 | Welcome to Dnforum.com
You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast and simple so please, join our community today!
If you have any problems with the registration process or your account login, please contact us. |  | 
03-11-2008, 01:54 PM
|
#641 (permalink)
| | Never Sleep ..
Name: Stian Last Online: Today 04:50 AM Join Date: Jan 2007
Posts: 3,983
DNF$: 622 Location: www.ehot.net
Country: 
| Quote:
Originally Posted by liberator  Adaware, and other spyware detectors, will not remove keyloggers unless they are very obvious. | I can guarantee you that both Ad-Aware and SpyBot is updated daily with information on all thinkable versions of different keyloggers and how to detect them. If your (updated) AdAware/SpyBot application can't detect the keylogger, neither can Symantec products or any other antivirus application. Removing virii/spyware/malware/trojans is part of what I do for a living. | 
|  | |
03-11-2008, 01:56 PM
|
#642 (permalink)
| | Wordpress Design
Name: Tony Last Online: Today 05:53 AM Join Date: Apr 2007
Posts: 2,323
DNF$: 8,224 Location: New York
Country: 
| so....Stian...we are ok if we run Ad-Aware from time to time? | 
| | |
03-11-2008, 02:00 PM
|
#643 (permalink)
| | Never Sleep ..
Name: Stian Last Online: Today 04:50 AM Join Date: Jan 2007
Posts: 3,983
DNF$: 622 Location: www.ehot.net
Country:
| Quote:
Originally Posted by tonyfloyd so....Stian...we are ok if we run Ad-Aware from time to time? | First run AdAware in safe mode without networking (Full System Scan, not "Smart Scan"), remove any malware if detected. Restart in safe mode, run SpyBot and let it scan through. Remove any malware detected, if any.
This should keep this shit off your computers. Of course there is no guarantee, but if you at the same time have a good firewall and live antivirus-service running, then you should be pretty safe. | |
| | |
03-11-2008, 02:01 PM
|
#644 (permalink)
| | Moderator
Last Online: Today 05:37 AM Join Date: Jun 2004
Posts: 1,428
DNF$: 1,153 Location: Jaipur
Country: 
| @kamloops - I removed your live link. However, what language is the above content in? | |
| | |
03-11-2008, 02:03 PM
|
#645 (permalink)
| | DNF Addict
Name: John J. Last Online: Today 12:13 AM Join Date: Feb 2003
Posts: 2,558
DNF$: 1,972 Location: Neither here nor there
Country: 
| Luckily I have been out of the game while a lot of this was going on and it appears that it has been going on since '06. I'm sure that all of you have realized that this guy isn't 16 years old. If he was that would have made him 14 when he started. Anyway just a tad bit of input. I think there is a issue with this using someone else's whois info. In the past couple of months I've received transfer requests myself on names I've never owned. And I might add they were pretty decent names. I've likely dumped the emails by now but going to look back through them and do little digging if I can.
Also as far as package drop-off. It is very common in these types of scams to have packages dropped off at locations that aren't associated with the scammer. It's assumed this is an apartment complex. Well if you think about it many apartment complexes have empty apartments. The delivery guy isn't likely to know this so he/she just drops the package off. Scammer knows the delivery time so he/she just sits and waits. This sort of thing also happens at empty houses.
And like others have stated we need to consider what we are doing when making transactions. There have been several people that have stated they "thought" it seemed fishy but went ahead any way. Maybe it's just because I'm not big on fish but when something smells fishy to me I don't eat it.  There should be no reason why someone can't divulge their information.
And last but not least and I hate to be the one to say this. But how long has the appraisal scams been going on? As long as I can remember. The "feds" have done nothing as far as I can tell about that. Or maybe appraisal scams and domain scam is one in the same? Either way this person is very domain savvy and it wouldn't surprise me in the least if it turns out to be someone among us and like someone else said maybe even here at this very moment under another name. From my experience with a crooked individual in the past. He portrayed himself as an upstanding citizen but he did what he had to do to support his lavish and drug addicted lifestyle and that generally involved screwing people over. Funny thing about this fact is he was involved with one of these names.
__________________  | |
| | |
03-11-2008, 02:26 PM
|
#646 (permalink)
| | Platinum Lifetime Member
Last Online: Yesterday 11:12 AM Join Date: Mar 2006
Posts: 391
DNF$: 1,261 Location: Kamloops
| I dont know what laugauge it is, wish I did, one of the files is in english.
And there is some very private info in there logged, Id and passwords for web based email accounts on Yahoo and Aol
I tried one and it worked. Plus there was enough info to steal domains.
Its easy to see how these guys are stealing them now!
Not sure what I should do with this info, wish I could figure out how I got into the root to get those files as there was so much more there as well. Maybe enought to nail these guys!
I think it is turkish, using the whois info for the site I found this about the guy xremotex@hotmail.com
Age: 22
Gender: Male
Location: istanbul, Turkey
Last edited by Kamloops; 03-11-2008 at 02:31 PM.
Reason: Automerged Doublepost
| |
| | |
03-11-2008, 02:32 PM
|
#647 (permalink)
| | DNF Addict
Last Online: Today 12:51 AM Join Date: Jul 2005
Posts: 1,792
DNF$: 2,928 Location: Canada
Country: 
| From what I have been told there are sites that have a main goal of hacking and selling yahoo/hotmail etc accounts. Almost a game to them but when they couple it with domaining we see the results. Can they target a email, they must and so where there is a will there is a way. Someone told me they find old files on an old email and use that info ? I am not the best tech guy so it is all mumbojumbo to me. | |
| | |
03-11-2008, 02:36 PM
|
#648 (permalink)
| | Platinum Lifetime Member
Last Online: Today 12:23 AM Join Date: Nov 2007
Posts: 1,563
DNF$: 0 Location: Toronto, Canada
Country:
| Quote:
Originally Posted by TheLegendaryJP From what I have been told there are sites that have a main goal of hacking and selling yahoo/hotmail etc accounts. Almost a game to them but when they couple it with domaining we see the results. Can they target a email, they must and so where there is a will there is a way. Someone told me they find old files on an old email and use that info ? I am not the best tech guy so it is all mumbojumbo to me. |
The most common way i know of JP is usually by phishing. They send you an email and try to get you to login with your username and password. If you do so it is forwarded to their address. If you fall for it, there goes your email account. | |
| | |
03-11-2008, 02:42 PM
|
#649 (permalink)
| | Never Sleep ..
Name: Stian Last Online: Today 04:50 AM Join Date: Jan 2007
Posts: 3,983
DNF$: 622 Location: www.ehot.net
Country:
| Quote:
Originally Posted by Kamloops I dont know what laugauge it is, wish I did, one of the files is in english.
And there is some very private info in there logged, Id and passwords for web based email accounts on Yahoo and Aol
I tried one and it worked. Plus there was enough info to steal domains.
Its easy to see how these guys are stealing them now!
Not sure what I should do with this info, wish I could figure out how I got into the root to get those files as there was so much more there as well. Maybe enought to nail these guys!
I think it is turkish, using the whois info for the site I found this about the guy xremotex@hotmail.com
Age: 22
Gender: Male
Location: istanbul, Turkey | Dude, be careful. What you are reading is keylogs from other victims computers. | |
| | |
03-11-2008, 02:45 PM
|
#650 (permalink)
| | Platinum Lifetime Member
Name: Jason Last Online: 07-22-2008 05:02 PM Join Date: Jan 2007
Posts: 342
DNF$: 257 Location: Canada
Country:
| I was unaware of that pcproffenno thanks for the info 
Anyone who visited the link I'm in the middle of decrypting the javascript, visited with a secure browser no js no flash no actionscript, search for a file named jpeg.exe,not sure if there are valid exe's with this name thats just what he's named one file, that is one mentioned early. I'll update you as I get more decrypted.
Cheers,
Jay
__________________
Snails.ca - Caterpillars.ca - Swans.ca | |
| | |
03-11-2008, 02:46 PM
|
#651 (permalink)
| | Platinum Lifetime Member
Last Online: Yesterday 11:12 AM Join Date: Mar 2006
Posts: 391
DNF$: 1,261 Location: Kamloops
| Quote:
Originally Posted by pcproffenno Dude, be careful. What you are reading is keylogs from other victims computers. | I just want to do the right thing. If it can help nail these guys or save someone else from been a victim I will do what I can.
I am not the type to just sit back and do nothing. Quote:
Originally Posted by liberator I was unaware of that pcproffenno thanks for the info
Anyone who visited the link I'm in the middle of decrypting the javascript, visited with a secure browser no js no flash no actionscript, search for a file named jpeg.exe,not sure if there are valid exe's with this name thats just what he's named one file, that is one mentioned early. I'll update you as I get more decrypted.
Cheers,
Jay | hey when I was in the root I saw that file jpeg.exe and others. Kool I hope you find out more, I really want to know what it did or tried to do.
Last edited by Kamloops; 03-11-2008 at 02:48 PM.
Reason: Automerged Doublepost
| |
| | |
03-11-2008, 02:57 PM
|
#652 (permalink)
| | Platinum Lifetime Member
Name: Jason Last Online: 07-22-2008 05:02 PM Join Date: Jan 2007
Posts: 342
DNF$: 257 Location: Canada
Country:
| Looks like it uses activex to download jpeg.exe to your computer. It uses GetSpecialFolder(2) which points to a temporary internet folder. Then uses ShellExecute execute the file!
If you viewed the page with javascript, most likely need activex on as well, search for jpeg.exe located in a temp internet folder. I don't know what happends after it is executed as I'm not downloading the file.
Hope that helps
Jay
__________________
Snails.ca - Caterpillars.ca - Swans.ca | |
| | |
03-11-2008, 03:13 PM
|
#653 (permalink)
| | DNF Addict
Last Online: Today 05:25 AM Join Date: Mar 2006
Posts: 1,285
DNF$: 1,933 Location: Matthews, NC. US
| Damn, that's exact same pm I got.
Guess I wasn't the only one. Quote:
Originally Posted by Kamloops Not sure where to post this -
I recieved a PM over at the other Forum and it wants you to go to a site, DOT NOT GO THERE
Do not go to hxxp://www.istnight.com.
I believe it will install a keylogger on your machine! I somehow got into the root of the site and was able to look at all the files, I downloaded a couple of TXT files named MK-keylog.txt and REG-160-keylog.txt. The contents of those files are information logged which looks like conversations with Tech Support at Register.com
They may have installed a keylogger there?
This is really bad, I am not sure if I have it installed on my machine but as soon as I went to that site I knew something was not right as it just says wait 10 seconds, I stopped it right away and then somehow got into the root, so I snooped around there.
This must be how the domains are been stolen! If anyone wants the TXT files let me know.
And if you have an idea on how I can check to see if I have a keylogger intstalled please PM me.
I see the member is Banned now.
This is the PM from a Member -
Atech
Banned
Trader Rating: (0)
Join Date: Mar 2008
domains about
your domains with 450$ for me
okay ?
my list hxxp://www.istnight.com look at , 16k$ .. | | |
| | |
03-11-2008, 03:22 PM
|
#654 (permalink)
| | Platinum Lifetime Member
Last Online: Yesterday 11:12 AM Join Date: Mar 2006
Posts: 391
DNF$: 1,261 Location: Kamloops
| Quote:
Originally Posted by copper Damn, that's exact same pm I got.
Guess I wasn't the only one. | Did you get that PM here? Or over on the other domain forum.
Who was it from? Did you go to the site? | |
| | |
03-11-2008, 03:22 PM
|
#655 (permalink)
| | Platinum Lifetime Member
Name: B0B Last Online: 07-22-2008 05:28 PM Join Date: Sep 2007
Posts: 63
DNF$: 0 Location: New Ganada, Cal
Country:
| Quote:
Originally Posted by tekz999 We are making this part of history!
This has to be one of the biggest flame war on the dnf!
610 replies and 17,025 views! | This isn't a "flame war" -- this is a community coming together to expose a domain scammer as well as the other conspirators in this fraud.
All the information on this thread has been indexed by Google and will more than likely reside there for generations to come.
It's amazing what the Internet can do. It's even more amazing what a mis-guided 16-year old could do with a little help from his friends.
__________________ Calif.Bob @ Gmail.com www.LockOurRate.com .net .org also available. PM Serious Offers Only | |
| | |
03-11-2008, 03:23 PM
|
#656 (permalink)
| | Platinum Lifetime Member
Last Online: Yesterday 11:12 AM Join Date: Mar 2006
Posts: 391
DNF$: 1,261 Location: Kamloops
| I dont think I got infected. I did install this which the reviews seem good http://www.snoopfree.com/PrivacyShield.htm
Will detect any keyloggers | |
| | |
03-11-2008, 03:27 PM
|
#657 (permalink)
| | DNF Addict
Last Online: Today 05:25 AM Join Date: Mar 2006
Posts: 1,285
DNF$: 1,933 Location: Matthews, NC. US
| Quote:
Originally Posted by Kamloops Did you get that PM here? Or over on the other domain forum.
Who was it from? Did you go to the site? | On other forum.
sent from Atech
I did go to the site.
I got off the site as soon as I see "loading" or whatever it said.
I am going to have to scan my notebook. | |
| | |
03-11-2008, 03:30 PM
|
#658 (permalink)
| | Platinum Lifetime Member
Last Online: Yesterday 11:12 AM Join Date: Mar 2006
Posts: 391
DNF$: 1,261 Location: Kamloops
| Quote:
Originally Posted by copper On other forum.
sent from Atech
I did go to the site.
I got off the site as soon as I see "loading" or whatever it said.
I am going to have to scan my notebook. | Look for that jpeg.exe file | |
| | |
03-11-2008, 03:39 PM
|
#659 (permalink)
| | Platinum Lifetime Member
Name: Gareth Last Online: 07-14-2008 04:10 PM Join Date: Oct 2007
Posts: 472
DNF$: 710 Location: United Kingdom
Country: 
| Quote:
Originally Posted by pcproffenno I can guarantee you that both Ad-Aware and SpyBot is updated daily with information on all thinkable versions of different keyloggers and how to detect them. If your (updated) AdAware/SpyBot application can't detect the keylogger, neither can Symantec products or any other antivirus application. Removing virii/spyware/malware/trojans is part of what I do for a living. | Agree, my only other tip would be that if you suspect a virus and it hasn't been detected, some trojans will attack the anti-virus software and disable it so to speak. Thus when running it, it will appear that your system has no virus.
You can always uninstall your anti-virus software and reinstall it to avoid these issues. Just depends how intelligent the virus is that you have.
Always disconnect from source like someone else said and then start installing and running checks.
I personally like Zone Alarm (seems to use less system resources than Norton), Firewall, Antivirus, Spyware protection, email protection, instant messenger protection. You get what you pay for really. | |
| | |
03-11-2008, 03:43 PM
|
#660 (permalink)
| | Platinum Lifetime Member
Name: B0B Last Online: 07-22-2008 05:28 PM Join Date: Sep 2007
Posts: 63
DNF$: 0 Location: New Ganada, Cal
Country:
|
Quote:
Originally Posted by Kamloops I dont know what laugauge it is, wish I did, one of the files is in english.
And there is some very private info in there logged, Id and passwords for web based email accounts on Yahoo and Aol
I tried one and it worked. Plus there was enough info to steal domains.
Its easy to see how these guys are stealing them now!
Not sure what I should do with this info, wish I could figure out how I got into the root to get those files as there was so much more there as well. Maybe enought to nail these guys!
I think it is turkish, using the whois info for the site I found this about the guy xremotex@hotmail.com
Age: 22
Gender: Male
Location: istanbul, Turkey |
I ran the email address, xremotex@hotmail.com, through RapLeaf.com and found a photo of the user who's online identity is | |
