virus in client ender

Forum for bugs and technical problems.

virus in client ender

Postby Soroka » Mon Jun 03, 2019 3:17 am

03.06.2019 activity was noticed while loading the client ender
URL-адрес: http://survey-smiles.com/
after login the client breaks to the specified address, which belongs to hackers

please be careful, it started just today. Everything seems calm in latikai
Soroka
 
Posts: 26
Joined: Tue May 17, 2016 12:02 pm

Re: virus in client ender

Postby Taipion » Mon Jun 03, 2019 8:14 am

1.) Where did you download your enders?

2.) "breaks to the specified address" means what exactly?

3.) to which address? the one you mentioned?
Need something? Here is my Shop (Including some useful info for new/returning players at the bottom of the first post)
Taipion
 
Posts: 2661
Joined: Fri Mar 08, 2013 4:12 pm

Re: virus in client ender

Postby Soroka » Mon Jun 03, 2019 8:32 am

I will try to tell you in detail. Immediately apologize for my English, it is not very good.

I downloaded the client somewhere a year and a half ago and downloaded the client from the link in this forum. I have it installed on 2 different PCs, on the second one nobody is working now and nothing has changed there for two years already. I really like the ender and I use it.

This morning, suddenly after I’m logged in and my character is loaded, the firewall is triggered. the firewall started blocking the above address every second, and everything stopped after I closed the client.

As a test, I switched to the second machine and started the game there. It all happened again. After that, I was forced to change the ender to Latky. And the firewall did not report any more attempts by the PC to contact the remote host .

I changed the passwords on the account from which I logged in and calmed down on this, notifying of the problem on the official forum.

P.S. 03.06.2019 8:41:07 URL-адрес http://survey-smiles.com/, содержащий вредоносную программу, обнаружен
06/03/2019 8:41:07 AM URL http://survey-smiles.com/ containing malware detected
Soroka
 
Posts: 26
Joined: Tue May 17, 2016 12:02 pm

Re: virus in client ender

Postby Taipion » Mon Jun 03, 2019 8:55 am

That is, to say the least, incredibly strange.

- Enders client on github (salem, mind you, not hafen) has not been modified for years.
- Many people use it, and salem players tend to be paranoid, but no one ever reported anything like that.
- Latikais is based on enders, up to the last change, and should, by all means, include everything enders has, if latikais is "clean" but enders is not, that's suspicious to say the least.

From that, I'd guess that the problem is not coming from enders client, and it all does not quite fit together, yet.



Can anyone else shed some light on this issue?
Need something? Here is my Shop (Including some useful info for new/returning players at the bottom of the first post)
Taipion
 
Posts: 2661
Joined: Fri Mar 08, 2013 4:12 pm

Re: virus in client ender

Postby Soroka » Mon Jun 03, 2019 10:43 am

Then I will be grateful for the advice where I can look for a problem. I will explain

I checked the registry cleanly. Checked the tasks - clean. checked just in case the C drive with completely different antivirus software is clean.I read the logs in the Java machine - clean. there are only salem resources.

arranged brainstorming with friends, as a test for the same machine, where the problem was first detected again, the ender was installed from the distribution, which I download a long time ago. There are no problems at the moment. I did not reboot the machine in the morning, no software was loaded or unloaded.

I really do not understand why this problem was observed in the morning on two different machines. I am not well versed in Java. Perhaps someone who knows will tell how it could be.
Soroka
 
Posts: 26
Joined: Tue May 17, 2016 12:02 pm

Re: virus in client ender

Postby Kandarim » Mon Jun 03, 2019 5:18 pm

You can see here that the game files for Ender's client have not changed for several years.
It appears that something differently fishy is going on with your internet connection. Or maybe some other unwarranted access to your machine poisoned some java files? (Should not be possible with the client .jars because the files are signed and changes are detected w.r.t. the github-hosted versions).
I have neither the crayons nor the time to explain it to you.
JC wrote:I'm not fully committed to being wrong on that yet.
User avatar
Kandarim
Customer
 
Posts: 5321
Joined: Mon Jan 21, 2013 4:18 pm

Re: virus in client ender

Postby lachlaan » Mon Jun 03, 2019 5:32 pm

try downloading hijackthis https://sourceforge.net/projects/hjt/fi ... t/download

Or just checking your hosts file to see if there are any redirects of common urls you used to use.

I'd also clear java's cache, not sure what sort of redirects to other urls that could be storing.
Exactly 6.022 x 10^23 worth of Lach molecules.
lachlaan
Customer
 
Posts: 2043
Joined: Tue Mar 12, 2013 3:11 pm


Return to Bugs & Technicalities

Who is online

Users browsing this forum: No registered users and 3 guests

cron