AOTS Hacked/Infected?!

[Lektronik]

A good program to use if you do get infected by virus is "SuperAntiSpyware".


It can be found by going to http://www.download.com and searching for "superantispyware". Download the free edition if you like. Install it, run a scan on your computer.

It has a habit of finding and removing a lot of malware (bad stuff).

[wormx]

After a full Ad-Aware scan I came up clean
The scan also triggered my antivirus that found some "infected" file in some really old trainer to some really old game that I havent touched in years.

So again, looks like I dodged the bullet this time

[TheMekon]

Personally, I found nothing untoward on the site... not a blip, not a murmer..

infact the only thing to raise an eyebrow by my comptuer, was the address of one of the two sites that xyphos posted

[Xyphos]

Create virii in asm and exploit like a champ or I am not impressed (if anybody associated with the virus is reading this.)

Shame windows hasn't used ASM in it's programs at all -
Win32 executables are Bytecode - an entirely different and operating system specific instruction set.
-Ever got a program that threw an error "Cannot access xxxx portion of memory, Access is denied" ? that's cuz the O/S is handling the memory allocation.
normally in ASM you could write almost anywhere in RAM without needing permissions.

ASM virri would only work in DOS or at boot time, in the case of an MBR virus.

[Omutb]

Shame windows hasn't used ASM in it's programs at all -
Win32 executables are Bytecode - an entirely different and operating system specific instruction set.

Last time i looked ASM wasnt used by programs at all in the way youre implying.

ASM or C has to be compiled and linked into platform specific binary, namely to produce a Win32 PE executable, which is the usual binary format for current Win32 versions.
Even Linux is the same, you have to take code, be it C or ASM, and compile and link it into either an Aout or ELF format binary so that the system can execute it.

If you like, you can write a nice windows app in ASM, but honestly, youd kill yourself before you got anything worth using.

If you write something and use WinDBG to debug it, youll see all the nice ASM instructions that are produced by the compiler.
You can even skip that step, if you use Visual C++, you can set one of the command line flags to produce Assembler listing files from your C code, its not pretty.

normally in ASM you could write almost anywhere in RAM without needing permissions.

I think youre getting confused between Real Mode and Protected Mode.
"Old School" ASM virii ran either in DOS or pre-DOS, ie Real Mode, so had access to do what they wanted. Windows runs in Protected Mode, and as such you can access things but you need to do so in the right way.

[Xyphos]

heh, been long time since I've bothered to even think about modes of operation - never really had to, tbh.

but thanks for clarifying.

[Solstiare]

Thanks for the GPS co-ords, missles launched.

[Xyphos]

Thanks for the GPS co-ords, missles launched.

from Alaska or the nuclear satellite in orbit?
must be from Alaska cuz Bush won't let anyone touch his doomsday device

[Doctorgator]

wtb stickie on this ;p

[wormx]

I talked to a friend in game about this site and her reply was :

"i sent the info from my antivirus to Avira and they sent me a e-mail saying the page was infected"

[masterprogram]

Well this is the first i have heard from it. I have redone the aotradeskills.com page and find no Virus on it. Previously it was a forward page to aotradeskills.com/dnn. It would have been nice is someone would have mailed me instead off Slandering my site and name, I do this site for free and pay all server charges.
My site has been going for a long time to help people. Please check if you think there is a Virus still on it and let me know either by this post or emailing me.


Hugz


Cybershead

[Xyphos]

Well this is the first i have heard from it. I have redone the aotradeskills.com page and find no Virus on it. Previously it was a forward page to aotradeskills.com/dnn. It would have been nice is someone would have mailed me instead off Slandering my site and name, I do this site for free and pay all server charges.
My site has been going for a long time to help people. Please check if you think there is a Virus still on it and let me know either by this post or emailing me.


Hugz


Cybershead

seems that you've removed the javascript for the Russian site, but the shifty script for Reddii.org (Bejing, China) is still there.
I still don't trust it.

[masterprogram]

Is this virus you have found on aotradeskills or aotradeskills/dnn?



Cybershead

[sirmalak]

Last time i looked ASM wasnt used by programs at all in the way youre implying.

ASM or C has to be compiled and linked into platform specific binary, namely to produce a Win32 PE executable, which is the usual binary format for current Win32 versions.
Even Linux is the same, you have to take code, be it C or ASM, and compile and link it into either an Aout or ELF format binary so that the system can execute it.

If you like, you can write a nice windows app in ASM, but honestly, youd kill yourself before you got anything worth using.

If you write something and use WinDBG to debug it, youll see all the nice ASM instructions that are produced by the compiler.
You can even skip that step, if you use Visual C++, you can set one of the command line flags to produce Assembler listing files from your C code, its not pretty.



I think youre getting confused between Real Mode and Protected Mode.
"Old School" ASM virii ran either in DOS or pre-DOS, ie Real Mode, so had access to do what they wanted. Windows runs in Protected Mode, and as such you can access things but you need to do so in the right way.

Yes and as a learning (I believe I will all my life) reverse engineering student the only real reason I love asm is because it lets me appreciate higher languages and has helped me learn more about what is really happening inside the computer. Which I will be honest I am still dumbfounded on many issues (still learning as always.)

My first program in asm was the "hello world" program. I will be honest it took me 30min's to write that and two weeks to understand whats going on literally lol...thats how different it is from higher languages.


Honestly nowdays when a coder says assembly most think about something entirely different then the language.

[Xyphos]

Is this virus you have found on aotradeskills or aotradeskills/dnn?



Cybershead

virus or not, your pages have some very shifty scripting on BOTH
and both translate into more javascript that injects iframes from Bejing, China.

[ZenWon]

I've got to post this because it pisses me off that instead of saying O ****, I'm sorry MY site nerfed yer pooters I get j00 slandered meh, and THIS..

It would have been nice if you had send me a PM, as i did not know about this virus. Anyway it as been checked by the server people and i changed the main page. This site has helped alot of people for many years, so a shame for people to slander it all over the forum.

Cybershead

How did I slander you?? Yes your site has helped alot of people, including me, BUT.. 1) I dont know you or know whos site it was. 2) I was posting a warning that the site was possibly infected. 3) Your site WAS(still is?) infected with some very nasty ****, and caused alot of people alot of problems.

Is it slanderous to warn people that a site is infected with worms/malware???! Get a grip man. Your site cost me my partition, and two of my friends theirs. If theres a fault here its yours! I certainly wasnt going to go back to an obviously infected and dangerous site that already cost me a partition and ALOT of work to reinstall my OS/updates/games/patches/firewall/etc/etc/etc, to find out who the hell owned the site to send them a message asking 'scuse me pl0x but you is YOUR site a harbinger of PC DOOM?

Definition; Slander: Maliciously untrue statement or statements about someone, or something.(Webster's). NO ONE SLANDERED YOU. The only injustice here is coming from your attitude about this!! It would ONLY be slanderous if the site was indeed NOT infected, and this was an attack on you or your site. I dont friggin know you and I'm FAR from the only one saying there is definately a problem there so who exactly has the problem here?? For me I'll never go back to AOTS and your attitude about it and whats happened SUCKS.

[Solstiare]

the missiles were launched from my satellite

[Jenshiye]

Might be neat to make a mirror site incase this ever happens again?

[TheBaron]

Might also be nice for all the tech whiz kids here to actually help cyb in fixing it too.

If you havent noticed, the guy is not a web developer by trade.

[masterprogram]

Yes i was upset that people would rather shout about it than help a site that helps people, I am not a whizz kid when it comes to code. Someone as sent me a mail and told me possible infected files. I will also contact the server company that i deal with. As far as we know it is index page aotradeskills.com that has the problem not aotradeskills.com/dnn. I am sorry if anyone had problems from my site but it must be something really nasty if your virus programs did not pick this up, and this dose concern me on how this got on the server in the first place. If anyone remembers i was hacked before many years ago including my account, maybe this was another attempt who knows. aotradeskills.com will be under construction today so i suggest you use aotradeskills.com/dnn if you have need of the site. Once again sorry if anyone did get infected by someone's idea off a joke.

Also i am not sure about the S... code as you say, the main source is Dot Net Nuke witch is Microsoft so i do not have to do any code, I can see that you are a Pro coder so i suggest you contact Microsoft and let them know that the code is wrong. or maybe even help AOTS get fixed.

Cybershead