[QUOTE=Cpt. Cakes;48608773]I have played with him. I have scanned my computer, no virus. Should I still format my computer and reinstall windows?[/QUOTE]
To be safe, yes. He/They have remote access to a lot of stuff:
[quote]
[+]Remote Desktop, Remote Webcam, and Client Manager
[+]Fast Reverse SOCKS 5 Proxy
[+]System Wide Ring3 Rootkit (x86 Processes) With Process Watchdog
[+]Advanced Process, File, and Startup Persistence
[+]Powerful Heuristic-Based Bot Killer (Anti-Malware)
[+]Blacklist Software and Processes. Luminosity removes them!
[+]SmartLogger (Logs all Keystrokes, - Specify certain programs to record separately)
[+]Download Manager - Resume/Pause/Cancel Transfers, Proper File Queue, Organized well
[+]File Grabber - Search for file on client, and queue it for download. Can search certain process directories and much more!
[+]Google Chrome, FireFox, IE, Opera, Safari, FileZila, and Win Serial Key Recovery
[+]Outlook (all versions), Windows Mail, Thunderbird, Yahoo Mail, and more Recovery
[+]File Guard - Guard Executable Files (Other RATs, keyloggers, etc) - Takes care of Undetection, Persistence, and Startup!
[+]Easy-to-Use Crypto Currency Miner - Injects miner files.
[+]Website Visitor - 4 View Methods - Mute Audio
[+]Client Info - Manage and Grab Info Regarding Clients
[+]Torrent Seeder
[+]Extensive On-Join Commands | Client ID/Version/Client Name |
[+]HTTP Control - Send Commands via Webpage Encrypted
[+]Remote Scripting (HTML/VBS/BATCH)
[+]Block installation and use of any specified software
[+]Tons more features...And more being added![/quote]
If you haven't checked already, see if there was a svchost.exe file in your Source SDK 2013 folder next to hl2.exe
Turn on hidden files, it might be hidden as well.
I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?
[QUOTE=Sugnod;48608855]I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?[/QUOTE]
No.
[QUOTE=Sugnod;48608855]I have an svchost.exe file in my System 32 folder, said it was created in 2009, that's not it, is it?[/QUOTE]
If it matches the date of the compilation of the Windows 7 RTM build (July 13th) it's the one from Microsoft.
Don't seem to have the svchost with hidden files on as well, last one is from two months ago...despite this I have played on a match with tons of others and rubber was on there, shall I reset anything?
I've checked for the svchost.exe file, not there. It's not even where the virus normally installs itself.
I've done 3 scans. Nothing came up.
Pretty sure I played with RubberFruitFace on 1.9 actually, not 2.0
My TF2 items are also not stolen.
I use KeePass, a program that has the best password encryption.
I think I might actually be affected, also I don't have a webcam.
All it takes is someone to spray a malicious spray and everyone in the server is affected (if they have sprays on, and downloads turned on).
Basically, if you played with TheRubberFruitFace, or possibly his friends, there is a possibility they sprayed something and thus a possibility you might be infected.
I wouldn't take the chance, considering they have webcam access and see everything you're doing, have access to passwords, and will steal your Steam items (just like what happened to Yiffy). You might even get banned on FP or VAC banned.
I have a windows image backup from when before I played with him, would that work instead of formatting my system and reinstalling windows?
[QUOTE=danielmm8888;48608909][url]https://www.reddit.com/r/Steam/comments/3jja73/source_2013_mp_base_file_upload_and_execution/[/url][/QUOTE]
If you turn off the settings listed on here, you should be safe to keep playing TF2C for now, assuming you don't already have the virus.
[QUOTE=gamez7;48609019]If you turn off the settings listed on here, you should be safe to keep playing TF2C for now, assuming you don't already have the virus.[/QUOTE]
Don't start up the game.
As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing
Should I still reformat?
[QUOTE=Cpt. Cakes;48609042]Don't start up the game.[/QUOTE]
Agreed. While these settings should make playing tf2c or other mods safe, there's been conflict reports by people on the HLDS mailing list that apparently these settings don't do anything.
[QUOTE=-=NARH=-;48609050]As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing
Should I still reformat?[/QUOTE]
I should let everyone know here that an anti-virus saying "not found" doesn't mean you aren't infected.
If you have a svchost.exe file anywhere near your Source SDK folder then your computer definitely has been compromised. Deleting the file doesn't get rid of it, most intelligent things these days drop stuff in other folders and run in the background.
Reformat.
[QUOTE=-=NARH=-;48609050]As far as I know I haven't played with RubberFruitFace or his friends, but I did find the svchost file in my Source MP SDK directory which I removed and after 3 different scans from 3 different security programs my computer shows up with nothing
Should I still reformat?[/QUOTE]
Yes you should!
[editline]3rd September 2015[/editline]
[QUOTE=Snowshoe;48609067]I should let everyone know here that an anti-virus saying "not found" doesn't mean you aren't infected.
If you have a svchost.exe file anywhere near your Source SDK folder then your computer definitely has been compromised. Deleting the file doesn't get rid of it, most intelligent things these days drop stuff in other folders and run in the background.
Reformat.[/QUOTE]
Hey, I have a system image backup from before I played with RubberFruitFace. Can I use that instead of reformatting my computer?
I'm a computer idiot and never created an image backup.
Is there still a way to reformat my hard drive without losing windows 8?
On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days
[QUOTE=Cpt. Cakes;48609074]Yes you should!
[editline]3rd September 2015[/editline]
Hey, I have a system image backup from before I played with RubberFruitFace. Can I use that instead of reformatting my computer?[/QUOTE]
If it's the windows 7 / windows 10 downgrade thing, I don't think it will help because that method preserves some stuff such as programs.
If it's an actual disk image that overwrites everything on your hard drive- possibly. Depends if you were playing the TF2C beta at all during that period, the exploit could have happened then as well.
Like NARH, you don't specifically have to play with RubberFruitFace to be infected. It could be anyone that knows of the exploit.
[QUOTE=Trilby Harlow;48609104]On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days[/QUOTE]
Turn on HWM models.
[QUOTE=Trilby Harlow;48609104]On another topic entirely, since cosmetics aren't ever going to be a thing, would touching up the playermodels ever be on the radar? Stuff like engie's 90+ degree edging on his gloves, pyro's lumpy head with unused edgeloops, medic's lensless glasses or other just generally lowpoly unpleasantness? 2007 was a long time ago, 2,400 triangles for a playermodel is sub cellphone game territory these days[/QUOTE]
Turn on HWM models.
[QUOTE=evilcake567;48609100]I'm a computer idiot and never created an image backup.
Is there still a way to reformat my hard drive without losing windows 8?[/QUOTE]
Use the reset function in PC Settings.
Refresh may work since it'll obliterate Win32 apps but not WinRT apps. That said I wouldn't chance just refreshing and hoping it went away.
So basically I gotta remove EVERYTHING on my computer, no chance of making a backup and reformatting?
EDIT: Great. Tons of unfinished mods and other stuff gone all because of some fucking script kiddies
The person who found the exploit said that it is not related to sprays, but to sound files.
[IMG]http://i.imgur.com/57N53tS.png?1[/IMG]
From [url]https://www.reddit.com/r/Steam/comments/3jja73/source_2013_mp_base_file_upload_and_execution/[/url]
Also, the image backup I made was from a time where TF2C wasn't even downloaded on my computer.
It's an actual disk image, I have one hard drive that only has it on there. Folder named "WindowsImageBackup"
So, I will use that.
I guess "soundsprays" then.
MeeM Virus?
I spent over $150 on steam so I might not play until the patch. :/ Fuck TheRubberFruitFace.
[QUOTE=Game Zombie;48609111]Turn on HWM models.[/QUOTE]
no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched
[T]http://puu.sh/jZ0cF/849de69704.jpg[/T]
as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups
[QUOTE=Trilby Harlow;48609160]no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched
[T]http://puu.sh/jZ0cF/849de69704.jpg[/T]
as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups[/QUOTE]
Oh god his face lookin fine.
"Some files are missing. Your windows installation or recovery method will provide these files"
Am I fucked, or am I fucked.
[QUOTE=Trilby Harlow;48609160]no i know about HWM, they fix some things, like collars and adding super high detail hands, but in some places they're untouched
[T]http://puu.sh/jZ0cF/849de69704.jpg[/T]
as an example, Scout's hat, headset and statchel band are still pretty chunky on the HWM models too, i'm talking complete touchups[/QUOTE]
[img]https://dl.dropboxusercontent.com/u/31115055/ShareX/2015-09/2015-09-03_15-27-26.png[/img]
Considering proper sources for the HWM models are a bitch to get there will always be parts of the model that look a bit blocky
[QUOTE=evilcake567;48609200]"Some files are missing. Your windows installation or recovery method will provide these files"
Am I fucked, or am I fucked.[/QUOTE]
It was that moment Cake knew, he fucked up.
Make sure you guys don't have the map dm_dustbowl, it comes with a wav that infects you.
The wav is called weapon_nailgun, btw.
Sorry, you need to Log In to post a reply to this thread.
Team Fortress 2 Classic V3
