update or service pack is better

also stop useing internet explorer 8|

Skinfitz
10-08-03, 12:48
I would like to point out that students, lecturers, teachers and IT support people working in an educational environment qualify for XP Pro upgrade for £39.99 +VAT.

Link here (http://www.insight.com/uk/apps/productpresentation/index.php?product_id=MSSA026NU)

AlphaGremlin
11-08-03, 15:58
I have a completely wide-open firewall, with an FTP and HTTP server running, no anti-virus scanner, dozens of security patches I never got around to downloading, and routinely download unknown freeware programs.

Bring it on! 2 Years without reinstalling XP and counting. No viruses or hackings, and NO spyware, according to the latest AdAware 6 AND SpyBot.

My Dad's computer however has been reformatted twice, had several viruses, and a fuck-ton of spyware :lol:
And this is with Norton Antivirus, Firewall this and that, latest patches and everything. Some people just have all the luck. :angel:

neophotographer
11-08-03, 16:07
Originally posted by AlphaGremlin
I have a completely wide-open firewall, with an FTP and HTTP server running, no anti-virus scanner, dozens of security patches I never got around to downloading, and routinely download unknown freeware programs.

Bring it on! 2 Years without reinstalling XP and counting. No viruses or hackings, and NO spyware, according to the latest AdAware 6 AND SpyBot.

My Dad's computer however has been reformatted twice, had several viruses, and a fuck-ton of spyware :lol:
And this is with Norton Antivirus, Firewall this and that, latest patches and everything. Some people just have all the luck. :angel:

whats your IP again? :lol:.

j/k. I knwo next to shit about computers, and even less about hacking.

Stacey

AlphaGremlin
11-08-03, 16:25
Originally posted by neophotographer
whats your IP again? :lol:.

j/k. I knwo next to shit about computers, and even less about hacking.


Who cares? In an hour it won't exist. :D One of the few advantages of dial-up.

It's suprising though how much software comes with spyware. Who makes such programs anyway? People have no honor anymore :(

Archeus
11-08-03, 16:25
Originally posted by AlphaGremlin
Bring it on! 2 Years without reinstalling XP and counting. No viruses or hackings, and NO spyware, according to the latest AdAware 6 AND SpyBot.

How would you know with such crap security? For all you know a nice hacker found your machine as a real juicy target and patched it up for themselves so you never get suspect if someone else tries to hit it.

Otherwise, the hackers thinking that no one would be so nuts to leave a wide open machine and automatically suspect it as a honeytrap*.

I recommend you download FPORT (http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/freetools.htm) and run that too to have a look at what's still running.


Originally posted by AlphaGremlin
Who cares? In an hour it won't exist. :D One of the few advantages of dial-up.

Unless your machine has a zombie* installed on it, in which case as soon as you come back on your machine is thiers again. My brother was on dialup and he caught a zombie on his machine.

* Honeytrap - A machine purposely left open so hackers can play on it to show security people who and what they do to get in.

* Zombie - A trojan program that when you connect to the net takes orders from a hacker to make attacks or attempts to log into other peoples machines. Because they can control 100's in one go, even a dialup person would not notice it straight away.

lullysing
11-08-03, 16:26
Some ISPs do the job for you. For example, where i work, ports under 500 are blocked for reception on regular residential DSL connections ( they ain't supposed to run no servers ).

AlphaGremlin
11-08-03, 16:30
I'm no n00b when it comes to computers.
It's actually called a "honeypot" (my friend hacked into the one at my high-school and got busted :lol: )
And I know exactly what each process is doing in my processes list, so no zombies. My computer may be wide-open, but I'm not completely slack when it comes to maintenence.

Edit: My ISP doesn't block any ports that I know of, since my friends connect via the FTP server every now and then and grab stuff if other methods fail. Perhaps they're blocking the messenger port though, haven't got any of those lately, although BorgChat may be intercepting them.

AlphaGremlin
11-08-03, 16:37
fPort is interesting. I love command line tools.
I prefer Essential Net Tools myself, more pretty, and gives exactly the same information, and more : )

Skinfitz
11-08-03, 16:53
Originally posted by AlphaGremlin
I have a completely wide-open firewall, with an FTP and HTTP server running, no anti-virus scanner, dozens of security patches I never got around to downloading, and routinely download unknown freeware programs.
It's just a matter of time.


Bring it on! 2 Years without reinstalling XP and counting. No viruses or hackings, and NO spyware, according to the latest AdAware 6 AND SpyBot.
A couple of things.

Firstly AdAware and SpyBot will not detect hacking attempts.

You do not have any anti-virus and so really you have no idea at all if you are infected or not.

So really for all you know your machine could be a virus infected zombified slave.

Really - you are the digital equivalent of someone who says "Hey I go out alone with my expensive video camera, my rolex watch and $10000 in cash which I leave hanging out of my back pocket - I've been walking around [insert name of local bad area] for 2 years and I've never been mugged."

AlphaGremlin
11-08-03, 17:08
Firstly AdAware and SpyBot will not detect hacking attempts. You do not have any anti-virus and so really you have no idea at all if you are infected or not.

I know that they don't detect hacking attempts, I never made that claim. I do actually have a virus-scanner, but it's not enabled in real-time scanning. Just did a scan then: what a suprise, no viruses!

So really for all you know your machine could be a virus infected zombified slave.

Never underestimate the power of Sysinternals Process Explorer and a hex-editor. I'm willing to bet I'm not infected.

Really - you are the digital equivalent of someone who says "Hey I go out alone with my expensive video camera, my rolex watch and $10000 in cash which I leave hanging out of my back pocket - I've been walking around [insert name of local bad area] for 2 years and I've never been mugged."

LOL, that's beautiful. And the thing is, it's quite accurate. I have yet to encounter a "digital mugger" on this system, and so far I have only ever had 1 virus in the entire time I've been using computers.

I agree though, it is just a matter of time. Still waiting :)

Skinfitz
11-08-03, 17:19
Originally posted by AlphaGremlin
I agree though, it is just a matter of time. Still waiting :)
Well I wish you luck - may you never be haxx0red.

I'm curious though - is your machine connected directly to the net?

What ISP do you use?

Is Client for MS Networks bound to your dialup interface?

AlphaGremlin
11-08-03, 17:31
Well I wish you luck - may you never be haxx0red.

Thanks, you too :)

I'm curious though - is your machine connected directly to the net

The modem is plugged directly into my motherboard, so yes.

What ISP do you use?

iPrimus, one of the more popular ones in Australia.

Is Client for MS Networks bound to your dialup interface?

No, I'm not stupid :) MS Networking sucks when it comes to real security, only NTFS is really usefull for keeping unwanted guests out of your file-system.

Also: I don't recommend my security setup to anyone who doesn't know Windows like the back of their hand, no matter how well it seems to work for me :D

Archeus
11-08-03, 17:36
You contridict yourself somewhat


I have a completely wide-open firewall, with an FTP and HTTP server running, no anti-virus scanner, dozens of security patches I never got around to downloading, and routinely download unknown freeware programs.

...

I do actually have a virus-scanner, but it's not enabled in real-time scanning. Just did a scan then: what a suprise, no viruses!


How would you know you don't? Considering some viruses now attack the scanners themselves to disable them. Also considering how crap your patching is, I will take a good bet that your virus definations aren't even up to date. If they are, then why the hell isn't anything else?


Also: I don't recommend my security setup to anyone who doesn't know Windows like the back of their hand, no matter how well it seems to work for me

I wouldn't recommend it to anyone, considering if you read some of the security patches people can fuck about with your machine by having you just view a webpage, let alone installing stuff.

Skinfitz
11-08-03, 17:50
I'm curious though - is your machine connected directly to the net?

The modem is plugged directly into my motherboard, so yes.
I actually meant does your machine actually dial directly up or are you connected through a dialup gateway (i.e. another machine using Internet Connection Sharing). I will assume that your machine dials directly up.

Is Client for MS Networks bound to your dialup interface?

No, I'm not stupid :) MS Networking sucks when it comes to real security, only NTFS is really usefull for keeping unwanted guests out of your file-system.
It sounds like you have things a little confused there. NTFS is a filing system, not a networking system. (NTLM is the authentication protocol you might be getting confused with). NTFS is responsible for the file security on your drives. If someone hacks your box, they will enter with the security level of the service that has been compromised (typically the LOCALSYSTEM account on XP (that has the run of the whole box)). The Client for MS Networks is how Windows machines perform file sharing and an interface for Remote Procedure Calls (RPC). Presently there is a worm exploiting a recently discovered flaw in the RPC interface. This is so serious that many ISP's are looking at firewalling the relevant ports (135/137/445) at the border routers. If you do not have the Client for MS Networks bound to the interface that connects directly to the net then you should be safe from this.



Also: I don't recommend my security setup to anyone who doesn't know Windows like the back of their hand, no matter how well it seems to work for me :D [/B]
No offence but I wouldn't recommend your "no-security" setup to anyone, regardless of experience.

AlphaGremlin
12-08-03, 09:24
I admit I didn't clarify what I meant by no virus scanner. I meant that there wasn't one enabled.
And I'm not confused by NTFS. I know it's a file-system, and I use it more than Windows sharing to specify security settings, since windows file sharing sucks. Pretty much on all my drives only the creator and administrator have access to any drives, since I don't have any other accounts. Regardless of people who swear by running in User-Mode, and only changing to admin when they install programs, I prefer admin priveliges.
And if it makes you happy, I went and downloaded half the windows updates. I heard about the RPC problem too. And yes my definitions are up to date.
I've heard about the security flaws in IE, but I've yet to encounter anything. I have Popup Cop, which has stuff to disable problems like that.
Like I said, I still haven't had any problems with my setup.

AlphaGremlin
12-08-03, 12:13
LOL. What are the chances?
My dad's computer has gotten another virus today! Time to batten down the hatches, as it were.

kane
12-08-03, 20:39
I ran the spyware software i came up with this.. every file in the neocron folder :P j/k lol

PsiCorps
13-08-03, 02:38
Originally posted by AlphaGremlin
LOL. What are the chances?
My dad's computer has gotten another virus today! Time to batten down the hatches, as it were.
Reason: you use his computer to DL porn :p

ZoneVortex
13-08-03, 05:23
Originally posted by PsiCorps
Reason: you use his computer to DL porn :p

Yeh I was spyware/pop-up free yesterday, went on porn last night, and now I'm loaded again. God damnit!

AlphaGremlin
13-08-03, 06:00
Originally posted by ZoneVortex
Yeh I was spyware/pop-up free yesterday, went on porn last night, and now I'm loaded again. God damnit!

That's what you get for looking up Porn :p
Get Popup Cop (www.popupcop.com I think, don't quote me on that though), it fixes the little buggers up quite nicely.
Also: Why the hell would I use my Dad's computer to surf that kind of shit? I have my own computer to do that on, if I was so inclined.