Calling out Vanzale - For spreading virus on the MISC (SRS) Info on how to fix

[txdude1818]

CLIFFS:
- Fake hyperlink that looks like legit website tricks user into hackers website
- Hackers website looks legit but asks you to install JAVA application
- If you ACCEPT Java application you execute virus that installs a RAT that steals all your saved browser passwords + potentially record keystrokes/capture webcam
- If you DECLINE you should be OK but do full virus scan every day from now on
- If you have clicked it and become infected see below for removal instructions + Change all passwords immediately
- To protect yourself see below to disable JAVA on your browser + NEVER CLICK LINKS before you check them
- To DETECT and REMOVE please download a copy of AVG free antivirus - This is a new virus and only detectable by 4 out of the top 25 antivirus software AVG is the only free antivirus that can detect the JORI.EXE file that carries the virus. Download AVG free and do full system scan

The following are the ONLY Antivirus detects the jori.exe virus

ESET NOD32
AVG
DrWeb
Norman


Someone is tricking MISCers into visiting a webpage that downloads a virus and infects their computer

This guy used BBCODE to make a hyperlink that read break.com but ACTUALLY took you to a website with a virus instead.

(Just a note if you see a clickable link anywhere on the internet put your cursor over the link and at the bottom of firefox it tells you where that link is going)



As you can see in this picture the hyperlink looks like break.com but at the bottom you see it is really taking you elsewhere

We have been able to determine that if you visit the link you will be asked to download a JAVA applet. If you accept then you will be infected. If not then you SHOULD be ok.

The virus captures ALL locally saved passwords, this means all the passwords you have saved in your browser such as for bb.com as well as for paypal, steam e.t.c IF you have clicked then change ALL saved passwords immediately.
- However it is possible that the virus serves other purposes too such as recording keystrokes and webcam capture.

Mikerub
How to remove

Download Malwarebytes, it's a free and very reliable virus scanner.
http://www.malwarebytes.org/

Scan your computer and if nothing was detected here is how you can see if you're actually on this guys RAT.
http://www.youtube.com/watch?feature...&v=zYa9RWiTxwo
If you did run the JAVA application avoid typing in sensitive passwords as he can view your desktop, keystrokes and much more.

TO DISABLE JAVA ON FIREFOX TO MAKE YOU IMMUNE TO THESE JAVA EXPLOIT ATTACKS
Firefox > Adons > Plugins > Java > Disable




Someone is attacking the MISC. Nobody attacks the MISC.


EDIT: It has come to my attention that the user Vanzale is most probably just a compromised account. If you clicked the link you should run a full AV scan as well as clearing browser cache and cookies.

Gentlemen...we are at war




CONFIRMED HACKED MISCERS
Rambo26
Vanzale
VladimirVega

These accounts have all been used to spread the virus

The virus is is trying to get you to download is a RAT (Remote Administration Tool) If you visited the site you were prompted to run JAVA. If you hit accept you automatically installed the virus and it is on your computer now and he can do as he wishes.

He can view your entire computer, webcam, and basically do anything he wants.

How to remove

Download Malwarebytes, it's a free and very reliable virus scanner.
http://www.malwarebytes.org/

Scan your computer and if nothing was detected here is how you can see if you're actually on this guys RAT.



If you did run the JAVA application avoid typing in sensitive passwords as he can view your desktop, keystrokes and much more until you are sure you've taken care of the situation.

[OCDbrah]

Mate, I swear on my life I will wreck that cheeky kunt.

[HamburgerTrain]

Maybe you shouldn't have clicked on it?

[TheClimax]

Unless it ask us to re enter our password, how would that page just be able to grab our password?

[txdude1818]

Maybe you shouldn't have clicked on it?

I didn't I was about to click on it but I always hover over the link and I saw that it sent you to a different site. Then MISCers posted in this thread saying they got hacked http://forum.bodybuilding.com/showth...hp?t=149988513 and then the hacker edited their posts to pretend like nothing happened.

[VladimirVega]

That piece of sh*t hacked me. Already changend password and deleted the posts with the virus link.

[RepTillFailure]

Clever kunt lol

[GoingGuido]

Is that the one with the "HOw to Win a Fight?" vid? Clicked it lol

[VladimirVega]

Is that the one with the "HOw to Win a Fight?" vid? Clicked it lol

big mistake

[milkbrah]

Is that the one with the "HOw to Win a Fight?" vid? Clicked it lol

good night sweet prince

[txdude1818]

I didn't I was about to click on it but I always hover over the link and I saw that it sent you to a different site. Then MISCers posted in this thread saying they got hacked http://forum.bodybuilding.com/showth...hp?t=149988513 and then the hacker edited their posts to pretend like nothing happened.

Bro he just used your account to post the virus in this thread http://forum.bodybuilding.com/showth...#post986462163

[txdude1818]

Is that the one with the "HOw to Win a Fight?" vid? Clicked it lol

Yes you should change your password brah. What happened when you clicked it?

[sourcecode123]

yea i clicked it also, i really doubt I just got a virus

srs

^nothing happens... seriously how in the hell did people come up with the idea that its a virus

i can confirm, i am not virus

[hoalieuconuong]

This guy used BBCODE to make a hyperlink that read break.com but ACTUALLY took you to a website with a virus instead.

He posted the link in about 5 different threads.

Someone made a thread saying their account got hacked and then this guy deleted the last 5 posts of his post history.

If you clicked the link you may have a virus and should change your passwords.

His account name is Vanzale

(Just a note if you see a clickable link anywhere on the internet put your cursor over the link and at the bottom of firefox it tells you where that link is going)


He is not even banned yet because he has deleted his posts after he got found out but I already messaged the mods and reported the posts so now they have proof.



Someone is attacking the MISC. Nobody attacks the MISC.

thank for info bra

[Cjjlpsp]

Clicked one vid of an awkward asian singing karaoke, but it actually brought me to break.com

Was it that guy?

[GoingGuido]

Yes you should change your password brah. What happened when you clicked it?

Got taken to a site saying this was the "New Break.com"

Anyway my Anti-Virus blocked an unauthorized site from attempting to access my comp.


Just another day miscin

[txdude1818]

Vladmir wtf happened to your rep power you went from 33 to deep red?

To the mods if you want to slow the guy spreading the virus then

Check the IP addresses of the accounts VladimirVega and Vanazale because the guy used both accounts to post the link therefore you can BAN that IP address. Make sure you don't ban the legit account holders IP but the IP that shared both accounts.

[sourcecode123]

this is y2k all over again

[jasonjb]

I have no idea whats going on but I rarely click posted links after getting a virus from that ******* who made the zyzz game last year

[VladimirVega]

Vladmir wtf happened to your rep power you went from 33 to deep red?

To the mods if you want to slow the guy spreading the virus then

Check the IP addresses of the accounts VladimirVega and Vanazale because the guy used both accounts to post the link therefore you can BAN that IP address. Make sure you don't ban the legit account holders IP but the IP that shared both accounts.

wtf? don't know
now i have -25575 rep points...???!!

[Sakeoe]

Clicked the link, it asked to run some program and I aborted it.

Did I dungoof?

[jasonjb]

Clicked the link, it asked to run some program and I aborted it.

Did I dungoof?

would scan with an anti virus just in case

[wheelerx50]

if the guy would have used a forum.bodybuilding url probably could have wrecked a lot of people lol

[txdude1818]

wtf? don't know
now i have -25575 rep points...???!!

My internet connection just went completely offline for 2 minutes.


WTF is going on. We under attack? I didn't even click no links.

[Ratamahatta]

if the guy would have used a forum.bodybuilding url probably could have wrecked a lot of people lol

Thanks for giving him the idea if he's watching, brb never clicking a link from this site ever again.

[swaptrex]

Thanks for the virus OP.

[jasonjb]

Thanks for giving him the idea if he's watching, brb never clicking a link from this site ever again.

same, I always hover over the links to make sure its actually going to the site it says though

[Sakeoe]

would scan with an anti virus just in case

Just did a quick scan, didn't find anything.

Did I stay safe?

[txdude1818]

Just did a quick scan, didn't find anything.

Did I stay safe?

We cant say until someone with computer security experience can analyze the link to see exactly how it affects/infects

[VladimirVega]

My internet connection just went completely offline for 2 minutes.


WTF is going on. We under attack? I didn't even click no links.

i just disabled my connection for 2 minutes. lol wut? WTF is going on here