Board hacked again
Moderator: S2k Moderators
- mf_dolphin
- Category 5
- Posts: 17761
- Age: 67
- Joined: Tue Oct 08, 2002 2:05 pm
- Location: St Petersburg, FL
- Contact:
Board hacked again
Looks like the script kiddies were at it again. We got to it as soon as possible and looks like everything is back to normal. Sorry for the problems!
Last edited by mf_dolphin on Mon Mar 14, 2005 9:05 am, edited 1 time in total.
0 likes
- TexasStooge
- Category 5
- Posts: 38127
- Joined: Tue Mar 25, 2003 1:22 pm
- Location: Irving (Dallas County), TX
- Contact:
- mf_dolphin
- Category 5
- Posts: 17761
- Age: 67
- Joined: Tue Oct 08, 2002 2:05 pm
- Location: St Petersburg, FL
- Contact:
- AussieMark
- Category 5
- Posts: 5858
- Joined: Tue Sep 02, 2003 6:36 pm
- Location: near Sydney, Australia
OH NO!! I installed it also! My computer started running slow, then all this wierd stuff came up on it so I shut the computer off, and when I started it back up, it ran a system check. Something I have never seen before apon start up. Everything seems okay now, but is there more I need to do becides deleting the program?
0 likes
I ran spy-bot and cleaned up stuff that way.
Then I did a search for "plugin_install.exe", and it didn't find it. Before i did this, our computer gave me an alert that changes had been made to WinXP and it asked for the disk. I'm highly PO'd at the little pencil-neck cracker who put this out there...and at myself or trusting it and downloading it.
Can I post a "birdie finger" icon to the jerk(s)?
Now...what else can I do?? I'm afraid our computer is trashed. I can't afford to take it in to have it fixed.
Jeny
Then I did a search for "plugin_install.exe", and it didn't find it. Before i did this, our computer gave me an alert that changes had been made to WinXP and it asked for the disk. I'm highly PO'd at the little pencil-neck cracker who put this out there...and at myself or trusting it and downloading it.
Can I post a "birdie finger" icon to the jerk(s)?
Now...what else can I do?? I'm afraid our computer is trashed. I can't afford to take it in to have it fixed.
Jeny
0 likes
Ok, ran a more refined search, and it came up with the "plugin_install.exe", and I hit delete. But, it's not showing up in the recycle bin.
Is this file possibly "ESBK.mbb"? That is the only suspcious thing I am now turning up in recycle. It's a read-only file, and was created about the exact same time I downloaded the crap the hacker/cracker left behind.
I am not a happy camper.
Jeny
Is this file possibly "ESBK.mbb"? That is the only suspcious thing I am now turning up in recycle. It's a read-only file, and was created about the exact same time I downloaded the crap the hacker/cracker left behind.
I am not a happy camper.
Jeny
0 likes
IMPORTANT: Print this page before continuing.
NOTE: Any captions or labels you created with your images will NOT be recoverable.
For EasyShare software v4.x and later:
Go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then select Delete.
For Windows 9X or ME operating systems:
Go to C:\Program Files\Kodak\Kodak EasyShare software\Catalog, and then delete the esbk.mb and esbk.mbb files.
For Windows 2000 or XP operating systems:
Go to C:\Documents and Settings\All Users\Shared Documents, and then delete the esbk.mb and esbk. mbb files. To delete a file, right-click the file, and then select Delete.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.
For EasyShare software v3.x:
In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Rename.
Rename the folder Catalog.old.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.
For EasyShare software v2.0:
In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Delete.
Confirm the deletion of this folder.
Go to C:\Program Files\Kodak\Kodak EasyShare software\ini folder.
Double-click the EasyShare.ini file.
Change the scripting in the file from:
[Database] CommitMode=0;
to:
[Database] CommitMode=1
Save the changes.
Start EasyShare software.
If you stored your images in the default location of the My Pictures folder, EasyShare software asks you if you want to add the images there to the new collection. To continue, select Add.
Help us improve our site, did this answer your question?
NOTE: Any captions or labels you created with your images will NOT be recoverable.
For EasyShare software v4.x and later:
Go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then select Delete.
For Windows 9X or ME operating systems:
Go to C:\Program Files\Kodak\Kodak EasyShare software\Catalog, and then delete the esbk.mb and esbk.mbb files.
For Windows 2000 or XP operating systems:
Go to C:\Documents and Settings\All Users\Shared Documents, and then delete the esbk.mb and esbk. mbb files. To delete a file, right-click the file, and then select Delete.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.
For EasyShare software v3.x:
In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Rename.
Rename the folder Catalog.old.
Restart your system. When EasyShare software prompts you to start a catalog from pictures located in C:\My Documents\My Pictures and C:\My Documents\My Pictures\Kodak Pictures, click Yes.
Start EasyShare software.
Click Add Pictures, navigate to and select the pictures to add to your EasyShare software collection, and then select Add Pictures.
For EasyShare software v2.0:
In Windows Explorer or My Computer, go to C:\Program Files\Kodak\Kodak EasyShare software.
Right-click the Catalog folder, and then click Delete.
Confirm the deletion of this folder.
Go to C:\Program Files\Kodak\Kodak EasyShare software\ini folder.
Double-click the EasyShare.ini file.
Change the scripting in the file from:
[Database] CommitMode=0;
to:
[Database] CommitMode=1
Save the changes.
Start EasyShare software.
If you stored your images in the default location of the My Pictures folder, EasyShare software asks you if you want to add the images there to the new collection. To continue, select Add.
Help us improve our site, did this answer your question?
0 likes
I have another question about that file.
as I said, I found it and dleted it.
computer seems to be working properly. but Aquawind in the tropical forum sauid this:
It loaded multiple csrss.exe in the Startup.. You can uncheck them in the Start/Run/msconfig Startup Tab. Maybe then system restore..I didn't have to do that.
now I did find several csrss.exe files there when I checked.
should I do what aquawind suggested or just leave thnigs alone?
thanks
Barbara
as I said, I found it and dleted it.
computer seems to be working properly. but Aquawind in the tropical forum sauid this:
It loaded multiple csrss.exe in the Startup.. You can uncheck them in the Start/Run/msconfig Startup Tab. Maybe then system restore..I didn't have to do that.
now I did find several csrss.exe files there when I checked.
should I do what aquawind suggested or just leave thnigs alone?
thanks
Barbara
0 likes
Too many hurricanes to remember
The file is not harmless...
Depending on what o/s you're running, it can damage your system registry and corrupt files. These are associated problems with XP: 1) some .ini files have vanished, 2) some of the sytem registry is gone while some of the associated files are corrupted, 3) some start up files are duplicated, 4) can not shut down the computer without doing it manually, 5) see 2 and 4, if you are running a firewall, you may notice that it gets disabled by the hack, which leads to the most annoying bad news: the hack is associated with a botnet. If you go to command prompt and run "netstat," you may find an established connection to port 6667. That is likely an irc bot. If this is the case, you aren't going to be able to fix the problem by simply removing the files. The bot will bunk your system every time you reboot and your network is enabled.
If you removed it in time with a good antivirus software, you're probably okay. However, run netstat and see if there is still a connection to this botnet. If so, you are in the same ball park with me. I am thinking about doing a reinstall. Downloading that file last tuesday night was the first time I had made such a mistake with a suspecious file. I don't know what the hell I was thinking.... of course, I wasn't....
If you removed it in time with a good antivirus software, you're probably okay. However, run netstat and see if there is still a connection to this botnet. If so, you are in the same ball park with me. I am thinking about doing a reinstall. Downloading that file last tuesday night was the first time I had made such a mistake with a suspecious file. I don't know what the hell I was thinking.... of course, I wasn't....
0 likes
yea, I wasn't thinking either. I know better.
but what about those csrss.exe files?
I tried to run netstat and a little black box comes up, runs soemthing,and then disppers before I can see what it was.
I'm confused too and I don't know what all that stuff rainband was talking about either.
It seems eveyone is talking about different things to do
help??
but what about those csrss.exe files?
I tried to run netstat and a little black box comes up, runs soemthing,and then disppers before I can see what it was.
I'm confused too and I don't know what all that stuff rainband was talking about either.
It seems eveyone is talking about different things to do
help??
0 likes
Too many hurricanes to remember
Return to “Storm2K Rules & Announcements”
Who is online
Users browsing this forum: No registered users and 12 guests