Wed, Nov 13, 9:04 PM CST

Renderosity Forums / Poser - OFFICIAL



Welcome to the Poser - OFFICIAL Forum

Forum Coordinators: RedPhantom

Poser - OFFICIAL F.A.Q (Last Updated: 2024 Nov 13 11:02 am)



Subject: I encountered a drive-by downloader in a free stuff page.


Sarte ( ) posted Tue, 12 October 2004 at 4:06 PM · edited Wed, 13 November 2024 at 9:01 PM

Now, before anyone panics, I need you to read this carefully. There is one dead link in there which leads to a page which downloads a drive-by installer which installed several malicious files on my PC. Needless to say, I'm incensed that this link hasn't been removed. I'll try to locate the exact link that did this to my computer in just a bit...

Message edited on: 10/12/2004 16:09

Do the impossible, see the invisible

ROW ROW FIGHT THE POWER

Touch the untouchable, break the unbreakable

ROW ROW FIGHT THE POWER



rowan_crisp ( ) posted Tue, 12 October 2004 at 4:12 PM

Oh, lovely. Thanks for the heads up. RC


Sarte ( ) posted Tue, 12 October 2004 at 4:14 PM

The Download button led to a page with a pure white background, with a single advertisement in the left hand corner of the screen. My computer gave me a message that it had finished installing something I hadn't downloaded, and I couldn't start I.E. again. This is very disconcerting, and I'm going to be a lot more wary around here. The link was somewhere towards the back of "props" and had an image which refused to load(red x).

Do the impossible, see the invisible

ROW ROW FIGHT THE POWER

Touch the untouchable, break the unbreakable

ROW ROW FIGHT THE POWER



KarenJ ( ) posted Tue, 12 October 2004 at 4:22 PM

Hi Sarte, I'm very sorry this has happened to you. This is probably where a member no longer owns their original domain name, and someone else - someone unscrupulous - has bought that domain and redirected it to their page, complete with nasty spyware/malware/what have you. If you can locate the file please IM me the name of it immediately and I will ensure the link is removed. Can you remember any more details about it - had you been searching for a particular prop?


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


pakled ( ) posted Tue, 12 October 2004 at 6:09 PM

yup..seen that in my travels..go get Ad Aware SE, Spybot, Hijack This! (love that name), all free, and depending on your comfort level, very handy. If I was to go with one, I'd try Ad Aware (lavasoft, do a search on the 2 together; I think there's actually 2 lavasofts..;) it's cleaned up some really nasty things on my PC as well..

I wish I'd said that.. The Staircase Wit

anahl nathrak uth vas betude doth yel dyenvey..;)


Svigor ( ) posted Tue, 12 October 2004 at 6:58 PM

Yeah, try Spybot, and advanced mode check the boxes that lock out arseholes from changing your settings. Getting a new browser that isn't as full of holes as Swiss cheese might help too (Mozilla/Firefox for example).


Shadowdancer ( ) posted Tue, 12 October 2004 at 8:08 PM

Do what I do, run AdAware, Spybot & Spyware Blaster - all freebies.


igohigh ( ) posted Tue, 12 October 2004 at 8:08 PM · edited Tue, 12 October 2004 at 8:10 PM

I think I saw the same one, last night or early this morning. It loaded a pure white page with no tool bars. I use all the stuff pakled states above and noticed the odd page Before it fully opened and shot it down and moved on....sorry, I didn't take note of the post either.

Many times (not always) you can get an early 'warning' that somthing may be up if you hear a Double browser click. I don't think all systems will sound it and those who know how sometimes turn the 'clicker' off, I like to hear those clicks for if it clicks but I didn't then my trigger finger jumps into action...just in case ;p ALSO take note: Microsoft just realsed about 22 updates today (Tuesday 12th) and many are "critical updates" plugging several security holes.

Message edited on: 10/12/2004 20:10


Bobbie_Boucher ( ) posted Tue, 12 October 2004 at 8:22 PM

It might be nice to tell us which item brought up the problem, so we could avoid it?!


Sarte ( ) posted Tue, 12 October 2004 at 9:28 PM

It's too late now, as I've no desire to have my system clogged with spyware again. I also don't want to risk playing russian roulette with a family computer. The best thing to do to avoid these files is to update and set your activex controls to "high." Either that or change your browser.

Do the impossible, see the invisible

ROW ROW FIGHT THE POWER

Touch the untouchable, break the unbreakable

ROW ROW FIGHT THE POWER



Lyrra ( ) posted Tue, 12 October 2004 at 9:37 PM

I suggest firefox, adaware, mcaffees and zonealarm. Between the four you get very good system security. Surfing the web with internet explorer is risky at best... its got security holes you drive a fleet of trucks through.



Sarte ( ) posted Tue, 12 October 2004 at 9:45 PM

No kidding...which is why I write this current message on Firefox.

Do the impossible, see the invisible

ROW ROW FIGHT THE POWER

Touch the untouchable, break the unbreakable

ROW ROW FIGHT THE POWER



Svigor ( ) posted Tue, 12 October 2004 at 10:20 PM

The thing is, Mozilla & co. probably have quite a few holes as well...but since only 1% or so of all surfers use them, nobody cares to find them all out. Automatic pop-up blocking, tabbed browsing, extensions, themes... the only thing "wrong" with Mozilla browsers (other than a very slight learning curve for backups etc.) is that they're actually standards-compliant so every so often pages written with Microsoft's non-standards-compliant code in mind don't display properly. I just wish Web authors would catch a clue and stop writing in "Microsoft HTML." You'd think more people would refuse to put up with MS's crap just on general principles.


MungoPark ( ) posted Wed, 13 October 2004 at 1:35 AM

Last sunday, I encountered something strange in freestuff, which now makes sense to me. Unfortunately I cant recall the link but it was in the Poser props section - after clicking on a download link, my computer tried to open a non-standard port and make a connection - I denied this - is it possible that the freestuff is full of them ?


KarenJ ( ) posted Wed, 13 October 2004 at 7:05 AM

"is it possible that the freestuff is full of them ?" I wouldn't have thought so, otherwise I think we would be seeing a lot more posts, IMs and emails from people who had also experienced this. It sounds to me like it's either one file which both of you happened to choose, or possibly a group of files all from the same user, with a now-defunct domain. Until we receive a report of a specific item or group of items, there's not going to be much we can do here. That said, I will randomly check some download links in the Poser Props section later today, but with the huge amount of files in there, I don't have much hope of getting a result with this method, I'm afraid.


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


artnik ( ) posted Wed, 13 October 2004 at 2:33 PM

I think I have a malware or undetectable spyware problem too. This was also from an unknown site on the web. I've tried all my usual remedies, but it still is eluding me.I have a Virus protector, two spyware programs and Zone alarm all active. Nothing shows up. Any ideas on how to track it down? I've used all available tools I have!


KarenJ ( ) posted Wed, 13 October 2004 at 4:17 PM

Attached Link: http://computercops.biz/forums.html

The "HijackThis" forum at the attached link is very helpful for getting rid of malware. They helped me out recently when I got infected, one probably the first ocassion this year that I opened IE *rolls eyes*


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


alexic ( ) posted Fri, 12 August 2005 at 12:36 AM

Just got a serious malware attack on a (free) posable props site, too bad the navigation here won't let me identify the site. (an option to go to the last visited page would help) I just restored my registry (twice) and I think it's gone. Meanwhile I lost my site history and am looking for them again . But when I run into this site again, who should I report it to? I don't want these people on here, they're evil.


AntoniaTiger ( ) posted Fri, 12 August 2005 at 1:20 AM

There is a steady trickle of disappearing Poser sites, often leading to links which provide adverts for domain-name selling/hosting sites. The way things work, it likely isn't worth clicking on a freestuff link here which doesn't show a graphic thumbnail. At best, the site's hit a download limit.


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.