Welcome to PlagueFest.com! Log in or Sign up to interact with the Plague Fest community.
  1. Welcome Guest! to interact with the community and gain access to all the site's features.

Malicious user on the forums

Discussion in News started by Kyle, Nov 12, 2012

Thread Status:
Not open for further replies.
  1. Apr 9, 2007
    Posts
    Hi guys

    Apparently a few malicious users (Arbiter / Patrickbizzle (likely one in the same)) have been sending around lame-o Java apps around via our PM system. The PM probably consisted of a website claiming you could get free games or whatever if you installed this application. If you viewed the site and proceeded no further, you're fine. However, if you decided to check it out by launching the java application, there's a chance your system has become compromised. Credentials have been stolen on our forums, but I don't believe anyone in Management has had their credentials compromised.

    Apparently Hitman Pro or whatever recommended application can detect/remove the keylogger.

    Thanks, hopefully everyone takes more care to only run trusted software.

    EDIT: If you have any more information, please let @Haplo know.
    • Informative Informative x 4
    • Like Like x 3
    • Useful Useful x 1
      Kyle, Nov 12, 2012 Last edited by Brian, Nov 12, 2012
    • Apr 14, 2011
      Posts
      Bit Defender total Security can detect key loggers.
    • Dec 19, 2008
      Posts
      Noted. Thanks Kyle for the heads up
    • Jun 4, 2006
      Posts
      We mentioned Hitman Pro because it did indeed detect this particular infection. It's a 1 time scan prog that you don't need to install, e.z.p.z.
      • Like Like x 1
      • Oct 17, 2011
        Posts
        Wow. I know a girl I don't even know who's been sending me the same website for three weeks now and keeps going offline. I never tried opening the site yet and it's a good thing I didn't.
      • Aug 18, 2006
        Posts
        A quick way to check to see if you have virus and if you're uncertain you ran the Java is to go into your Appdata/Roaming folder (C:\[USERNAME]\Appdata\Roaming) and check if there's a file named pzgfsqxdb.exe (Filename may differ. The exe claims to be something TeamSpeak related in file details). Regardless, even if you didn't Allow the Java to run, I still recommend scanning your computer just to be safe. Use Hitman Pro, Super anti spyware, or something similar. Windows defender should also detect it.
        • Useful Useful x 1
        • Dec 6, 2011
          Posts
          You should also make sure you're always prompted before running any Java stuff on your browser, instead of just letting anything run. I think it's in internet settings on your browser.
        • Jun 4, 2006
          Posts
          Might be a good idea to also note that this 'pzgfsqxdb.exe' file, is the same file that's now available as a download under the file name 'free2play.exe':
          glZet
          ^ What the site currently looks like, avoid it. Links to it were being sent around Steam, also found on various profiles under the description of 'Free Games' as Kyle mentioned.

          https://www.virustotal.com/file/28c...df69bfc00eba1a658a409d1c/analysis/1352752256/ - pzgfsqxdb.exe
          https://www.virustotal.com/file/835...96b09b621c396b7a984e08e0/analysis/1352753892/ - free2play.exe

          Code:
          Properties
          Name    free2play.exe
          Location    C:\Users\Administrator\Downloads
          Size    473 KB
          Time    0.2 days ago (2012-11-12 12:57:37)
          Entropy    8.0
          Product    Origin
          Publisher    Electronic Arts
          Description    Origin
          Version    9,0,15,65
          Copyright    Copyright (C) 2012
          SHA-256    835F04FE236F0C1B9D61E9D2942B7A5D14EE168196B09B621C396B7A984E08E0
           
          Detection Names
          G Data    Gen:Variant.Kazy.107242 (Engine A)
          DrWeb    BackDoor.Tordev.8
           
          Scoring (110.0)
          One or more antivirus vendors have indicated that the file is malicious.
          Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
          Time indicates that the file appeared recently on this computer.
          
          • Informative Informative x 1
            Brian, Nov 12, 2012 Last edited by Brian, Nov 12, 2012
          • Jul 8, 2012
            Posts
            Well, good thing I never dealt with those or bothered, if I want a free game, I'll get myself drunk, buy a game for myself on another steam account and gift it to myself and I'll never know the difference ^^
            • Like Like x 2
            • Winner Winner x 1
            • Wizard! Wizard! x 1
            • Artistic Artistic x 1
            • Feb 18, 2011
              Posts
              Well I've been linked to that thing before glad I didn't care enough to do it..and MszImmy LOL
              • Like Like x 1
              • Agree Agree x 1
              • Jul 8, 2012
                Posts
                Good to know. Thanks guys!


                Sent from my iPad using Tapatalk
              • Jun 17, 2011
                Posts
                Wasn't he an old admin here? He's sent me multiple links via steam chat before but I've never clicked on them.

                Sent from my GT-P3113 using Tapatalk 2
                • Wizard! Wizard! x 1
                • Jun 4, 2006
                  Posts
                  Yes. Also the destroyer of whale mountain and everything nice.
                  • Like Like x 1
                  • Agree Agree x 1
                  • Wizard! Wizard! x 1
                  • Feb 14, 2012
                    Posts
                    No! Not the whale mountain! Minecraft consequences will never be the same!

                    Sent from my SGH-I747M using Tapatalk 2
                  • Mar 4, 2012
                    Posts
                    NoScript is a pretty good program for doing just that. It doesn't let websites run anything without your permission, all of you firefox users should download it (it's free).
                  • Dec 6, 2011
                    Posts
                    Google Chrome always asks before you run anything, I'm pretty sure it's a setting that's defaulted to always ask first.
                  • Apr 9, 2007
                    Posts
                    Google Chrome always silently downloads files and is probably the worst browser because of that. On a brighter note, if they had options.... I'd totally use Chrome, but they don't.
                  • Dec 6, 2011
                    Posts
                    Are you talking about cookies or what?

                    And FF doesn't allow ANYTHING? If so I may try out FF.
                  • Apr 9, 2007
                    Posts
                    File downloads....

                    FireFox asks you about all file types by default. Any executables have to be manually run.
                  • Dec 6, 2011
                    Posts
                    Oh you mean just something like this? (but obviously in FF form)

                    [IMG]
                  Thread Status:
                  Not open for further replies.