I downloaded Joshie on the Poser freebie page and it turns out to be an exe-file. I got suspicious and looked at it with a hex editor and found the name y3knetwork.com. At this web page they have a program called Y3K Remote Administration Tool Pro and Joshie.exe seems to be exactly that. When run it puts a program called server.exe in the Windows/System directory. I didn't allow it to access the internet (ZoneAlarm warned me) so I don't know what it does then. Quote from the y3knetwork web page: "What is Y3K Rat Pro? Y3K Remote Administration Tool Pro is a freeware product of Y3K Network, which give you the ability to control a remote or local computer system. For example, if you are at work, you can control your house' s computer system, so it is like you are at home, in front of the computer' s screen" Marianne

Wow...that sounds pretty horrible.

It's called a New Character for Vickie by Joshie..in case anyone starts looking for a character by that name. Thanks for the heads up Marianne

It's always a good idea to look at what is in the files before you install anything.... being a bit paranoid is a good thing.

bloody hell - what a nightmare!

Adam Benton | www.kromekat.com

I'm assuming you have emailed Renderosity about this and not just depending on them reading this thread...this is awful and thanks for the heads up!!

:( The ends that the sleeze bags will go to to try and install their scumware so they can get access to your computer, spy on you, infect you, etc. never ceases to amaze me. Thanks for the heads up...hopefully admins will have this trojan horse deleted quickly.

Damn, no one should be putting that stuff up here. But how many of us know enough about how to examine all these files. I surely don't. I did a search for Joshie and found 4 "hits." Three of them are blank, with no thumbnails. The current file remains. Has anyone alerted Admin? If this is indeed dangerous, it should be exterminated. I took a chance and looked at this file with Quickview Plus. Frankly what I saw scares the pants off me. I don't understand any of this, but I don't think it should be a part of a Poser character: "kernel32.dll Ordinal Function Name 0000 DeleteCriticalSection 0000 LeaveCriticalSection 0000 EnterCriticalSection 0000 InitializeCriticalSection 0000 VirtualFree 0000 VirtualAlloc"

I've stripped the file down and had a good look at the code. The damn thing sets up a listen server and potentially has the capability of relaying system data to the remote user. It even has a routine that logs and transmits any keypresses that you make, this also gives the remote user any passwords that you enter! My advice, don't dl it and if you have done DON'T try to install it. DELETE this file on sight. I've just alerted ClintH via IM as none of the forum mods is online at the moment. I'll keep you all posted if I hear any more.

I IMed Clint as well since I figured an "Admin-type" should be the one to deal with this. I haven't received a response yet, and am about to go offsite. I have faith in Clint though. He'll either deal with it or find someone who can.

I let Bushi know about this thread as well. Hopefully someone will get on and delete the file before someone installs it who hasn't read this thread. installs the damned thing

Just checked through the "who's logged in" section and can't find a single 'Rosity staff member! Let's just hope one of them logs on soon.

Interesting. It's probably an ill-minded individual trying to score3D warez by invading r'osity members' personal computers. -Adam

Could be the case, but consider the implication of keypress logging. Not only does the scumbag get to know details like logon passwords & what sites you're a member of, but they also get to see your creditcard details if you make any online purchases. Scary heh?

Hey there :) Head over to zonelabs.com and grab the free Zone Alarm. If you accidentaly run a progrma like this Zone Alarm (and some other liek systems) will put up a warning and let you know that soemthign is trying to be a "server" OR if something tries an outgoing connection. This gives you a good chance to tell that soemthing is wrong :)

OK, I've saved a copy of the DL and took a screen shot. The entry has been deleted. I'll get admin in on this and I hope get it sorted out without anyone getting do badly damaged.

According to the logs Bushi has just entered the building.......let's hope they read their IMs.

definately a good idea to check over any files you download, and have a firewall running as well as antivirus. I have uploaded a couple of .exe items, made with winrar 3.0 as most people don't ( or didn't ) have that new a version. included in description, seen before downloaded was that it was a self extracting rar archive. if you do put an exe up, at least letting people know in information about file lets them choose weather or not to download it.

Thanks Bushi :)

It looks like the file got zapped, so that's one less thing to worry about. Thanks for the heads up!

ZoneAlarm is great, but their latest version eats 9% of Windows resources on my machine with an Athlon 750 with 512 Meg of ram.

Thanks BUSHI S

just one question, did the person knowingly put the spyware into archive or did it do it itself? was there also the item mentioned in the thumbnail in the file?

Marianne, you're a hero. How many computers did you just save? A ton probably.

One good defence is to NEVER run an exe file from someone you don't know/trust. If you do, it's like handing over your computer and everything on it.

There were over a hundred downloads last I checked. I hope everyone is OK.

Thanks to Stormrage for giving us the heads up at the 3DCommune. We'll be watching for it over there too. 100 downloads? shakes head This is terrible. Thanks again for the heads up Marianne(And Stormrage) Tom 3DCommune Site Administrator

“The fact that no one understands you…Doesn’t make you an artist.”

Hi folks. IF someone installed this and nothin on their system caught it. How would one know if one had it???

I mean if John Poser gets thing installed on his system, what does he have to do to be rid of it?? Is there anything he can search for??

LOL And yes Im writing cause I personally cant rememebr if Ive downloaded anything from this Joshie person/site/freak of nature.

Somebody is missing the boat. Here is a great idea for a summer horror movie... one that just about every viewer ought to empathize with. Remember how people stayed away from beaches after Jaws came out? ...even though sharks seldom swim in Lake Michigan? Instead of alligators being released into sewers to breed, or dragons released to toast a world, the hand of our destruction will be formless... but not voiceless. I can see it now: .EXE in huge letters on the screen, and Alan Rickman's voice saying, "you may think that it stands for executable, but have you never wondered what was the nature of The Executioner?

Thank for the warning! This is as serious as a heart attack. This very thing already did happen once to my computer not long ago. They even got controle of my internet account through my computer and used it maliciously. I wish hackers would stop this kind of crap.

Hi CDI, it's not a case of anything "catching" it. This isn't a virus, the simple act of running the damn thing is enough to do the damage. One way of checking would be to search for a file (probably kernel32.exe) that would be on drive C: in the Windows directory. A quick way of disabling this would be to rename it (eg Kernel32.old) so that the calling routine would't be able to find this particular component. Another way of checking the system would be to call up the task manager (ctrl-alt-del) and check the running processes to see if anything unexpected is running (eg anything with server in the title, or anything else that you believe shouldn't be running). You could also type msconfig from the START/RUN menu and check what items are scheduled to run on start-up. If any items there appear to be suspicious simply uncheck the box to stop them from staring up on the next reboot. This last method is not foolproof since some apps can reinitialise themselves to reconfigure the start-up files. If any of this is too techie then the next step is to get a suitably qualified person to help, as it is all too easy to inflict a large amount of damage on one's PC when delving into these areas. Hope that this has been of some help.

and what does the Executioner execute? or rather, Who? ~eg~ I can see it now, a shadow striking from out of nowhere, executing people's lives, killing off all data about them...leaving them with nothing...then as they get more and more desparate..removing them physically. the executioner is an unnatural force, that came out of the internet.

but renaming kernel32.exe will stop windows from running. that is the core of the windows gui

This little tid-bit raises a number of questions. Just wondering how the bad-guy finds the infected computers? 1) For a file like that to reach out and touch him, initiating contact from the infected side, does it not have to contain the contact info (IP# or somesuch) for the evil doer? (and if so, I presume some talented sleuth here will find it). 2)When Zone Alarm issues an alert that an app is trying to act as a server or even access the net, doesn't it also give the addy that the app is trying to reach? (I use ZA also, but just don't recall) 3) Or, would he have to go around randomly pinging computers until he gets a response from an infected host? Even if he logged IP numbers from the downloads, I would presume few of us have a static number. And, if this was done maliciously, is such an act legal (in the US)? I guess I just don't get it. Obviously no criminal mastermind at work here. Sounds like a very inefficient way to hack & too easy to get caught red-handed.

Nance, you are right, the person resposnable isn't very good at it. I can think of six ways off the top of my head to hide such a file and get it past a firewall. good thing I have no use for doing it huh? don't like windows, but I would rather shut m$ down than go after someone's pc, give people a better choice for an os than winblows and get the business away from M$ to shut them down, seems the best way to get rid of lousy gui to me.

I wonder if Joshie had the file posted on his own web space? Someone should contact the ISP and report this.

I don't know about the rest of you, but I trust Renderosity. I trust the people who upload freebies. I would have no reason to be paranoid about something downloaded from Free Stuff. There have even been some excellent freebies in the form of "exe" files. The Smiley character is an example. I didn't download the file in question because, frankly, the item description left much to be desired. I just figured the artist was new and didn't know a better way to offer the freebie. I do thank MarianneR for alerting us, and Bushi for acting so quickly.

"I can think of six ways off the top of my head to hide such a file and get it past a firewall." I would be pretty interested in those :) Of course getting a user to download it past an incomming firewall is trivial ... but get an outgoing connection past Zone Alarm or some of the others? That would be interesting. Of course, fooling the USER is easy enough... but getting it past the firewall on a properly set up windows box? That would be very interesting :) As for the connection issues... no, often a program like that is set to announce succesful infection at a neutral machine, usually an IRC channel someplace. The person who sent it out watches that channel and "harvests" the IP addresses of infected machines.

And, if this was done maliciously, is such an act legal (in the US)?< Nance, such an act is very much illegal, in fact it's a federal offence to "Knowingly or willingly send files known to contain malicious, damaging or destructive code." The fine is around $10k and up and loss of computer and a possible prison term. > give people a better choice for an os than winblows< Jaqui, that narrows the field down to Mac OSX and some varient of Linux, both of them are more stable and, at least on the mac side, (no exp with Linux so don't know its security) are much more secure than anything from micro$haft. The words 'Microsoft' and 'Security' cannot be mentioned without 'problems', 'hole', or 'warning' being mentioned somewhere nearby. --- MS Windows: the only commercially succesful virus

Why shouldn't speech be free? Very little of it is worth anything.

MS Windows: the only commercially succesful virus< Unix was chock full of security holes for decades. It's just had more time to close them up. The problem with Windows isn't Windows the OS. It's Outlook Express and MS deciding that email should be in html format, displayed by IE, and running every type of scripting on the planet. That has become the main target. Viruses and trojans attached to files is as old as computers and no OS is immune.

Much better to use only .zip files. So much safer.

soulhuntre, sorry, but I'm not involved at all in hacking into other people's computers, nor will I ever teach someone how to do so.

jaqui, the file you're thinking of is kernel32.dll not .exe I don't have a kernel32.exe file anywhere on my computer. You're right about the kernel32.dll being necessary tho. Kate

The writing is on the wall, and one day we will all have to read it, whether we like what it says or not - and what it says is: L I N U X

Katetheshrew, yup fingered that out already. ~g~ Phantast, I read it a long time ago, run linux already. ~L~

Jaqui apart from being immune to most virii at the moment, what's so great about Linux? I'm thinking about sometime in the future swapping from Winblows but I need to know it's going to be worth it :) Rob

If Linux wasn't free would you still say it's better than windows? Just wondering. Marque

Marianne what is the name of the file itself? Doubt if I downloaded it but you just never know. Marque

"I trust Renderosity. I trust the people who upload freebies." Agree with that, for the most part. But, if 'rosity has 15,000 active members, and only a tenth of a percent are "less than honorable," that's still 15 people. I'd never download an executable file unless I knew: 1) the person was trustworthy (let's say they've posted other freebies, they're active in the forums, etc.) and 2) they take reasonable care to prevent viruses themselves (most malicious files are spread through carelessness.)

Well I do keep Norton Antivirus AutoProtect active at all times. NAV even scans incoming and outgoing emails.

Please. What was the name of the file. I would like to check to see if I downloaded it??? Thanks....

it was just called "a new character for Vickie" by joshie, luckily for me I didn't download it, I had a funny feeling about it. Rob

Spit "Unix was chock full of security holes for decades. It's just had more time to close them up."

Of course. Heck, There are exploits and attacks currently out there that are for Linux and Unix systems. The reality is that these systems are as vulnerable as any other system.

Of course, a well maintained system under most of the popular OS's is pretty secure - it's simply a matter of people maintaining the system.

Spit "The problem with Windows isn't Windows the OS. It's Outlook Express and MS deciding that email should be in html format, displayed by IE, and running every type of scripting on the planet. That has become the main target."

Actually MS didn't "decide" that email should be HTML - it simply enabled it. As an interesting side note the default installation of modern Outlook and Outlook Express system keeps email HTML in the most restrictive security zone as defined in IE This means that by default a clean install doesn't do that stuff of late as far as I know.

Of course, the scripting patches closed it for older systems as well.

Spit "Viruses and trojans attached to files is as old as computers and no OS is immune."

I agree entirely - of course under modern systems it is fairly easy to sandbox new files. Under XP it is pretty easy for instance to simply mark your normal account as NOT being an administrator. It's a little bit of a pain when you want to install a program (right click and "Run-As" admin) but it is worth it.

This sort of thing has been available for a long time under Windows (2000, NT and now XP) but few folks take advantage of it.

Jaqui "sorry, but I'm not involved at all in hacking into other people's computers, nor will I ever teach someone how to do so."

Then I'll gently suggest that the problem is a lot harder than you think it is :) I do a fair amount of security work and I will let you know that there isn't one good currently known way to slip a trojaned executable past a good outgoing firewall without tricking the end user in some manner in a manual operation.

Phantast "The writing is on the wall, and one day we will all have to read it, whether we like what it says or not - and what it says is L I N U X"

It's never going to happen. The chance came and went - the train left and Linux wasn't on it. For a little while, Linux had something to offer the common user - stability and security. With the release of OSX, Windows 2000 and then Windows XP all the technical advantages to Linux went away. There is currently not one compelling technical advance in the Linux system - and the seriously broken 2.4 releases coupled with the corruption of hard drives happening under 2.5 have destroyed the idea that Linux is inherently more stable.

Linux is a nice server system for those people who want it - we run Linux servers ourselves for our clients and ran them for our own use for a long time - I myself have been running Linux since .9 era pre-alpha releases. it's cool, and it's cute... but it is never going to take over the world.

Marque "If Linux wasn't free would you still say it's better than windows? Just wondering."

I think it is fairly clear from terms like "winblows" and "M$" that for many people Linux is not about technology, it is about anti MS bias and ideology.

That's fine - but the simple reality is that any technical advantage is long gone.

crisjon1950: Norton is good stuff. It's saved my fanny a time or three also... Soulhuntre: Agree that a lot of the "pro-linux" folks out there are "anti-M$" as much as anything else, but UNIX in it's variations (including linux, BSD, Solaris, etc.) have been around as multi-threaded network operating systems since the early '70s. Yes, there are some un-stable versions, but a Unix administrator will think nothing of a server that's been humming along for years without a reboot or crash. A Windows administrator will brag about being up for weeks. Windows, on the other hand, has tried to be "user friendly" since it's creation. Unix flavors have only been focusing on that for a couple of years. It's only natural that windows is a more common interface for users, because it's easier to use. Just like it's only natural that Unix (and its varients) are preferable for network servers because of their stability.

I agree I don't like Microsoft but I've used Windows exclusively for the last 10-12 years through 3.1/95/98/ME/NT4 & now XP & I'll continue to use it till I see an OS that can really beat it on the PC. Of all the versions of windows I've used XP for me has been the best, ME was the worst version I tried even 3.1 was more stable. As long as I have a machine that can run Poser5/6/7 I'll be happy with whatever OS can handle the job. Rob

One of my first impressions of windoze came with version 3.1, when you hit -- (reboot for DOS) it would come back with something like "are you sure you wanna do that?" As if you could hit that by accident...

I bought my first pc just so I could play Doom 1000 just to play a game, I haven't changed a bit, now I buy 1200 PC so I can render Naked Vicky in a Temple pictures. Rob

Just a note - I've always loathed Unix in all its guises. For me to put up such a post even considering Linux is a near-miracle. But if it's the only route to security and privacy I may have to go that way.

jchimim - "Yes, there are some un-stable versions, but a Unix administrator will think nothing of a server that's been humming along for years without a reboot or crash. A Windows administrator will brag about being up for weeks."

I agree, sort of :)

Obviously the larger Unix systems (Solaris, AT&T SysV, BSD) have a long history but Linux is considerably younger - and has a much less consistent quality control process in place. Current Linux 2.5 for instance has a IDE subsystem that is consistently destroying filesystems and the SCSI code doesn't even have a maintainer. That does not bode well for it.

As always. much fun can be had reading the Linux kernel development emails :)

My point is not that Linux is bad - but that the long history of Unix development doesn't apply. Linux is a ground up re-write by amateurs who by and large have never seen the source to a large Unix and many have not been involved in a large coding project at all. If I was going to bet the farm on an open source OS it would definitely be one of the BSD's. Probably NetBSD.

As for uptimes, good Windows administrators have always had machines that ran without any problems at all - only rebooting for software upgrades and security patches when desired. Since Windows 2000 and NT 4.5 it has rarely if ever been known for Windows servers to reboot spontaneously unless the hardware is bad.

Leaving a machine, ANY machine that is critical, up for years these days means that you are ignoring serious and important upgrades fixing bugs and security holes.

jchimim "Just like it's only natural that Unix (and its varients) are preferable for network servers because of their stability."

And that is changing... the migration to Unix variants is being seriously altered by the massive success of WindowsXP. It is fast, secure and stable. It is easy to administer and compatible with a huge amount of software as well as being a platform for ASP.NET development - an incredibly cool technology that is winning a lot of converts among the perl/python/Linux or death crowd :)

Microsoft won this round. Linux will always be there - but it won't be the thing that topples MS.

To be fair to MS, how do you defend against a program that has been loaded onto a computer by the user and then executed? This file wasn't e-mailed, exploiting Outlook Express or Explorer. Trusting people have downloaded it, and will potentially run it.

I would imagine running an executable file on any other OS would be equally risky. Firewalls cannot be relied on to catch these things. After the program is up and running, it could disable your firewall, disable Virus detection, then do whatever it wants, because you have given it control.

soulhuntre - "Current Linux 2.5 for instance..."

Red Hat's up to 7.X now...

soulhuntre - "Leaving a machine, ANY machine that is critical, up for years these days means that you are ignoring serious and important upgrades fixing bugs and security holes."

At one position, we had a solaris machine that had been up over two years. It was acting an an RLOGIN/DNS/TFTP server. There's no point in upgrading a machine that's doing it's job.

soulhuntre - "the migration to Unix variants is being seriously altered by the massive success of WindowsXP. It is fast, secure and stable. It is easy to administer..."

Agree, Windows XP (and 2K for that matter) are dramatic improvements over previous versions of windows, but I personally still would not load them on a critical system. Would you feel more comfortable with air traffic controllers relying on a Solaris platform or a Windows XP platform?.

easy to administer is the key to choosing windows over unix. Windows administrators are easier to find and less expensive to pay than Unix administrators.

I understand that the file was called "A New Character for Vicki", but was that really the name of the file? "A New Character for Vicki.exe" or something like that? Guy

jchimim - "Red Hat's up to 7.X now..."

And living on Linux 2.4 or 2.5 kernels. Probably 2.4 given 2.5's problems. When discussing "Linux" it is only possible to discuss the kernel itself, not the revision number of each distribution.

**jchimim - ** "At one position, we had a solaris machine that had been up over two years. It was acting an an RLOGIN/DNS/TFTP server. There's no point in upgrading a machine that's doing it's job."

Of course not - and that's fine as long as your willing to accept the risks of having the unpatched holes. But I can guarantee you that there have been exploits for that system that have been patched in those 2 years. Hopefully that's not a problem for that box :: shrugs :: impossible for me to say.

Along those lines, we have Windows NT servers here that have never once crashed in all the time they are in service, often for years. While the uptime is not that long because we routinely maintain the systems the reality is we could simply leave them running and uptimes of years would be trivial to achieve.

The point is that there is nothing inherent in Linux or Unix that is more stable these days ... not since Windows NT 4.5 and certainly not since 2000.

**jchimim - ** "Would you feel more comfortable with air traffic controllers relying on a Solaris platform or a Windows XP platform?."

I wouldn't worry about it one way or the other to be honest. I would be much more interested in the stability of the application code running on the system itself. I do know I wouldn't put it on a Linux system - there is way too much code int here that has never had a serious Q&A review.

jchimim - "easy to administer is the key to choosing windows over unix. Windows administrators are easier to find and less expensive to pay than Unix administrators."

Well actually the key is application availability and a vastly superior set of development tools... not to mention a fairly low total cost of ownership and great support from multiple vendors.

Administrators are not a problem in either case.. the number of Linux/Unix people out there who will admin boxes for Pizza is fairly high. There is no real need to pay Unix admins more than Windows admins these days - it used to be so when Unix/Linux skills were rare - but that simply isn't the case.

Of course, good admins in either OS are able to demand more money - and most of the good ones can admin either system :)

Roy G - "I would imagine running an executable file on any other OS would be equally risky. Firewalls cannot be relied on to catch these things. After the program is up and running, it could disable your firewall, disable Virus detection, then do whatever it wants, because you have given it control."

If you are happy with a little extra trouble under Windows AND Linux you can avoid this. Simply do not give your everyday work login access to change those files. That way you would have to actively login or "Run As" an administrator to do so... running a Trojan under your normal account would not let it hurt that way because it wouldn't have access.

ghoyle1 the file name was joshie.exe

Hi ghoyle1, From Post 1) "At this web page they have a program called Y3K Remote Administration Tool Pro and Joshie.exe seems to be exactly that. When run it puts a program called server.exe in the Windows/System directory" The file dowloaded is"Joshie.exe" but if you run it,it installs a program called"server.exe" look for either one of those. Tom

“The fact that no one understands you…Doesn’t make you an artist.”

Soulhuntre, we fall into that ancient (at least by geek standards) debate that only time will settle, and I suspect the other folks following this thread are probably rolling their eyes (or cursing under their breath) at us for "hi-jacking" it...

So true :) A well, thanks for an interesting (and civil!) discussion :)

...another nay-say to the argument about Linux's stability being due to it's age: It's also more stable (at times, overall) because it is being programmed by thousands of programmers, instead of the core group at microsoft, which I estimate couldn't be more than a few hundred, tops. The power of open-source: When someone finds a bug, they have to power to fix it right away, or at least tell someone who can :)

"It's also more stable (at times, overall) because it is being programmed by thousands of programmers, instead of the core group at microsoft, which I estimate couldn't be more than a few hundred, tops. The power of open-source: When someone finds a bug, they have to power to fix it right away, or at least tell someone who can :)" Actually - if you read the developers list you will see that a very few people contibute a fair majority of the code... and that much of the remaining code goes in from sources that are of dubious skill and that overall the testing structure is pretty weak. This leaves Linux with the worst of all worlds - the number of high caliber programmers working ont he system remains smaller than a commercial OS, but the number of semi and low skilled programmers who pollute the code-base is much higher than a commercial system :) Let's be honest, 95% of those who run Linux never look at or fix the source code, so the user base isn't helping very much. So far "the power of open source" has come up with some an OS with deep flaws in the virtual memory subsystem, a seriously out of date SCSI subsystem and a scheduler with problems of it's own - not to mention an IDE hard drive subsystem that blows away whole filesystems at whim. Linux is not a shining example of development - it turns out that "many eyes" do not make bugs shallow but can corrupt the code... and the "mythical man-month" applies to open source as much as commercial code.

I have no idea how what started out as a warning for other members to avoid a malicious file posing as a poser freebie got turned into the age old debate of "my operating system is better than yours".