malware
Posted: Thu Jan 04, 2007 9:42 am
Hi,
Please do not experiment with the url's that I'll put in this threat.
I recently had a malware/trojan on my PC - I hope shortly after, but possible at the moment, I had been on site www.matrixgames.com.
I have been tracing the actions of the software that contains the malware (new.exe) and my tracing software points to the server which contains www.matrixgames.com
I have sent a mail to developers@matrixgames.com explaining how I found this, but the mail is now gone a few hours and I did not receive any response. How can you see if you are infected : you need to look at the processes turning on your PC (attention only for Win XP users : on some PC's with Ctrl+Alt+Del) If it contains Serv1ce.exe (behind the letter v is a one) then you have propably the malware I found (on the internet I found more references on such a file but with some other characteristics than I had - so its possible a other variant of an existing malware.
If you don't have the serv1ce.exe, which is very well possible since the server which runs www.matrixgames.com does not make the malware appear in most normal circumstances, you don't need to worry about this forum thread, just check from time to time the processes runing.
At the moment I don't want to explain how the server start that proces on your PC because I don't want to give any ideas to people who are looking the spread other malware in that way - the explaination was sent to developers@matrixgames.com, along with the coding I found that eventually starts serv1ce.exe.
If you have serv1ce.exe the most important advice I can give you is not to user any usernames and paswords until it is cleaned from your PC. - I don't have a lot of time to explain, I gave my phonenumber to developers@matrixgames.com so if they find it's on their server (or on that of their ISP), I expect them to explain how to remove it - or if they can't to contact their supporting security software provider - in worst case they can always call. If they (www.matrixgames.com) do not have the code which initiates the malware, it is propably only my PC that play tricks on me with a malware or virus - and you all don't have to worry about it.
This thread is just a advice and warning to other users of the matrix site and forum. An other possible thing is that my PC is so infected that it only seems that the server from www.matrixgames.com initiates the processes which eventually leads to the malware on my PC (by some kind of spoof to my network protocol analyser) - I am not a senior expert on these things (I just know a lot of PC's).
I need to get my kid and wife, but I'll try to follow any reaction on this thread as soon as possible.
Sincerely yours,
Sven
alias Redstrike01
Please do not experiment with the url's that I'll put in this threat.
I recently had a malware/trojan on my PC - I hope shortly after, but possible at the moment, I had been on site www.matrixgames.com.
I have been tracing the actions of the software that contains the malware (new.exe) and my tracing software points to the server which contains www.matrixgames.com
I have sent a mail to developers@matrixgames.com explaining how I found this, but the mail is now gone a few hours and I did not receive any response. How can you see if you are infected : you need to look at the processes turning on your PC (attention only for Win XP users : on some PC's with Ctrl+Alt+Del) If it contains Serv1ce.exe (behind the letter v is a one) then you have propably the malware I found (on the internet I found more references on such a file but with some other characteristics than I had - so its possible a other variant of an existing malware.
If you don't have the serv1ce.exe, which is very well possible since the server which runs www.matrixgames.com does not make the malware appear in most normal circumstances, you don't need to worry about this forum thread, just check from time to time the processes runing.
At the moment I don't want to explain how the server start that proces on your PC because I don't want to give any ideas to people who are looking the spread other malware in that way - the explaination was sent to developers@matrixgames.com, along with the coding I found that eventually starts serv1ce.exe.
If you have serv1ce.exe the most important advice I can give you is not to user any usernames and paswords until it is cleaned from your PC. - I don't have a lot of time to explain, I gave my phonenumber to developers@matrixgames.com so if they find it's on their server (or on that of their ISP), I expect them to explain how to remove it - or if they can't to contact their supporting security software provider - in worst case they can always call. If they (www.matrixgames.com) do not have the code which initiates the malware, it is propably only my PC that play tricks on me with a malware or virus - and you all don't have to worry about it.
This thread is just a advice and warning to other users of the matrix site and forum. An other possible thing is that my PC is so infected that it only seems that the server from www.matrixgames.com initiates the processes which eventually leads to the malware on my PC (by some kind of spoof to my network protocol analyser) - I am not a senior expert on these things (I just know a lot of PC's).
I need to get my kid and wife, but I'll try to follow any reaction on this thread as soon as possible.
Sincerely yours,
Sven
alias Redstrike01