IMG001.exe file?Malware?
Hi found this file in my box IMG001.exe is it normal?If i google it about IMG001.exe say malware.
It is not normal.
At which location on receiver did you find it?
Last edited by abu baniaz; 25-12-16 at 00:54.
So you think will be virus?
Found it here
Untitled-1.jpg
You also have an info.zip file.
I'm glad Spacerat and Jibyel have blocked off the vulnerabilities to Mirai. Shame you have not said what image you have. 4.2 what? So not sure if you have those fixes.
Maybe an idea to flash latest image to your receiver. Set a password for your receiver as well. I'd check if there is an updated firmware for your router too.
Last edited by abu baniaz; 25-12-16 at 01:44.
I'm glad what you mentioned mirai. I received few letters from VM what one off my devices infected i was scratching my head which oneOriginally Posted by abu baniaz
now i know
Regarding image i was OpenViX 4.2.011 flashed now to OpenViX 4.2.023.
So i should be save now regarding mirai?
No. Your router/firewall has a problem that needs fixing.
Regarding router. I have Asus ac3200 on merlin firmware i doubt this is router fault.Firewall you mean Pc firewall?
Sent from my LG-D855 using Tapatalk
No - he means your router configuration. It doesn't matter how good the software can be if you configure it incorrectly.
For the file to have ended up on your system it must(?) have been accessible to the outside world in some way. Do you configure things so that the box is contactable from outside your home network (port forwarding, or DMZ set-up)?
MiracleBox Prem Twin HD - 2@DVB-T2 + Xtrend et8000 - 5(incl. 2 different USBs)@DVB-T2[terrestrial - UK Freeview HD, Sandy Heath] - LAN/USB-stick/HDD
Something has crossed from the public internet onto your private home network. You need to find out why. On the home network security is more relaxed. This means once one of the devices on the home network (satellite receiver) has been compromised it can be used to attack other devices (PC for example) on the same home network.
Have you exposed the satellite receiver to the public internet on purpose? If so you need to understand the satellite receiver is not security hardened for use on the public internet.
If it is not exposed to the public internet on purpose you need to look at what is wrong with your router security that has allowed this.
Last edited by Huevos; 25-12-16 at 08:57.
Hi it was only ports open for watching tv on phone outside home network. Nothing else.
Sent from my LG-D855 using Tapatalk
Only thing I done regarding satellite box just opened ports to watch tv on phone outside home network. So it is only thing i can think off.
Sent from my LG-D855 using Tapatalk
... that's all it needs for them to get in.
Actually hardening against Mirai has to be credited to betacentauri (Although it was me who asked him to implement this change).
Forcibly closing OWIF was actually pro-active:
OWIF got a package manager at the same time, which WOULD have introduced a new attack vector (Not sure if the backup/restore capability of its Bouquet-Editor already was vulnerable to put arbitrary code).
Mirai however attacks open Telnet ports, which the busybox patch by betacentauri forcibly closes by not accepting ANY connections that do not come from private address space or same subnet (= local network or VPNs) anymore.
Actually that patch respectively the busybox upgrade it causes is the reason why 022 and 023 require a reflash for some users:
I fixed opkg on 18th of September to be able to perform busybox upgrades again (They stopped working in oe-a 3.0, when switching from opkg 0.2.x to 0.3.x).
The opkg fix couldn't be rolled out in online updates however, as self-updating opkg was another thing broken since oe-a 3.0.
That's why boxes that had been flashed with images created after 18th of September survive the busybox upgrade and older flashes don't.
Gesendet von meinem Siemens C25 mit Tapatalk
Receiver/TV:Pay TV: Redlight Mega, Brazzers TV Europe, XXL, HD-, Sky
- Vu+ Duo² 4*S2+2*C / 1.8TB HDD / OpenATV 6.1@Samsung 50" Plasma
- AX Quadbox 2400 / 2*S2/2*C / 930GB HDD / OpenATV 6.1@Samsung 32" LCD
- Vu+ Solo² / 465GB HDD / OpenATV 6.1
- Vu+ Solo² / 230GB HDD / OpenATV 6.1
- DVBSky S2-Twin-Tuner PCIe@Samsung SyncMaster T240HD (PC)
Internet: Unitymedia 1play 100 / Cisco EPC3212 + Linksys WRT1900ACS + Fritz!Box 7390 / IPv4 (UM) + IPv6 (HE)
abu baniaz (18-11-17),Clabs (25-12-16),twol (25-12-16)
If anybody wants to test the security of their router can I suggest they go to the Shields Up website run by Gibson Research Corporation and run the port tests.
deividuska (25-12-16)
Thats exactly what they are looking for. There are a army of script kiddies and even automated scripts trawling the internet for open E2 boxes to take advantage of, in most cases they just steal your channels to host on a dodgy pay TV server but as you just discovered it can be a little more dangerous now to leave your receiver wide open for any one to walk into at will.
My posts contain my own personal thoughts and opinions, they do not represent those of any organisation or group but my own.
If you don't like what I post, Don't read it.
SIMPLES.
deividuska (26-12-16)
Posting Permissions
Reply With Quote