Fri, Nov 22, 6:23 PM CST

Renderosity Forums / Bryce



Welcome to the Bryce Forum

Forum Moderators: TheBryster

Bryce F.A.Q (Last Updated: 2024 Nov 21 4:12 am)

[Gallery]     [Tutorials]


THE PLACE FOR ALL THINGS BRYCE - GOT A PROBLEM? YOU'VE COME TO THE RIGHT PLACE


Subject: OT- I've been Hacked????


striving ( ) posted Fri, 12 December 2003 at 7:36 PM · edited Fri, 22 November 2024 at 6:07 PM

Hey, I went to Google just now and got this message: If you see this page your hosts file has been hacked. Please use the instruction below to clean your machine. You cannot reach the site you where trying to reach without following this procedure! - Please follow the steps provided in this document and make sure to download all patches for your computer from the Windows Update Site which can be found here: http://windowsupdate.microsoft.com 1. Start regedit, find HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun , delete starting of svchost.exe file, reboot your computer, delete file svchost.exe in windows directory. 2. Reboot windows and start in SAFE MODE (F8 key on keyboard before windows starting), delete file winlogon.exe in directory: C:Documents and SettingsAll UsersStart MenuProgramsStartup 3. Clear your 'hosts' file. How to edit your hosts file: locate it first, either by browsing to the directory (as shown above) or by hitting "Start - Search - select all files and folders - type in 'hosts' (without the quotation marks) and hit search. When the file is found, click with your right mouse button on the file and select 'Open With...' This will bring up a list of programs to edit the file with. Select Notepad from that list and click OK. - Remove all lines from the file and type in: 127.0.0.1 localhost. Now close the file and save your changes. For Windows 95/98/Millenium machines: Locate the file hosts in your C:Windows directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there: 127.0.0.1 localhost For Windows 2000 machines: Locate the file hosts in your C:WinntSystem32DriversEtc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there: 127.0.0.1 localhost For Windows XP machines: Locate the file hosts in your C:WindowsSystem32DriversEtc directory. Just delete it or edit it with a text editor like notepad and make sure there is only one line there: 127.0.0.1 localhost ANYONE know if this is real? I haven't been able to load a couple sites the last 2 days.. Including Google... If anyone out there knows the deal on this before I delete things I may need let me know.. Thanks. Bruce


Ang25 ( ) posted Fri, 12 December 2003 at 7:56 PM

sounds like bullshit to me, but I don't know anything, good luck. Bullshit, as in an advertisement for something they want to sell. :( I pay no never mind to that sort of stuff, I figure a real hack job wouldn't be advertised to me. Just my feelings.


ocddoug ( ) posted Fri, 12 December 2003 at 8:24 PM

Weird...sounds like my comp not yours lol...I just went to google, no prob for me. I wouldn't erase anything yet, since maybe someone happened to hack into Google while you were there. Maybe contact Google?


BabaLouie ( ) posted Fri, 12 December 2003 at 8:31 PM

I seriously would not do this.... however, it seems that you may be infected with a virus or trojan. Svchost is used by the os for various reasons, if you look at processes under Task Manager you will often see several occurances of it running, though I must admit I know of no good reason for svchost.exe to be in the registery key mentioned. The host file mentioned generally only has that one line in it, however, I do add additional addresses to block specific site activities. It can not hurt to delete everything else below the above mentioned address. You will find some other lines in there that have been commented out with the #, it is ok to leave those there. I would not recommend this simply because it is advice from a site that does not sell AV / Firewall software. Go to Norton, I believe you can get a free scan there if in the event that you do not have any AV software. I would scan you drives very thoroughly with an AV product of your choice. If you are not using a firewall I would get one as soon as possible. For what it is worth, I have been getting an average of 6 emails a day that are infected and I get about 9 or 10 intrusion attempts a week. It is a dangerous internet world out there, and even if you are NOT on broadband, you really should be using a firewall. I use both a software firewall and antivirus program ( Norton ) and I have not been comprimised yet. Knock on Wood ! :) BabaLouie


striving ( ) posted Fri, 12 December 2003 at 8:47 PM

Thanks BabaLouie.. I did look for the other stuff that page mentioned, but never saw it anywhere in the Reg. So I just deleted the other addresses in my "host" file (there were about 6). Google is back up and seems fine. Thanks for your help. -Bruce


draculaz ( ) posted Fri, 12 December 2003 at 8:59 PM

Attached Link: http://download.com.com/3000-2144-10214379.html?tag=lst-0-1

striving, you really shouldn't have done that... you've basically hacked yourself. windows would NEVER tell you what to do -let alone google or anyone else. what they're basically asking you is to let them introduce their ads unto your computer. by deleting your localhosts files you are making it easy for them. do me a favor, go to the link above and download the program called adaware. your comp's infected with something called spyware, little virii that take info about you and send them to their companies. Download adaware, let it scan your hd. if it doesn't find at least 20 spyware files i'll put on a too-too and dance around naked. drac


striving ( ) posted Fri, 12 December 2003 at 9:17 PM

I have that prog already Drac... Ran it today, before I got this. It cleared out stuff, but the google prob still exsisted. I didn't just go by that google post. I checked Tech TV's site and followed some things I found there. :-) I may be crazy, but I'm not totally stupid.. haahaa


draculaz ( ) posted Fri, 12 December 2003 at 9:26 PM

starts stripping


BabaLouie ( ) posted Fri, 12 December 2003 at 9:48 PM

Drac, That is exactly what I use my host file for, but most folks are not aware that they can block a load of web ads that way. This is what it does, the IP 127.0.0.1 address points to your local computer, you are telling it that all these ad servers are on your computer. Now, whenever your browser tries to retrieve an ad from an ad server, it will look on your own machine and will fail. This also will also keep these servers from placing cookies on your PC. Below is an example of what would be added to the host file 127.0.0.1 ad.ca.doubleclick.net 127.0.0.1 ad.de.doubleclick.net 127.0.0.1 ad.doubleclick.net For those who may have an interest and are using IE and would like to block port sites or other sites via a simple reg hack the below link goes to a freebie reg hack called IE-SPYAD. http://www.staff.uiuc.edu/~ehowes/resource.htm If anyone needs, I can email a zip file of the reg hack and the ad blocker to them. As a matter of interest, I would like to know what Striving found amiss on his system. In retrospect, I could have done a better job of explaining the above to Striving in my previous post. BabaLouie


danamo ( ) posted Fri, 12 December 2003 at 9:53 PM

Meanwhile several of the ladies are offering Drac free use of their point shoes! As long as they get to watch the ballet.lol


BabaLouie ( ) posted Fri, 12 December 2003 at 9:54 PM

Maybe he will post a picture for us ... :-) BabaLouie


Vile ( ) posted Fri, 12 December 2003 at 11:02 PM

ACK ERRGURLGLE...Flarp! NEVER! NEVER! NEVER! NEVER! NEVER! NEVER! NEVER! (is that enough?) NEVER! Delete anything out of your registry unless you know what you are doing and then NEVER! NEVER! (noticing a trend here?)NEVER! do it with out backing up (saving) your registry first! There are several HOAX virus' out there that tell you to delete this or that! What you have is a either spyware or a hoax sent through Instant Messenger! Really depends on the type of popup you saw. 127.0.0.1 is the local host ping IP it tests if your NIC works! Now in the event this is a virus find a site or some software to do a scan and procede from there! But NEEEEEVVVVVEEEEERRRR just start deleting files, unless you think giving your self a lobotomy with a fork is great idea!


draculaz ( ) posted Fri, 12 December 2003 at 11:14 PM

hmm, maybe he should go into administrative tasks and disable messenger... HEY I KNOW! goes off to send striving a new message telling him to do it Drac (babalouie, i doubt you'd want to see that)


CryingWolf ( ) posted Fri, 12 December 2003 at 11:23 PM

I didn't read all the posts but if you do do all that then you can just reinstall your os. ie game over thanks for playing. There are a few programs out there for free that can help ya out alot. 1. Ad-aware @ http://www.lavasoftusa.com/ 2. A pop-up stopper (I use popup popper @ http://www.bayden.com/popper/) google has a tool bar that also blocks pop-ups 3. Virus scanner (I use the avg free version @ http://www.grisoft.com/us/us_index.php) 4. A good personal firewall system (zone alarm) I don't use, as I am behind a hardware/software firewall. All of the above can help!!!


Zhann ( ) posted Fri, 12 December 2003 at 11:31 PM

Vile, lobotomy with a fork?! I coulda' done without THAT image...; But yeah NEVER NEVER EVER delete registry files without backup (I thought you needed a few more never evers)...;] Do not believe popups unless they are from YOUR OS, or Firewall, or Virus scanner.... I get these blue ones all the time that LOOK EXACTLY like windows popups, saying there is a breach in my firewall and someone is attemping to hack my comp, they give my IP address, and other general public knowledge stuff, I just ignore them. They are trying to sell me their software, that's all.

Bryce Forum Coordinator....

Vision is the Art of seeing things invisible...


bikermouse ( ) posted Fri, 12 December 2003 at 11:31 PM

Ah yes the Ahmish(sp) virus - where you're on your honor to delete files your hard drive needs for one reason or another because the ahmish(sp) actually don't have the technology to write viruses, them lacking computers and all they must convince you to delete the files yourself. Usually AVG website is pretty good about anouncing new viruses. Also check Norton, McAfee and MicroSoft Update. Adaware doesn't actually check for viruses but is good for detecting spyware. It is a good thing. If you're on XP you could try running system restore, I don't know that it will help with the deleted files but you might be able to recover them from the wastebasket. - TJ


CryingWolf ( ) posted Fri, 12 December 2003 at 11:32 PM

P.S. before doing anything always confirm the source. Also keep your system upto date!!! Don't be afraid to check microsoft for updates!!! I run xp pro on all my workstations and I have server 2003 on my servers. All these are configured to download updates and alert me when they are ready to install. With the above routine I haven't' really had any problems. Microsoft would never do anything like that. If there was a problem in windows they would attempt to fix it with an update, you would have to download.


Zhann ( ) posted Fri, 12 December 2003 at 11:44 PM

Every time I have a prog that crashed, or the comp locks up , or whatever and it asks to send an error report, I always check 'yes', next morning I have a bunch of Windows updates to install...I'm on XPHome...only one that I have trouble with auto updates is McAffee, it screws up the reg entries and then crashes when installing the updates. I have to do updating manually to get any to install at all. Soon as I get $50, it's Norton2004 for me...

Bryce Forum Coordinator....

Vision is the Art of seeing things invisible...


ocddoug ( ) posted Fri, 12 December 2003 at 11:52 PM

Striving was getting that hacker message on google.com's front page. It wasn't a pop-up or an instant message.


drawbridgep ( ) posted Sat, 13 December 2003 at 1:27 AM

All sounds very nasty. Personally, I blame Bill Gates, but then I blame him for a lot of things. My car broke down the other day and I blamed him for that. Is it just me or does everyone hate the "all eggs in one basket" aspect of the registry? What's wrong with good old INI files? I hate the registry with a passion and come over in a cold sweat when ever it goes wrong, (which, touch wood, is rare). As for popups. I use Zone Alarm Pro for my firewall and they make Pest Patrol which seems pretty good to me. Sometimes I just hanker for the good old days when I could fit an entire OS on a floppy. On a 5.25" floppy! Maybe I'll start a campaign for a MS-DOS version of Bryce.

---------
Phillip Drawbridge
Website 
Facebook


Zhann ( ) posted Sat, 13 December 2003 at 1:41 AM

Don't you dare!

Bryce Forum Coordinator....

Vision is the Art of seeing things invisible...


Erlik ( ) posted Sat, 13 December 2003 at 1:57 AM

Zhann, you can get EZ Armor for free for a year. http://www.my-etrust.com/microsoft They give you daily virus identities updates plus a personal firewall. For pop-ups, either use a pop-up killer for IE or install Opera. :-)

-- erlik


Rochr ( ) posted Sat, 13 December 2003 at 5:02 AM

As said above, NEVER delete anything from the regedit, unless its written on the MS homepage or you know what it is. Sounds like something that happened to a friend of mine. He got a message to remove stuff from the register editor as well. Problem was, he removed the swapfile... Here are some tools for spyware, check out the app "SpyBot". Freeware, and a great app. It also runs in the background to prevent spyware. http://www.spychecker.com/software/antispy.html And heres a great online virus scan. Ive saved a lot of computers with this one. http://housecall.antivirus.com/housecall/start_corp.asp

Rudolf Herczog
Digital Artist
www.rochr.com


pakled ( ) posted Sat, 13 December 2003 at 3:00 PM

another thing to check is the Microsoft Knowledge base on their site, they provide information and procedures for anything you have problems with. Noone suggests amateurs edit the Registry (unless you're like me, looking for 'gator', 'aol IM', etc..;). My BS meter is pegged in the red over this, I'm pretty sure that this will impact your internet access, this is an 'Amish Virus' (see previous posts) for sure. Also, consider doing a Google search on 'virus hoaxes'..worth a read, for amusement as much as anything else.

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


Incarnadine ( ) posted Sat, 13 December 2003 at 3:08 PM

@drawbridgep, soon you will be able to blame Microsoft for your car failing. They are trying to convince the manufacturers to use a special version of Windows CE in the onboard computer systems. Scarey ain't it!

Pass no temptation lightly by, for one never knows when it may pass again!


Rochr ( ) posted Sat, 13 December 2003 at 3:38 PM

Would be even more scary, if they would try to convince them to use Windows Millenium. Talk about buggy system... :)

Rudolf Herczog
Digital Artist
www.rochr.com


Incarnadine ( ) posted Sat, 13 December 2003 at 3:51 PM

Windows CE/ME/NT - They'll bring any system to it's knees!

Pass no temptation lightly by, for one never knows when it may pass again!


catlin_mc ( ) posted Sat, 13 December 2003 at 4:18 PM

AdAware has a new update incase anyone is interested. and striving I'm right behind the NEVER, NEVER, NEVER, calls. it is a big nono unless you know exactly what you are doing. I discovered a new guest user on my brothers puter last night. He had known nothing about it and didn't even know it was a possibility for anyone to hack in and open a user account. Thankfully his admin account is protected by password so they didn't get into the core system. It's just one more thing to check on and you all should just in case. MurkySoft have released a patch for this which came out last week. 8) Catlin


antevark ( ) posted Sat, 13 December 2003 at 5:02 PM

download all patches for your computer from the Windows Update Site which can be found here: http://windowsupdate.microsoft.com Was that a link, or was it written out like that? clicky


drawbridgep ( ) posted Sat, 13 December 2003 at 7:09 PM

Windows ME is a pile of fettid dingo kidneys. XP on the other hand has only required me to reformat twice and reinstall over an installation 3 times in a year. Pretty good by Micropants standards. I mean microsoft. Interesting link antevark. I'll read it in detail once the room stops spinning (i've just come home from my firms christmas party)

---------
Phillip Drawbridge
Website 
Facebook


pakled ( ) posted Sat, 13 December 2003 at 7:25 PM

I don't know about all patches, some of these can add up to 100 megabytes (some of the virus ones). It's your PC, but I wouldn't load a patch unless I needed it. There's too many 'upgrades' built into some of them (remind me to bring up 'ad Rotator' from Microsoft sometime..;)

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


d_hood ( ) posted Sat, 13 December 2003 at 8:32 PM

And for those who care. Windows decided to quit servicing windows 98. So get those patches/useless crap before they disappear.


catlin_mc ( ) posted Sun, 14 December 2003 at 5:06 AM

Yes that's a shame, and once you've downloaded the last remaining patches for Win 98, just start praying or upgrade to a newer model. The Murky ones will have your money, just you wait and see. Roll on Linux. 8) Catlin


Incarnadine ( ) posted Sun, 14 December 2003 at 9:54 AM

If I could run bryce/c4d/poser under linux i would be there in a moment.

Pass no temptation lightly by, for one never knows when it may pass again!


ocddoug ( ) posted Sun, 14 December 2003 at 2:04 PM

I'm still running 98, I guess I will go down with the ship.


Incarnadine ( ) posted Sun, 14 December 2003 at 2:13 PM

I still haven't jumped either, Doug.

Pass no temptation lightly by, for one never knows when it may pass again!


catlin_mc ( ) posted Sun, 14 December 2003 at 5:22 PM

I only changed over to Win XP 'cos it was bought for me, but I now prefer XP 'cos it's much more stable than 98 and although it comes configured with a lot of nonsense you can configure it to suit your own needs. 8) I never thought I'd ever be advertising MurkySoft products, forgive me. lol 8) Catlin


gammaRascal ( ) posted Tue, 16 December 2003 at 12:12 AM

Attached Link: http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

dunno if anyone mentioned this link... needed some updating the last time i was there but cleared my mind for a bit...




gammaRascal ( ) posted Tue, 16 December 2003 at 12:14 AM

i mean, if you have some idea of what should and shouldnt be running in the bg... could help clear up some questionable prosesses




Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.