Jump to content

DOWNLOAD MODS

Are you looking for something shiny for your load order? We have many exclusive mods and resources you won't find anywhere else. Start your search now...

LEARN MODDING

Ready to try your hand at making your own mod creations? Visit the Enclave, the original ES/FO modding school, and learn the tricks of the trade from veteran modders...

JOIN THE ALLIANCE

Membership is free and registering unlocks image galleries, project hosting, live chat, unlimited downloads, & more...

Internet Security 2010 and Other Nasty Security Viruses


 Share

Recommended Posts

Ok this is interesting. I needed to down load some programming software from the manufacturer`s site over the weekend but was unable to access the site. I found an aftermarket vendor who handled the equipment I need to load and saw they also had the software and I downloaded from there. This morning at work I installed and ran the .exe...all went well till it also wanted to install something WinPcap. There was an address to winpcap.org at the bottom so I checked it.....scary kinda. I nixed the install and proceeded with the original software install and all`s well so far.

Link to comment
Share on other sites

  • 1 year later...
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Really should have posted it direct from Nexus so people don't have to go looking:

 

From Darkone on Nexus posted 3 days ago:

 

 


Be careful: Trojans masquerading as popular executables
posted by Dark0neSite News
This is a heads up announcement to please, for the love of all that is good, always keep your wits about you when downloading from here or anywhere on the internet.

There is currently an individual who is placing trojans within well known pieces of Skyrim software, such as the Skyrim Character Editor and even Skyrim Mod Organizer, and then uploading them as new files here on Skyrim Nexus (note, the original files here and here are NOT compromised, this user is uploading new files to the site masquerading as these files). This trojan has code within it that will retrieve any passwords you have stored in your browser and send them to the script kiddy's email address. The script kiddy is then using the details he has stolen from users "unlucky" enough to be exploited in this way, logging in to their accounts here on the Nexus and then uploading another trojan via the same method.

If you believe you may have fallen for this exploit then ALL the passwords you have stored in your browser have been compromised. You should change your passwords immediately for any and all sites you use, and change your passwords on any sites where you have used the same password, even if you don't have that site's login stored.

If you stick to common sense practises while browsing the internet then this will not be a problem for you at all. Things you should always be suspicious of or do:

  • Files with comments disabled that have only been uploaded in the past day
  • Elaborate and complex files uploaded by new users or users who have previously not uploaded a single file or made a single comment on the sites
  • Software that has absolutely no business using your internet connection trying to make a connection to the internet
  • Executable files, or files containing .DLL libraries unless you are absolutely sure it can be trusted.
  • Always, always run a virus scan on any files you download from this or any site you download from
  • If in doubt, don't download or open the file and wait to see what other more experienced users are reporting


I sympathise with the people who have been caught by this, but you got caught by this because you aren't using your common sense. Please, for your sake, keep your wits about you and don't let your guard down when downloading files on the internet.

If you don't have a firewall, or if your firewall does not warn you when new, unrecognised and untrusted software is trying to connect to the internet please follow these steps:

  1. Find your router
  2. Rip your router away from any connected cables
  3. Open the nearest window
  4. Throw your router out of it
  5. Close the window

Honestly, get a firewall, install it, and understand how it works. Without one it's very possible your system is a drone in a botnet and likely a part of the perpetual problem of the internet that is DDoS'ing, something that we're no stranger to here.

 

Edited by Arion
Link to comment
Share on other sites

  • 7 months later...

I began getting pop ups from malware Bytes about a blocked malicious website. Thing is... this said it was outbound. It also gave me two IPOs which I traced to Cyprus, and Russia. It gave me a file path of C:\windows\Sys WOW64\dllhost.exe. Sooo... I spent time online searching. Not uncommon but, not easy to fix since the dllhost.exe is in the OS.

The pop ups became alomost constant over a few days and I had to make the hard choice..... reinstall my OS. Mopping up now.

Link to comment
Share on other sites

dll host runs a boatload of stuff..... if you use something like process explorer, you will see multiple instances of it running. Hard part is, determining which one is the problem..... as it doesn't TELL you WHICH dll each individual process is running..... (which strikes me as kinda pointless.)

 

There are a couple different bits of malware that take advantage of that..... some of which don't actually have a file, that the typical malware scanner can find, and remove.... There ARE tools that can find them, however, I have yet to find one that can actually REMOVE them. O/S reload is pretty much the only option. Kind of a drag......

Link to comment
Share on other sites

Yeah, reason it hasn't happened yet is BECAUSE I am not real excited about reinstalling everything. (generally a two to three day affair.... if all goes well.)

 

There is the rare flavor of virus that can infect your master boot record (which is fixable.....), and then there are also those that infect bios........ I hate those, as the only SURE way to get rid of them is to replace the chip, or the whole mainboard. Such fun we have for you. (but, haven't seen one of those for quite some time now.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share


×
×
  • Create New...