Cairenn

There was recently another case of a Trojan virus being spread around via a UI by the name of GlixUI. It is a keyboard recorder for "stealing" EQ accounts + passwords. Everyone needs to keep these things in mind:

1. NEVER run Remmy.exe unless it came from Remelio's site, the T.king Art site, the EQLive site or EQinterface.com (here).
2. NEVER run an .exe file provided by unknown sources.
3. If you think you have this Trojan on your system, please contact EverQuest Customer Service immediately.
4. T.King, Remelio, the EQinterface.com team, Sony Online Entertainment, and Federal Bureau of Investigation are all aware of this Trojan virus, and we are doing everything that we can to help put an end to its proliferation.

__________________
"My friends, love is better than anger. Hope is better than fear. Optimism is better than despair. So let us
be loving, hopeful and optimistic. And we’ll change the world."

Co-Founder & Admin: MMOUI
FaceBook Profile, Page, Group
Avatar Image by RafM

Son-of-a-Gun

I hope i didnt get this, i have been finding myself dead even though havent played for a while , scary

__________________
Believe.

Maiyn

Just a Question will the lastest virus def from norton anti virus detct this?

wildtiger

i was on a friends computer looking at new downloads for the interface and he has norton firewall installed and it detected a trojan attack attempt so he was lucky

Caleal

Any good firewall software, or hardware, will prevent the communication that this type of trojan tries to do. You still need antivirus software, or to practice safe computing, to prevent them from being installed in the first place though.

I personally use a US Robotics router with a built in firewall, and update the firmware regularly. I don't use antivirus software, but I am the only user for any of the computers on my network, and am very selective about what I download.

BTW, kudos to you Cairenn, or whoever it was that spotted it first and reported it to the place that was hosting it. I noticed they killed the pages for "Violations of terms of service" almost imediatly. =)

__________________
Caleal P`Terak
BATTLE CLERIC of Innoruuk, ret
Cazic-Thule server
Shadowed Soul

Aamdaron

i downloaded this and unzipped it but never ran the .exe file norton doesnt detect any viruses (this is the online scan) am i safe?

Kudane

the trojan was hidden in the EXE, not the zip.. soooo delete the EXE (all the files really) and you will be just fine..

i recommend deleting so you dont forget and go back and run it..

__________________


.: Have a question? Read this :.

[ F.A.Q ]

Aamdaron

yeah done that thanks for help
firewall not detecting any attacks and norton not picking up anything so i think ill be fine

Aamdaron

all other exe on the site fine to run though? ie ccake by sokol etc?

thyil

i got this lameass virus too, my account was suspended for 3 weeks pending this investigation i found the trojan in this file..
3cmlnkw.exe so all plz be advised, i must say it truely sux not being able to play ;( only places i have been downloading from were here but i did download a gui driven equi editor, im not sure when i got this but who knows man.
PS.... is this trojan only hidden in .exe files or is it possible it is in .xml? i dont know much about xml and i wanna use my beloved sars gui but am leary of useing stuff from other ppl now.

Cairenn

If we leave it up on the site, you can bet your bottom dollar that we've checked it. Remmy.exe (from the four sites mentioned) and Ccake by Sokol found here, are safe.

.xml files themselves are safe. A trojan virus requires an executable file.

To quote Kudane from the front page:

Dolby

Aye, files hosted by us are checked and if their is the slightest doubt we delete it. You need to watch out for external links in posts to interfaces.

Curumtiny

Would a Zip file be considered a executable file type? Also so should we now be weary of people posting their own websites for downloads of their UIs?

__________________

Curumtiny Call Me Yoda
Gnome Warrior (GnomeLord) Level 65
Tarrew Marr
Guild Officer: Invictus Verite
Click on Signiture for Magelo Profile

Dolby

only really need to worry about .vbs and .exe

A zipfile is only a container... kinda like a breifcase or a purse. So the zipfile it self is safe but the things inside may not be. Good thing you can look inside the zip w/o getting hurt.

As for external links... unless you know the author your takeing a risk like with anything you download.