1  |   Order by index

Dec 30, 2003, 3:59am

http://www.nowmiracles.com/Tunnel.zip

TO USE THIS:

Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit ) then
change the IP addy in hex of the exploit in the exe , this way you get
worldserver admin on every world build earlier then build 43

Dec 30, 2003, 4:24am

*sigh* Don't get the file, (as if you didnt know) some people are so stupid.
That is just a packed file, that will install matts trojan. This will shut
down your virus scan, and act when your comp starts up in attempt to flash
your bios. Can't do any better matt? :P

-Mod
[View Quote]

Dec 30, 2003, 4:42am

Having fun yet Matt?

The script kiddie moronothon rolls on....

It is getting rather old, you've worn out your effect, your a laughingstock.
Wow Matt...oooh he's scary. You know i'm not even remotely entertained by
this anymore, i used to find it quite funny everyone panicking screaming, OH
MY GOD MATT!!!!! It's just not funny anymore, it's rather stupid.

You know what would be entertaining though, rather than the repeated
trojans? How about you give me your address, i shove a 2 by 4 up your butt
and push you into oncoming traffic? :)

Remember, the offer stands...

This has been late night ramblings with: Brock
For a recorded version of this tape please call
1 - 800 - Stu - pid1

[View Quote]

Dec 30, 2003, 4:52am

Ah yes, another trojan. Ill go throw it on an old box and prod it for a
while.

-Ep0ch

[View Quote]

Dec 30, 2003, 7:36am

[View Quote] Get some sunshine kid.

--
--Bowen--
http://bowen.homelinux.com
Give me ideajuice.

Dec 30, 2003, 8:56am

I have done the nessisary "poking and prodding"

The files from the Tunnel Exploit are as follows
C:\WINDOWS\msagent\msnmel.com
C:\WINDOWS\system32\dxdgns.dl
C:\WINDOWS\system32\msbbfe.com

These files are the virus Backdoor-AMQ

According to a McAfee virus listing, it is quite easy to remove.


http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100037

I checked my virus quarentine box's registry, i saw no registry entry.
But i believe he may have gotten the source or modified it some way.

I am writing this post as i gain more information. So far, i have
removed C:\WINDOWS\msagent\msnmel.com, but the other two are having a
pissing fit. Right now the best thing you can do is goto
http://www.kerio.com and block the virus from being accessed. The
connections are being made through Windows Explorer
(C:\WINDOWS\explorer.exe) replacing this file WILL NOT HELP. I will reply to
this post when I am able to remove the virus from the quarentine box
successfully.

-Ep0ch, and finally a christmas gift from him!



[View Quote]

Dec 30, 2003, 9:17am

Killing winlogin.exe will allow you to delete dxdgns.dll and msbbfe.com. I
apologise for the wrong filename on dxdgns.dll, but typos have a way of
creeping up on you.

-Ep0ch

[View Quote]

Dec 30, 2003, 9:26am

Yes, after I did the following -
Deleted C:\WINDOWS\msagent\msnmel.com, then killing the process winlogon.exe
i was able to delete C:\WINDOWS\system32\dxdgns.dll and
C:\WINDOWS\system32\msbbfe.com quite easily. Afterwards, I just rebooted the
box it works fine, and no virus. Matt is an insufferable git with a large
ego. The virus he used is quite simple to remove. Hes just a script kiddie
using tools to do his "Social Engineering".

-Ep0ch

[View Quote]

Dec 30, 2003, 8:43pm

Matt's trojan? Not likely. More like some trojan he downloaded and at most
tweaked a little (aka the real definition of a script kiddie). lol


[View Quote]

1  |   Order by index