IMPORTANT! Have you received an email to your forum username?

MissLead

meher wrote: »

There is no evidence of any recent security breach :xmassign: I suggest you revisit the OP and go through all of webby's and Martin's posts. It appears to me that you have an inability to understand their posts as well, not just mine.

The inability to read AND understand forum posts is entirely yours!!! You have repeatedly stated that there has not been a breach so can you please advise me how I and many many others know that there has been a breach??? BECAUSE MSE TOLD US SO! I have read and reread posts from MSE and from others and it is abundantly clear that there has been a breach. The fact that it happened last year does not change the fact that it did happen so it puzzles me why you are in denial!

Strangely though, in your last post, the words 'recent breach' have suddenly appeared whereas before you were emphatic that there had not been a breach!!!

meher

MissLead wrote: »

The inability to read AND understand forum posts is entirely yours!!! You have repeatedly stated that there has not been a breach so can you please advise me ... The fact that it happened last year does not change the fact that it did happen so it puzzles me why you are in denial!

Strangely though, in your last post, the words 'recent breach' have suddenly appeared whereas before you were emphatic that there had not been a breach!!!

I'm flattered you attach a lot of significance to my post, enough to be so animated, tearing it apart, instead of actually looking out for what the OP, webby and Martin says. But it's not me to reciprocate that interest by indulging your mis/understanding anymore than I have and intend to leave it here at it for you to carry on.

Back on topic, my understanding is that this thread is to ascertain recent breach and there's no obvious breach or so we're told and my point was that the banner might put people off from registering or using downloads on the main site or links. imo.

joe134

meher wrote: »

I'm flattered you attach a lot of significance to my post, enough to be so animated, tearing it apart, instead of actually looking out for what the OP, webby and Martin says. But it's not me to reciprocate that interest by indulging your mis/understanding anymore than I have and intend to leave it here at it for you to carry on.

Back on topic, my understanding is that this thread is to ascertain recent breach and there's no obvious breach or so we're told and my point was that the banner might put people off from registering or using downloads on the main site or links. imo.

You are certainly in Denial, it,s as plain as day a breach has occurred. When is irrelevent.You are correct in one thing, if it,s not ammicably sorted, then there will be ,"as you say", a chance that people MAY be put off registering or downloading;etc and you cannot blame them.Even though I am involved in the debacle, I shall still continue with the site, as the benefits outway the risks,I know, and reccognise that,but I still would like a satisfactory outcome of this problem. WHY is Martin seeking professional advice if nothing happened?" You cannot deny the undeniable." My G-Mail address and username wasn,t just plucked out of a hat.PLEASE RTBP,S

joe134

joe134 wrote: »

You are certainly in Denial, it,s as plain as day a breach has occurred. When is irrelevent.You are correct in one thing, if it,s not ammicably sorted, then there will be ,"as you say", a chance that people MAY be put off registering or downloading;etc and you cannot blame them.Even though I am involved in the debacle, I shall still continue with the site, as the benefits outway the risks,I know, and reccognise that,but I still would like a satisfactory outcome of this problem. WHY is Martin seeking professional advice if nothing happened?" You cannot deny the undeniable." My G-Mail address and username wasn,t just plucked out of a hat.PLEASE RTBP,S

" We are continuing to investigate this but are coming up against a brick wall that nothing new has happened, and this is a resend of the earlier breach" Martins words, not mine.PS. I have been on this site for 4-5 years, and this is the first I have heard of ANY breach, never mind the First. Perhaps ignorance is bliss? "We are still investigating how the e-mails were sent to so many of our users but we've found no obvious breach at this stage. We'll let you know more as it comes to light but it's possible that the e-mail addresses were harvested during a breach that happened last year"

meher

joe134 wrote: »

You are certainly in Denial,

Denial :huh: I can't deny something that's not established :xmassmile

joe134

DeltaTwo wrote: »

Thanks to StumpyPumpy for the PM, that was very helpful and informative and prompted me to do a bit more investigation on my own.


First off, some good news, sort of,
The two .dat files the Trojan drops into the \Windows\Temp folder are actually the original System files, renamed by the Trojan and sent to the Temp folder, and not copies of the infected ones, which one might have thought, logically.
The SHA-1 and MD5s match perfectly the original uninfected files!
So if infected by this Trojan, the first thing to do is to copy those files to the desktop and rename the .dat suffixes back to .exe
But you have to be quick to catch them. Re-booting will probably delete them from the Temp folder and then they're gone.
Then you would need to find another source for the clean files


These are my own observations and opinions, just my own one-time experience using this product, and not meant as criticism or otherwise of any individual or company.

I did take a look at Hitman Pro . . .
It does need an active Internet connection for it to do anything, so that could be problematic.
Also firewall needs to be dropped to allow it to connect and initialize.
Won't do anything without a live connection, 5 min timer kicks in, then scanner gives up.
Scanning is done in the 'cloud' (your browser), not run on your pc.

Incredibly fast scan, less than 2 mins - Unbelievable!
but doesn't have any scan settings for scan locations etc

There were some false positives, a couple of tools it thought were Trojans/Malware but most AV produces some 'False Positives' occasionally.


But didn't find two of the files!!
Although not potentially harmful in themselves, they are still associated with this Trojan and are picked up by another scanner.

Also a Major Major issue, it missed the infected backup copies in dllcache which means they could get re-installed at some point, or even immediately.

But the biggest problem for most users is that it does indeed identify the System files as infected and asks the user for an OS installation disk, which probably most people won't have.

No disk, then it may well delete those files but they will get re-installed with infected ones from backup, so could end in a loop.

Worst thing is you wouldn't know the files were still infected unless you did another scan with Hitman or used some other scanner.

Also it would be nice if it saved a log automatically to a default location.
On the first run, i missed it and it's not picking up some of the objects on subsequent runs.
But i was savvy enough to take screen caps of the detected files on the first scan results lol


So it's not really an ideal solution, unfortunately.
But it is getting there, i think it has great potential but the annual license fee is a bit off-putting,
me personally, i would maybe wait until they can makes some changes, resolve some of the issues, before i handed over any money.

This is bad news for MSE'ers because it doesn't look like there's a nice n simple scanner to clear up this particular Trojan.

But the thread does seem to have done some good making people more aware of the possible danger of links in emails, so if any further attack should materialize, then hopefully it will have negligible impact.

Hi, Delta, Thanks for all your hard work.Luckily, I have a OS disc, purchased when got comp, always worth the expense £30 approx, or make your own, before using comp initially.But, as you say, most people don,t bother with it, false economy.To do as you have explained, and Stumpy's, requires more than a modicum of technical know how, without offending anyone on this link, very few, including me would attempt it.easier to wipe everything, and start from scratch, OS disc permitting? Lets hope it,s not nescessary;:beer:

joe134

:A

meher wrote: »

Denial :huh: I can't deny something that's not established :xmassmile

Don,t worry meher,I,m not.Most self deny'ers keep self denying.It,s a merry-go-round.Life,s like a box of chocolates.:A

Kool_Kool

I havent recieved any email of that sort, i feel unloved, lol, but I'd be worried too if I did because where do spammers get username and email if not from here if people don't use this name anywhere else. It's a big site so no surprises that it's targeted by spammers.

meher

Kool_Kool wrote: »

It's a big site so no surprises that it's targeted by spammers.

Absolutely ^ the winds howl around the highest peaks

joe134

Kool_Kool wrote: »

I havent recieved any email of that sort, i feel unloved, lol, but I'd be worried too if I did because where do spammers get username and email if not from here if people don't use this name anywhere else. It's a big site so no surprises that it's targeted by spammers.

Hi Kool_Kool. careful what you wish for, there's time enough yet. Nice to see sites calmed down a bit. As a matter of interest, it would have been nice to know, how many forumites, who actually received the e-mail, as I did, opened it, and what , if any adverse results occured? I don,t think it was Spammers, but that,s just my opinion, having your e-mail address is enough to generate spam, without opening it;If that was their intention, the Trojan is another kettle of fish, that's pure MALISCIOUS, not one usualy used by spammers.Let's hope your wish does not come true, santa.s on his way.:xmassmile