| mIRC - please read [concerning safety on #jedi-academy & others] | |
|
Jacen Aratan - Student |
OK, the deal is, there is a trojan running around in the JA right now. By accident it has been spread. So if you recieve any link from people, containing "kate.krashed" [rest is censored, but it will be a .jpg] and the words <--- mine  after it, DO NOT CLICK IT! If you *do* press it, it will probably be a thing saying "page could not be found". Don't believe it. Go to scripting stuff (alt+r) and look in Remote/Aliases for anything odd, e.g. a link, or a strange .txt file. If you find something odd, delete it. Immedeatly.EDIT: Please note that if someone sends you this link, these things should be followed; 1) Don't press the link, as said above 2) Notice the guy sending you the link that he has done it, this might save a lot of trouble 3) It is not their fault. They don't know when they send the link, and can certainly not help it, so don't blame them EDIT2: If you have clicked the link, download and run this program This post was edited by Jacen Aratan on Dec 19 2003 06:56am. |
| Login and add your comment! | Previous Comments > |
| Comments |
|
Wolfwood - Student 
|
Well, I am pretty sure I dont have the worm Orion said you would get. Because my Virus scanner scanned my PC twice, I downloaded the removal tool and scanned my PC twice with it. And yesterday I went to a PC store to get extra Ram and I asked the technical guy to check out my PC and stuff and he cleared everything that did not belong on my PC. All I got from the Link (that is, If I got it from that) was a trojan which wasnt so hard to remove _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
Icco - Student 
|
hey guys remeber to always keep your virus protection up to date _______________ "this is Icco. Icco is old. Icco is lost. Icco is cool, but Icco doesn't know what the meaning of 'macrophageal sex'." - Vaughn /Icco |
|
Orion - Retired 
|
dunno if this has been said or not...dont worry about the todo.txt you only have it there if you run NoNamedScript. they add it to there alias.nns _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u |
|
Jacen Aratan - Student |
I ran the scan too, no worm. *phew* |
|
Wolfwood - Student
|
Hmm, I think ill wait with IRC for a while till all the virusses cool down. I just checked my pc for virusses. My entire pc (took 3 hours :S) and its clean now btw, I did click the link from kate, but I did not have the worm on my PC thank god I think its cause I patched my windows with a security patch that came out when that worm was seriously causing trouble Its all good now _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
Orion - Retired 
|
it really dont matter what quakenet server you connect to, but you should try to connect to a server as close to you as possible so u get a better ping _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u |
|
Aron - Retired 
|
try to connect to one of these servers? http://staff.quakenet.org/servers.phtml (type /server <theserver>  |
|
Wolfwood - Student 
|
BTW, is it possible to Not have the virus if you click the link? cause I am not getting any warnings from my PC, and if its the blaster worm, I have a patch that I downloaded from windows site long time ago which said it would imunise my pc for it?? And the removal tool said the worm isnt on my pc  But ill run another full Virus scan with Norton just to make sure _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ This comment was edited by Wolfwood on Dec 19 2003 08:23am. |
|
Wolfwood - Student
|
btw, two more questions: I have no idea what quakenet server I connect to, Which one should I connect to? (im an IRC n00b, I had a friend install it so that it would automatically connect to the JA channel )2nd. Where does the worm stations itself? Windows maps? _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
Wolfwood - Student
|
Yes, I was as stupid as you were and also clicked the link download that removal tool to remove it _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
Garos - Student 
|
AAAH! I opened that! All it said was Page Cannot be found, so do I have the virus??? ?!?!?!!??!?! |
|
Orion - Retired
|
This Is A Virus here is a link for the removal tool. this a worm virus defined as w32.welchia.worm http://www.symantec.com/avcenter/FixWelch.exe _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u This comment was edited by Orion on Dec 19 2003 05:52am. |
|
OcarinaLink - Student 
|
m;eh...haven't seen it around... _______________ memento mori |
|
Aron - Retired 
|
what quakenet server are you connecting to? If you aren't sure, type //echo -a $server .. This comment was edited by Aron on Dec 18 2003 10:04pm. |
|
Wolfwood - Student
|
My IRC is totally messed up :S I tried reinstall but that aint working either. If I do /join jedi-academy I get a channel with only my name in it :S anyone help plz?? _______________ ~ Honor is a fool's prize. Glory is of no use to the dead ~ |
|
Aron - Retired
|
I just checked it out, and as Jacen said, it seems pretty harmless. The webpage uses a default script to generate a 404 page, and somehow uses server-side code to add a line to your mIRC. I searched for a file called todo.txt, but it wasnt there. It is still not certain if it is totally safe, since this is only the part we noticed. It might execute some other stuff on your computer, so DONT CLICK THE LINK! I will include the website, but DONT VISIT IT! http://kate.krashed.org/ ANY page on this server will trigger this thing. Please dont paste the link in IRC. Not if people ask for it either. If you see any people pasting this link, either in pm, or in the channel, report them to me, or JAC. This is not only for people you know. If some unknown guy starts pm'ing you this link, do a /whois on him, and write down his info, and report it. Thanks -A |
|
Doppelgänger - Student 
|
Nothing is safe under the black rain of Windows! >:| _______________ "Look not back in anger, nor forward in fear But around you in awareness." Ross Hersey |
|
Jacen Aratan - Student |
It will add todo run todo.txt to your Aliases. EDIT: OK, Aron just told me, it is harmless. But, I chose to play it safe and alert you guys. At any rate, it's annoying. This comment was edited by Jacen Aratan on Dec 18 2003 09:13pm. |
|
Doppelgänger - Student
|
That's strange JJ just had a post asking about windows people having a "todo.txt" file on their system. JJ do you know something about this? _______________ "Look not back in anger, nor forward in fear But around you in awareness." Ross Hersey |
|
Thomasooo - Student 
|
Thanks for the help earlier, Jacen! _______________ In the navy and LOVING it! 
Recipient of comment no. 1000 and heart-warming words from Ataris!
|
|
D@RtHM@UL - Student 
|
My Aliasses list is filled, how am I supposed to know what is the Trojan? Thnx for this warning Jacen....someone pmed me with the link...while I didnt know it was a virus. If someone could help me know how I can see it.. |
|
Jacen Aratan - Student |
Indeed. I was unsure of whether it was just on mine, but I found it as a line containing "todo.txt" under Aliases. |
|
Orion - Retired
|
just a quick note.. it should say like todo.txt _______________ When a Man lies he murder's some part of the world. These are the pale deaths which men misscall there lives. All this I cannot bear to witness any longer. Cannot the kingdom of salvation take me home? -Cliff Burton Owner of Smily's 1900th comment | <Lady_Catherine> i love your sexy white socks! | (Lady_Catherine) i adore u! | (Lady_Catherine) onion (Lady_Catherine) i lub u |
|
Jacen Aratan - Student |
Well, Mune.... AOL is made by Satan himself, so that could be from anywhere. |
|
Mune - Student 
|
:/ clicked it last night. I checked out remote, but there is nothing in it. I looked in aliases and everything looks fine. So I guess I lucked out? The only weird thing is that internet keeps prompting me to download payment.aol.something. :/ This comp is junk anyway. I love my dad's comp. Hurry up Friday. _______________ Captain Barkeep. |
| Login and add your comment! | Previous Comments > |