Warning or coincidence?

General discussion for players of Oolite.

Moderators: winston, another_commander

Post Reply
Commander Trigg
Competent
Competent
Posts: 60
Joined: Thu Feb 18, 2010 5:49 pm

Warning or coincidence?

Post by Commander Trigg »

Since downloading the latest versions of the Behemoth and Galactic Navy oxps, my anti-virus has detected a couple of threats appearing on my system.

It may be pure coincidence of course, as I was doing several other things at the same time and might have picked something up on a fly-by, but perhaps someone with the know how could take a look to see if either of these packs has been got at by some unpleasant person?
User avatar
Loxley
Deadly
Deadly
Posts: 148
Joined: Sat Jan 30, 2010 7:44 pm
Location: Chatham, England

Post by Loxley »

I've got both these downloaded and haven't encountered any problems.
For what it's worth I scanned them both with Norton 360 and have since run full system scans without anything untoward showing up.

I expect you probably picked up your virus problem somewhere else but it's always good to warn of possible security threats.
"There is still much music to be written in C major" Stravinsky
another_commander
Quite Grand Sub-Admiral
Quite Grand Sub-Admiral
Posts: 6683
Joined: Wed Feb 28, 2007 7:54 am

Post by another_commander »

Commander Trigg: What antivirus do you run? Sometime ago, we had some false alarms from Avira, which was complaining that our distribution was infected because one of our plists (customsounds.plist I think) happened to contain the letters 'w','o','r','m' inside the word "wormhole" :roll:

Also, can you please specify which exact files did your antivirus indicate as threats?
Commander Trigg
Competent
Competent
Posts: 60
Joined: Thu Feb 18, 2010 5:49 pm

Post by Commander Trigg »

I'm afraid I was a little hasty in getting rid of the threat - I just saw Trojan Horse and clicked the remove button before thinking I maybe should have looked into it further.

I'm running a symantec corporate edition and looking through the threat history, it's saying the virus had located itself in system32/drivers. I can't see any information about the possible source however.
Now over 1000 confirmed kills. Bring on the bad guys!
Commander Trigg
Competent
Competent
Posts: 60
Joined: Thu Feb 18, 2010 5:49 pm

Post by Commander Trigg »

If anyone is interested, I've now discovered that my original virus infection somehow tricked my anti-virus into overlooking certain files and not installing update files.

I've fixed that issue and have been running a full deep scan for the past 680 minutes...and counting - I wonder if this is some sort of record?

It looks like the main virus file embedded itself in windows/system32 under the filename wcoredn.exe although there's still no clue as to the original source.

I don't think I've sent anyone any files that might have spread the infection, but better safe than sorry!
Now over 1000 confirmed kills. Bring on the bad guys!
User avatar
Diziet Sma
---- E L I T E ----
---- E L I T E ----
Posts: 6312
Joined: Mon Apr 06, 2009 12:20 pm
Location: Aboard the Pitviper S.E. "Blackwidow"

Post by Diziet Sma »

I do find it most unusual/strange that wcoredn.exe has reportedly been in the wild for 2 weeks now, and there is no discussion (or even mention) of it anywhere except at the website of ONE particular anti-virus product...

Some might say that was suspicious, even...
Most games have some sort of paddling-pool-and-water-wings beginning to ease you in: Oolite takes the rather more Darwinian approach of heaving you straight into the ocean, often with a brick or two in your pockets for luck. ~ Disembodied
Post Reply