Trojan:Exploit.JS.ADODB.Stream.e from REV6 carreful guyz

[PR0METHEUS]

BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.

This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.

Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.

I know but there are way better Anti-viruses, and Norton Aka symantc Corporate conflects with alot of other programs. And i have it also but I only use it for scanning and not on access use because nod32 and avg pro are better.

Yeah I guess the one thing I don't like about Norton/Symantec is it's almost impossible to completely uninstall it. It has a few rootkits in it from what I understand basically, and you need a batch file from Symantec (that I think they charge for) to completely remove Symantec/Norton products.

That's what I was told at least....

[Katou]

Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.

detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Application Data\Mozilla\Firefox\Profiles\ux2ml8nt.default\Cache\B9F4AF15d01


I guess it is enough for u my friend.I do not know what u do but i m sure that i wont enter rev6 again

LoL you do have a virus...
But your the only one so why blame rev6?

I have a firewall and i never had any port request...
Basic principle of a trojan is to open a port connection and act as a trojan, just like in the movie where they build a big horse in wood.
There a way for the back door to communicate.
Funny how many people post stuff without knowledge, also rev6 release everything open source at 95% so all programmer know it safe.
Guess you can keep on scaring the newby.

If rev6 was able to make a virus so that people visit rev6 and get infected, there would be a HUGE problem with the internet security and 95% of the site would be unsecured.

So you claim they found a new exploit undiscovered by microsoft?
Are you sure they are that smart?

Other solution is that you don't know the real reason of your virus scanner to detect those file as dangerous.

Why don't you take the file detected as virus which would be plain html code and look at the source code in it?

Funny how your first reaction was blame rev6 for your msn virus, oh yea that virus is massively spread on msn and not on website, google your trojan a bit more and uninstall your msn and clear your cache file.

If symatect can't uninstall the virus it's a proof of there incapability.
Your the first one that received a virus in the last 6 month caused by rev6, something sound fishy doesn't it?

Many people here visit it daily, anyway stop making publicity about them, talk in bad or good but talk about them = publicity.

[HakubiNi]

I visited them some time ago and I did a full scan with AVG, no threats were found.

[Katou]

http://www.silkroadonline.net/sro_board ... icID=30980

http://www.rev6.com - is exploiting Internet Explorer.
Zone Labs Security found Exploit.JS.ADODB.Stream.e when page loading.

I installed zone lab and tested it with internet explorer and nothing...
Funny it more like if there a movement of lie anti-rev6 and in the end...
It will only make publicity for them...

For everyone else posting, if you can find a virus alert and you can produce it, please tell us how to reproduce it, I'm really curious about it.

[AXII]

http://www.silkroadonline.net/sro_board/bhboard/bh_postview.asp?ForumID=2&TopicID=30980

http://www.rev6.com - is exploiting Internet Explorer.
Zone Labs Security found Exploit.JS.ADODB.Stream.e when page loading.

I installed zone lab and tested it with internet explorer and nothing...
Funny it more like if there a movement of lie anti-rev6 and in the end...
It will only make publicity for them...

For everyone else posting, if you can find a virus alert and you can produce it, please tell us how to reproduce it, I'm really curious about it.

WTF- My virus program detected a trojan and i posted here to understand what it is.

[AXII]

Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.

detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Application Data\Mozilla\Firefox\Profiles\ux2ml8nt.default\Cache\B9F4AF15d01


I guess it is enough for u my friend.I do not know what u do but i m sure that i wont enter rev6 again

LoL you do have a virus...
But your the only one so why blame rev6?

I have a firewall and i never had any port request...
Basic principle of a trojan is to open a port connection and act as a trojan, just like in the movie where they build a big horse in wood.
There a way for the back door to communicate.
Funny how many people post stuff without knowledge, also rev6 release everything open source at 95% so all programmer know it safe.
Guess you can keep on scaring the newby.

If rev6 was able to make a virus so that people visit rev6 and get infected, there would be a HUGE problem with the internet security and 95% of the site would be unsecured.

So you claim they found a new exploit undiscovered by microsoft?
Are you sure they are that smart?

Other solution is that you don't know the real reason of your virus scanner to detect those file as dangerous.

Why don't you take the file detected as virus which would be plain html code and look at the source code in it?

Funny how your first reaction was blame rev6 for your msn virus, oh yea that virus is massively spread on msn and not on website, google your trojan a bit more and uninstall your msn and clear your cache file.




If symatect can't uninstall the virus it's a proof of there incapability.
Your the first one that received a virus in the last 6 month caused by rev6, something sound fishy doesn't it?

Many people here visit it daily, anyway stop making publicity about them, talk in bad or good but talk about them = publicity.

Think about why should i have a problem with rev6?I m not a sro fanatic only enjoy the game and i dont get it why u insist about to defend this website.
Do u know who they r?
Do u really know what their purpose?
Their dark website doesnt look like trustable 4me.I really like rev6 but why should i take a risk?

[AXII]

Trojan Exploit.JS.ADODB.Stream.e

The Trojan - Exploit.JS.ADODB.Stream.e was first detected on 2nd October, 2006. Cyberoam Unified Threat Management solution’s virus signature database was up-to-date and ready to face it since Jul 27 2006. It deploys Kaspersky as a Gateway AV solution.

The Attack
The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.

[Pulsartm]

i use Kaspersky and i visited few minutes ago rev6.com and got the same
Exploit.JS.ADODB.Stream.e like AXII

[Aragami]

hi
this is what my AV says







and i found a keylogger guess i have to format my pc

[Black_Mamba]

No problems here viewing the site nor is my pc infected with anything, it must be that kaspersky program monging out

[Katou]

There the owner of the site posted this
http://rev6.com/virus.php

it's in plain text so that kaspersky won't block you from visiting it.

basically he got 2 pages:

http://www.rev6.com/route14.php
http://rev6.com/news.htm

If you visit those page individually you won't get a virus alert.

If you go on this page:
http://www.rev6.com/route14.php?site=news

You get a virus alert.
If you look at the source code you will find that
http://www.rev6.com/route14.php?site=news
Is identical to the 2 previous pages which don't have a virus
It include the news section inside the middle with a php include.

So pointless to say, kaspersky +AVG can't detect the real
Trojan Exploit.JS.ADODB.Stream.e virus
They have a bug in the detection of that virus.

kaspersky program --> monging out
Rev6 never released any virus I have been there since the beginning almost.
Pointless to say, your blaming then for kaspersky bug right now.

[ping_lo]

its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.

i did my friend.Ad blocker and no-script r always enable on me.

FYI ADODB is generally defined as one of two things.

# Microsoft ADO (ActiveX Data Objects) is a Component object model object for accessing data sources. It provides a layer between programming languages and databases, which allows a developer to write programs which access data, without knowing how the database is implemented. No knowledge of SQL is required to access a database when using ADO, although one can use ADO to execute arbitrary SQL commands. The disadvantage of this is that this introduces a dependency upon the database.
en.wikipedia.org/wiki/ADODB

# ADOdb is a database abstraction library for PHP and Python. It allows developers to write applications in a fairly consistent way regardless of the underlying database storing the information. The advantage is that the database can be changed without re-writing every call to it in the application.From the ADOdb website, it supports the following databases... ...
en.wikipedia.org/wiki/ADOdb

As no mainstream browser implements python or PHP the first definition must be the correct one. Microsoft ADO being a microsoft thing is almost surely IE specific. Actually I know for a fact it is. You get it detected in FF etc though because your av software is scanning the cache. Firefox and every other non IE browser is not vulnerable to it. It could only work in IE. I know that if you ran wget on rev6.com you would get it detected as well. Lynx too.

[Katou]

its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.

i did my friend.Ad blocker and no-script r always enable on me.

FYI ADODB is generally defined as one of two things.

# Microsoft ADO (ActiveX Data Objects) is a Component object model object for accessing data sources. It provides a layer between programming languages and databases, which allows a developer to write programs which access data, without knowing how the database is implemented. No knowledge of SQL is required to access a database when using ADO, although one can use ADO to execute arbitrary SQL commands. The disadvantage of this is that this introduces a dependency upon the database.
en.wikipedia.org/wiki/ADODB

# ADOdb is a database abstraction library for PHP and Python. It allows developers to write applications in a fairly consistent way regardless of the underlying database storing the information. The advantage is that the database can be changed without re-writing every call to it in the application.From the ADOdb website, it supports the following databases... ...
en.wikipedia.org/wiki/ADOdb

As no mainstream browser implements python or PHP the first definition must be the correct one. Microsoft ADO being a microsoft thing is almost surely IE specific. Actually I know for a fact it is. You get it detected in FF etc though because your av software is scanning the cache. Firefox and every other non IE browser is not vulnerable to it. It could only work in IE. I know that if you ran wget on rev6.com you would get it detected as well. Lynx too.

Bah too late, they changed the website skin on rev6.com
The newer skin doesn't get detected as a virus.
But they kept the link to the old one which get detected as a virus.

And you are right, the cache show the plain html file as a virus, anyway pointless if you compare all the source file,
this is just like the silkroad.exe file being a keylogger. False alert.

[Damien0124]

Morningdew (employee A and Coffee guy) confirmed there was a trojan!

[Luoma]

There the owner of the site posted this
http://rev6.com/virus.php

it's in plain text so that kaspersky won't block you from visiting it.

basically he got 2 pages:

http://www.rev6.com/route14.php
http://rev6.com/news.htm

If you visit those page individually you won't get a virus alert.

If you go on this page:
http://www.rev6.com/route14.php?site=news

You get a virus alert.
If you look at the source code you will find that
http://www.rev6.com/route14.php?site=news
Is identical to the 2 previous pages which don't have a virus
It include the news section inside the middle with a php include.

So pointless to say, kaspersky +AVG can't detect the real
Trojan Exploit.JS.ADODB.Stream.e virus
They have a bug in the detection of that virus.

kaspersky program --> monging out
Rev6 never released any virus I have been there since the beginning almost.
Pointless to say, your blaming then for kaspersky bug right now.

[EgHu4Ka]

You are noobz ,EVRYONE!
There are many,many Indetectables(undetected) or also called *FUD*(Fully Undetected) RAT(RemoveAdministrativeTool)'S/Keyloggers

So...a normal virus/server would register in the registry FIRST and then start logging.
So all you need is SpyBot S&D.
Most of the AV's sux hard

and Rev6 is clean!

[PR0METHEUS]

You are noobz ,EVRYONE!
There are many,many Indetectables(undetected) or also called *FUD*(Fully Undetected) RAT(RemoveAdministrativeTool)'S/Keyloggers

So...a normal virus/server would register in the registry FIRST and then start logging.
So all you need is SpyBot S&D.
Most of the AV's sux hard

and Rev6 is clean!

I don't know where you're getting your crazy acronyms from. Sure, there are many, many viruses or other malware that are not detectable by certain virus scanners. That's why it's a good idea to have multiple scanners, or at least have a good virus scanner PLUS a few spyware scanners. Not everything will register itself in the Registry.

All we need is Spybot S&D? That's bad advice right there. First you say that there are many types of viruses that are undetectable, then say all you need is one tool. That provides a false sense of security. There are plenty of things that Spybot doesn't detect that other scanners DO detect, and the same is true vice versa.

My advice would be to have a good AV scanner running (whether you like NAV, Avast, AVG, McAfee, NOD32, whatever...) and also do regular scans with spyware scanners like Spybot, Lavasoft Adaware, Spysweeper, or other tools that you like. It can't hurt to also do an occasional scan with an online scanner like housecall.trendmicro.com or similar in case your local scanners miss something, or they themselves get infected/disabled.

Not all of us are noobz....

[sama98b]

Morningdew (employee A and Coffee guy) confirmed there was a trojan!

He (she) would confirm life on the sun if it would get payed for that too.

ps.: ff/noscript/ccs/ab+/ad-watch/symantec av. ftw.

[ping_lo]

You are noobz ,EVRYONE!
There are many,many Indetectables(undetected) or also called *FUD*(Fully Undetected) RAT(RemoveAdministrativeTool)'S/Keyloggers

So...a normal virus/server would register in the registry FIRST and then start logging.
So all you need is SpyBot S&D.
Most of the AV's sux hard

and Rev6 is clean!

I don't know where you're getting your crazy acronyms from. Sure, there are many, many viruses or other malware that are not detectable by certain virus scanners. That's why it's a good idea to have multiple scanners, or at least have a good virus scanner PLUS a few spyware scanners. Not everything will register itself in the Registry.

All we need is Spybot S&D? That's bad advice right there. First you say that there are many types of viruses that are undetectable, then say all you need is one tool. That provides a false sense of security. There are plenty of things that Spybot doesn't detect that other scanners DO detect, and the same is true vice versa.

My advice would be to have a good AV scanner running (whether you like NAV, Avast, AVG, McAfee, NOD32, whatever...) and also do regular scans with spyware scanners like Spybot, Lavasoft Adaware, Spysweeper, or other tools that you like. It can't hurt to also do an occasional scan with an online scanner like housecall.trendmicro.com or similar in case your local scanners miss something, or they themselves get infected/disabled.

Not all of us are noobz....

To be honest many of you are.

Most AV software is at best a waste of CPU/RAM/HD. And at worst it is a scam. This "always on AV" crap is mostly useless and reinforces bad computing habbits. Since it is always running and taking up resources in the background users feel that they are invulnerable. Often taking more risks and putting themselves into more danger than if they didn't have it. Only to wonder at the end why their AV did not save them. This only to them re-inforces the need to have always on av oddly enough. As it is a vicious circle that they never learn from.

Many "Trial versions" of AV software and indeed some full versions often return false positives to convince the user they "need" the software and that it is actually doing something for them. When in reality they are just being had another way.

Honestly the world would be a better place if everyone ditched symantic/norton/mcaffe/etc for a on demand scanner like clamwin which is free and just ran folding@home or some such in the background. Running an on demand scanner can protect you from legitimate threats while not re-enforcing bad computing habbits. Combine this with not using proven bad software like IE, not visiting sites you don't trust, confirming sites you trust, and caution about downloading executables or scrip from unknown sources. Toss in SBS&*D or Adaware free versions and you can avoid getting viruses more often than simply running a 24/7 scanner. I have used PCs for basically 20 years now if not a little over. And I am a very active user. I have never had a virus.

[PR0METHEUS]

To be honest many of you are.

Most AV software is at best a waste of CPU/RAM/HD. And at worst it is a scam. This "always on AV" crap is mostly useless and reinforces bad computing habbits. Since it is always running and taking up resources in the background users feel that they are invulnerable. Often taking more risks and putting themselves into more danger than if they didn't have it. Only to wonder at the end why their AV did not save them. This only to them re-inforces the need to have always on av oddly enough. As it is a vicious circle that they never learn from.

Many "Trial versions" of AV software and indeed some full versions often return false positives to convince the user they "need" the software and that it is actually doing something for them. When in reality they are just being had another way.

Honestly the world would be a better place if everyone ditched symantic/norton/mcaffe/etc for a on demand scanner like clamwin which is free and just ran folding@home or some such in the background. Running an on demand scanner can protect you from legitimate threats while not re-enforcing bad computing habbits. Combine this with not using proven bad software like IE, not visiting sites you don't trust, confirming sites you trust, and caution about downloading executables or scrip from unknown sources. Toss in SBS&*D or Adaware free versions and you can avoid getting viruses more often than simply running a 24/7 scanner. I have used PCs for basically 20 years now if not a little over. And I am a very active user. I have never had a virus.

That is a very good point. I do agree that 24/7 always on virus scanners can encourage bad habits in computing. A lot of users simply will not take the extra step of manually scanning their system, or things they download to ensure they're not getting malware. Realtime scanners will help with this, but users should also perform manual scans.

It's like physical security. You don't want to leave your windows and doors wide open, with holes cut into your drywall for people to just come into your house, but have security guards constantly checking the surroundings. You want all those holes plugged up, doors/windows locked, AND security guards on 24/7 surveillance.

[ping_lo]

It's like physical security. You don't want to leave your windows and doors wide open, with holes cut into your drywall for people to just come into your house,

That is a pretty apt description of a windows system.

but have security guards constantly checking the surroundings. You want all those holes plugged up, doors/windows locked, AND security guards on 24/7 surveillance.

The problem with your analogy is this. Your guards are asleep on a binge of doughnuts and your guard dogs are chihuahuas. If you want something done right you gotta do it yourself. ^_^

[Nitesh]

You guys are honestly stupid. First of all, why use IE? It sucks. Second of all, the AVs you guys are using are completely sh!t. There is no reason to use them. The only decent AVs out there right now is Kapersky and NOD32. Kapersky has a better scanner than NOD32 but isn't that great at killing stuff. NOD32 has an excellent scanner and it can kill just about everything.

Also a trojan horse client is an application created//used for opening a port connetion to allow the "hacker" a connection to your computer, OR it is used to basically spy and steal data from your PC.

And for 1. I don't use an AV, it's pointless to me. 2. Firewalls are a thing of a past to me also.

The best way to protect your computer is to learn networking and know how to manage your ports. I don't ever have more than 10 ports open. The average is far over 50 ports open. This is why you fools get trojanned, spyware, keylogged, etc.

And don't tell me I don't know anything about computers. I know 6 computer programming languages.

[PR0METHEUS]

It's like physical security. You don't want to leave your windows and doors wide open, with holes cut into your drywall for people to just come into your house,

That is a pretty apt description of a windows system.

Windows can be locked down pretty good if you know what you're doing.

but have security guards constantly checking the surroundings. You want all those holes plugged up, doors/windows locked, AND security guards on 24/7 surveillance.

The problem with your analogy is this. Your guards are asleep on a binge of doughnuts and your guard dogs are chihuahuas. If you want something done right you gotta do it yourself. ^_^

I've been mostly relying on my "sleeping guards and chihuahuas", but also doing the occasional manual scan and I haven't had any problems with my Windows system. I know I should do more. I work in IT security. I know how bad Windows systems (and other platforms) can get. For my home system, it's just been good enough. I haven't had any infections on my network.

[PR0METHEUS]

You guys are honestly stupid. First of all, why use IE? It sucks. Second of all, the AVs you guys are using are completely sh!t. There is no reason to use them. The only decent AVs out there right now is Kapersky and NOD32. Kapersky has a better scanner than NOD32 but isn't that great at killing stuff. NOD32 has an excellent scanner and it can kill just about everything.

Personally I've never had a problem with Symantec. You say Kapersky has a better scanner than NOD32 but NOD32 can kill just about anything whereas Kapersky isn't that great at killing stuff?.......

Also a trojan horse client is an application created//used for opening a port connetion to allow the "hacker" a connection to your computer, OR it is used to basically spy and steal data from your PC.

That's not a very accurate description of a trojan horse. A trojan horse is simply something that appears to be something harmless, when it secretly has malicious features. For example, a copy of notepad.exe that also formats your hard drive when you save a document. It doesn't have to even open ports or anything.

And for 1. I don't use an AV, it's pointless to me. 2. Firewalls are a thing of a past to me also.

The best way to protect your computer is to learn networking and know how to manage your ports. I don't ever have more than 10 ports open. The average is far over 50 ports open. This is why you fools get trojanned, spyware, keylogged, etc.

You say you don't use firewalls, but you manage ports? Ports are managed by a firewall. Maybe you mean you don't use a software based firewall like ZoneAlarm? I just use a wireless NAT router with a firewall built in to manage my ports. Without that, there's always the Windows Firewall (although I don't like Windows Firewall). I only have 1 port open, and it's restricted by IP address.

It's all about defense in depth. It's best to have multiple layers. Good physical security, multiple logical security controls like firewalls, antivirus, intrusion detection systems, and actively managing your network security through manual virus scans, penetration/vulnerability scans and the like. Some of that is overkill for a home network though, but it's still good to have something to back up your manual security processes in case you miss something.

[AXII]

You guys are honestly stupid. First of all, why use IE? It sucks. Second of all, the AVs you guys are using are completely sh!t. There is no reason to use them. The only decent AVs out there right now is Kapersky and NOD32. Kapersky has a better scanner than NOD32 but isn't that great at killing stuff. NOD32 has an excellent scanner and it can kill just about everything.

Also a trojan horse client is an application created//used for opening a port connetion to allow the "hacker" a connection to your computer, OR it is used to basically spy and steal data from your PC.

And for 1. I don't use an AV, it's pointless to me. 2. Firewalls are a thing of a past to me also.

The best way to protect your computer is to learn networking and know how to manage your ports. I don't ever have more than 10 ports open. The average is far over 50 ports open. This is why you fools get trojanned, spyware, keylogged, etc.

And don't tell me I don't know anything about computers. I know 6 computer programming languages.

Yes u r good at computers and u r a selfish.How dare u charge people that they do not know about computers?What is the purpose of forums?People helping each other here.If u want to help post here.We dont need to learn about ur skills.If u want to contunie to insult others plz do not post here again.Also same thread whilw using firefox.

[Black_Mamba]

lol this threads turned well funny, it's like a "who's wearing the biggest anorak" competition

[ping_lo]

Also a trojan horse client is an application created//used for opening a port connetion to allow the "hacker" a connection to your computer, OR it is used to basically spy and steal data from your PC.

That's not a very accurate description of a trojan horse. A trojan horse is simply something that appears to be something harmless, when it secretly has malicious features. For example, a copy of notepad.exe that also formats your hard drive when you save a document. It doesn't have to even open ports or anything.

While your definition is technically correct. It is not that realistic. Most times with a trojan the attacker wants something more than to wipe out your PC. It is either about getting a back door on to your PC to steal your info or using your PC as part of a bot net to coordinate bigger attacks. So while technically correct his definition is the more realistic one.

And for 1. I don't use an AV, it's pointless to me. 2. Firewalls are a thing of a past to me also.

The best way to protect your computer is to learn networking and know how to manage your ports. I don't ever have more than 10 ports open. The average is far over 50 ports open. This is why you fools get trojanned, spyware, keylogged, etc.

You say you don't use firewalls, but you manage ports? Ports are managed by a firewall. Maybe you mean you don't use a software based firewall like ZoneAlarm? I just use a wireless NAT router with a firewall built in to manage my ports. Without that, there's always the Windows Firewall (although I don't like Windows Firewall). I only have 1 port open, and it's restricted by IP address.

Firewalls are a way of managing ports but not the only one. You can often times go in and just turn off a service. =P

It's all about defense in depth. It's best to have multiple layers. Good physical security, multiple logical security controls like firewalls, antivirus, intrusion detection systems, and actively managing your network security through manual virus scans, penetration/vulnerability scans and the like. Some of that is overkill for a home network though, but it's still good to have something to back up your manual security processes in case you miss something.

In a corporate IT department where there are alot of PEBKAC calls yes. But that is only because of poor training and instincts on the users part. XD I just use 2 really good layers. Myself and my manual tools. 90% of attacks are not hard to avoid if you use common sense. the last 10% no amount of 24/7 scanners and firewalls would be able to save you anyway.