Armor Manager

Petra Fyde · 19th November 2005, 08:33 AM

Picked this information up in UO Hall.

There's a program called Armor Manager. It claims to help you organise your armor properties by working with UO assist dress macro. Which would appear to make it ok to use, since it doesn't interact directly with uo.

But

It apparently has a keylogger in it and is the cause of several of the recent hackings.

19th November 2005, 08:39 AM

Quote:

Picked this information up in UO Hall.

You found a nugget of good information in U.Hall... Impressive. Now go get some rest, Petra you must be exhausted shoveling through the rest of the bs in there to find this gem. hehe

Thanks for the heads up.. I get so frustrated trying to put resists together that I would have installed that proggy in a heartbeat had you not warned us first!

Epona · 19th November 2005, 09:00 AM

Just hire me!

**Ally** · 19th November 2005, 01:12 PM

Quote:

Originally Posted by SpyderBite

Thanks for the heads up.. I get so frustrated trying to put resists together that I would have installed that proggy in a heartbeat had you not warned us first!

Hehe... that's what friends are for. I didn't put together anything that I'm wearing right now.

Thanks for the warning Petra

19th November 2005, 01:31 PM

Quote:

Originally Posted by Ally

Hehe... that's what friends are for. I didn't put together anything that I'm wearing right now.

Thanks for the warning Petra

Heh.. my friends would tire of me sending them pigeons every 20 minutes though... I go through armor WAY to fast to worry about whether a friend is online to help me sort through it. *chuckles*

Smythe · 30th November 2005, 06:22 AM

Not sure if this came up in the thread at U.Hall, but this trojan has now made its way onto ebay. I was bored tonight (or this morning, rather) and decided to see what things were selling on ebay. I go there and find these three programs:

*Links Removed by Admin*

I thought to myself, "These have got to be viruses." So I decided to download them (the seller so generously offers a seven day trial period

). The first sign of there being trouble was when all three programs had roughly the same file size (~498KB). So after completing the download (didn't take long) I ran them through some virus scanners. All three programs reported the same viruses. http://virusscan.jotti.org/ reported the following which remained constant for all three programs:

Quote:

Status:
INFECTED/MALWARE
MD5 a5700e95fcd26f427eb6f53f70ac064b
Packers detected:
-
Scanner results
AntiVir
Found Heuristic/Trojan.Downloader (probable variant)
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found BehavesLike:Trojan.Downloader (probable variant)
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Delf.abo
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found Sandbox: W32/Downloader; [ General information ]

* File length: 39936 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\icq.exe.

[ Network services ]
* Downloads file from (This -> icq.doc <- was a virus that I removed the link for so as to hopefully avoid any accidental downloads. For more information on this file see my second post in this thread.) as C:\WINDOWS\icq.exe.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Attemps to NULL C:\WINDOWS\icq.exe NULL.
UNA
Found nothing
VBA32
Found nothing

I really hope no one falls for this. It is bad enough to lose your account, but to unwillingly pay someone to take it from you?

30th November 2005, 11:50 AM

It troubles me that so many virus scanners couldnt detect it.

Thradia · 30th November 2005, 12:36 PM

The ebay links have been removed, as the auctions have links to these illegal third party programs. We do not endorse Third-Party programs at UOF, and it's our policy not to link to them.

However, please do be careful if you are seeking these out. And best not to buy downloadable programs from Ebay at all.

Thank you Smythe for showing us proof of the viruses. I do hope everyone will be careful.

Smythe · 30th November 2005, 08:22 PM

I linked to those ebay auctions as a means of showing people the infected files, host website, and ebay seller to stay away from. I understand why the links were removed, though.

Quote:

Originally Posted by Severina

It troubles me that so many virus scanners couldnt detect it.

If you thought that was bad then the virus scan for the icq.doc file was much worse.

Quote:

File: icq.doc
Status:
INFECTED/MALWARE
MD5 e7235bb46e395c2db7d938b1e0f19b93
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Trojan.DownLoader.5688
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing

Only one scanner detected anything. :shocked:

Petra Fyde · 1st December 2005, 04:12 AM

erm,
icq.doc?

can you give us some idea where that came from and if it's something we're likely to have gotten from somewhere?

I don't accept files via icq, or anything else for that matter, but sometimes you don't actively have to accept something to get it anyway.
Was it part of the ebay package, or is it from a different source entirely?