does this script really work??

i meant through the 1st persons xanga site...if that makes any sence

repling to arson...... i hope so!

hopefully it works.

well, i really wish I had the access to xanga's source code to implement something OR they can do something right now to prevent further damage. I'm surprised xanga didn't shut down xanga systems to prevent further damage because the damages caused can't be done with a single click from the xanga servers.

umm... d'oh
well, it could be slightly annoying to the hacker...

alot of people no how to get rid of it from THEIR sites so i think its a waster to shut down the server

hmm.. I think the xanga staff is off today, because it is presidents day here in USA. So if they are based in the USA they might be off.... idk.

So you keep deleting entries until you see something familiar right? In safe mode, do the entries look normal because I think I deleted some..help please!

I think I've deleted atleast 30 enetries already

Decrypted the code:
Found the a-hole's site...

Check this shit out. Caution: Don't download the exe file and run it.
I'm still investigating.



http://whois.sc/www.dkcommunity.com

hmmm...

haha i went online, the first thing my friend did was IMed me and told me there was a xanga virus, and i asked her if i was infected and she said no. then i told her to give me some xangas that are infected while i was checking up on createblog.com, i ended up clicking on one of the xangas given by my friend, then it was installing some shit, so then i rebooted my computer ASAP, phew, close call.

crap, double post... ack

just ignore my post on the "preventing other's from being infected"

the exe file is an activeX program...

we need to know the source...
In order for this fuckhead to infect us... he has to create a xanga and go to a site like createblog and post "CHECK OUT MY XANGA"

To disable javascript in IE:
Click Tools -> Internet Options -> Security -> Custom Level

under "Scripting", disable Active Scripting.


I guess after all this is over, you can enable it again.

why doesnt everyone just complain maybe they will get tired of this and shut down whatever they are doing

So how can you delete it yourself again? because it's not working for me.

I can be contacted at ArtsyToni678 in AIM.....urmm help!

Think about it. If you are the hacker and you have this intention since the beginning. The first thing you want is people whining and crying.

It means they've succeeded and they want more of this whining.

thats true but idk what else to think of

http://www.dkcommunity.com/decay/

interesting. this f**k sure has a lot of time on his hand.

those may be trojans in that folder. some sort of activex remote connection service.

So yah, if you are infected. Your computer might be at risk.
Most of you who have windows xp service pack 2 should be fine. hopefully.

is there anyway of tracking where this got started from

could you track who's the host of that site?

OK I fixed my site. Advice...just keep deleting even after maybe 100 entries.

not the host of the site but where the virus first started like the first xanga that got infected by this

i don't think it matters where it started anymore since you can get it from anyone who has the virus, not the first one that has it. also, if we could find the host of the site, we could maybe tell the host to delete his entire site.... but he probably have like a zillion copies of the files anyways....

is there anyway you can track the creator of the virus sort of like an IP adress

exactly.

but forget about any files he has. that's another story.
the decay.exe is most likely some sort of remote-connection hack that doesnt' have to do with xanga. though you should be cautioned.

The worm is composed of javascript and his php hosted site.