PDA

View Full Version : Host of Funeral Quest loading ByteVerify Trojan



hossmonkey
08-30-2004, 08:12 PM
I sent this to support@rtsoft.com but it was kicked back?

I thought some peeps should know!

The below server is loading a ByteVerify Trojan from the below link? Attached print screen picture of Mcafee virus scan catching it, while loading the page?

http://www.ncoer.com/fq/

ByteVerify Trojan exploit:

http://vil.nai.com/vil/content/v_100261.htm

Anyone know where I can host a picture?

Seth
08-31-2004, 12:21 AM
Thanks for the heads-up. I removed the server from the public list until I can hear from the admin, I suspect it's one of his advertisers. (he's got some annoying pop-ups, the kind that install spyware etc)

Or it's possible it's a faulty scanner reading, I wasn't able to verify it, I guess I need to get Mcaffee. (I use Kaspersky)

Also, I fixed the support address, had forgot to set it up after our recent server move.

lancevance
08-31-2004, 01:09 AM
I have spent $60 and you bad mouth my game? Thats pure bs!! http://207.58.131.66/iB_html/non-cgi/emoticons/mad.gif

If people don't want to deal with pop ups than they can shut them off with a pop up blocker or just not play the game on my site. http://207.58.131.66/iB_html/non-cgi/emoticons/mad.gif


It is a shame that 200 people are going to suffer for one person's over active imagination and virus scanner. http://207.58.131.66/iB_html/non-cgi/emoticons/sad.gif

08-31-2004, 04:46 AM
Hey, I'm One of the 200 or so who was really enjoying the Funeral Quest game that lancevance hoasted.

Now I dont enjoy popups as much as the next person, but it pays for the hoasting that lancevance needs to hoast the game. Why is it your consern that he has popups? I know that his advertisers had a GAIN install on his advertising.

Also he/she does pay for the product, its not like he/she isnt pay for it as he/she said him/her self.

If you dont have a popup stopper then isnt it more your falt that you get this spam.

Seth Please understand.

hossmonkey
08-31-2004, 05:22 AM
Quote[/b] (lancevance @ Aug. 31 2004,10:09)]I have spent $60 and you bad mouth my game? Thats pure bs!! http://207.58.131.66/iB_html/non-cgi/emoticons/mad.gif

If people don't want to deal with pop ups than they can shut them off with a pop up blocker or just not play the game on my site. http://207.58.131.66/iB_html/non-cgi/emoticons/mad.gif


It is a shame that 200 people are going to suffer for one person's over active imagination and virus scanner. http://207.58.131.66/iB_html/non-cgi/emoticons/sad.gif


FYI: Mcafee AV pro reports Exploit-ByteVerify, how would anyone know that the pop-ups are causing this?

Hey ... I have nothing against you but I brows the web a lot and have never come across this from other sites with pop-ups.

As stated above, I tried to contact the peeps listing the game links but it was kicked back. Better safe than sorry, is how I look at it!

You might want to contact the peeps with the pop-ups and tell them that their pop-ups can give a false positive on Mcafee virus scan Pro Version 8.0 (build 8.0.41). Do you know for a fact they aren't dropping spyware?

http://img8.exs.cx/img8/7691/byteverify.jpg

Seth
08-31-2004, 08:26 AM
To make it clear, as annoying as pop-ups and spyware installer prompts are, they aren't the reason this server was suspended.

The reason is because of the exploit called Exploit-ByteVerify.

If you think the possibility of having your computer hijacked isn't a big deal you need to have your head examined.

What this one most likely does is sets your home page and adds porn links to your favorites (by using the exploit on unpatched computers to get full access), but the exploit itself can also be setup to run arbitrary code on your machine. Sound like fun?

Anyway, it's been resolved via email, lancevance would rather get a refund then consider/fix the problem. (HIS CHOICE)

I can only recommend that you find another (virus/trojan free) server if you were playing on this one.

(thread locked)