[ATTENTION] Recent Email Scam menu

User Tag List

Page 1 of 3 123 LastLast
Results 1 to 15 of 45
  1. #1
    Apoc's Avatar Angry Penguin
    Reputation
    1387
    Join Date
    Jan 2008
    Posts
    2,750
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [ATTENTION] Recent Email Scam

    A recent email was sent out from [email protected].

    It is a scam, and was not sent from us. Please disregard the email. If you did open the page, I highly suggest you scan your computer immediately.


    Kaspersky is known to find the virus coming from the page, as well as Microsoft Security Essentials.


    Also, open up your task manager, and search for 'cernel.exe' and kill the process.


    You'll find the downloaded exe in C:/Users/<your username>/AppData/Local/Temp/cernel.exe


    I do apologize for the intrusion attempt. (I take responsibility for this one, I wasn't quite fast enough to load the virus in a sandbox earlier)


    If you have any other questions, please don't hesitate to ask.

    Additional info:

    The IP address who took advantage of our system has been banned. (Unfortunately, a little too slow)
    Other measures have been put in place to avoid this happening again in the future.

    We are NOT affiliated with the website mentioned in the email. If you want to play the REAL game, you may visit www.minecraft.net to play. (Yes, it's legit. And yes, it requires Java.)


    Prevention & Deletion:

    Remove the cernel.exe from your /AppData/*/Temp folders.
    Remove the 'SYS' folder from C:/Users/<Your username>/ folder. (It only contains cernel.exe)

    Start -> Run -> msconfig -> Startup Tab -> Untick 'AARC' and any other startup items that show 'cernel.exe' in the Command location.

    Last notes:

    Just because I found it funny. The 'virus' is a VB.NET application.
    Last edited by Apoc; 04-26-2010 at 02:52 PM.

    [ATTENTION] Recent Email Scam
  2. #2
    Dragonshadow's Avatar ★ Elder ★
    Reputation
    1170
    Join Date
    Apr 2007
    Posts
    3,858
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    viruses are bad mmmk
    Thank you for fixing it Apoc
    Last edited by Dragonshadow; 04-26-2010 at 02:12 PM.
    Look at your post, now back to mine; Now back to your post, now back to mine. Sadly, it isn't mine, but if you stopped trolling and started posting legitimate content, it could look like mine. Look down, backup, where are you? You're scrolling through threads, reading the post your post could look like. What did you post? Back at mine; It's a reply saying something you want to hear. Look again and the reply is now diamonds.

    Anything is possible when you think before you post. The moon is shrinking.

  3. #3
    Remus's Avatar Banned

    Reputation
    402
    Join Date
    Nov 2007
    Posts
    1,697
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    [spoiler]A twit here on mmowned (now banned), viktor1908; what it does is if the page loads up a Java popup will appear- whether it is just the site (.tk) or the game itself; it attempts to download and install a trojan access CERNEL.EXE in the temp folder of APPDATA\LOCAL\

    Huristic generic trojan, KIS2010 picked it up easily; but still update your databases for your antivirus.
    [/spoiler]
    - just posting it here for reference for no extra questions.

    /Hate spam srsly.

  4. #4
    Heftydogg's Avatar Contributor

    Reputation
    267
    Join Date
    Dec 2006
    Posts
    792
    Thanks G/R
    2/3
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not sure if this information will help at all, but my old email was listed under my account profile, while this scam email went to my new email address. Not sure how they could have found the new email, the only link to MMOwned that I can think of is my subscriptions get sent there, however it's still not displayed anywhere publicly.

  5. #5
    BonutDot's Avatar Contributor
    Reputation
    235
    Join Date
    Aug 2006
    Posts
    418
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Dragonshadow View Post
    viri are bad mmmk
    Thank you for fixing it Apoc
    The plural of virus is viruses. "Virii" would be the plural of "virius", and "Viri" is latin for men.

    Though if you are saying that men are bad, you may be correct.

  6. #6
    Trollblod's Avatar Elite drone
    Reputation
    445
    Join Date
    May 2009
    Posts
    1,710
    Thanks G/R
    2/7
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Any clue who could've done such a terrible thing to us?

  7. #7
    2dgreengiant's Avatar ★ Elder ★


    Reputation
    1190
    Join Date
    Feb 2007
    Posts
    7,129
    Thanks G/R
    1/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Heftydogg View Post
    Not sure if this information will help at all, but my old email was listed under my account profile, while this scam email went to my new email address. Not sure how they could have found the new email, the only link to MMOwned that I can think of is my subscriptions get sent there, however it's still not displayed anywhere publicly.

    Yeah this has gotten a few people which confused me :S Ah well good job the douche bags banned etc

  8. #8
    The-Eradicator's Avatar Contributor

    Reputation
    149
    Join Date
    May 2007
    Posts
    829
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some further info:

    I never got the email, nor am I infected.

    I clicked the .tk link when it was posted to the shoutbox, but I did not allow the Java applet to run.
    The most beautiful thing we can experience is the mysterious. It is the source of all true art and all science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: his eyes are closed.
    Albert Einstein

  9. #9
    lag's Avatar The ERP Chicken
    Reputation
    453
    Join Date
    Jan 2007
    Posts
    639
    Thanks G/R
    4/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you really want to hurt me?

    Marlo was here || idusy was here cause he feels left out || Im in ur sig , shardin ur letters - Flying Piggy || Errage was here- Wait, what? || ''Edge was here'' imo =P || Dragonshadow's name makes this too long |2d is hot|

  10. #10
    Reflection's Avatar Legendary
    Reputation
    783
    Join Date
    Mar 2008
    Posts
    3,377
    Thanks G/R
    1/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have deleted the file from the folder and from startup, closed the process and scanned my computer with ESET Nod32. Any suggestions on what to do other than that?

    Freelance Digital Artist
    https://reflectionartwork.deviantart.com
    You did not desert me
    My brothers in arms


  11. #11
    Ground Zero's Avatar ★ Elder ★
    Reputation
    1132
    Join Date
    Aug 2008
    Posts
    3,504
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Reflection View Post
    I have deleted the file from the folder and from startup, closed the process and scanned my computer with ESET Nod32. Any suggestions on what to do other than that?
    Change your MMOwned password.

  12. #12
    Nonominator's Avatar Banned
    Reputation
    30
    Join Date
    Apr 2007
    Posts
    489
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Apoc View Post
    A recent email was sent out from [email protected].

    It is a scam, and was not sent from us. Please disregard the email. If you did open the page, I highly suggest you scan your computer immediately.

    Kaspersky is known to find the virus coming from the page, as well as Microsoft Security Essentials.

    Also, open up your task manager, and search for 'cernel.exe' and kill the process.

    You'll find the downloaded exe in C:/Users/<your username>/AppData/Local/Temp/cernel.exe

    I do apologize for the intrusion attempt. (I take responsibility for this one, I wasn't quite fast enough to load the virus in a sandbox earlier)

    If you have any other questions, please don't hesitate to ask.

    Additional info:

    The IP address who took advantage of our system has been banned. (Unfortunately, a little too slow)
    Other measures have been put in place to avoid this happening again in the future.

    We are NOT affiliated with the website mentioned in the email. If you want to play the REAL game, you may visit www.minecraft.net to play. (Yes, it's legit. And yes, it requires Java.)

    I guess you have some enemies... Maybe you should look into that further? I wouldn't go letting your site getting embarrassed over nothing.
    MMOWNED.com got OWNED...

  13. #13
    DjKuja's Avatar Member
    Reputation
    35
    Join Date
    Jan 2007
    Posts
    132
    Thanks G/R
    0/0
    Trade Feedback
    1 (100%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    its also found in windowsdrive:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

    anyone know how to remove it from msconfig startup? once you untick it, it gets ticked again.
    Last edited by DjKuja; 04-26-2010 at 02:24 PM.

  14. #14
    T1B's Avatar Elite User
    Reputation
    369
    Join Date
    Apr 2006
    Posts
    656
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Annyone care telling what it doest? Keylogger? Cookiestealer? w/e ?

    Removed it before entering my info somewhere, but if its a cookiestealer or something similar i could still be f'ed

  15. #15
    Apoc's Avatar Angry Penguin
    Reputation
    1387
    Join Date
    Jan 2008
    Posts
    2,750
    Thanks G/R
    0/12
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by T1B View Post
    Annyone care telling what it doest? Keylogger? Cookiestealer? w/e ?

    Removed it before entering my info somewhere, but if its a cookiestealer or something similar i could still be f'ed
    Trying to find the .exe again so I can document it properly.

    If anyone happens to have it laying around, I'd appreciate you sending it to me.

    From what I can tell; it is more or less a cookie stealer.

Page 1 of 3 123 LastLast

Similar Threads

  1. Account Hack (Email Scam)
    By immortal1983 in forum WoW Scam Prevention
    Replies: 162
    Last Post: 08-05-2007, 02:26 AM
  2. Paypal Email Scam-UPDATE
    By Decayd in forum WoW Scam Prevention
    Replies: 3
    Last Post: 07-31-2007, 06:00 PM
  3. new text for email scam
    By m0rbidang3l in forum WoW Scam Prevention
    Replies: 7
    Last Post: 07-30-2007, 12:11 PM
  4. Account hack with email scam
    By immortal1983 in forum WoW Scam Prevention
    Replies: 172
    Last Post: 07-14-2007, 02:02 AM
  5. Twist on the MD blizzard Email scam
    By Memphiz in forum WoW Scam Prevention
    Replies: 7
    Last Post: 06-03-2007, 02:42 PM
All times are GMT -5. The time now is 10:12 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search