RealPhx
Results 1 to 6 of 6

Thread: RealPhx

  1. #1
    Senior Member
    Join Date
    May 2003
    Posts
    407

    Post RealPhx

    Now this really isn't a virus, it's actually adware, but thisis the closest forum i could find for it...well, rercently i have been seeing a lot of links in peoples AIM profiles to either www.realphx.com or www.talkstocks.net ... when you click on either one of those sites, a windows pops up asking you to download a "plugin" for IE, when in fact, it clearly states at the bottom of the page that this is adware. once you go to the site, you are trapped in a loop between saying no to downloading it, and clicking ok to the download aborted you must click yes box, whihc brings you right back to the first box. then, after a few more clicks, it asks you to download either iav.hta ot detour.hta, both of which are adware. even worse, if you dowenload it, then want to remove it, the link on the bottom of the page that says "Click here to remove our adware from your computer" does not work. just thought i'd give the heads up...



    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well!

    That was the best DoS attack I have tried in ages

    I locked up and had to do a cold boot to get back............I guess that my "countermeasures" behaved like a "pack of mountain lions with a jackrabbit thrown between them"

    For P2P stuff, I recommend having a look at this site, it is worth a visit anyway http://www.bitdefender.com/

    You should also look at your ActiveX security settings................and set java to high security?


    Just a few thoughts

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Junior Member
    Join Date
    Nov 2003
    Posts
    1
    I had realphx on my computer, i hate who ever created that haha. I went through registery and deleted it.

  4. #4
    Member
    Join Date
    Nov 2003
    Posts
    30
    That seems to be running rampid thru AIM. Many users profiles have it listed in there. Here's what Syamantec thinks the program is.

    Scan type: Realtime Protection Scan
    Event: Virus Found!
    Virus name: Trojan.Sinkin
    File: C:\WINDOWS\b.exe
    Location: C:\WINDOWS
    Computer: AMD450
    User: Amy
    Action taken: Clean failed : Delete succeeded : Access denied
    Date found: Tue Nov 18 21:57:17 2003

    What do you say we tell Mr. Ryan Lakey @ admin@realphx.com what we think of his program. This could be a fake name but its a pretty good place to start. here is info from realphx and talkstocks.net. Notice they are the same contact info. I am on a mission to find this guys email and home phone number and publish it to the hacker community. These sites took advantage of many users at his expense. i am out for revenge. I have already started by reporting them to abuse@peer1.net which is the host of that IP range. I plan to do muh more.

    Registrant:
    RealPhx
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Domain Name: REALPHX.COM

    Administrative Contact:
    Lackey, Ryan admin@realphx.com
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Technical Contact:
    Lackey, Ryan admin@realphx.com
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Record last updated 11-10-2003 04:40:09 PM
    Record expires on 05-21-2004
    Record created on 05-21-2003
    ---------------------------------------------
    Registrant:
    RealPhx
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Domain Name: TALKSTOCKS.NET

    Administrative Contact:
    Lackey, Ryan admin@realphx.com
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Technical Contact:
    Lackey, Ryan admin@realphx.com
    C.F. Mollers Alle
    Aarhus, Not Applicable DK-8000
    DK
    +45.89421115


    Record last updated 11-10-2003 04:39:44 PM
    Record expires on 03-14-2004
    Record created on 03-14-2002

    Domain servers in listed order:
    NS1.LOUDHOSTING.COM 69.28.208.72
    NS2.LOUDHOSTING.COM 69.28.208.68

  5. #5
    Member
    Join Date
    Nov 2003
    Posts
    30
    here's some good information about them. this tells about all the people on the website right now that could be getting infected as you look at this.
    http://69.28.208.72///server-status

    both of the websites are run from this IP address. port scan shows many TCP ports open
    21 - ftp
    22 - ssh v1.99 OpenSSH 3.4p1
    389 -ldap
    25 smtp - Qmail toaster v1.0 smtp server ESMTP
    80 http - Apache
    110 pop3
    111 sunrpc
    143 - imap
    995 pop3s
    993 imaps
    3306 mysql

    The open UDP are
    53 - DNS
    68 bootpc
    111 rpc
    123 -NTP
    135 epmap
    137 netbios
    138 netbios -dgm
    445 Microsoft CIFS
    520 routed rip

    few alerts
    fam service running - you can run arbititrary commands as root
    couple MYSQL vulnerabilites
    Apache vulernabilities

    Critter
    http://www.chrisstokes.com

    Man, I hate it when people take advantage of the inexperienced users. That really pisses me off. I don't know about you all, but i intend on doing somethng about this situation. I will make sure the authorities take it down or else i will!

  6. #6
    Senior Member
    Join Date
    May 2002
    Posts
    344
    good stuff critter...anyways i am currently writing a tutorial on how to remove it all from your computer. Almost all of my friends have it on their machines and it is annoying to view their profile and to be constantly harrassed. Anyways, tutorial should be done by the end of this week...read it


    EDIT: well i got to excited and i finished my mini tutorial, you can go to http://www.antionline.com/showthread...hreadid=251135 and download it....i hope it fixes your problems
    Support your right to arm bears.


    ^^This was the first video game which i played on an old win3.1 box

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides