Results 1 to 10 of 10

Thread: Malware

  1. #1
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329

    Malware

    This just reported on Slashdot.com:

    You may remember the announcement about a company, or program, or both called Earthstation 5 who recently 'Declared War' on the MPAA. Well guess what? Turns out that it's got code in it that allows anyone to delete any file on your computer. I suggest that you un-install as soon as possible!
    Linux Mint Debian Edition

  2. #2
    Near Life Experienced TZ Veteran zipp51's Avatar
    Join Date
    Oct 2002
    Location
    Massachusetts
    Posts
    1,114
    Thanks efc I have it and will uninstall it.Doesn't work very well anyway.
    The definition of insanity is doing the same thing over and over again and expecting different results.

  3. #3
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    here is the lin kto the vital data,

    EartStation 5 P2P application contains malicious code
    -----------------------------------------------------

    ES5 info
    --------
    EarthStation 5 (aka ES5, aka ESV) (http://www.earthstation5.com and
    http://forums2.es5.com/) is a P2P application first released about 6-12
    months ago. The people behind ES5 claim that ES5 is the most secure P2P
    software in the world. They also claim that they are security experts, and
    that they have more than 15 million simultaneous users on-line 24/7. In
    comparison Kazaa, the most popular P2P application, only has about 4
    million simultaneous users on-line at any given time of day.

    Malicious code
    --------------
    There exists malicious code in ES5.exe's "Search Service" packet handler.
    By sending packet 0Ch, sub-function 07h to the "Search Service"'s IP:Port,
    a remote attacker could delete any file the user is sharing. If the remote
    attacker uses "filenames" with a relative path in them (eg.
    "..\..\..\WINDOWS\NOTEPAD.EXE"), the remote attacker could also delete
    files in eg. the windows and windows\system32 folders, or any other folder
    on the same partition as any of the shared folders. Since most users using
    Windows are in the Administrators group, a remote attacker could also
    delete the C:\BOOT.INI file which is a required boot file used by ntldr.

    IMPORTANT: This is not a bug! They intentionally added this code to ES5.

    Vulnerabilities
    ---------------
    There also exists a lot of other vulnerabilities in ES5 (eg. DoS attacks,
    buffer overflow bugs, and so on), but these all seem to be unintentional.
    Another advisory may have more info on these vulnerabilities, but I'm not
    their beta tester so don't hold your breath.

    Conclusion
    ----------
    The people behind ES5 have intentionally added malicious code to ES5. If
    you have followed the ES5 discussions on message boards and read what the
    ES5 people have said and done (eg. DoS attacking BitTorrent sites), this
    comes as no surprise. The question then is "why did they do it?" I'm sure
    they won't tell us, but here's a theory: They could be working for the
    RIAA, MPAA, or a similar organization. Once they have enough users on their
    ES5 network, they would start deleting all copyrighted files they own which
    their users are sharing. The users wouldn't know what hit them.

    Tested ES5 builds

    Read more here from random nut
    ------------------------------------------------------------



  4. #4
    Near Life Experienced TZ Veteran zipp51's Avatar
    Join Date
    Oct 2002
    Location
    Massachusetts
    Posts
    1,114
    Usually you can delete any files left over manually when you uninstall,but these files,except for the media files folder,cannot be deleted from the Earthstation directory.Anyone know what these are?EarthstationFolder How can I get rid of them?
    The definition of insanity is doing the same thing over and over again and expecting different results.

  5. #5
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    strange...

    i have the same problem

    these files must be in use but i cannot locate the processes
    ------------------------------------------------------------



  6. #6
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    Try the following:

    Write down full path to the directory in question.

    Boot to Command Prompt.

    navigate to the Folder/Directory in question by typing cd then the complete path that you wrote in your notes.

    Use Attrib command to remove attributes that will keep you from deleting files. syntax attrib -h-r-a-s <enter> (h is hidden, r is read only, a is archive and s is system)

    Then delete files using syntax del *.* or del. <enter>

    If this works, You should be able to go up one directory level and delete the directory.
    steps -
    cd.. <enter> to step up one level.
    rd file name <enter> to remove directory

    Good Luck
    Linux Mint Debian Edition

  7. #7
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    or use dr delete


    Having trouble deleting:




    In-use files?

    Spyware Components

    Index.dat


    and other annoying files that are 'In use'?

    So was I! I sat down to work, researching the Win32 API and scheduling files to be deleted... and so Dr. Delete was born! Dr. Delete can delete in-use files by scheduling them to be deleted at the next startup. It calls upon the Win32 API, so it's using safe and tested code. Written with Visual C++ / MFC. Native executable, MFC compiled into program (since most people don't have MFC 7.1 )

    Works on NT/2k/XP/2003 by calling the MoveFileEx() API function.

    Works on 9x/ME by appending/creating the WinInit.ini file.




    http://www.dslreports.com/forum/rema...ware~mode=flat
    ------------------------------------------------------------



  8. #8
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    That is much easier than working with the c: prompt. I added it to my utilities.
    Linux Mint Debian Edition

  9. #9
    Near Life Experienced TZ Veteran zipp51's Avatar
    Join Date
    Oct 2002
    Location
    Massachusetts
    Posts
    1,114
    I like Dr Delete so far.It deleted 2 of the files without a reboot and the other 2 are pending.I will deal with the main directory after a reboot.It should be illegal to put malware in programs.Talk about intrusive.
    The definition of insanity is doing the same thing over and over again and expecting different results.

  10. #10
    Triple Platinum Member Thor's Avatar
    Join Date
    Sep 2002
    Location
    US
    Posts
    917
    There's another utility that's been around for a while that'll remove on boot.

    http://techzonez.com/forums/showthre...0973#post20973

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •