1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Entropia Universe Helper?

Discussion in 'General Entropia Universe Discussion' started by khaos, Jun 13, 2011.

  1. khaos

    khaos DnB'addict

    I got this mail today, and I'm not sure I can thrust it.

    It ended up in my spam mail, and offers me to download from mediafire instead of their own FTP.

    Sender is: planetcalypso@entropiauniverse.com

    EDIT: If you do get infected: kill the process called "internet.exe" (You can do this with ctrl+alt+del>Task Manager>Processes. Then right-click on the process and choose "End process".)

    Then go to Start>All programs>Startup. Delete Internet.exe, while holding the shift key down, this makes sure the program is completely removed.

    Now you'll have to change all proxy servers used by your machine:

    Start up Internet Explorer and go to Tools>Internet Options>Connections>LAN-Settings. You will see that is uses a proxy, if you weren't using one before, you can switch the proxy off. If you were using one, re-enter the data.

    ---This proxy is used by all other programs as well, like EU, windows Update, etc...---

    In Firefox, you can use this document: http://support.mozilla.com/en-US/kb/Options window - Advanced panel?s=proxy&as=s
    Scroll down to connection. If you haven't used a proxy before, you should use "No proxy"

    In Chrome, use this document: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=106010

    In Opera, use this document: http://www.opera.com/support/kb/view/332/
    This doesn't explicitly say how to disable a proxy, but I'm sure you can find the option to disable the proxy.

    NOTE: You can set all browsers to use the machine's proxy as well, this way you'll only have to change one proxy.

    If I haven't added instructions for your browser, head over to their website and go to the support section. You should be able to search for "proxy" here. This will bring you to a page, explaining how to change proxies.
    A search on Google with "[browser name] proxy" will also return these pages.

    This is all I could find about the virus. It is however possible that a keylogger is sent with the program as well, but I haven't noticed any yet.
    So be cautious when playing any games. You can use the screen keyboard if you want to be really sure (Windows Vista and newer: Start>Search Bar>"osk.exe"> Enter. Older: Start>Run>"osk.exe">Enter.)
     
  2. Amber Knightley

    Amber Knightley I see dead people.

    Don't download that shit, most likely a keylogger!!
    And consider removing them links from your quote.

    You can try and look at the full header of the email, containing all information how it has been send. The sender can be changed but the header should contain info about what server it has come from. I bet it wasn't from mindarks servers.

    And if they for some reason would have some kind of test in the future they for sure wouldn't use outside servers to host their files.
     
  3. khaos

    khaos DnB'addict

    Thought I could test it anyways, seems like it fucked up my internet connection..
     
  4. khaos

    khaos DnB'addict

    Have taken a look at the header, it's from Russia...
     
  5. khaos

    khaos DnB'addict

    Ok, I found out it contained a virus, which dropped a proxy configuration...
     
  6. RAZER

    RAZER Custom title ... uh ...

    I would not log into the game unless you are really sure all the crap is from your computer.

    Send using Tapatalk
     
  7. khaos

    khaos DnB'addict

    Did some check with avast, malwarebytes, ... So I'm pretty sure it's ok :)
     
  8. NotAdmin

    NotAdmin Administrator

    While those things might capture most of the known vulnerabilities, this time you are dealing with something that targets a small niche market. As such, the footprint of the malware might not be known by the virusscanners. I would proceed with caution if I were you, and at the very least consider running a few additional scans, or perhaps a network sniffer to see if anything is being sent over the network that does not belong there.

    I would also advise you to get a GoldCard if you do not happen to have one yet.As a side note, any idea how these people managed to get your mail address?
     
  9. NotAdmin

    NotAdmin Administrator

    I updated the OP and removed the links. If you want, mail me the headers of the mail? I'll see if I can figure something out. Might also be worth sending the mail to MindArk to ensure they, too, are aware of the scam and can issue a warning.
     
  10. khaos

    khaos DnB'addict

    Will do a few more scans ;) I do not have a goldcard.. How much do they cost?

    I really have no idea how they might have gotten my e-mail..

    Sent a support with the e-mail, yesterday. But I haven't had any response yet.
     
  11. RAZER

    RAZER Custom title ... uh ...

    Goldcards are 250 ped I think and for stuff like this very usefull. Like admin said, please be careful, it would be a shame if you lost your money or your avatar.

    Send using Tapatalk
     
  12. khaos

    khaos DnB'addict

    Oh.. They're in PED :/ Well, I'll just be careful then.. Second round of scans is almost done :)
     
  13. RAZER

    RAZER Custom title ... uh ...

    goldcard reader is 100 ped, not sure what the goldcard itself costs. The standard delivery is for free, so not all that expansive.

    Or you could just deposit 5000 ped and get one for free
     
  14. khaos

    khaos DnB'addict

    Don't think it will be necessary ;) Located all malicious files and registry keys. I'm gonna play on an alternate my brother's best friend's uncle's son's account for a few days now, just to be sure..
     
  15. RAZER

    RAZER Custom title ... uh ...

    you mean the account of your sister?

    (you can not have 2, you know that right)
     
  16. khaos

    khaos DnB'addict

    My sister's account? No; my brother's best friend's uncle's son's account..
     
  17. khaos

    khaos DnB'addict

    Added removal instructions to the OP
     
  18. Amber Knightley

    Amber Knightley I see dead people.

    Removing the exe from startup doesn't remove it from your computer...
    But good guide none the less, fixing that proxy info could be crucial!
     
  19. khaos

    khaos DnB'addict

    It does remove it. The whole .exe is placed in there, and not just a shortcut.
     
  20. Amber Knightley

    Amber Knightley I see dead people.

    Ok, good to know. Which program did you catch it with when doing a scan? Would be nice to know since I saw you posting that Avast missed it...
     

Share This Page