"Exp.wmf" - Paintball Forum - Paintball guns and gear forums

Reply

Old August 12th, 2006, 06:16 PM   #1 (permalink)
Certified Caffeine Addict
 
PizzaMiLiTiA's Avatar
 
Join Date: Jun 2005
Location: Biloxi, Mississippi
Posts: 3,072
"Exp.wmf"

Okay, so I logged into PbF and got a little window asking me where I wanted to save the windows media file "exp.wmf". I was like, wtf, and closed the window. It popped back up, but this time Symantec caught it as a possible threat. The name of the file was like Bloodhound or something... Thought I should bring it up here, and I was wondering if anyone else got something similar.

Last edited by PizzaMiLiTiA; August 12th, 2006 at 06:56 PM..
PizzaMiLiTiA is offline View My Blog!   Reply With Quote
Sponsored Links
Advertisement
 
Old August 12th, 2006, 06:36 PM   #2 (permalink)
I was saving that bacon
 
toXic's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 7,177
Blog Entries: 1
I got it. AVG detected a virus so I closed it out. But the file it tried to open for me was Exploit.exe and exp.wmf
__________________
I had to change from Wesley's sig and avatar. I was tired of Medic and Doomsydaisy sending me nudes
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Last edited by toXic; August 12th, 2006 at 07:15 PM..
toXic is offline View My Blog!   Reply With Quote
Old August 12th, 2006, 07:02 PM   #3 (permalink)
Woohoo
 
Sittin_duk's Avatar
 
Join Date: Sep 2005
Location: So CAR
Posts: 2,350
Just got the same thing, with a high risk from norton.

Help?
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

If you believe in God, and are proud of it, put this in your sig.
Sittin_duk is offline View My Blog!   Reply With Quote
Sponsored Links
Advertisement
 
Old August 12th, 2006, 07:49 PM   #4 (permalink)
3D Airsmith
 
Mortisdeum's Avatar
 
Join Date: May 2005
Location: Northern VA
Posts: 1,689
glad i am using my mac at the moment cause my pc said the same thing

I think it may be some thing cause of the ads
__________________
Old Projects and mods.
Tippmann Mods:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
,
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
,
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
,
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

[center]

“He who fights monsters should see to it that he himself does not become a monster.”
— Friedrich Nietzsche
Mortisdeum is offline View My Blog!   Reply With Quote
Old August 12th, 2006, 09:15 PM   #5 (permalink)
Senior Member
 
doublethreatguy's Avatar
 
Join Date: Jan 2006
Location: NY
Posts: 995
same here. but i wasnt like that.

norton let it pass thru, it was a trojan/spyware.

it was a fake program called SpyWare Quake.

I wasnt doing anything, just sitting and reading a thread and stuff started randomly downloading. My computers messed up now, prolly gunna re-format.

But yes, i am getting viruses from pbf as well.
doublethreatguy is offline View My Blog!   Reply With Quote
Old August 12th, 2006, 09:23 PM   #6 (permalink)
Supporting Turtle
 
BlueShox's Avatar
 
Join Date: Feb 2006
Location: SC
Posts: 2,967
Blog Entries: 2
me too, i got the bloodhound thing
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

BlueShox is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 12:20 AM   #7 (permalink)
Screaming Koala
 
Torch's Avatar
 
Join Date: Nov 2004
Location: Bentleyville, PA
Posts: 4,685
Blog Entries: 1
I had BloodHound pop up on Norton several times today. I wasn't sure if it was from PBF.
__________________
"RD&D - Research, Development, and Design. - If its not broken, fix it anyway."
T.O.G. #131 - P.O.G. #16 - C.O.G. #145
Rate the:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Torch is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 09:40 AM   #8 (permalink)
Elite Member
Image Hosting by Picoodle.com
 
DarkTamer's Avatar
 
Join Date: Oct 2002
Location: I'm a Masshole
Posts: 5,080
I got the exp.wmf thing as well.
__________________
Point System is Pointless


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

If you believe in God, and are proud of it, put this in your sig.
DarkTamer is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 08:35 PM   #9 (permalink)
Well hell yeah it's Tomba
 
Tomba's Avatar
 
Join Date: Mar 2005
Location: NorthEast Ohio
Posts: 3,503
yeah bloodhound..i got it, but now its gone
__________________
♥ Tom Baker ♥

Encounter


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Tomba is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 08:43 PM   #10 (permalink)
Certified Caffeine Addict
 
PizzaMiLiTiA's Avatar
 
Join Date: Jun 2005
Location: Biloxi, Mississippi
Posts: 3,072
So has anything been done about it, or is it just going to continute bothering people until a bunch of PbFers are infected?
PizzaMiLiTiA is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 09:08 PM   #11 (permalink)
ABCDEFGHIJKLMNOPQRSTFU
 
Join Date: May 2002
Posts: 5,450
Quote:
Originally Posted by doublethreatguy
same here. but i wasnt like that.

norton let it pass thru, it was a trojan/spyware.

it was a fake program called SpyWare Quake.

I wasnt doing anything, just sitting and reading a thread and stuff started randomly downloading. My computers messed up now, prolly gunna re-format.

But yes, i am getting viruses from pbf as well.
My brother got this yesterday on our family computer. It was a difficult little bugger to get rid of.
TonyD is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 09:09 PM   #12 (permalink)
Superdeeduper Admin Type
 
MedicDVG's Avatar
 
Join Date: Feb 2004
Location: Back from Iraq, now in Wisconsin.
Posts: 17,772
I will bring it up with Cobra and see what the hell is happening...



__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
My Feedback:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
MedicDVG is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 09:09 PM   #13 (permalink)
Supporting Turtle
 
BlueShox's Avatar
 
Join Date: Feb 2006
Location: SC
Posts: 2,967
Blog Entries: 2
I think it came from the lounge, so i've been trying to stay away from it (I am still techincally on my lounge protest)

but I had to reboot my whole system and lost AIM Limewire Fireworks and a crapload of music and videos and other stuff
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

BlueShox is offline View My Blog!   Reply With Quote
Old August 13th, 2006, 09:15 PM   #14 (permalink)
665 1/2. Not quite evil
 
Demented's Avatar
 
Join Date: Jul 2006
Location: Lake Worth, FL
Posts: 299
I've been getting those all ****ing day for 3 days.

The trojans keep coming back as being sent from 64.34.181.44 incase that helps any mods.

I notified my ISP of the problem and gave them the IP addy and they're looking into it; If that's a server for this forum, i'm sorry 'bout that, but i've had to reboot my comp twice and it keeps shutting down my McAffee.
__________________
Mad Up'd Black/Blue B2K4 PDS
1 of 1 Black/Blue B2K4 PDS closed bolt pump
Crazy milled Silver B2K2 X-Mill
Mad Up'd 2000 Black/Silver Autococker

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


Check out our site for a complete list of our services.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Quote:
And this product improved my performance the msot at one time then any other up on my gun.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Demented is offline View My Blog!   Reply With Quote
Old August 14th, 2006, 09:33 AM   #15 (permalink)
Administrator
 
Cobra's Avatar
 
Join Date: Nov 2001
Posts: 1,108
Exclamation

I checked the server, everything is ok. Ive also disabled HTML and PHP.

Please keep me posted.
__________________
VS Admin account
Cobra is offline View My Blog!   Reply With Quote
Old August 14th, 2006, 09:34 AM   #16 (permalink)
Superdeeduper Admin Type
 
MedicDVG's Avatar
 
Join Date: Feb 2004
Location: Back from Iraq, now in Wisconsin.
Posts: 17,772
I have forwarded the problem to our hosting company and our head admin. I will let you know what they find out when I know what is going on.

I sincerly apologise for any trouble this has caused and I can assure you that it is being looked at.

Please let me know if any of you have this same issue or continued problems.
-----------

If you are technically inclined and are infected with this worm, there is a fix that can be done to close the vulnerability

This section helps you to understand how it behaves
Exp/WMF-A detects Windows Metafiles (WMF) which exploit a vulnerability in the image rendering functionality of the DLL GDI32.DLL, which allows the execution of arbitrary code.

The exploit runs on several Windows platforms including Windows XP SP2 and affects several image-rendering applications which use GDI32.DLL directly or via the DLL SHIMGVW.DLL, eg Windows Picture and Fax Viewer (and other applications which depend on it, like Windows Explorer when it displays thumbnails).

A patch may be obtained from the Microsoft website:

http://www.microsoft.com/technet/sec.../MS06-001.mspx
--------

UPDATE:
Apparnetly where this worm is coming form is the infamous "******* Banner Ad" that has affected tons of folks. More then likely computers that were infected with this worm either clicked a link to ******* from a thread in the lounge, or have had contact with a ******* page in the recent past.

It doesn't sound like it is coming directly from PBF: here is the link to the story if you are insterested http://www.newsfactor.com/story.xhtm...d=11100AT9AXG3




__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
My Feedback:

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Last edited by MedicDVG; August 14th, 2006 at 09:47 AM..
MedicDVG is offline View My Blog!   Reply With Quote
Old August 14th, 2006, 05:30 PM   #17 (permalink)
Screaming Koala
 
Torch's Avatar
 
Join Date: Nov 2004
Location: Bentleyville, PA
Posts: 4,685
Blog Entries: 1
When it popped up here, I may have had ******* open as well. I don't recall. But one time when the download box appeared it brought the PBF tab to the front.
__________________
"RD&D - Research, Development, and Design. - If its not broken, fix it anyway."
T.O.G. #131 - P.O.G. #16 - C.O.G. #145
Rate the:
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
-
To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Torch is offline View My Blog!   Reply With Quote
Old August 20th, 2006, 12:32 PM   #18 (permalink)
Elite Member
 
freakpizzaboy's Avatar
 
Join Date: Jul 2004
Location: marlboro, MA
Posts: 1,899
watch medics link to the story have the worm on it

i didnt get it, but on my other computer, something randomly came up and was like

IM LOOKING AT GAY ****O with the grossest pictures ive ever seen

the file was IEPAGESPOOF
__________________
SNAPES ON THE MUTHA ****ING PLANE!!!

SNAKES?
NO SNAPES!!!
INSPECTO PETRONEM!!
freakpizzaboy is offline View My Blog!   Reply With Quote
Old August 20th, 2006, 07:36 PM   #19 (permalink)
Certified Caffeine Addict
 
PizzaMiLiTiA's Avatar
 
Join Date: Jun 2005
Location: Biloxi, Mississippi
Posts: 3,072
I don't think that it's the ******* banner worm... That particular program exploits a flaw in IE, while I use firefox and only firefox... And I always have the latest version too.
PizzaMiLiTiA is offline View My Blog!   Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


VerticalSports
Baseball Forum Golf Forum Boxing Forum Snowmobile Forum
Basketball Forum Soccer Forum MMA Forum PWC Forum
Football Forum Cricket Forum Wrestling Forum ATV Forum
Hockey Forum Volleyball Forum Paintball Forum Snowboarding Forum
Tennis Forum Rugby Forums Lacrosse Forum Skiing Forums
Copyright (C) Verticalscope Inc Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc. Search Engine Optimization by vBSEO 3.6.1