Forums Connection Issues G-lined (Trojan clients!)

I keep on getting disconnecting from irc and getting g-lined while trying to connect to QuakeNet.
Apparently I have som sort of trojan, cuz' I get this msg:

(20:40:48) * Connecting to de.quakenet.org (6667)
(20:40:48) -de.quakenet.org- *** Looking up your hostname
(20:40:48) -de.quakenet.org- *** Checking Ident
(20:40:48) -de.quakenet.org- *** Found your hostname
(20:40:49) -de.quakenet.org- *** Got ident response
(20:40:50) —› trojan clients.
(20:40:50) —› error: Closing Link: TeasR_ by b0rk.uk.quakenet.org (G-lined)
(20:40:50) * Disconnected

I have scanned my PC with AVG and removed whatever virusses and trojans there were, and even unistalled mIRC and reinstalled it, but it still doesn't work!!!

What am I to do ?

G-Line is a global ban on ALL servers in that network.. so try read about it on there www page, maybe also mail them and ask what to do.. www.quakenet.org

Judging from when that G-line kicks in, it seems to be based on either your hostname or ident - doesn't look like there was time for a portscan. Also, it gives the reason as "trojan clients" (plural), not "you are/have a trojan". So... a couple of possibilities:

It's possible that the network has had so much trouble with trojans from your ISP that they have simply banned the whole company - in which case you suffer even though it's not your fault.

IF this is the case, your choices are basically to change network, change ISP or wait until the situation is resolved. Not sure about Quakenet specifically, but some networks do publish the names of ISP's that they have banned for being unco-operative in dealing with problems like trojans.

Alternatively, it could be that your ident matches a pattern used by certain trojans. Try changing your ident, and see if that makes a difference.

In any event, ALSO run a good, up-to-date antivirus (or at the very least run an online one), and for extra surety, run an anti-trojan package like PestPatrol, too.

Good luck!

PastMaster

Before I do anything rash I think you should know something. I have a very strong feeling that I got it from this link:

<url deleted>

What can you say about it?

Hi,


I really hope that is NOT an infected trojan weblink.

I hope a moderator is reading this soon, so they can delete this link, because anybody reading this post, just might click on it and then we would have posts later saying "Well i clicked on an infected weblink and now i got a virus what do i do?"

Hope ya understand
ShadowDemon

Go to: this address and scan your computer.. and add it to your favorites, many new and old viruses/trojans and more infecting your computer, and when it does it disable your virus scanner.. so scan your computer atlest 1 time/week and make shure your computer havent got the flue

There are countless infected websites, posting one you suspect here risks other ppl clicking on it. You might try a channel on the network you are on that specializes in trojans and ask them about it (but ASK first, dont just post the url). On DALnet i'd suggest #nohack, but whether they would check the site out for you or not, i couldnt say.

Of course another useful tip is to use a browser which isn't completely vulnerable.
Or to put it another way: Another useful tip is to use a browser which isn't Internet Explorer.

Unfortunately, IE isnt the only browser with vulnerabilities of one sort or another. Regardless of the browser used, ppl have to use common sense, in what sites they view, in their settings, and be sure to get all patches, etc. I'd just as soon this thread didnt turn into another browser bashing thread please.

Well yeah, common sense is a must in web browsing, as with everything in life. But just the same I think you have to admit that IE has a far worse record when it comes to security vulnerabilities and has several easily-reproducible security holes in it at any given time, more than many other browsers, or at the very least there are far more web sites which exploit IE than with other browsers. Whether the reasons for this are because it actually is more vulnerable or bugged than other browsers or whether it's simply a result of having a 90% strangehold on the browser market is irrelevant, the fact is that IE users are at a far greater risk of being the victim of an exploit than those of other browsers. I think it's only fair that we should acknowledge that when there are so many people coming here looking for help with problems caused by the general ignorance that most internet users apparently have towards this subject.

I hang out on QuakeNet, which channel would that be then? #feds ? (reply to ParaBrat's 1st post)

On quakenet i would go to #help .. #feds is just allot of lazy ircops that never want to answer a question or help anyone.. they just hang there and kicking people for fun.. if you ask a question, then no one answer, and after a cupple of min u get kicked for idle.. so they dont even want to help there users. sad but true

I'm sure QuakeNet opers would argue that fact. People don't always have time to help due to real life.

Read this.

Regards,

I have been on quakenet for a long time now.. and not even once have a oper answered me when i wanted to talk to them in #feds.. and yes i have been there many times, was about to link a server to quakenet, but decided it wasnt worth it..

Like DALnet's #OperHelp, they probably get fed up with getting the same old questions, day in day out, when they have set up emails/websites to help with them - and of course, through ignorance, nobody takes any notice. Now I'm sure that QuakeNet isn't the largest IRC network in the world because their opers are lazy, bone idle good-for-nothings, and I *personally* don't think WE should be portraying that to users for any network.

If you think #Help is better than #Feds, just say it, I don't get why you need to go on to extensively insult the opers of QuakeNet. I'm sure, like us (!), that they take hours of their time to keep the network running as smoothly as possible - imagine the kind of abuse that is generated there, given the size of it.

Kind of digressing from the point of this thread now anyway, so I'll stop posting. Feel free to PM me if you wish to discuss this boring matter further :P

My 2 cents anyway.

Regards,

the same reson why you have to go on with it now.. DOH

All right, I found some help in #help .... This link is posted in their topic: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

But geez if I only knew wtf they were talking about :S

I'm no geek and I really don't wanna mess up my pc... A step-by-step guide from one of you? I tried following the one on the site but I didn't really make it work...

Thx for the help so far byw

That is just Symantec's info page on that virus. To remove it with those instructions you need Norton AntiVirus (2003/2004 preferably) but I assume you don't have it. There do seem to be registry changing instructions there, but I am personally not confident to do it myself, let alone guide someone else through it. I *HIGHLY* suggest you don't go near that. Not all is lost though...

You can try another program to get rid of SDbot. Try AVG (again). This program seems to detect and remove it too. Finally, this page has some good info on how to find trojans and some secondary resources.

Alternatively of course, you can always go and buy Norton Antivirus if you have the money

Hope you get rid of it soon!

Regards,