Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon
Community Center F.A.Q (Last Updated: 2024 Nov 02 8:11 am)
Damn, no one should be putting that stuff up here. But how many of us know enough about how to examine all these files. I surely don't. I did a search for Joshie and found 4 "hits." Three of them are blank, with no thumbnails. The current file remains. Has anyone alerted Admin? If this is indeed dangerous, it should be exterminated. I took a chance and looked at this file with Quickview Plus. Frankly what I saw scares the pants off me. I don't understand any of this, but I don't think it should be a part of a Poser character: "kernel32.dll Ordinal Function Name 0000 DeleteCriticalSection 0000 LeaveCriticalSection 0000 EnterCriticalSection 0000 InitializeCriticalSection 0000 VirtualFree 0000 VirtualAlloc"
I've stripped the file down and had a good look at the code. The damn thing sets up a listen server and potentially has the capability of relaying system data to the remote user. It even has a routine that logs and transmits any keypresses that you make, this also gives the remote user any passwords that you enter! My advice, don't dl it and if you have done DON'T try to install it. DELETE this file on sight. I've just alerted ClintH via IM as none of the forum mods is online at the moment. I'll keep you all posted if I hear any more.
Hey there :) Head over to zonelabs.com and grab the free Zone Alarm. If you accidentaly run a progrma like this Zone Alarm (and some other liek systems) will put up a warning and let you know that soemthign is trying to be a "server" OR if something tries an outgoing connection. This gives you a good chance to tell that soemthing is wrong :)
definately a good idea to check over any files you download, and have a firewall running as well as antivirus. I have uploaded a couple of .exe items, made with winrar 3.0 as most people don't ( or didn't ) have that new a version. included in description, seen before downloaded was that it was a self extracting rar archive. if you do put an exe up, at least letting people know in information about file lets them choose weather or not to download it.
Thanks to Stormrage for giving us the heads up at the 3DCommune. We'll be watching for it over there too. 100 downloads? shakes head This is terrible. Thanks again for the heads up Marianne(And Stormrage) Tom 3DCommune Site Administrator
“The fact that no one understands you…Doesn’t make you an artist.”
Hi folks. IF someone installed this and nothin on their system caught it. How would one know if one had it???
I mean if John Poser gets thing installed on his system, what does he have to do to be rid of it?? Is there anything he can search for??
LOL And yes Im writing cause I personally cant rememebr if Ive downloaded anything from this Joshie person/site/freak of nature.
Somebody is missing the boat. Here is a great idea for a summer horror movie... one that just about every viewer ought to empathize with. Remember how people stayed away from beaches after Jaws came out? ...even though sharks seldom swim in Lake Michigan? Instead of alligators being released into sewers to breed, or dragons released to toast a world, the hand of our destruction will be formless... but not voiceless. I can see it now: .EXE in huge letters on the screen, and Alan Rickman's voice saying, "you may think that it stands for executable, but have you never wondered what was the nature of The Executioner?
Hi CDI, it's not a case of anything "catching" it. This isn't a virus, the simple act of running the damn thing is enough to do the damage. One way of checking would be to search for a file (probably kernel32.exe) that would be on drive C: in the Windows directory. A quick way of disabling this would be to rename it (eg Kernel32.old) so that the calling routine would't be able to find this particular component. Another way of checking the system would be to call up the task manager (ctrl-alt-del) and check the running processes to see if anything unexpected is running (eg anything with server in the title, or anything else that you believe shouldn't be running). You could also type msconfig from the START/RUN menu and check what items are scheduled to run on start-up. If any items there appear to be suspicious simply uncheck the box to stop them from staring up on the next reboot. This last method is not foolproof since some apps can reinitialise themselves to reconfigure the start-up files. If any of this is too techie then the next step is to get a suitably qualified person to help, as it is all too easy to inflict a large amount of damage on one's PC when delving into these areas. Hope that this has been of some help.
and what does the Executioner execute? or rather, Who? ~eg~ I can see it now, a shadow striking from out of nowhere, executing people's lives, killing off all data about them...leaving them with nothing...then as they get more and more desparate..removing them physically. the executioner is an unnatural force, that came out of the internet.
This little tid-bit raises a number of questions. Just wondering how the bad-guy finds the infected computers? 1) For a file like that to reach out and touch him, initiating contact from the infected side, does it not have to contain the contact info (IP# or somesuch) for the evil doer? (and if so, I presume some talented sleuth here will find it). 2)When Zone Alarm issues an alert that an app is trying to act as a server or even access the net, doesn't it also give the addy that the app is trying to reach? (I use ZA also, but just don't recall) 3) Or, would he have to go around randomly pinging computers until he gets a response from an infected host? Even if he logged IP numbers from the downloads, I would presume few of us have a static number. And, if this was done maliciously, is such an act legal (in the US)? I guess I just don't get it. Obviously no criminal mastermind at work here. Sounds like a very inefficient way to hack & too easy to get caught red-handed.
Nance, you are right, the person resposnable isn't very good at it. I can think of six ways off the top of my head to hide such a file and get it past a firewall. good thing I have no use for doing it huh? don't like windows, but I would rather shut m$ down than go after someone's pc, give people a better choice for an os than winblows and get the business away from M$ to shut them down, seems the best way to get rid of lousy gui to me.
I don't know about the rest of you, but I trust Renderosity. I trust the people who upload freebies. I would have no reason to be paranoid about something downloaded from Free Stuff. There have even been some excellent freebies in the form of "exe" files. The Smiley character is an example. I didn't download the file in question because, frankly, the item description left much to be desired. I just figured the artist was new and didn't know a better way to offer the freebie. I do thank MarianneR for alerting us, and Bushi for acting so quickly.
"I can think of six ways off the top of my head to hide such a file and get it past a firewall." I would be pretty interested in those :) Of course getting a user to download it past an incomming firewall is trivial ... but get an outgoing connection past Zone Alarm or some of the others? That would be interesting. Of course, fooling the USER is easy enough... but getting it past the firewall on a properly set up windows box? That would be very interesting :) As for the connection issues... no, often a program like that is set to announce succesful infection at a neutral machine, usually an IRC channel someplace. The person who sent it out watches that channel and "harvests" the IP addresses of infected machines.
And, if this was done maliciously, is such an act legal (in the US)?< Nance, such an act is very much illegal, in fact it's a federal offence to "Knowingly or willingly send files known to contain malicious, damaging or destructive code." The fine is around $10k and up and loss of computer and a possible prison term. > give people a better choice for an os than winblows< Jaqui, that narrows the field down to Mac OSX and some varient of Linux, both of them are more stable and, at least on the mac side, (no exp with Linux so don't know its security) are much more secure than anything from micro$haft. The words 'Microsoft' and 'Security' cannot be mentioned without 'problems', 'hole', or 'warning' being mentioned somewhere nearby. --- MS Windows: the only commercially succesful virus
Why shouldn't speech be free? Very little of it is worth anything.
MS Windows: the only commercially succesful virus< Unix was chock full of security holes for decades. It's just had more time to close them up. The problem with Windows isn't Windows the OS. It's Outlook Express and MS deciding that email should be in html format, displayed by IE, and running every type of scripting on the planet. That has become the main target. Viruses and trojans attached to files is as old as computers and no OS is immune.
"I trust Renderosity. I trust the people who upload freebies." Agree with that, for the most part. But, if 'rosity has 15,000 active members, and only a tenth of a percent are "less than honorable," that's still 15 people. I'd never download an executable file unless I knew: 1) the person was trustworthy (let's say they've posted other freebies, they're active in the forums, etc.) and 2) they take reasonable care to prevent viruses themselves (most malicious files are spread through carelessness.)
This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.
I downloaded Joshie on the Poser freebie page and it turns out to be an exe-file. I got suspicious and looked at it with a hex editor and found the name y3knetwork.com. At this web page they have a program called Y3K Remote Administration Tool Pro and Joshie.exe seems to be exactly that. When run it puts a program called server.exe in the Windows/System directory. I didn't allow it to access the internet (ZoneAlarm warned me) so I don't know what it does then. Quote from the y3knetwork web page: "What is Y3K Rat Pro? Y3K Remote Administration Tool Pro is a freeware product of Y3K Network, which give you the ability to control a remote or local computer system. For example, if you are at work, you can control your house' s computer system, so it is like you are at home, in front of the computer' s screen" Marianne