|
You last visited: Today at 00:36
Advertisement
[Attention] Ddos Attacks through the virus Ramnit.A
Discussion on [Attention] Ddos Attacks through the virus Ramnit.A within the SRO Private Server forum part of the Silkroad Online category.
12/18/2012, 13:59
|
#1
|
elite*gold: 45
Join Date: Nov 2010
Posts: 411
Received Thanks: 112
|
[Attention] Ddos Attacks through the virus Ramnit.A
In those days , i discovered something , which is a virus spread in almost every machine of a server . its called (Ramnit.A) .
What is a Ramnit.A ?
Virus:Win32/Ramnit.A is a detection for a virus that infects Windows executable files and HTML files, and spreads to removable drives. The virus attempts to open a backdoor and wait for instructions.
When executed, the virus drops a file as "<file_name>Srv.exe" (for example, "mytestSvr.exe"), where <file_name> is the file name of the infected executable. The dropped file is then executed.
This file may be detected as Worm:Win32/Ramnit.A.
Spreads via…
Thats how an attacker can shutdown servers easily , if u scan the vsro files or those new programs that are released , u can see there is a Ramnit virus in it , the biggest example of such programs is Srpatcher made by Cherno .
So please all scan your files to prevent these attacks , i recommend to use Avira (avira.com) , there is a version of it for windows server too . so please take care .
|
|
|
12/18/2012, 14:06
|
#2
|
elite*gold: 0
Join Date: Aug 2012
Posts: 748
Received Thanks: 227
|
why DDoS attacks as a title?
|
|
|
12/18/2012, 14:18
|
#3
|
elite*gold: 45
Join Date: Nov 2010
Posts: 411
Received Thanks: 112
|
mm , because it causes ddos attacks i guess ?
|
|
|
12/18/2012, 14:27
|
#4
|
elite*gold: 0
Join Date: Aug 2012
Posts: 748
Received Thanks: 227
|
Virus causes DDoS attacks,that's new, and where's the text at the thread that says it causes DDOSes?
|
|
|
12/18/2012, 14:32
|
#5
|
elite*gold: 45
Join Date: Nov 2010
Posts: 411
Received Thanks: 112
|
google what is a Ramnit and u'll see . dont come to comment while u dont know what a virus will do
and no , i didnt say that the virus itself attacks , the virus is used as a backdoor to infect other machines and are standby waiting for an order from the attacker .
|
|
|
12/18/2012, 14:36
|
#6
|
elite*gold: 0
Join Date: Aug 2012
Posts: 748
Received Thanks: 227
|
define the meaning of :
Quote:
mm , because it causes ddos attacks i guess ?
|
or
Quote:
its one of the reasons for DDoS attacks
|
please...
|
|
|
12/18/2012, 14:50
|
#7
|
elite*gold: 0
Join Date: Aug 2012
Posts: 570
Received Thanks: 192
|
*******,I had this kind of sh*t xD
|
|
|
12/18/2012, 14:59
|
#8
|
elite*gold: 0
Join Date: Jan 2011
Posts: 293
Received Thanks: 46
|
thanks alot Ahmad , That virus is added to Vsrofiles and his Patchs by Chernobyl , he use every machine as Bot-net to hack other machines =)
|
|
|
12/18/2012, 15:04
|
#9
|
elite*gold: 101
Join Date: May 2009
Posts: 1,523
Received Thanks: 381
|
yea that **** tried to infect my home pc too. He use the local port 1434. My kaspersky blocked it. 5 different IPs attacked me.
srPatcher_1.0.6 didnt had any virus in it. My kaspersky reported nothing about it.
ups sry wrong virus
my network attack had the name > Win.MSSQL.Worm.Helkern
|
|
|
12/18/2012, 15:05
|
#10
|
elite*gold: 0
Join Date: Aug 2012
Posts: 19
Received Thanks: 9
|
I can confirm this. And i guess it was done by the hackers which where leeching the files - or the one who postet the files after the first release. They put the backdoor in it - to get access to the servers.
With this backddor they create a bot-net. And with this bot-net they can start ddos attacks. Also there is another worm which installs a little later - we found that drop.agent.ab installs a short while after ramnit. On some installations it took a few weeks. Seems like the ramnit - security hole is used for that.
drop.agent infects html, htm and some other files with a web-browser script.
This Script tries to infect desktop-machines. Especially Microsoft Windows ones.
DropAgent is destructive - it can delete files..
|
|
|
12/18/2012, 15:50
|
#11
|
elite*gold: 0
Join Date: Mar 2009
Posts: 291
Received Thanks: 164
|
Cuz, right, my ESET NOD32 rescued my pc from this xd
Some time ago...
|
|
|
12/18/2012, 18:22
|
#12
|
Chat Killer In Duty
elite*gold: 5
Join Date: May 2008
Posts: 16,310
Received Thanks: 6,470
|
well, i have lots of files infected by this, a no network change
there are virus that cause a connection to a botnet, but a virus that DDOS is really hard to believe
btw, chernos patcher was once INFECTED. he lost his account and the hacker start spreading his work infected. that may by the cause as mine, was scanned already and
Quote:
Quote:
Originally Posted by Failwell
Especially Microsoft Windows ones.
|
sorry to point that out but, is there a potential virus for any other OS?(MacOS has virus, but i assume they have less that WinOS)
|
|
|
12/18/2012, 20:32
|
#13
|
elite*gold: 100
Join Date: May 2010
Posts: 1,948
Received Thanks: 1,635
|
that's why I use newest official br files lol!
|
|
|
12/18/2012, 20:51
|
#14
|
elite*gold: 38
Join Date: Nov 2008
Posts: 795
Received Thanks: 680
|
Quote:
Originally Posted by ~ Shane
that's why I use newest official br files lol!
|
vsro files aren't infected atleast those I got
|
|
|
12/18/2012, 20:52
|
#15
|
Chat Killer In Duty
elite*gold: 5
Join Date: May 2008
Posts: 16,310
Received Thanks: 6,470
|
Quote:
Originally Posted by ~ Shane
that's why I use newest official br files lol!
|
that's why i have vSRO-3-R
i can tell yours are **** compared to that
|
|
|
|
|
Similar Threads
|
[Security Release]Stop the recent attacks(That are not ddos attacks.)
12/04/2012 - Shaiya PServer Guides & Releases - 1 Replies
Hi everyone here is a little tutorial on the recent attacks as i've seen and were i played on servers which have gotten attacked, so to prevent this issue here is the tutorial below.
Get the program called rKill, which i have provided below And block in firewall this IP *fetching ip*
Range: xxx.xxx.xxx.x - xx.xx.xxx.xxx
Range: xx.xxx.xxx.x - xxx.xxx.xxx.xxx
Range: xx.x.xxx.x - xx.x.xxx.xx
As far as rKill, use it only under attack, It may block you out for a few seconds, and make players...
|
[VIRUS] Warrock Virus.Ramnit.X infinziert
07/31/2012 - WarRock Guides, Tutorials & Modifications - 2 Replies
Hallo Liebe Warrock Com.
Als ich Heute mein Computer mit Malwarebytes scannte fande der einen Virus versteckt in der Warrock Launcher.exe. Dieser Virus nennt sich Ramnit, Ramnit ist ein Virus der andere Anwendungsdatein also *.exe infiziert. Ich empfehle euch da ihr noch ca. 1-2 std. Zeit wegen der Maintance habt euer System zu Prüfen.
HKCR\NXCOM.NxGameControl.EU.2 (Virus.Ramnit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Nexon\Common\dbghelp.dll (Virus.Ramnit)...
|
[VIRUS] Warrock Virus.Ramnit.X infinziert
07/26/2012 - WarRock - 11 Replies
Hallo Liebe Warrock Com.
Als ich Heute mein Computer mit Malwarebytes scannte fande der einen Virus versteckt in der Warrock Launcher.exe. Dieser Virus nennt sich Ramnit, Ramnit ist ein Virus der andere Anwendungsdatein also *.exe infiziert. Ich empfehle euch da ihr noch ca. 1-2 std. Zeit wegen der Maintance habt euer System zu Prüfen.
HKCR\NXCOM.NxGameControl.EU.2 (Virus.Ramnit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Nexon\Common\dbghelp.dll (Virus.Ramnit)...
|
Attention: Hackers attacks from Cabal Rider!
03/10/2009 - Cabal Online - 22 Replies
Forget I posted this, no I do not go to porn sites and to get hi jacked by hackers! Also I do not use IE cuz it sucks and I actually use Mozilla. I'm not really the type of nerd person but I heard you can change your IP by unplugging your modem router? I did that but my IP is the same and my Internet Files in local settings is infected by the Trojan horse PSW.OnlineGames. So from now on I will not blame anymore because I quit hacking and another reason is because I get flamed. Now someone tell...
|
All times are GMT +2. The time now is 00:36.
|
|