Board hacked again

[mf_dolphin]

Looks like the script kiddies were at it again. We got to it as soon as possible and looks like everything is back to normal. Sorry for the problems!

[DROliver]

What we have found is the program that the redirect asked you to download is a virus and it will wipe out your registery.

PLEASE REMOVE THAT FILE if you downloaded it.

[msbee]

what is the name of the program?
I think I might have installed it but can't find it

[TexasStooge]

I should've known it was HACKED!

(Cusses in Spanish)

I was thinking that the multi-'slim shady' users were to blame for the so-called high traffic.

Thank goodness for the public computers. I didn't have to download a thing!

[mf_dolphin]

There's no evidence that the various shady users are related to the hack at this point.

MsBee the file was called "plugin_install.exe"

[chadtm80]

Mary did you install it or just download it?

If you installed it we may need to do some more steps.. Let me know

[msbee]

I found it and got rid of it.
thanks!
I ran a virus check. every thing seems ok so far.

[BreinLa]

Crap, crap and crap. I don;t think I downloaded it on my laptop all i did was click run then got scared and got out. Marshall???????

[P.K.]

Thought so so I didn't download it. I was going to send an e-mail to ask as I thought it looked strange. High traffic?? It was far busier in middle of September.

[AussieMark]

I downloaded it and installed it.

What do I need to do to fix up my PC.

[R-Dub]

OH NO!! I installed it also! My computer started running slow, then all this wierd stuff came up on it so I shut the computer off, and when I started it back up, it ran a system check. Something I have never seen before apon start up. Everything seems okay now, but is there more I need to do becides deleting the program?

[JenyEliza]

I downloaded it, and I'm on WinXP. Seems it has messed up something with the SP2, and asked me to insert the disks (I don't have them). WHAT DO I DO?????

S___, s____, s____.



Jeny

[JenyEliza]

I ran spy-bot and cleaned up stuff that way.

Then I did a search for "plugin_install.exe", and it didn't find it. Before i did this, our computer gave me an alert that changes had been made to WinXP and it asked for the disk. I'm highly PO'd at the little pencil-neck cracker who put this out there...and at myself or trusting it and downloading it.

Can I post a "birdie finger" icon to the jerk(s)?

Now...what else can I do?? I'm afraid our computer is trashed. I can't afford to take it in to have it fixed.

Jeny

[JenyEliza]

Ok, ran a more refined search, and it came up with the "plugin_install.exe", and I hit delete. But, it's not showing up in the recycle bin.

Is this file possibly "ESBK.mbb"? That is the only suspcious thing I am now turning up in recycle. It's a read-only file, and was created about the exact same time I downloaded the crap the hacker/cracker left behind.

I am not a happy camper.

Jeny

[Rainband]

IMPORTANT: Print this page before continuing.

NOTE: Any captions or labels you created with your images will NOT be recoverable.

For EasyShare software v4.x and later:

Go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then select Delete.
For Windows 9X or ME operating systems:
Go to C:\Program Files\Kodak\Kodak EasyShare software\Catalog, and then delete the esbk.mb and esbk.mbb files.
For Windows 2000 or XP operating systems:
Go to C:\Documents and Settings\All Users\Shared Documents, and then delete the esbk.mb and esbk. mbb files. To delete a file, right-click the file, and then select Delete.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.
For EasyShare software v3.x:

In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Rename.
Rename the folder Catalog.old.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.

For EasyShare software v2.0:

In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Delete.
Confirm the deletion of this folder.
Go to C:\Program Files\Kodak\Kodak EasyShare software\ini folder.
Double-click the EasyShare.ini file.
Change the scripting in the file from:
[Database] CommitMode=0;
to:
[Database] CommitMode=1
Save the changes.
Start EasyShare software.
If you stored your images in the default location of the My Pictures folder, EasyShare software asks you if you want to add the images there to the new collection. To continue, select Add.




Help us improve our site, did this answer your question?

[JenyEliza]

I can't print...our printer is dead.

Do I need to go into the recycle bin and restore the ESBK file? Will that work?

I'm not sure I understand this. So, I'm not doing anything further until I do.

Jeny

[Rainband]

Seems to me it's a kodak file and harmless. I just searched and thats what i found.

[msbee]

I have another question about that file.
as I said, I found it and dleted it.
computer seems to be working properly. but Aquawind in the tropical forum sauid this:
It loaded multiple csrss.exe in the Startup.. You can uncheck them in the Start/Run/msconfig Startup Tab. Maybe then system restore..I didn't have to do that.


now I did find several csrss.exe files there when I checked.
should I do what aquawind suggested or just leave thnigs alone?
thanks
Barbara

[Windspeed]

Depending on what o/s you're running, it can damage your system registry and corrupt files. These are associated problems with XP: 1) some .ini files have vanished, 2) some of the sytem registry is gone while some of the associated files are corrupted, 3) some start up files are duplicated, 4) can not shut down the computer without doing it manually, 5) see 2 and 4, if you are running a firewall, you may notice that it gets disabled by the hack, which leads to the most annoying bad news: the hack is associated with a botnet. If you go to command prompt and run "netstat," you may find an established connection to port 6667. That is likely an irc bot. If this is the case, you aren't going to be able to fix the problem by simply removing the files. The bot will bunk your system every time you reboot and your network is enabled.

If you removed it in time with a good antivirus software, you're probably okay. However, run netstat and see if there is still a connection to this botnet. If so, you are in the same ball park with me. I am thinking about doing a reinstall. Downloading that file last tuesday night was the first time I had made such a mistake with a suspecious file. I don't know what the hell I was thinking.... of course, I wasn't....

[msbee]

yea, I wasn't thinking either. I know better.
but what about those csrss.exe files?
I tried to run netstat and a little black box comes up, runs soemthing,and then disppers before I can see what it was.
I'm confused too and I don't know what all that stuff rainband was talking about either.
It seems eveyone is talking about different things to do
help??