server.exe / server123.exe DO NOT DOWNLOAD/RUN

Discussion in 'Empire News' started by Aikar, Jul 31, 2012.

Thread Status:
Not open for further replies.
  1. Update: Issue occuring again on 8/10/12 with server123.exe and sohtt.exe

    I recommend joining us on IRC and taking a break from the site. You can chat with us on IRC and get updates on when its safe. Follow the instructions below:

    The site is experiencing an issue right now where a virus is trying to download/run on every page load called server.exe

    THIS IS NOT MEANT TO HAPPEN! It was not placed their by EMC staff, and should be blocked by any means necessary.

    Please sure you are running antivirus, I personally recommend

    This file will cause harm to your PC, and i'm trying my best to get ahold of Justin to get this resolved.

    Please hold tight and avoid this file. More details will follow from one of us as information is found.
  2. I also highly suggest Avast antivirus :p
  3. This is terrible
  4. Microsoft Security Essentials removed it (checked my history of virus')
    NissanHD likes this.
  5. If your on windows, and worried this might of been ran, check to see if this file exists:

    Open Start Menu, and in the search box type:

    Then see if the file 360SP2.dll exists.

    If it does, you've likely been infected and recommend running Avast scan and Malware Bytes immediately.
    vividOptimism likes this.
  6. Win32/FarFli.K its called

    Btw MSSE /\ "Quarentiented" it make sure to load MSSE up History look through those lists with the O's and Remove All
  7. nope im clean :D
  8. i haven't seen it
  9. What if your on mac?
  10. Thanks for the warning. Looks like I'm ok, but I'm doing a Norton scan just in case.
  11. .exe doesn't start on macs :D
    hayleycolgan likes this.
  12. Why would I be asking if I didnt have a mac?
    nfell2009 likes this.
  13. .exe is a application that works only on Windows because Microsoft (keep typing minecraft) use Open Source will Apple use Closed Source code so they have to be passed by Apple to work on macs
  14. I'm all good. :)
  15. Ok so from our investigation it does not look like EMC itself was hacked, as the servers look fine and the issue is gone.

    Based on the evidence, we believe one of the other parent computers in the network chain may of been compromised (IE: The web host or network providers) in a way that would of affected more than just EMC.

    These are servers outside of EMC's control.

    Essentially, every web page you load typically actually passes through about 15-25 different computers first...
    if you ever have done a traceroute, this is those "hops" it mentions. However some "hops" are actually invisible to you once it reaches the final destination, but they are still there.

    If one of the computers in the middle of the chain gets hacked, they can modify everything that comes through them. We believe this is the case here, as what we saw doesn't make sense based on how EMC is configured for EMC to have been specifically targetted.

    Justin has wrote a quick monitoring tool that will alert him immediately if it sees the issue come back.
  16. Yay!
  17. Thanks Aikar. A good friend of mine in game told everyone to avoid the EMC website and said there was this virus. I told her I have had the site loaded on my browser all day today and never saw this. She said it might be the browser I'm using...which is Google Chrome.
    Jeanzl2000 likes this.
  18. Finally Someone else that has a mac!
  19. Why do you guys ask this? Those of us that use Macs are fine with them, or they're using Windows. It's getting annoying. -_-
    Not necessarily. Apple only has to approve the Mac App Store apps. Anything else just has to be packaged in a different format.
Thread Status:
Not open for further replies.