Hi SF,
Your my hero ;-)
I have been using your hack with much enthusiasm for quite some time
now. I got bit in the ass hard by that friggin trojan and it was
mostly Symantec's fault. Norton AV suddenly started showing your
sf-edonk file as containing a trojan dropper around about June 21. I
was not sure what was happening at the time but of course this thread
has made it all crystal clear.
Anyways, to make a long and boring story shorter, I ended up
downloading the REAL infected file(which Norton did not and still does
not detect as infected :-((() after Norton detected and quarantined
the real McCoy. The trojanized version then proceeded to put that gay
**** on my computer. I had a hell of a time figuring out what it was
doing for a few days until I saw this post and deleted that
cdrunxp.exe file.
Problem solved but what a friggin waste of time and energy. Again,
mostly because of Symantec and not because of any of the relatively
harmless **** the trojan did. Norton AV has saved my ass in the past
but this time it burned me bad. I have been unhappy with this
software for sometime now and this was the last straw. Looks like I'm
changing to Sophos!
Any plans to release a version of sf-edonk for v0.49.4 anytime soon?
I'll definitely be watching for it but until then I'll be sticking to
V0.48.1 with sf-edonk and without Norton AV!
**** SYMANTEC! **** THEM IN EVERY ORFICE!
MM
"sf" <rhshse@[EMAIL PROTECTED]
> wrote in message
news:<20030610171326.7FFDE5EB42@[EMAIL PROTECTED]
>...
> Aye, stephan the hero.
>
> Found another release of 3.8mb which also carries my patch also probably
> is the work of Stephan, but I haven't bothered to investigate. It uses
> the same lame exe joiner and icon anyway. Nearly 100 people had it
> shared when I downloaded it, edonkey
> rated it as a 3. Why are these people sharing this so fast ? It only a
> day or two old and my patch was released weeks ago. I guess it is linked
> on a forum somewhere.
>
> I set up an XP virtual machine earlier and tested the trojan payload.
> The payload was time delayed, I set the date 1 day ahead of initial
> infection and vola it triggered.
> It was just like I suspected in theory... a full screen slide show
> displaying many hardcore gay **** images (more than the 7 that I guessed
> at),
> followed by Internet Explorer opening on a gay **** URL. Another gay
> **** URL was set as the IE start page.
> Media player opened a local movie (gay.mpg) and played it....hardcore
> gay ****.
> The desktop wallpaper was changed to a an image depicting .... you
> guessed it ...gay ****.
> This payload re-ran everytime explorer was accessed.
>
> Got bored after that and reset the virtual machine. If there are any
> other effects of the payload then I missed them. I had IRIS sniffing and
> I didn't notice any other traffic than the IE sessions mentioned. Don't
> believe there is a backdoor. But who knows..who cares. Spent too much
> time on it already.
>
> Sent the files concerned to Symantec Security Response so hopefully they
> will add at least that exe joiner to virus detection.
>
> sf<><
>
>
>
>
> "punkle" <ppunkle@[EMAIL PROTECTED]
> wrote in message
> news:RfnFa.256899$3n5.197932@[EMAIL PROTECTED]
> > sf, too bad you can't kick 'stephan' in the balls
> >
> > my personal policy when grabbing filez is, if I can't find a
> consistent file
> > size between 2 or more of the "same" file, it doesn't get downloaded.
> > 'course, the wife doesn't understand this...
> >
> >
> > "sf" <rhshse@[EMAIL PROTECTED]
> wrote in message
> > news:20030610131002.AD00F5F20E@[EMAIL PROTECTED]
> > > Trojan alert..... who cares ? I do because this has been released
> under
> > > my name and is joined to an executable that I wrote.
> > > I just need to declare somewhere that this is not my mojo, this list
> is
> > > good as any to do that. And you can have a laugh too.
> > >
> > > Details:
> > > Released on edonkey network as an upload crack. (It does contain and
> run
> > > the working patch I released)
> > >
> >
> >
> >
|
