Posted:
07 Apr 2006 11:24by Camster
I ran a routine virus scan with McAfee and it picked up a VBS/gedza virus in my VSK4 Cache folder, within the file 15d0a7fa_Boats%5cAcc%5cTeamGER3.zip.zip McAfee seems to have been able to delete the virus without obvious problems.
I supect that this arrived via p2p skin download, but cant be sure. I reported it on the Official forum and had a reply that someone else had also found the virus and Kwasi says that the skin download has been stopped. The thread can be seen >>HERE<<
It seems a good idea to run a virus scan espescially of your Cache on a regular basis. Perhaps we should not use the TeamGER3 skin ??
What do the experts here think? Sandy
Edited By Camster on 1144401947
Posted:
07 Apr 2006 12:29by Kwasi
we should for sure not use the Ger3 Skin as long as we dont know, what the reason was. Actually there are some different versions of the skin and we are trying to find out, which one contains the virus.
The Downloads will remain unavailble (the locator files, too)
Posted:
07 Apr 2006 15:25by CAN uck
Does this mean we need to worry about downloading a virus every time we sail on line?
Don't we download p2p skins for every race?
:angry:
Better have a :beer: and settle down!
Posted:
10 Apr 2006 13:06by HolidayTours
Yes, you do... if you had check the box that allowed downloads in setting. Map and skins. And, your always take a risk when you download files from "outside". Even true games.
But in this case u have get it from a boat ho is enclosed in the fleet. So It don't necessary to be anything wrong on the original file.... the boat-owner could had repack it with the virus.
But it's good the original owner check there file to be sure its OK.
Rolf
A description:
Malware type: VBScript
Aliases: VBS.Gaggle.D, VBS/Gedza, I-Worm.Gedza, VBS/Lefarsi.A
In the wild: Yes
Destructive: Yes
Language: English
Platform: Windows 98, ME, NT, 2000, XP
Encrypted: Yes
Overall risk rating: Low
-----------------------------------------------------------
Reported infections: Low
Damage potential: High
Distribution potential: High
-----------------------------------------------------------
Description:
This destructive Visual Basic script file displays a picture of the popular Canadian singer, Avril Lavigne, when it is executed.
Depending on the value of the current system day, it may drop a file, display messages or open the Avril Lavigne Web site.
It also infects .XLS and .DOC files, and overwrites or appends itself to files with specific extensions.
It propagates via peer-to-peer file sharing networks by dropping copies of itself in a peer-to-peer shared folders, using interesting file names to entice users to download the files. It also propagates via Outlook Express by changing its stationary with a dropped worm copy.
It runs on Windows 98, ME, NT, 2000 and XP.
Edited By HolidayTours on 1144671283
Posted:
10 Apr 2006 17:26by CAN uck
Thanks Rolf that is what I suspected. Although I don't believe the risk is high it would be comforting to know that my virus checking program is screening these files as they are loaded onto my computer.
Do you or anyone else know if a program like McAfee Security Centre (this is the one I currently use on my XP computer) or any other virus protection program would be screening a download of this type - inside an online game, via p2p, etc.
Posted:
10 Apr 2006 18:52by admiral 1
it's visual basic, it needs to be executed....
don't think someone is going to execute something from the vsk cache. Surely not reading something from cache into a Microsoft kinda thing like excel or word that would execute such code contained in a file. Surely hope vsk doesn't execute vsb stuff..
...script kiddies.....