[READ] Malware on d3scene.com

This is a discussion on [READ] Malware on d3scene.com within the Rules/Announcements board part of the General category; Originally Posted by Ryan I wouldnt judge it on posts rather then rep .. If someone has like 200 posts ...

Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36
  1. #21
    Sean1352 is offline Master Hacker
    Array
    Join Date
    Apr 2011
    Location
    Don't be a stalker...
    Posts
    562
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    6
    Reputation
    143
    Quote Originally Posted by Ryan View Post
    I wouldnt judge it on posts rather then rep .. If someone has like 200 posts with only 5 rep .. they obviously arent there to help people .. well I guess thats not true, it could mean people just didnt give any rep to them....

    All in all, QUIT GIVING OUR SITE VIRI !!!! (is that the plural of virus?)
    Meh you can trust me before I put a file up I scan with malwarebytes 50+ rep sounds trustful enough don't you think?

    Edit: And I think it's viruses for plural.


  2. #22
    koshaan's Avatar
    koshaan is offline /// R3 STAFF
    Array
    Join Date
    Jun 2011
    Location
    iraq
    Posts
    2,842
    Mentioned
    13 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    10
    Reputation
    778
    Also, i almost ONLY trust Elder Users or people with good reputation.

    /// R3CHEATS.COM \\\


  3. #23
    Darchrow's Avatar
    Darchrow is offline Life's good.



    Array
    Join Date
    Jan 2011
    Location
    Germany
    Posts
    1,858
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    12
    Reputation
    1244
    Ok guys, I think some of you guys want some information about the things which happened lately. I won't provide too much info because it's insignificant.
    Well, I warned you in OP of this thread and now it happened to me. I don't want to make a big deal of it how I got infected. I had my On-Demand-Scanner deactivated and ran one of those files in sandbox. Therefore the malware didn't install on my system but it still sent some critical data to the author (like passwords). But it isn't a well coded malware, it's just standard poorly written VB.NET stuff which is detected by nearly every AV-software.


    However, the dude who posted those malicious files had round about 30 posts with most of them were malware. So I recommend to every member who downloaded some of these files to scan the PC. Unfortunately I can't list all the thread which were affected but his username was Ixtilion and most of his viruses were in MW3-section and NFS-section.

    Furthermore I want to provide you some information about the malware (please note this MAY vary a bit due to he edited his trojans):

    It spawns some files named:
    %CommonAppData%\wscntfy.exe
    %Temp%\PlugIn64.exe
    %Temp%\PlugIn32.exe
    %ProgramFiles%\Common Files\lsmass.exe

    It creates new registry keys:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73A4AF7A-5EF7-8051-87FB-4A4AF1CB93DF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\Run

    The registry values are:

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73A4AF7A-5EF7-8051-87FB-4A4AF1CB93DF}]
      • StubPath = "%CommonAppData%\wscntfy.exe -r"
      • IsInstalled = 0x00000001

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced]
      • Hidden = 0x00000002
      • EnableBalloonTips = 0x00000000

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
      • EnableLUA = 0x00000000

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\Run]
      • Windows-Network Component = "%ProgramFiles%\Common Files\lsmass.exe"

    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
      • Windows-Audio Driver = "%CommonAppData%\wscntfy.exe"


    Other activities:
    It connects via TCP (wscntfy.exe (%CommonAppData%\wscntfy.exe))



    Make sure you've scanned your PC completely.


  4. The Following 7 Users Say Thank You to Darchrow For This Useful Post:


  5. #24
    Flash's Avatar
    Flash is offline Premium Member

    Array
    Join Date
    May 2012
    Posts
    1,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    832
    I'm starting to think all users without Elder rank should go through an evaluation when they are submitting a download.

  6. #25
    Ryan's Avatar
    Ryan is offline Ubiquitous


    Array
    Join Date
    Jul 2007
    Posts
    6,966
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    26
    Reputation
    2758
    Problem with that, Ocean, is they can still post a link to MediaFire and stuff. Unless you were stating nonelders should not be able to post links ?


  7. #26
    Flash's Avatar
    Flash is offline Premium Member

    Array
    Join Date
    May 2012
    Posts
    1,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    9
    Reputation
    832
    Quote Originally Posted by Ryan View Post
    Problem with that, Ocean, is they can still post a link to MediaFire and stuff. Unless you were stating nonelders should not be able to post links ?
    I understand but perhaps we can prevent any uploads from users who are not Elder+? If the user wants to post something with a downloading link, he will have to PM Tracky or someone who can evaluate it and see if it is safe. Just my suggestion because people are just going to create new accounts and spam these forums with nonsense.

  8. The Following User Says Thank You to Flash For This Useful Post:


  9. #27
    Ryan's Avatar
    Ryan is offline Ubiquitous


    Array
    Join Date
    Jul 2007
    Posts
    6,966
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    26
    Reputation
    2758
    Makes sense to me and its actually a great idea


  10. #28
    Safou's Avatar
    Safou is offline '-'



    Array
    Join Date
    Jul 2012
    Location
    The Big Apple
    Posts
    2,508
    Mentioned
    38 Post(s)
    Tagged
    1 Thread(s)
    Rep Power
    9
    Reputation
    713
    Quote Originally Posted by Ocean Spray View Post
    I understand but perhaps we can prevent any uploads from users who are not Elder+? If the user wants to post something with a downloading link, he will have to PM Tracky or someone who can evaluate it and see if it is safe. Just my suggestion because people are just going to create new accounts and spam these forums with nonsense.
    That and also Tracky I think mentioned maybe making the Marketplace specific amount of rep to use ect.

  11. #29
    AbrasiveZealot's Avatar
    AbrasiveZealot is offline Master Hacker

    Array
    Join Date
    May 2011
    Location
    ctf_2fort
    Posts
    678
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    8
    Reputation
    542
    Quote Originally Posted by Ocean Spray View Post
    I understand but perhaps we can prevent any uploads from users who are not Elder+? If the user wants to post something with a downloading link, he will have to PM Tracky or someone who can evaluate it and see if it is safe. Just my suggestion because people are just going to create new accounts and spam these forums with nonsense.
    I agree with this, while it would be more work for mods/admins, I think that having some sort of approval system for non-trusted members would be beneficial to the community.
    Click for cookies.

  12. #30
    Ryan's Avatar
    Ryan is offline Ubiquitous


    Array
    Join Date
    Jul 2007
    Posts
    6,966
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    26
    Reputation
    2758
    More work is never a problem. If it is, they arent a mod


Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. [Android] List of Malware Applications
    By razathru in forum Mobile Phone forum
    Replies: 6
    Last Post: 07-07-2011, 08:26 PM
  2. Replies: 3
    Last Post: 08-24-2010, 07:25 AM
  3. World of Warcraft detected as malware by Symantec
    By Marik in forum General Chat
    Replies: 2
    Last Post: 06-12-2010, 09:09 PM
  4. [Suggestion] For D3Scene (READ)
    By GodOfWar in forum D3scene related
    Replies: 20
    Last Post: 10-23-2007, 03:31 PM
  5. Selling undetected malware
    By StealthyFayggot in forum General Chat
    Replies: 17
    Last Post: 07-31-2007, 05:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •