Hi, there are quite a few viruses and worms on Kazaa.

Come across one? post details here so others can avoid them.







Avoid anything which was created by '[SH]' coz it is a beastly worm which loadsa people av got.

Or you can just check here (http://securityresponse.symantec.com/)

Beware of anything claiming to be a Keygen or NoCD Crack. I've found viruses in several of them. Just to be safe you should always scan every file you get from P2P before opening it.

Originally posted by Nightwolf@1 February 2004 - 21:33
Beware of anything claiming to be a Keygen or NoCD Crack. I've found viruses in several of them. Just to be safe you should always scan every file you get from P2P before opening it.
yes! beware because not even avg nor norton detected the one i had.
i only noticed zone alarm was killed somehow and virus had free access to everything.
i checked all startup enviroment (inis registry autoexec startup folder and found nothing)

if u want keygens i strongly recomend taking a few hours searching the web than destroying years of work with a single click.

if u only have games, its not such a big deal, keygens downloaded from crack sites usually are ok, but not allways

edit*
yes i forgot to say it was a starcraft update, because battlenet allows only updated versions to play online, and official update was available but no loader worked with it (no cd)

almost all files i downloaded were viruses of 1 kind and its mutations, the one infecting me was reported 'clean' :angry:

I always get my cracks from websites now (megagames, gamecopyworld, crackfind). But I still always scan them before opening, just to be safe.

www.unknowncheats.com , no cd gracks.

Originally posted by supersonic@1 February 2004 - 22:46
www.unknowncheats.com , no cd gracks.
???

That website doesn't seem to exist..

Originally posted by Nightwolf+2 February 2004 - 04:07--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Nightwolf @ 2 February 2004 - 04:07)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-supersonic@1 February 2004 - 22:46
www.unknowncheats.com , no cd gracks.
???

That website doesn&#39;t seem to exist.. [/b][/quote]
i think its against the rules to post direct links to crack sites.

btw i have my own &#39;asta***sta lite&#39; search engine which means u get tha crack/keygen directly form web with no popups. it filters out all tags/objects and releases only allowed ones, so its damn safe to search/surf cracksites through it (except the zip itself containing a virus)

almost 3 years beeing up now, but my heart akes noone actually used it because noone knew it existed, but it makes my life easyer anyways.

Originally posted by cselik+2 February 2004 - 16:50--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (cselik &#064; 2 February 2004 - 16:50)</td></tr><tr><td id='QUOTE'>
Originally posted by Nightwolf@2 February 2004 - 04:07
<!--QuoteBegin-supersonic@1 February 2004 - 22:46
www.unknowncheats.com , no cd gracks.
???

That website doesn&#39;t seem to exist..
i think its against the rules to post direct links to crack sites.
[/b][/quote]
Yeah I know, but the site he posted doesn&#39;t exist anyway. I was wondering if he misspelled it, or just made it up.

Many of them use ini files instead of / as well as registry. (these files can be found in windows directory/folder)
WIN.INI:
&#91;windows&#93;
load=c&#58;&#092;path&#092;to&#092;virus.exe;c&#58;&#092;some&#092;other&#092;virus.exe
SYSTEM.INI:
&#91;boot&#93;
shell=c&#58;&#092;path&#092;to&#092;virus.exe
SCRNSAVE.EXE=c&#58;&#092;some&#092;other&#092;virus.exe
(system.ini [boot] shell= should be Explorer.exe)

windows NT/XP has a different method of changing the shell

http://www.nohack.net/methods.htm

This page shows every possible method to tell windows to run a program when windows boots up.

Kazaa Worm - WORM_XMS.A (Low Risk)
This peer-to-peer worm runs on Windows 95, 98, NT, 2000, ME, and XP.
Upon execution, this worm drops a copy of itself named XMS32.EXE in the Windows system directory.

If the Kazaa utility is installed in the infected system, the malware creates the directory, %Windows%&#092;sCache32. Then, it drops multiple copies of itself in this directory with any of 82 possible names. It sets the attributes of these copies to hidden. It also adds a random amount of garbage data to the end of each copy so that the file size of each is different from the others. It typically takes several minutes for the malware to generate all of its copies, which results in performance degradation of the infected system.

This malware drops and executes a file, SYSTEM32.EXE, in the Windows system directory. This is a backdoor server program that compromises system security by opening the infected system to remote access. Trend Micro detects this malware as BKDR_RAMDAM.A. Once running, this program listens and waits for connection attempts from a remote user, using the client component of the backdoor program. It receives IRC commands from the remote user to connect to other IRC servers, causing the affected system act like a bot. After dropping BKDR_RAMDAM.A, the malware terminates.

FAKE NAMES USED:

2 Find MP3 8.2.0.exe
AC3-MP3 converter.exe
ACDSee 5.5b.exe
ACDSee Classic 2.79.exe
Ad-aware 6.5 (new).exe
Adobe Acrobat Reader 5.6.exe
Adobe PhotoShop 7.1 crack.exe
All Editor 3.0b.exe
AOL Instant Messenger 6.1.exe
Auction Sentry (new).exe
AudioLabel CD Labeler 3.0 (+crack).exe
Battlefied1942 Pack4 (crack+bloodpatch).exe
BearShare 5.1.1.exe
C&C Generals Pack2 (new patch).exe
Complete UK Music Database 4.2.exe
DirectDVD 4.9.exe
DivX Bundle 6.2.exe
DivX edit (new).exe
DivX Video Bundle 5.5.1.exe
Download Accelerator Plus 6.3.exe
DvD Rip guide (+tools) st0rm.exe
Dynamite Downloads.exe
Easy CD Creator Software Update.exe
FlashFXP (keygen).exe
FreeRip 4.30.exe
Genie Stream 3.2.4.exe
GetRight 5.5 + crack.exe
Global DiVX Player 2.0.1.exe
Gothic 2 (m-patch).exe
Grokster 2.0.exe
Hacker Tutorial (by ph3Akz).exe
Half-Life keygen (+ogc hack).exe
HL keys (working).exe
I.G.I. 2 (new crack).exe
ICQ Lite beta (b2253).exe
ICQ Pro 2003a beta (b4600).exe
iMesh 4.1 beta.exe
iSnipeIt 5.0c.exe
James Bond 007 Nightfire crack.exe
Kazaa Media Desktop 2.5.exe
Kazaa Skins 1.8.exe
KaZooM MP3 Kazaa Accelerator 2.5.exe
Medal Of Honor (Allied Assault) crack.exe
Microangelo 6.0b.exe
mIRC 6.x addon patch.exe
mIRC s3th war-script.exe
Morpheus 2.6.exe
MP3 cut pro 3.0.exe
MSN Messenger 5.5.10.exe
Need for Speed 6 (new cars + crack).exe
NeoNapster 3.92.exe
Nero Burning ROM 5.8.2.4.exe
Network Cable + ADSL Speed 2.0 (beta).exe
New Nvidia (geForce) drivers (beta).exe
Nimo Codec Pack 9.0 (stable).exe
Nvidia Detonator XP Drivers (Windows XP/2000).exe
Operation Flashpoint (bloopatch).exe
Patch Creator 3.5a.exe
PhotoShow 3.1.exe
Pop-Up Stopper 4.0 (beta).exe
Ps2 to Pc tutorial (+tool).exe
QuickTime 7.2 (new).exe
Raven Shield 5.32 crack.exe
RealJukebox Basic 2.8.exe
RealOne Free Player 2.8.exe
RemoteSpy 1.5.exe
Sim City 4 crack.exe
Splinter Cell crack.exe
TitJiggle (flash game).exe
Trillian 0.8 + plugins.exe
UniversalFlood (4.8b).exe
Unreal2 (2.8) crack.exe
UT2003 multi-crack (new).exe
Warcraft3 battle.net(2.5) crack.exe
Window Washer 4.8.exe
WinMX 3.5.1.exe
WinRAR 3.8.exe
WinZip 8.3b (crack).exe
WinZip 9.0 SR-1.exe
Wippit 2.1 (beta).exe
WS_FTP LE 6.0.exe
XViD bundle (codec+tutorial).exe

Originally posted by Switeck@3 February 2004 - 02:20
TitJiggle (flash game).exe

:lol:

Lucky I never downloaded that one. The name alone would have enticed me to open it.