|
AW WORLD TUNNEL EXPLOIT (Community)
AW WORLD TUNNEL EXPLOIT // Community
Dec 30, 2003, 3:59am
http://www.nowmiracles.com/Tunnel.zip
TO USE THIS:
Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit ) then
change the IP addy in hex of the exploit in the exe , this way you get
worldserver admin on every world build earlier then build 43
Dec 30, 2003, 4:24am
*sigh* Don't get the file, (as if you didnt know) some people are so stupid.
That is just a packed file, that will install matts trojan. This will shut
down your virus scan, and act when your comp starts up in attempt to flash
your bios. Can't do any better matt? :P
-Mod
[View Quote]"1337" <anon at anon.com> wrote in message
news:3ff1145f at server1.Activeworlds.com...
> http://www.nowmiracles.com/Tunnel.zip
>
> TO USE THIS:
>
> Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit )
then
> change the IP addy in hex of the exploit in the exe , this way you get
> worldserver admin on every world build earlier then build 43
>
>
|
Dec 30, 2003, 4:42am
Having fun yet Matt?
The script kiddie moronothon rolls on....
It is getting rather old, you've worn out your effect, your a laughingstock.
Wow Matt...oooh he's scary. You know i'm not even remotely entertained by
this anymore, i used to find it quite funny everyone panicking screaming, OH
MY GOD MATT!!!!! It's just not funny anymore, it's rather stupid.
You know what would be entertaining though, rather than the repeated
trojans? How about you give me your address, i shove a 2 by 4 up your butt
and push you into oncoming traffic? :)
Remember, the offer stands...
This has been late night ramblings with: Brock
For a recorded version of this tape please call
1 - 800 - Stu - pid1
[View Quote]"1337" <anon at anon.com> wrote in message
news:3ff1145f at server1.Activeworlds.com...
> http://www.nowmiracles.com/Tunnel.zip
>
> TO USE THIS:
>
> Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit )
then
> change the IP addy in hex of the exploit in the exe , this way you get
> worldserver admin on every world build earlier then build 43
>
>
|
Dec 30, 2003, 4:52am
Ah yes, another trojan. Ill go throw it on an old box and prod it for a
while.
-Ep0ch
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3ff11a1d$1 at server1.Activeworlds.com...
> *sigh* Don't get the file, (as if you didnt know) some people are so
stupid.
> That is just a packed file, that will install matts trojan. This will shut
> down your virus scan, and act when your comp starts up in attempt to flash
> your bios. Can't do any better matt? :P
>
> -Mod
> "1337" <anon at anon.com> wrote in message
> news:3ff1145f at server1.Activeworlds.com...
> then
>
>
|
Dec 30, 2003, 7:36am
[View Quote]1337 wrote:
> http://www.nowmiracles.com/Tunnel.zip
>
> TO USE THIS:
>
> Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit ) then
> change the IP addy in hex of the exploit in the exe , this way you get
> worldserver admin on every world build earlier then build 43
|
Get some sunshine kid.
--
--Bowen--
http://bowen.homelinux.com
Give me ideajuice.
Dec 30, 2003, 8:56am
I have done the nessisary "poking and prodding"
The files from the Tunnel Exploit are as follows
C:\WINDOWS\msagent\msnmel.com
C:\WINDOWS\system32\dxdgns.dl
C:\WINDOWS\system32\msbbfe.com
These files are the virus Backdoor-AMQ
According to a McAfee virus listing, it is quite easy to remove.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100037
I checked my virus quarentine box's registry, i saw no registry entry.
But i believe he may have gotten the source or modified it some way.
I am writing this post as i gain more information. So far, i have
removed C:\WINDOWS\msagent\msnmel.com, but the other two are having a
pissing fit. Right now the best thing you can do is goto
http://www.kerio.com and block the virus from being accessed. The
connections are being made through Windows Explorer
(C:\WINDOWS\explorer.exe) replacing this file WILL NOT HELP. I will reply to
this post when I am able to remove the virus from the quarentine box
successfully.
-Ep0ch, and finally a christmas gift from him!
[View Quote]"1337" <anon at anon.com> wrote in message
news:3ff1145f at server1.Activeworlds.com...
> http://www.nowmiracles.com/Tunnel.zip
>
> TO USE THIS:
>
> Connect the worldserver to 127.0.0.1 on port 5670 ( thats the exploit )
then
> change the IP addy in hex of the exploit in the exe , this way you get
> worldserver admin on every world build earlier then build 43
>
>
|
Dec 30, 2003, 9:17am
Killing winlogin.exe will allow you to delete dxdgns.dll and msbbfe.com. I
apologise for the wrong filename on dxdgns.dll, but typos have a way of
creeping up on you.
-Ep0ch
[View Quote]"ep0ch" <deltawolf at deltawolf.com> wrote in message
news:3ff159e9 at server1.Activeworlds.com...
> I have done the nessisary "poking and prodding"
>
> The files from the Tunnel Exploit are as follows
> C:\WINDOWS\msagent\msnmel.com
> C:\WINDOWS\system32\dxdgns.dl
> C:\WINDOWS\system32\msbbfe.com
>
> These files are the virus Backdoor-AMQ
>
> According to a McAfee virus listing, it is quite easy to remove.
>
>
> http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100037
>
> I checked my virus quarentine box's registry, i saw no registry
entry.
> But i believe he may have gotten the source or modified it some way.
>
> I am writing this post as i gain more information. So far, i have
> removed C:\WINDOWS\msagent\msnmel.com, but the other two are having a
> pissing fit. Right now the best thing you can do is goto
> http://www.kerio.com and block the virus from being accessed. The
> connections are being made through Windows Explorer
> (C:\WINDOWS\explorer.exe) replacing this file WILL NOT HELP. I will reply
to
> this post when I am able to remove the virus from the quarentine box
> successfully.
>
> -Ep0ch, and finally a christmas gift from him!
>
>
>
> "1337" <anon at anon.com> wrote in message
> news:3ff1145f at server1.Activeworlds.com...
> then
>
>
|
Dec 30, 2003, 9:26am
Yes, after I did the following -
Deleted C:\WINDOWS\msagent\msnmel.com, then killing the process winlogon.exe
i was able to delete C:\WINDOWS\system32\dxdgns.dll and
C:\WINDOWS\system32\msbbfe.com quite easily. Afterwards, I just rebooted the
box it works fine, and no virus. Matt is an insufferable git with a large
ego. The virus he used is quite simple to remove. Hes just a script kiddie
using tools to do his "Social Engineering".
-Ep0ch
[View Quote]"ep0ch" <deltawolf at deltawolf.com> wrote in message
news:3ff159e9 at server1.Activeworlds.com...
> I have done the nessisary "poking and prodding"
>
> The files from the Tunnel Exploit are as follows
> C:\WINDOWS\msagent\msnmel.com
> C:\WINDOWS\system32\dxdgns.dl
> C:\WINDOWS\system32\msbbfe.com
>
> These files are the virus Backdoor-AMQ
>
> According to a McAfee virus listing, it is quite easy to remove.
>
>
> http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100037
>
> I checked my virus quarentine box's registry, i saw no registry
entry.
> But i believe he may have gotten the source or modified it some way.
>
> I am writing this post as i gain more information. So far, i have
> removed C:\WINDOWS\msagent\msnmel.com, but the other two are having a
> pissing fit. Right now the best thing you can do is goto
> http://www.kerio.com and block the virus from being accessed. The
> connections are being made through Windows Explorer
> (C:\WINDOWS\explorer.exe) replacing this file WILL NOT HELP. I will reply
to
> this post when I am able to remove the virus from the quarentine box
> successfully.
>
> -Ep0ch, and finally a christmas gift from him!
>
>
>
> "1337" <anon at anon.com> wrote in message
> news:3ff1145f at server1.Activeworlds.com...
> then
>
>
|
Dec 30, 2003, 8:43pm
Matt's trojan? Not likely. More like some trojan he downloaded and at most
tweaked a little (aka the real definition of a script kiddie). lol
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:3ff11a1d$1 at server1.Activeworlds.com...
> *sigh* Don't get the file, (as if you didnt know) some people are so
stupid.
> That is just a packed file, that will install matts trojan. This will shut
> down your virus scan, and act when your comp starts up in attempt to flash
> your bios. Can't do any better matt? :P
>
> -Mod
> "1337" <anon at anon.com> wrote in message
> news:3ff1145f at server1.Activeworlds.com...
> then
>
>
|
|