Page 1 of 2
Trojan:Exploit.JS.ADODB.Stream.e from REV6 carreful guyz
Posted: Wed Jun 27, 2007 6:16 am
by AXII
http://www.viruslist.com/en/search?VN=E ... eferer=aol
Exploit.JS.ADODB.Stream
These utilities are designed to penetrate remote computers in order to use them as zombies (by using backdoors) or to download other malicious programs to victim machines.
Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Posted: Wed Jun 27, 2007 6:42 am
by Cerus
Its time for every1 to stop visiting that site.
Posted: Wed Jun 27, 2007 6:52 am
by DarkJackal
Glad I never did lol.
Posted: Wed Jun 27, 2007 7:00 am
by [SD]Kratos
sorry, where is it written it is from rev6.com? lol
Posted: Wed Jun 27, 2007 7:12 am
by AXII
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\1WJPZFJ1\rev6[1].htm
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Temporary Internet Files\Content.IE5\U90CV9PK\rev6[1].htm
Also virus program didnt allow to enter site.
Posted: Wed Jun 27, 2007 7:41 am
by snag12
Time to scan our computers ^^
Posted: Wed Jun 27, 2007 7:53 am
by TwelveEleven
afaik, that's used to refresh your browser not 100% sure.
Posted: Wed Jun 27, 2007 8:09 am
by AXII
BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.
Posted: Wed Jun 27, 2007 8:32 am
by the.unseen.
AXII wrote:BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.
This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.
Posted: Wed Jun 27, 2007 8:35 am
by Death2U
Just a false positive... happens all the time.
Posted: Wed Jun 27, 2007 9:36 am
by ping_lo
Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.
Posted: Wed Jun 27, 2007 9:42 am
by AXII
ping_lo wrote:Page refreshes even without javascript. And only a nub uses IE. I have FF set up with noscript and it basically stops all JS dead. But I doubt an AODB exploit would work well on safari or opera either. Maybe it could but better safe than using IE. I mean sorry.
detected: malware Exploit.JS.ADODB.Stream.e File: C:\Documents and Settings\pcl\Local Settings\Application Data\Mozilla\Firefox\Profiles\ux2ml8nt.default\Cache\B9F4AF15d01
I guess it is enough for u my friend.I do not know what u do but i m sure that i wont enter rev6 again
Posted: Wed Jun 27, 2007 10:08 am
by ScZz
lol dont use IE
Posted: Wed Jun 27, 2007 10:09 am
by chesticles
its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.
Posted: Wed Jun 27, 2007 10:14 am
by AXII
ScZz wrote:lol dont use IE
i m also using opera and firefox.Same warning from both too.
Posted: Wed Jun 27, 2007 10:16 am
by AXII
chesticles wrote:its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.
i did my friend.Ad blocker and no-script r always enable on me.
Posted: Wed Jun 27, 2007 10:21 am
by chesticles
AXII wrote:chesticles wrote:its only in your cache. if you clear your cache after each browsing section, run with no-script and ad-blocker on full prevent i don't think you will have this issue.
i did my friend.Ad blocker and no-script r always enable on me.
im not getting any of this backdoor bs lol .So far your the only person to get it. Try Kaspersky if that doesnt pick up anything (which it wont cuz i have it) they its just your scanner giving a false-positive
Posted: Wed Jun 27, 2007 1:17 pm
by Devotia
The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.
Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway.
Posted: Wed Jun 27, 2007 1:31 pm
by Infstdraynor
Exploit.JS.ADODB.Stream is a generic detection name given to all Java Script programs that uses known exploits in Internet Explorer combined with the use of ADODB.Stream functionality in ActiveX. It contains a code that uses a vulnerability in the Internet Explorer to execute.
I guess FF is fine. Even though I failed to see any reason why rev6 would want to plant a backdoor on you.
Posted: Wed Jun 27, 2007 2:14 pm
by chesticles
Devotia wrote:The exploit targets users using Yahoo and MSN messengers. Users receive a message containing a link from a known contact. If the link is clicked it triggers a new browser window, however no page is displayed. The Trojan, in the background, attempts to download and install other malware to the system. It also copies the file taskmng.exe to the Windows folder and creates a Registry key to start the file automatically. It disables any direct access to rgedit and taskmanager, thus ensuring that it neither be stopped, nor removed.
Unless rev6 is completely overhauling the trojan, it's from MSN/Yahoo. Alternatively, just use FF and the trojan can't do anything anyway.
uhoh lol someone doesnt like you on msn/yahoo hahaha
Posted: Wed Jun 27, 2007 2:40 pm
by PR0METHEUS
the.unseen. wrote:AXII wrote:BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.
This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.
Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.
Posted: Wed Jun 27, 2007 2:48 pm
by BlackFox
hmm
http://www.silkroadonline.net/sro_board/fmboard/fm_board.asp?bID=SB_Inform&sID=1&Page=6&Num=775
Regarding re**.com Notice
Date : 3/27/2007
inquiry : 13707
Recently many players got nervous about outflowing information and hacking damage from re**.com, because characters and items of certain players were searched in the corresponding website.
We have investigated the site, re**.com, and have found out the results listed below, so there is no need to feel uneasy regarding this issue.
* The site is written in special mark to prevent players from clicking the link.
[Results of Investigation]
1. Corresponding website is not a hacking site of our Silkroad Online server, but is rather a scanning site of players' PCs.
2. Scanning can be progressed by re**.com, using information achieved from their site visitation and registration, or when a bot program is used, through the help of a virus program.
3. The information that can be scanned is very simple, as shown in their website. Other important information such as password is safe from this scanning progress.
4. For secure game play, please restrict yourself from visiting re**.com, and run an anti-virus program at least once a week.
Posted: Wed Jun 27, 2007 3:02 pm
by Fat_Smurf
rev6 developped nubot.... they wont say ''yea their site is safe you can visit it without any problem'' ...
Posted: Wed Jun 27, 2007 9:21 pm
by the.unseen.
PR0METHEUS wrote:the.unseen. wrote:AXII wrote:BTW virus program is Symantec Coorp.Edition and i ll scan with other programs.I ll post results l8tr.
This could be due to the fact That Norton sucks, or it could be conflicting with your other programs.
Norton != Symantec. Same company yes, but not entirely the same software. I've never had a problem with Symantec Corporate.
I know but there are way better Anti-viruses, and Norton Aka symantc Corporate conflects with alot of other programs. And i have it also but I only use it for scanning and not on access use because nod32 and avg pro are better.
Posted: Wed Jun 27, 2007 9:33 pm
by Nyahgis
Sunbelt Personal Firewall, get the full edition, not the free edition. Problem solved.
Posted: Wed Jun 27, 2007 10:11 pm
by TheRealAnswer1
I noticed a few times while visiting Rev6 a popup came up from my spysweeper saying that it has removed a potentially harmful threat from my system... Thought somethin was fishy
Posted: Wed Jun 27, 2007 10:22 pm
by AXII
I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.
Posted: Wed Jun 27, 2007 10:26 pm
by chesticles
Symantec, AVG, and Nod32 are known for giving alot of false-positive. I still stand by that is what this is and that Kaspersky is the best lol
Posted: Wed Jun 27, 2007 10:30 pm
by lexies2
Oh crap!
I knew there was something funny about that site.
Posted: Wed Jun 27, 2007 10:52 pm
by Devotia
AXII wrote:I always see computer users r complaining about symantec but i dont think coorp.edition useless.Companies paying for this software 50,000-100,000 dollars and it should be good.I scanned with karspersky and nod32 same thread warning from nod32 but no from karspersky.Do u really know eho is rev6 owner and what they want to do?They r listing ur information(ur items etc) to others think about that.
The bigger the program the more people trying to find ways to get around it.
The more people that work on a task, the quicker, and more often, it will get done.
That's the major flaw with the big 3 AVs. Any virus writer who has a chance of releasing a high threat virus is going to try it against those AVs. Simply because if, say, Symantec catches it, that's 50% of the population immune at 0 hour. It's less likely he's going to try against, say Kaspersky (around 1% market share IIRC), not only for the small payoff for the effort, but because people who go out of their way to find, get, and update it are generally not the kind of people who open up random executables in their email.