Exploits Autokills [exp/???]
This KB article is available in the following languages: Arabic | Russian

Please find below, a comprehensive list of Exploits AutoKills, along with the duration and reasons behin the autokill.

This information is for guidance only, and may not reflect the real duration, or reason for the autokill.

[Exp/Aplore]
[Exp/Trojan]
[Exp/Fldhst]
[Exp/Os]
[Exp/Comp]
[Exp/Clone]
[Exp/Roe]
[Exp]
[Exp/Ma]
[Exp/script]
[exp/dm]
[exp/dm2]



[Exp/Aplore]
Nominal Duration: 48 Hours
User Action: Update your Anti-Virus utility.
Your system may be infected by the w32.aplore@mm worm. Please update your anti-virus utility and run a full scan to detect and if necessary remove this worm. Further information about it and it's effects can be found on http://securityresponse.symantec.com/avcenter/venc/data/w32.aplore@mm.html

[Exp/Trojan]
Nominal Duration: Permanent
User Action: Follow the instructions below to reconnect.
Your PC may be infected by a virus or trojan horse program. If found you will need to remove the trojan and re-install your IRC client to reconnect to DALnet. You can obtain a freeware trojan scanner from Lockdown [http://www.lockdowncorp.com/bots/downloadswatit.html] or you can use a modern anti-virus utility to detect and remove most trojans. Please be sure to update whichever program you use with the latest definition files from the manufacturer.

[Exp/Fldhst]
Nominal Duration: 3 days to One Week
User Action: Secure your machine and wait for the ban to expire.
This IP address or IP block has possibly been involved in flooding attacks against our network. This is often the result of downloading files from untrusted sources which are infected with one of several trojan horse programs. Again, we recommend the use of a trojan scanner or modern anti-virus utility to detect and if necessary remove the trojan. These autokills normally last for no more than one week, although they may be extended if the machines are not secured during that period.

[Exp/Os]
Nominal Duration: 12 Hours normally, may be extended in extreme situations.
User Action: Secure your machine and wait for the ban to expire.
This IP or IP block has possibly been involved in distributed Denial of Service attacks against our network. This can be caused by downloading files from untrusted sources which are infected with one of several DDoS client programs. We recommend the use of a trojan scanner or modern anti-virus utility to search for and if necessary remove the trojan. These autokills normally last for no more than 12 hours, although they will be extended if the machines are not secured.

For further help with this problem, click http://kline.dal.net/exploits/ddos.htm.

[Exp/Comp]
Nominal Duration: 3 days to One Week
User Action: Secure your machine and wait for the ban to expire.
Your machine may have been compromised and be advertising it's presence on IRC. Information stored on your PC may be available to unauthorised persons as a result of this security breach. Please check for trojans, viruses and compromised scripts. You can find a freeware trojan scanner from Lockdown Corp. [http://lockdowncorp.com/bots/downloadswatit.html] which may help locate and remove the trojan.

[Exp/Clone]
Nominal Duration: 30 minutes to One Week
User Action: Wait for the ban to expire.
Please do not load clones onto DALnet. A clone is considered anything over ONE connection, although DALnet will allow a maximum of 2 clients.

[Exp/Roe]
Nominal Duration: Permanent
User Action: Follow the instructions below to reconnect.
For security reasons we do not permit users to connect to IRC as the ROOT user from unix systems. Please create a normal user account (preferably without enhanced permissions) and use that when connecting to DALnet. Users of windows who recieve this message need to change their ident setting as described in the Windows Ident [http://kline.dal.net/exploits/winident.htm] section of this site.

[Exp]
Nominal Duration: Permanent
User Action: Contact your service provider.
This host is no longer welcome on DALnet. If you recieve this message from multiple IP addresses or hostnames it is probable that your domain has been banned. Please ask your service provider for further information in this case.

[Exp/Ma]
Nominal Duration: 30 Minutes to One Week
User Action: Follow the instructions below and wait for the ban to expire.
Your machine may have been infected by trojan horse which advertises one of several websites on DALnet. You should run a full scan of your system using a recently updated virus scanner or a dedicated anti-trojan package such as Swat-It [http://lockdowncorp.com/bots/downloadswatit.html] to detect and if necessary remove the trojan. When you have done this, wait for the ban to expire then reconnect to DALnet.

[Exp/script]
Nominal Duration: Permanent
User Action: Follow the instructions below.
Some scripts are abusive in nature and have been banned from DALnet. Usually these are 'war scripts' (Polaris, Seventh Sphere etc.), advertising scripts (X-Inviter, IRCAP) or clone scripts. You will need to remove the script and reset your ident as described in the ident FAQ to reconnect to DALnet.

Some users may find they are banned with this message even though they do not run one of the above scripts. In this case, please reset your ident as described in the ident FAQ to reconnect.

[exp/dm]
Nominal Duration: Permanent
User Action: Scan your computer for viruses and trojan horses. This autokill message indicates you (or or someone else from your IP) is connecting drones to DALnet. If you think it's a mistake, please contact us and be sure to paste us the exact message you get when you're trying to connect in addition to your nickname, ident, and gcos (full name) field.

[exp/dm2]
Nominal Duration: Permanent
User Action: Scan your computer for viruses and trojan horses. This autokill message indicates you (or or someone else from your IP) is connecting drones to DALnet. If you think it's a mistake, please contact us and be sure to paste us the exact message you get when you're trying to connect in addition to your nickname, ident, and gcos (full name) field.
KB #71
Category: AutoKill Information
Added by: Milky
Added on: 14/01/2009 04:49
Last updated by: Kobi_S
Last updated on: 20/02/2010 19:19
Attachments
File Size
*** None ***