Thunder's Place

The big penis and mens' sexual health source, increasing penis size around the world.

My new penis enlargement website!

I don’t get what the deal is with this guy.

I fished the actual .mpegs out of the .exe files

then ended the server.exe process THEN deleted the server.exe
and deleted all registry keys

I didn’t have any problems on my computer after running the .exes but then again i don’t have dial-up or any anti-virus programs. I did notice my task manager would get killed when I was using it.


21 years of age 7.75" length 5.80" girth (10/15) "If I can touch it, I can destroy it. If it's imaginable to some degree I can become it" - Greg Graffin


Last edited by loveless : 02-07-2003 at .

Hey there guys! This is my first post to the forum, so I’m a bit nervous about sounding stupid….Anyway, the server.exe is a file which is used by a trojan, such as Subseven.

For thoses who do not know, a trojan is a program which lets the user gain control over their victim’s computer: Access to all files and passwords is possible! (I suggest if you store any passwords [hotmail etc] on your computer and downloaded from his site, you change them now!)
The problem is, once the server.exe is run, it is not needed anymore, so deleting it will not help. Another file is generated with some random name which sounds like it is important for windows.

The trojan is able to use multiple start-up methods, so even deleting it from registry may not help!

The problem with removal is that there are different versions of the same trojan, the newest of which are undetectable, for a while. The best way to not contract a trojan in the first place is to run a virus scanner (I use McAfee Viruscan ), with the latest update.
I’m sure any latest virus scanner will do, as long as it is up-to-date.

If already a victim, installing the latest virus scanner will remove it.

PS The trojan may be another such as Back Orifice, there are many trojans, but these seem to be the most common ones, as they are easiest to use.

I hope this is of help to someone.
L8Rs!

Re: How to remove the worm

Quote
Originally posted by TomSizeMore13
Hey guys,

This is a quote from the site:

“Then look through your registry and delete the entry for server in the runas key. “

-TomSizeMore13-

I went to regedit. I cannot find the runas key. Anyone know where to find it?

He posted a link to his site in the Big Penis forum several weeks ago. When I went to unzip the first two vids Kaspersky’s AVP warned they contain TrojanDropper.Win32.Juntador.c

I posted a warning and ask him what was going on. He came up with the lame excuse that he had implemented some kind of copy protection on the files and that his anti-virus program also sounded off on them. Yeah, right. Thunder deleted the thread.

I deleted the files without unzipping them. For those who didn’t, maybe knowing what it is will help you figure out where and how it installed malware.

You can download a 30-day trial version of The Cleaner here . It has a good reputation.

That cogento.com sounds familiar. Seems I made a few phone calls to them in the past about theft of material that was displayed by a certain named Darren Beale on one of his many websites. Screaming and yelling worked, so if anyone wants a phone number, send me a PM.


Penis Enlargement Forum -- How To Jelq -- Free Penis Enlargement Videos

Make a Donation This place runs on donations, help out if you can. Thanks.

Re: Tell him what you think about his website

Quote
Originally posted by TomSizeMore13
Hey guys,

Look what I found.

stephersen@hotmail.com

Give him an honest opinion. OK?

-TomSizeMore13-

Dont worry, I gave him an opinion alright. :cuss: :flame:

I see Bib posted a link to this thread at PE Forums.

To summarize and clarify, running the unzipped .exe file apparently causes a trojan to be installed on your machine (assuming you are running some version of Winblows). We don’t know which particular trojan, so manual removal isn’t practical. As pez209 indicated, more is needed than removing the components that installed the trojan. Once an application has been installed, merely deleting the installer doesn’t erase the program.

Check out my link to The Cleaner. Give it a try if you are possibly infected. In the future, run a decent regularly-updated antivirus application and avoid suspicious files.

What a mess.

Glad I didn’t go there.


be back soon


Last edited by Dura Ace : 02-08-2003 at .

Low memory

Hey guys,

Is anyone else getting a low disk space on local drive C
message?

-TomSizeMore13-

No.

Are you thinking you may have that Trojan?


be back soon

Not sure Dura Ace

Hey,

I downloaded Hobby’s trojan cleaner and it didn’t find anything. I think the low disk space message maybe related because 3/4 of my hard drive are empty.

-TomSizeMore13-

Tom, one of the effects of certain virusses is to fill your disk with useless fluff files…

this can be apparant, such as your C drive being full of thousands of gibberish files, or it can be discreet, eg the virus takes legitimate files and increases their size with either garbage or copies or fragments of iteself…

or, your drive could just be full of your own stuff ;)

take the other’s advice and get a virus scanner (try a free one) and scan to see if you have anything. remove any baddies and see what happens…

I have the aforementioned Trend PC-Cillan;
got a free copy with my motherboard ages ago…

My idiot friend accidentally downloaded a virus called, um, armageddon or apocalypse or some crap, infected both our PCs on the LAN and pc cillin managed to fix it ok…

the single best defense mechanism against virusses and trojans is to simply be conservative and suspicious with everything you download - if you use file sharing progs, and you download a file called “Jap_teen_rape_porn_innocent_virgin_slut_madonna_f ilm_clip_eminem_cool_funny_video.mpg.exe.jpg.vbs” and are oblivious enough to actually run such an obviously badly hidden nasty then you are quite likely to get infected.

This is why I was surprised that alot of people apparantly have file extension hiding enabled still: How can you tell what the real file extension is? Impossible…

BTW here’s a paranoia trip for you: it’s now possible to hide executable code within jpegs LoL

Top

All times are GMT. The time now is 08:15 PM.