Trojan:Exploit.JS.ADODB.Stream.e from REV6 carreful guyz

[AXII]

http://www.viruslist.com/en/search?VN=E ... eferer=aol
Exploit.JS.ADODB.Stream

These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.

[Cerus]

Its time for every1 to stop visiting that site.

[DarkJackal]

Glad I never did lol.

[[SD]Kratos]

sorry, where is it written it is from rev6.com? lol

[AXII]

detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\1WJPZFJ1\rev6[1].htm

detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\U90CV9PK\rev6[1].htm


Also virus program didnt allow to enter site.

[snag12]

Time to scan our computers ^^

[TwelveEleven]

afaik, that's used to refresh your browser not 100% sure.

[AXII]

BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.

[the.unseen.]

BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.

This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.

[Death2U]

Just a false positive... happens all the time.

[ping_lo]

Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.

[AXII]

Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.

detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Application Data\Mozilla\Firefox\Profiles\ux2ml8nt.default\Cache\B9F4AF15d01


I guess it is enough for u my friend.I do not know what u do but i m sure that i wont enter rev6 again

[ScZz]

lol dont use IE

[chesticles]

its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.

[AXII]

lol dont use IE

i m also using opera and firefox.Same warning from both too.

[AXII]

its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.

i did my friend.Ad blocker and no-script r always enable on me.

[chesticles]

its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.

i did my friend.Ad blocker and no-script r always enable on me.

im not getting any of this backdoor bs lol .So far your the only person to get it. Try Kaspersky if that doesnt pick up anything (which it wont cuz i have it) they its just your scanner giving a false-positive

[Devotia]

The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.

Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway.

[Infstdraynor]

Exploit.JS.ADODB.Stream is a generic detection name given to all Java Script programs that uses known exploits in Internet Explorer combined with the use of ADODB.Stream functionality in ActiveX. It contains a code that uses a vulnerability in the Internet Explorer to execute.

I guess FF is fine. Even though I failed to see any reason why rev6 would want to plant a backdoor on you.

[chesticles]

The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.

Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway.

uhoh lol someone doesnt like you on msn/yahoo hahaha

[PR0METHEUS]

BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.

This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.

Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.

[BlackFox]

hmm
http://www.silkroadonline.net/sro_board/fmboard/fm_board.asp?bID=SB_Inform&sID=1&Page=6&Num=775

Regarding re**.com Notice

Date : 3/27/2007

inquiry : 13707

Recently many players got nervous about outflowing information and hacking damage from re**.com, because characters and items of certain players were searched in the corresponding website.

We have investigated the site, re**.com, and have found out the results listed below, so there is no need to feel uneasy regarding this issue.

* The site is written in special mark to prevent players from clicking the link.

[Results of Investigation]

1. Corresponding website is not a hacking site of our Silkroad Online server, but is rather a scanning site of players' PCs.

2. Scanning can be progressed by re**.com, using information achieved from their site visitation and registration, or when a bot program is used, through the help of a virus program.

3. The information that can be scanned is very simple, as shown in their website. Other important information such as password is safe from this scanning progress.

4. For secure game play, please restrict yourself from visiting re**.com, and run an anti-virus program at least once a week.

[Fat_Smurf]

rev6 developped nubot.... they wont say ''yea their site is safe you can visit it without any problem'' ...

[the.unseen.]

BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.

This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.

Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.

I know but there are way better Anti-viruses, and Norton Aka symantc Corporate conflects with alot of other programs. And i have it also but I only use it for scanning and not on access use because nod32 and avg pro are better.

[Nyahgis]

Sunbelt Personal Firewall, get the full edition, not the free edition. Problem solved.

[TheRealAnswer1]

I noticed a few times while visiting Rev6 a popup came up from my spysweeper saying that it has removed a potentially harmful threat from my system... Thought somethin was fishy

[AXII]

I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.

[chesticles]

Symantec, AVG, and Nod32 are known for giving alot of false-positive. I still stand by that is what this is and that Kaspersky is the best lol

[lexies2]

Oh crap!


I knew there was something funny about that site.

[Devotia]

I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.

The bigger the program the more people trying to find ways to get around it.
The more people that work on a task, the quicker, and more often, it will get done.

That's the major flaw with the big 3 AVs. Any virus writer who has a chance of releasing a high threat virus is going to try it against those AVs. Simply because if, say, Symantec catches it, that's 50% of the population immune at 0 hour. It's less likely he's going to try against, say Kaspersky (around 1% market share IIRC), not only for the small payoff for the effort, but because people who go out of their way to find, get, and update it are generally not the kind of people who open up random executables in their email.