|
|
| Author |
Message |
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
 Posted: 12/03/03 - 18:51 Post subject: Hackers, Jesus, and the Holy Bible.
|
|
|
WTF. I r being haxed.
Apparently, you can send someone a script.ini, that modifies your existing script.ini file, and whenever you join a certain chatroom (or when you are forced to join a certain chatroom) in mIRC, the malicious user that placed the malicious code on your not-so-malicious-user protected machine gains control and access to your machine and any machine that is accessible via your network. It actually scanned my windows password, which was logged in one of the .dll files contained within the IRC worm's folder. Among the files in that folder was HOSTS(no extension), ipscan.exe, KILL.exe, ipscan.dll, services.exe (with mIRC icon), HIDDEN32.exe, script.ini, script2.dll, script3.dll, and a few others I can't remember atm because I obliterated them with my left mouse button.
I was able to retrieve the IP source that was requesting access to my computer via the mIRC script, and it showed a server name of "irc.ircsuper.net" and an IP address of, "69.31.73.60." I guess it's cool that I know where it's coming from, but uhh, right now I don't really know how that even helps me.
I've been through starting/stopping windows services all day, trying to figure out through which port or service this program is running so that it would allow me access to delete it. (access is denied my f*****g ass)
The great thing about this is that I have no idea how it was applied to my computer. I do not remember downloading anything I did not trust from anyone I do not trust. If anyone could tell me if it's possible to run this type of code or worm without permission from the user it's being run on, or if they can help me complete some security measures to stop this from happening again, please shoot me a PM or leave a reply with them here. Thanks for reading my spam :\.
|
|
|
Back to top
|
|
|
|
 |
khrath
RealPoor Master of Posts
Joined: 11 Oct 2002
Posts: 8750
|
|
Posted: 12/03/03 - 18:59 Post subject:
|
|
|
|
lol i wondered who that was that i got!!!!!!
|
|
|
Back to top
|
|
|
|
|
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
|
Posted: 12/03/03 - 19:05 Post subject:
|
|
|
|
You're a b*****d.
|
|
|
Back to top
|
|
|
|
|
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
|
Posted: 12/03/03 - 22:18 Post subject:
|
|
|
| Syke wrote: | | You're a b*****d. |
|
|
|
Back to top
|
|
|
|
|
Krumble
Toomuchtimeonhands
Joined: 11 Oct 2002
Posts: 771
|
|
Posted: 12/03/03 - 22:22 Post subject:
|
|
|
|
Reformat.
|
|
|
Back to top
|
|
|
|
|
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
|
Posted: 12/03/03 - 23:04 Post subject:
|
|
|
Unfortunately, that solves only one problem. What I really want to know is how "Khrath" got the script.ini onto my computer without my permission, Or rather, with my uknowledgable acceptance of his file. (meaning he linked me to something and I clicked it, not knowing that the worm would attatch itself to me).
So I'm posing the question, "Is it possible to plant or install malicious IRC code onto a victim's computer without any permission from the victim?"
If so, or even if not, what preventative measures can I take to protect myself from that kind of privacy breach in the future? As of now, I have mIRC uninstalled completely, and the script files have been deleted from my win/system32/drivers/etc folder, so hopefully that prevents this mode of passage in the future, but now that I know this person, or people have my IP address, would there be any need to worry about other open ports or loopholes in certain programs I might need to patch up?
I guess it's a good thing this happend, cuz now im learning all kinds of neat things about computer security/internet security. FUCKIGN BORING BUT WELL WORTH IT I SAY>
Someone kill me plz, I can't pull the trigger :\
|
|
|
Back to top
|
|
|
|
|
Fifth0
Rookie
Joined: 25 Aug 2003
Posts: 55
|
|
Posted: 12/03/03 - 23:08 Post subject:
|
|
|
|
i think he was being sarcastic, but that is just my thoughts. =p
|
|
|
Back to top
|
|
|
|
|
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
|
Posted: 12/03/03 - 23:11 Post subject:
|
|
|
| Fifth0 wrote: | | i think he was being sarcastic, but that is just my thoughts. =p |
I know, but it gave me a good reason to post my question again and pretend like I wasn't just trying to bump it back up to the first spot on the page.
|
|
|
Back to top
|
|
|
|
|
compusmack
RealPoor Master of Posts
Joined: 15 Oct 2002
Posts: 6354
|
|
Posted: 12/04/03 - 11:40 Post subject:
|
|
|
Sometimes web sites try to install software through your web browser.. maybe you accidentally clicked one? There are more than a few malicious sites out there.
Do you have a popup blocker?
|
|
|
Back to top
|
|
|
|
|
Tiluvas
RealPoor Guru
Joined: 19 Oct 2002
Posts: 2355
|
|
Posted: 12/04/03 - 12:38 Post subject:
|
|
|
|
I thought this thread was going to be about "Snow Crash", a book by Neal Stephenson. I am very disappointed, there isn't even a mention of Jesus Christ OR The Bible. You've really let me down, Syke.
|
|
|
Back to top
|
|
|
|
|
Syke
RealPoor Guru
Joined: 12 Oct 2002
Posts: 2976
Location: Huntington Beach, CA
|
|
Posted: 12/04/03 - 15:26 Post subject:
|
|
|
Comp, I don't think I have in recent months. When I use that computer, I only visit realpoor, MirC (#rp), and use microsoft Excel and access.
For the last month or so, I've had a software firewall running just in case something like this might happen, and i've also been using spybot to detect any problems with spyware/adware.
I had everything cleared out up until yesterday. When I turned my computer on, norton warned me there was a virus on my computer and that it could not fix the problem. I quickly found the source of the problem because I locked the internet with my firewall immediately, and it showed that "mIRC tried to act as a server but the internet lock blocked the connection: irc.ircsuper.net."
*shrug* dunno, maybe there was something spybot didn't detect and I got fuxed in the process. I'm just going to have to be anally rententive when it comes to using the internet from now on. What I think may have been a major problem is that my password was too simple ( I didn't choose the PW  ). From now on it's going to be like 10 million characters long :\.
And just to make u happy tilvuas  ........
In reality, Hiro Protagonist delivers pizza for Uncle Enzo's CosaNostra Pizza Inc., but in the Metaverse he's a warrior prince. Plunging headlong into the enigma of a new computer virus that's striking down hackers everywhere, he races along the neon-lit streets on a search-and-destroy mission for the shadowy virtual villain threatening to bring about infocalypse. Snow Crash is a mind-altering romp through a future America so bizarre, so outrageous...you'll recognize it immediately.
|
|
|
Back to top
|
|
|
|
|
Sunkorzien
Sir Postalot
Joined: 14 Oct 2002
Posts: 1443
Location: New Orleans
|
|
Posted: 12/04/03 - 15:31 Post subject:
|
|
|
More Snow Crash please.
I think I'm gonna go read it again. (32nd time?)
|
|
|
Back to top
|
|
|
|
|
|
|
