Sun, Nov 3, 4:49 PM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 02 8:11 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Warning! The freebie Joshie wants to act as a server


  • 1
  • 2
MarianneR ( ) posted Sun, 04 August 2002 at 5:17 PM · edited Sat, 02 November 2024 at 5:14 AM

I downloaded Joshie on the Poser freebie page and it turns out to be an exe-file. I got suspicious and looked at it with a hex editor and found the name y3knetwork.com. At this web page they have a program called Y3K Remote Administration Tool Pro and Joshie.exe seems to be exactly that. When run it puts a program called server.exe in the Windows/System directory. I didn't allow it to access the internet (ZoneAlarm warned me) so I don't know what it does then. Quote from the y3knetwork web page: "What is Y3K Rat Pro? Y3K Remote Administration Tool Pro is a freeware product of Y3K Network, which give you the ability to control a remote or local computer system. For example, if you are at work, you can control your house' s computer system, so it is like you are at home, in front of the computer' s screen" Marianne


Poppi ( ) posted Sun, 04 August 2002 at 5:45 PM

Wow...that sounds pretty horrible.


Sacred Rose ( ) posted Sun, 04 August 2002 at 5:51 PM

It's called a New Character for Vickie by Joshie..in case anyone starts looking for a character by that name. Thanks for the heads up Marianne


sMartyPantz ( ) posted Sun, 04 August 2002 at 6:18 PM

It's always a good idea to look at what is in the files before you install anything.... being a bit paranoid is a good thing.


kromekat ( ) posted Sun, 04 August 2002 at 7:08 PM

bloody hell - what a nightmare!

Adam Benton | www.kromekat.com


Aureeanna ( ) posted Sun, 04 August 2002 at 7:21 PM

I'm assuming you have emailed Renderosity about this and not just depending on them reading this thread...this is awful and thanks for the heads up!!


scifiguy ( ) posted Sun, 04 August 2002 at 7:24 PM

:( The ends that the sleeze bags will go to to try and install their scumware so they can get access to your computer, spy on you, infect you, etc. never ceases to amaze me. Thanks for the heads up...hopefully admins will have this trojan horse deleted quickly.


crisjon1950 ( ) posted Sun, 04 August 2002 at 7:27 PM

Damn, no one should be putting that stuff up here. But how many of us know enough about how to examine all these files. I surely don't. I did a search for Joshie and found 4 "hits." Three of them are blank, with no thumbnails. The current file remains. Has anyone alerted Admin? If this is indeed dangerous, it should be exterminated. I took a chance and looked at this file with Quickview Plus. Frankly what I saw scares the pants off me. I don't understand any of this, but I don't think it should be a part of a Poser character: "kernel32.dll Ordinal Function Name 0000 DeleteCriticalSection 0000 LeaveCriticalSection 0000 EnterCriticalSection 0000 InitializeCriticalSection 0000 VirtualFree 0000 VirtualAlloc"


badmoon ( ) posted Sun, 04 August 2002 at 7:59 PM

I've stripped the file down and had a good look at the code. The damn thing sets up a listen server and potentially has the capability of relaying system data to the remote user. It even has a routine that logs and transmits any keypresses that you make, this also gives the remote user any passwords that you enter! My advice, don't dl it and if you have done DON'T try to install it. DELETE this file on sight. I've just alerted ClintH via IM as none of the forum mods is online at the moment. I'll keep you all posted if I hear any more.


crisjon1950 ( ) posted Sun, 04 August 2002 at 8:02 PM

I IMed Clint as well since I figured an "Admin-type" should be the one to deal with this. I haven't received a response yet, and am about to go offsite. I have faith in Clint though. He'll either deal with it or find someone who can.


Stormrage ( ) posted Sun, 04 August 2002 at 8:05 PM

I let Bushi know about this thread as well. Hopefully someone will get on and delete the file before someone installs it who hasn't read this thread. installs the damned thing


badmoon ( ) posted Sun, 04 August 2002 at 8:11 PM

Just checked through the "who's logged in" section and can't find a single 'Rosity staff member! Let's just hope one of them logs on soon.


terminusnord ( ) posted Sun, 04 August 2002 at 8:12 PM

Interesting. It's probably an ill-minded individual trying to score3D warez by invading r'osity members' personal computers. -Adam


badmoon ( ) posted Sun, 04 August 2002 at 8:15 PM

Could be the case, but consider the implication of keypress logging. Not only does the scumbag get to know details like logon passwords & what sites you're a member of, but they also get to see your creditcard details if you make any online purchases. Scary heh?


soulhuntre ( ) posted Sun, 04 August 2002 at 8:26 PM

Hey there :) Head over to zonelabs.com and grab the free Zone Alarm. If you accidentaly run a progrma like this Zone Alarm (and some other liek systems) will put up a warning and let you know that soemthign is trying to be a "server" OR if something tries an outgoing connection. This gives you a good chance to tell that soemthing is wrong :)


bushi ( ) posted Sun, 04 August 2002 at 8:33 PM

OK, I've saved a copy of the DL and took a screen shot. The entry has been deleted. I'll get admin in on this and I hope get it sorted out without anyone getting do badly damaged.


badmoon ( ) posted Sun, 04 August 2002 at 8:34 PM

According to the logs Bushi has just entered the building.......let's hope they read their IMs.


Jaqui ( ) posted Sun, 04 August 2002 at 8:35 PM

definately a good idea to check over any files you download, and have a firewall running as well as antivirus. I have uploaded a couple of .exe items, made with winrar 3.0 as most people don't ( or didn't ) have that new a version. included in description, seen before downloaded was that it was a self extracting rar archive. if you do put an exe up, at least letting people know in information about file lets them choose weather or not to download it.


badmoon ( ) posted Sun, 04 August 2002 at 8:36 PM

Thanks Bushi :)


Crescent ( ) posted Sun, 04 August 2002 at 8:37 PM

It looks like the file got zapped, so that's one less thing to worry about. Thanks for the heads up!


wyrwulf ( ) posted Sun, 04 August 2002 at 8:41 PM

ZoneAlarm is great, but their latest version eats 9% of Windows resources on my machine with an Athlon 750 with 512 Meg of ram.


Stormrage ( ) posted Sun, 04 August 2002 at 8:51 PM

Thanks BUSHI S


Jaqui ( ) posted Sun, 04 August 2002 at 8:52 PM

just one question, did the person knowingly put the spyware into archive or did it do it itself? was there also the item mentioned in the thumbnail in the file?


TalmidBen ( ) posted Sun, 04 August 2002 at 8:57 PM

Marianne, you're a hero. How many computers did you just save? A ton probably.


Roy G ( ) posted Sun, 04 August 2002 at 9:00 PM

One good defence is to NEVER run an exe file from someone you don't know/trust. If you do, it's like handing over your computer and everything on it.

There were over a hundred downloads last I checked. I hope everyone is OK.


Hawkfyr ( ) posted Sun, 04 August 2002 at 9:12 PM

Thanks to Stormrage for giving us the heads up at the 3DCommune. We'll be watching for it over there too. 100 downloads? shakes head This is terrible. Thanks again for the heads up Marianne(And Stormrage) Tom 3DCommune Site Administrator

“The fact that no one understands you…Doesn’t make you an artist.”


CDI ( ) posted Sun, 04 August 2002 at 9:15 PM

Hi folks. IF someone installed this and nothin on their system caught it. How would one know if one had it???

I mean if John Poser gets thing installed on his system, what does he have to do to be rid of it?? Is there anything he can search for??

LOL And yes Im writing cause I personally cant rememebr if Ive downloaded anything from this Joshie person/site/freak of nature.


hauksdottir ( ) posted Sun, 04 August 2002 at 9:15 PM

Somebody is missing the boat. Here is a great idea for a summer horror movie... one that just about every viewer ought to empathize with. Remember how people stayed away from beaches after Jaws came out? ...even though sharks seldom swim in Lake Michigan? Instead of alligators being released into sewers to breed, or dragons released to toast a world, the hand of our destruction will be formless... but not voiceless. I can see it now: .EXE in huge letters on the screen, and Alan Rickman's voice saying, "you may think that it stands for executable, but have you never wondered what was the nature of The Executioner?


neurocyber ( ) posted Sun, 04 August 2002 at 9:37 PM

Thank for the warning! This is as serious as a heart attack. This very thing already did happen once to my computer not long ago. They even got controle of my internet account through my computer and used it maliciously. I wish hackers would stop this kind of crap.


badmoon ( ) posted Sun, 04 August 2002 at 9:39 PM

Hi CDI, it's not a case of anything "catching" it. This isn't a virus, the simple act of running the damn thing is enough to do the damage. One way of checking would be to search for a file (probably kernel32.exe) that would be on drive C: in the Windows directory. A quick way of disabling this would be to rename it (eg Kernel32.old) so that the calling routine would't be able to find this particular component. Another way of checking the system would be to call up the task manager (ctrl-alt-del) and check the running processes to see if anything unexpected is running (eg anything with server in the title, or anything else that you believe shouldn't be running). You could also type msconfig from the START/RUN menu and check what items are scheduled to run on start-up. If any items there appear to be suspicious simply uncheck the box to stop them from staring up on the next reboot. This last method is not foolproof since some apps can reinitialise themselves to reconfigure the start-up files. If any of this is too techie then the next step is to get a suitably qualified person to help, as it is all too easy to inflict a large amount of damage on one's PC when delving into these areas. Hope that this has been of some help.


Jaqui ( ) posted Sun, 04 August 2002 at 9:47 PM

and what does the Executioner execute? or rather, Who? ~eg~ I can see it now, a shadow striking from out of nowhere, executing people's lives, killing off all data about them...leaving them with nothing...then as they get more and more desparate..removing them physically. the executioner is an unnatural force, that came out of the internet.


Jaqui ( ) posted Sun, 04 August 2002 at 9:49 PM

but renaming kernel32.exe will stop windows from running. that is the core of the windows gui


Nance ( ) posted Sun, 04 August 2002 at 9:51 PM

This little tid-bit raises a number of questions. Just wondering how the bad-guy finds the infected computers? 1) For a file like that to reach out and touch him, initiating contact from the infected side, does it not have to contain the contact info (IP# or somesuch) for the evil doer? (and if so, I presume some talented sleuth here will find it). 2)When Zone Alarm issues an alert that an app is trying to act as a server or even access the net, doesn't it also give the addy that the app is trying to reach? (I use ZA also, but just don't recall) 3) Or, would he have to go around randomly pinging computers until he gets a response from an infected host? Even if he logged IP numbers from the downloads, I would presume few of us have a static number. And, if this was done maliciously, is such an act legal (in the US)? I guess I just don't get it. Obviously no criminal mastermind at work here. Sounds like a very inefficient way to hack & too easy to get caught red-handed.


Jaqui ( ) posted Sun, 04 August 2002 at 9:56 PM

Nance, you are right, the person resposnable isn't very good at it. I can think of six ways off the top of my head to hide such a file and get it past a firewall. good thing I have no use for doing it huh? don't like windows, but I would rather shut m$ down than go after someone's pc, give people a better choice for an os than winblows and get the business away from M$ to shut them down, seems the best way to get rid of lousy gui to me.


Roy G ( ) posted Sun, 04 August 2002 at 10:01 PM

I wonder if Joshie had the file posted on his own web space? Someone should contact the ISP and report this.


crisjon1950 ( ) posted Sun, 04 August 2002 at 10:01 PM

I don't know about the rest of you, but I trust Renderosity. I trust the people who upload freebies. I would have no reason to be paranoid about something downloaded from Free Stuff. There have even been some excellent freebies in the form of "exe" files. The Smiley character is an example. I didn't download the file in question because, frankly, the item description left much to be desired. I just figured the artist was new and didn't know a better way to offer the freebie. I do thank MarianneR for alerting us, and Bushi for acting so quickly.


soulhuntre ( ) posted Sun, 04 August 2002 at 11:29 PM

"I can think of six ways off the top of my head to hide such a file and get it past a firewall." I would be pretty interested in those :) Of course getting a user to download it past an incomming firewall is trivial ... but get an outgoing connection past Zone Alarm or some of the others? That would be interesting. Of course, fooling the USER is easy enough... but getting it past the firewall on a properly set up windows box? That would be very interesting :) As for the connection issues... no, often a program like that is set to announce succesful infection at a neutral machine, usually an IRC channel someplace. The person who sent it out watches that channel and "harvests" the IP addresses of infected machines.


Charlie_Tuna ( ) posted Mon, 05 August 2002 at 12:01 AM

And, if this was done maliciously, is such an act legal (in the US)?< Nance, such an act is very much illegal, in fact it's a federal offence to "Knowingly or willingly send files known to contain malicious, damaging or destructive code." The fine is around $10k and up and loss of computer and a possible prison term. > give people a better choice for an os than winblows< Jaqui, that narrows the field down to Mac OSX and some varient of Linux, both of them are more stable and, at least on the mac side, (no exp with Linux so don't know its security) are much more secure than anything from micro$haft. The words 'Microsoft' and 'Security' cannot be mentioned without 'problems', 'hole', or 'warning' being mentioned somewhere nearby. --- MS Windows: the only commercially succesful virus

Why shouldn't speech be free? Very little of it is worth anything.


Spit ( ) posted Mon, 05 August 2002 at 1:50 AM

MS Windows: the only commercially succesful virus< Unix was chock full of security holes for decades. It's just had more time to close them up. The problem with Windows isn't Windows the OS. It's Outlook Express and MS deciding that email should be in html format, displayed by IE, and running every type of scripting on the planet. That has become the main target. Viruses and trojans attached to files is as old as computers and no OS is immune.


Phantast ( ) posted Mon, 05 August 2002 at 1:54 AM

Much better to use only .zip files. So much safer.


Jaqui ( ) posted Mon, 05 August 2002 at 3:47 AM

soulhuntre, sorry, but I'm not involved at all in hacking into other people's computers, nor will I ever teach someone how to do so.


KateTheShrew ( ) posted Mon, 05 August 2002 at 3:50 AM

jaqui, the file you're thinking of is kernel32.dll not .exe I don't have a kernel32.exe file anywhere on my computer. You're right about the kernel32.dll being necessary tho. Kate


Phantast ( ) posted Mon, 05 August 2002 at 4:40 AM

The writing is on the wall, and one day we will all have to read it, whether we like what it says or not - and what it says is: L I N U X


Jaqui ( ) posted Mon, 05 August 2002 at 6:16 AM

Katetheshrew, yup fingered that out already. ~g~ Phantast, I read it a long time ago, run linux already. ~L~


c1rcle ( ) posted Mon, 05 August 2002 at 6:36 AM

Jaqui apart from being immune to most virii at the moment, what's so great about Linux? I'm thinking about sometime in the future swapping from Winblows but I need to know it's going to be worth it :) Rob


Marque ( ) posted Mon, 05 August 2002 at 8:02 AM

If Linux wasn't free would you still say it's better than windows? Just wondering. Marque


Marque ( ) posted Mon, 05 August 2002 at 8:03 AM

Marianne what is the name of the file itself? Doubt if I downloaded it but you just never know. Marque


jchimim ( ) posted Mon, 05 August 2002 at 8:14 AM

"I trust Renderosity. I trust the people who upload freebies." Agree with that, for the most part. But, if 'rosity has 15,000 active members, and only a tenth of a percent are "less than honorable," that's still 15 people. I'd never download an executable file unless I knew: 1) the person was trustworthy (let's say they've posted other freebies, they're active in the forums, etc.) and 2) they take reasonable care to prevent viruses themselves (most malicious files are spread through carelessness.)


crisjon1950 ( ) posted Mon, 05 August 2002 at 8:37 AM

Well I do keep Norton Antivirus AutoProtect active at all times. NAV even scans incoming and outgoing emails.


lannie ( ) posted Mon, 05 August 2002 at 8:49 AM

Please. What was the name of the file. I would like to check to see if I downloaded it??? Thanks....


c1rcle ( ) posted Mon, 05 August 2002 at 8:51 AM

it was just called "a new character for Vickie" by joshie, luckily for me I didn't download it, I had a funny feeling about it. Rob


  • 1
  • 2

Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.