snipped for malicious content
Posted on 2003-10-12 15:50:15 by JimmyClif
It picks a random number of so called things of "porn" it claims it finds on your computer. How nice...
Posted on 2003-10-12 20:21:10 by Guy on ASM
ROTFLMAO!!! :grin: :grin: :grin:

60 years in prisionm in Sweden, LOL, we don't have that long penalties (not even life in prision is 60 yrs - which suxxor, lfie should be life not ~25 yrs :/)

Note the FBI thingy, isn't that some kind of impersonating law enforces, legal?

Posted on 2003-10-12 23:54:04 by scientica
"That's what really happens to thousands people in Bulgaria "
lol once one boy made a fake page of a bank, with false information about percentages, and the police took his PC. Nothing more, as I remember, and this was top news.
I found some suspicious svcinit.exe on my PC, so I checked the html source to see if it installed this file, but this time there was nothing (maybe it keeps track of which IPs are infected, or maybe there isn't that vbs vulnerability in IE5.0 used). Anyway, what he wrote as comment :
"<!-- Anyone who steals my design will have his account at evidence-eliminator terminated without payment and will get a lot of problems. I mean it! -->"
lol . I was just going to make a similar page of mine lol :grin:
Posted on 2003-10-13 01:03:24 by Ultrano
The link above contains a virus. Or more specifically, a keylogger, "svcinit.exe" . I verified it 3 times. I have IE5.0 , so maybe that's why my PC is vulnerable.
If you detect that file on your PC, go to
for info on how to remove it - the last post (mine) is the complete guide.

Sue him ?
Posted on 2003-10-13 02:08:34 by Ultrano
Oops.. my bad... hehehe... Internet is a dangerous place, I guess...

I thought it was funny as it was accusing me for having 768 files of pr0n on my box.. At that moment I was at my Mother-in-Law's computer and the popup seemed funnier. ;)

Didn't realize that file being downloaded... but then again, I was on Netscape.. and her box is full of crap anyways...

Sorry for the trouble guys.
Posted on 2003-10-13 07:31:52 by JimmyClif
don't worry :) I guess I'm the only one using IE5.0 these days. I am using Firebird now, but I don't think it's going to last long.
It's kind of ironic that I got such a virus, though I had once written articles about these types of virii :grin:. I guess I hadn't expected anyone bother with such things.
Posted on 2003-10-13 07:40:52 by Ultrano
Nope its not just ie5.0, there is a way out there now to still install executables on anyones computer through use of object(vbscripting code) implementation(its an active x control, so if you turn your security to high, it'll ask you if you want to run it first, its off by default.). Lol i didn't even know that the link did this, good thing i opened the link in opera, cause if i was on ie, it would of had my ass also.
Posted on 2003-10-13 08:44:15 by Guy on ASM
Nah, I am sure this thing is not present in IE5.5, coz I thoroughly tested it back then (when I was making such code - ). Such code is useful for only one thing (that I made) - a file manager :D. Useful when you are in an internet cafe, that has a shell, but has IE5.0 too :grin: .
In IE5.5, such malicious code leads to the status bar saying "Error on page"
Posted on 2003-10-13 09:47:56 by Ultrano
Well, I definitely did not get it but also my firewall did not report the attempt. I use NPF and that particular keylogger is listed and blocked by it and I have gotten warnings before from it when it is in files. A quick check of my security log tells me that no attempt was made. I use Firebird but I would assume that at least an attempt would be made and blocked. I'm not completely sure that you got it from the site.
Posted on 2003-10-13 10:39:33 by donkey
I am glad I use Linux, that was nothing more than a interesting rand() for me :)
Posted on 2003-10-13 10:47:40 by SpooK
Oh, I am completely sure it's from the site ;)
Like I said, I verified it 3 times. This means, that I opened the site, (no other site opened), waited for the file to be transferred (encoded in Hex-formatted text, I guess, because transfer took more than 63kB). Removed the virus completely, restarted several times, and tried the site again. Using IE5.0.
I'm sure Firebird can't get it - it uses the latest, bug-free Java/javascript packages :) . :grin:
Posted on 2003-10-13 11:28:36 by Ultrano
Ah, I have javascript completely disabled and I have not installed java that mey be why I was never sent it.
Posted on 2003-10-13 11:39:22 by donkey
If there is a way turn off vbscript also. =) I see people use that all the time also.
Posted on 2003-10-13 14:06:18 by Guy on ASM
In IE, the engine for vbs and js is the same - wscript.exe . Thus, you can't have one without the other there. VBS is present only in IE, and if you disable it, you can kill the hope (or risk) of seeing some of the Flash movies on the net (if you like them). Because the default code for embedding a Flash movie into a page contained vbs code with "document.write". :rolleyes:
Posted on 2003-10-13 14:37:54 by Ultrano
This is how you disable VBScript
Posted on 2003-10-13 14:52:58 by donkey
Ultrano can you download from Sun Micro Systems there version of Java or does it still use that exe.. lol i gave up on IE about a year ago because of pop up's and now use Opera which kicks butt
Posted on 2003-10-13 15:02:17 by devilsclaw
Ultrano: Um... Wscript.exe is the Windows Scripting Host. Internet Explorer does not use it. The language engines for VBS and JS are in vbscript.dll and jscript.dll.

Anyway, if you have ActiveX DLLs with exploitable bugs, you can just select the "Prompt" or "Disabled" option for "Script ActiveX controls marked safe for scripting" and "Run ActiveX controls and plugins" under the Security tab in internet options. Or maybe there is a way to set up whether an individual ActiveX class can be used in scripting or not.
Posted on 2003-10-13 15:33:32 by Sephiroth3
Just one side note: IE does not support (last time I checked) JavaScript, only JScript (<- as funky crippled version of javascript), like many other features M$ has it's own queer (partial)implementation of stuff -- but remember it's just mozilla compatilbe and not mozilla :)

In mozilla I have a nice button (it's an extension, which also has checkboxes for Javascript, Pipelining, Cookies, etc) for flash: "Kill Flash". Popups? What's that, nostalgia? :confused:

(I didn't get it as I sue MozillaFirebird :alright: )
Posted on 2003-10-13 15:36:40 by scientica

This is how you disable VBScript

no sir.

the way to go. =)
Posted on 2003-10-13 16:04:18 by Guy on ASM