ok so this morning when i turned my computer on it was running a little slower then usual.

so i opened up the task manager to see whats taking up the cpu usage.

there i find out that steam is taking up most of the cpu usage becasue there was a update for some games.

well after the update stoped i saw that the cpu usage was still high for being supposidly at idel!

well open back up task manage and i see a process called Fahcore_65.exe

i say to my self "Whats that? Folding at home?" so i d a quick google search for the name and yes it is! wha? i've been wanting to installl fah but i haven't yet...

so i find the log info and i find out that sence march 23 i have been folding for team 12679!

http://img.photobucket.com/albums/v289/k3nshin1087/fahmal.gif

ok so my question for you guys is how do i get rid of this? or better yet! how could i make it so that i fold for team 32? :cool:

Navigate to C:\Program Files\FAH and find the file called "config.cfg" open it with notepad and then change the username to you'r liking and change the team to 32 and you'r all set. Welcome to the foooooold.

Well, I found out who you were folding for. Suspicious...

i dont have a FAH folder in program files...

all of the fah files that i have found ore in my C:\WINDOWS\system

it says that i haev the windows Console Edition does that change anything?


edit:
http://vspx27.stanford.edu/cgi-bin/main.py?qtype=teampage&teamnum=12679
thats the team
http://vspx27.stanford.edu/cgi-bin/main.py?qtype=userpage&username=tak@sidewayscrazy.com&teamnum=12679
and the the user/client/person

Well, I found out who you were folding for. Suspicious...

Who? Do tell us. :D

People get banned for this, I hope stanford finds outs soon. Though I support FAH I dont believe anyone has the right to put something on your pc without you consent.

yeh this really ****es my off..... :mad:

is there anyway i could report this to them?

Who? Do tell us. :D

Uh...never mind, I see. That is kinda weird.

yeh this really ****es my off..... :mad:

is there anyway i could report this to them?

Maybe post something about it in their forum? See what they say.

http://forum.folding-community.org/homepage.php

It's likely something spready through P2P software.

Kill the service in services.msc and msconfig. Then, install your own copy that is legit.

-Sam

here is the guy that got you: http://vspx27.stanford.edu/cgi-bin/main.py?qtype=userpage&teamnum=12679&pname=nsz%40XaBwWsAXehsZA%2Eevx


Do you have any idea how it got installed on your rig? Here is a link to the F@H forums. please post this there as someone will be able to take action against this guy. http://forum.folding-community.org/homepage.php

Wow thats really scary, if I found that someone had put ANY program on my computer, good or bad, I'd be ****ed. I wonder how they got it on ur computer, If i were you id try to find out, cause that obviously means there was some sort of security breach or something.

well, the gu oes list his username as tak@sidewayscrazy.com

and sidewayscrazy.com is what looks to be a drifting/ nissan 240sx website

i do frequent websites like that...

edit: now i remember!! i have traced it back and now i know what it is....
a member on 240sxforums.com post a thread called "drift screensaver" it was supposidly a screensaver, well that user's name is tak... and the screen saver never worked, a console open for a few seconds then closed. i didn't think anythig of it but now i know. i got it through that now im off to tell everybody that its a bunch of crap and its bad

also: is theres no way to actualy uninstall this console client? do i just delete all the files associated with it?

i think you have to run something to get folding installed, i don't think it can install itself by you simply going to the website...

I wonder if he found a way to attach it to a video or something?

No, and of course, you run Firefox... RIGHT?

RIGHT?

-Sam

if it was something he downloaded, firefox wouldn't have stopped it anyway

yes i do run firefox, what else? :D

Actually, you probably dont want to try to change the settings for this folding application. It definatly looks like it was written as malware and so i would suppect that it will automatically reset its user name and team if you were to change them. I would recommend removing it and using one of Wedo's one-click installers instead, since the are legitimate and most us use them ourselves.

Heres what i would suggest you do to try to remove the malware F@H:
(you may want to restart into safe mode to do these steps in case windows inteligently decides to restore things after you remove them.)

First find sys32.exe in your task list and kill it, that should also bring down the core. This file seems to be a the console client, fah502-console.exe only renamed, and maybe even modified. It also seems to be installed into the windows/system folder instead of into program files/fah, like a legitimate install would.

Delete these files\folder in the windows\system folder:


sys32.exe
work folder
fahcore file
fahlog files
queue.dat
client.cfg
unitinfo.txt
svrany.exe if it exists




Now, the fun part is tracking down how it automatically starts. Check these locations for sys32.exe entries:

Windows Start folder

Open up RegEdit and search for sys32.exe.

I just searched my fairly virgin install of XP and didnt find a single instance of sys32.exe within my registry, so I bet you can easily delete any keys/values in the registry that point to this file and its associated path.

At this point, if you have successfully deleted the files and cleaned any registry entries for sys32.exe then restart and check to see if the core starts back up again.

If it does not then take a look here (http://www.ocforums.com/showthread.php?t=231247) and follow the steps that Wedo has outlined to install a legitimate version of FAH.

If all goes well, then welcome to the fold :) if not then we'll do all that we can to help.

well, the gu oes list his username as tak@sidewayscrazy.com

and sidewayscrazy.com is what looks to be a drifting/ nissan 240sx website

i do frequent websites like that...

edit: now i remember!! i haev traced it back and now i knwo what it is....
a member on 240sxforums.com post a thread called "drift screensaver" it was supposidly a screensaver, well that user's name is tak... and the screen saver never worked a consol open for a few seconds then closed. i didn't think anythig of it but now i know. i got it through that now im off to tell everybody that its a bunch of crap and it bad

also: is theres no way to actualy uninstall this console client? do i just delete all the files associated with it?


I would report him to the Stanford website and the 240sxforums.com.

he said it was a screensaver...probably just a one click install renamed....console flashes, and screeny doesnt work...sounds like a one click to me.

goto services (run services.msc) and "stop" the FAH processes. then you can delete the files.

or reconsider folding, under your own name :)

(edit) way to slow to be the first to post it, helsyeah's was better! (/edit)

oh, wow thats that perfect! im off to go do all that then to get a legit copy!

and for team 32 :)

He just said he ran the one-lcik or atleast something around that. Something popping up for a few seconds the disapearing is the .exe in the one click. It must of been remade to install to system no programs. So no one reliezes they have it.

Have you reported him yet? Something similar to this has happened before, Stanford can shut down all his clients if they deem it necessary.

PM Wedo with a link to this thread too. He is vigilant about people using his one click like this.

What popped up was probably Command Prompt installing files into your system folder. God I hate people who make this crap. They probably don't even fold for the good of the people, they probably just fold to get points and rank higher (losers).

yeh, there really annoying.

so i followed helsyeah's instruction and i no longer exists

i am going to write this on the folding website and post on the 240sxforums that its bad

when im done with that i will get wedo's install and fold for team 32! :D

Welcome to the team and good luck with getting the guy deleted from F@H:D

I have posted a link to this thread in the Pandegroup and Mods forum at Folding Community. I hate it when people abuse FaH like this, as do Pandegroup.

Wow...that just ****es me off! There is nothing *competitive* about doing that. Glad to hear you got it though. :D Damn drifters! Grrr....wait...I am one. :D

oh no! iTs back!
http://img.photobucket.com/albums/v289/k3nshin1087/fah.gif

oh wait :D :D :D

TEAM 32! woo!


i also posted a writeup in the folding comunity/genfah forumn and also on 240sxforums which included a how to remove the client THANKS GUYS! :clap:

i have also sent the .exe that instaled the clients to Ivoshiee who wanted it to inspect it! hope fully this loser will go down!

PM Wedo with a link to this thread too. He is vigilant about people using his one click like this.

Bastage!!! Damn errant folders will mess up the One-Click and other quicky installs for the lot of us.

Did he get reported yet?

k3nshin, looks like you're good to go with the legit One-Click. W3lcom3 2 d@ T3@m! :)

and also on 240sxforums which included a how to remove the client THANKS GUYS! :clap:

I was wanting to read some of the responses those guys may have had, but you have to register just to browse the forums. :rolleyes: Lame.

yeh, i dont actualy post much on that forums, seeign as how i dont haev a 240sx, but i have been lurking for a couple of months. this post was actually only my second post on there lol

welcome to the team, although your joining circumstances are a bit odd :)

Your "tak" has been increasing his production steadily, probably through the use of that "screensaver." Who wants to castrate him with me? :eek:
http://folding.extremeoverclocking.com/user_summary.php?s=&u=120451

This guy is number 1 on his team: http://folding.extremeoverclocking.com/team_summary.php?s=&t=12679
Have the proper people been alerted to this?

I suspect it will drop to 0 sometime in the next 48 hours.

I suspect it will drop to 0 sometime in the next 48 hours.

I hope your right, this ****es me off that someone would stoop so low.

Thx K3nshin for finding this guy out (btw I love Rurouni Kenshin!)

Have the proper people been alerted to this?

yes, see posts above

Glad you're folding. Too bad you had to have a rude introduction like this one.

Thank's for signing up!

-Sam

Just in case you guys were wondering, this is the team he's folding for. I'll assume k3shin, doesn't frequent the site or the forums...right? :eh?:

http://www.shroomery.org/

Ahh drug culture... :rolleyes:

man... glad your foldin' for us now... but it sucks about the way you discovered it

Just in case you guys were wondering, this is the team he's folding for. I'll assume k3shin, doesn't frequent the site or the forums...right? :eh?:

http://www.shroomery.org/

lol no, i dont do that stuff. it just makes more sence as to why he would do something so stupid as what he did though....lol

wow, what a dirtbag! that is really really low. if you post you will definitely get banned, and they will probably just nuke the thread. but good for you for finding that. and good luck getting back on 32! I don't have any experience with the console version, only the graphical and one-clicks. otherwise i would help. good luck!

well, the gu oes list his username as tak@sidewayscrazy.com

and sidewayscrazy.com is what looks to be a drifting/ nissan 240sx website

i do frequent websites like that...

edit: now i remember!! i have traced it back and now i know what it is....
a member on 240sxforums.com post a thread called "drift screensaver" it was supposidly a screensaver, well that user's name is tak... and the screen saver never worked, a console open for a few seconds then closed. i didn't think anythig of it but now i know. i got it through that now im off to tell everybody that its a bunch of crap and its bad

also: is theres no way to actualy uninstall this console client? do i just delete all the files associated with it?

well, the gu oes list his username as tak@sidewayscrazy.com

and sidewayscrazy.com is what looks to be a drifting/ nissan 240sx website

i do frequent websites like that...

edit: now i remember!! i have traced it back and now i know what it is....
a member on 240sxforums.com post a thread called "drift screensaver" it was supposidly a screensaver, well that user's name is tak... and the screen saver never worked, a console open for a few seconds then closed. i didn't think anythig of it but now i know. i got it through that now im off to tell everybody that its a bunch of crap and its bad

also: is theres no way to actualy uninstall this console client? do i just delete all the files associated with it?


man, some people! pethetic!

well, the gu oes list his username as tak@sidewayscrazy.com

and sidewayscrazy.com is what looks to be a drifting/ nissan 240sx website

i do frequent websites like that...

edit: now i remember!! i have traced it back and now i know what it is....
a member on 240sxforums.com post a thread called "drift screensaver" it was supposidly a screensaver, well that user's name is tak... and the screen saver never worked, a console open for a few seconds then closed. i didn't think anythig of it but now i know. i got it through that now im off to tell everybody that its a bunch of crap and its bad

also: is theres no way to actualy uninstall this console client? do i just delete all the files associated with it?


Looks like you (as probably many others) have gotten scammed. Take this up with stanford. I'm pretty sure they'll probably do something about it. (like ZERO out his points!!! :)) Let's hope.
Rob

I have posted a link to this thread in the Pandegroup and Mods forum at Folding Community. I hate it when people abuse FaH like this, as do Pandegroup.
Any activity over there David?

Any activity over there David?

Vijay is aware of the situation.

Vijay is aware of the situation.

Keep us updated, I'm curious to see what happens.

So do you think this came through P2P?

So do you think this came through P2P?


He got it from a guy on a forum who posted it as a screensaver.

Oh okay, thx kendan... Skimmed the first so many posts, but didn't pick that up.

kenshin, you'd better save your screenshot to .gif or .png that much smaller in kilobyte than .jpg for simple pictures like notepad or winexplorer... :) just do alt+[print screen] and paste it to any image editors you have..

(sorry, can't help it, im a dialup man :))

kenshin, you'd better save your screenshot to .gif or .png that much smaller in kilobyte than .jpg for simple pictures like notepad or winexplorer... :) just do alt+[print screen] and paste it to any image editors you have..

(sorry, can help it, im a dialup man :))

Or you could get broadband:eek:




Sorry, I couldn't resist;)

Or you could get broadband:eek:




Sorry, I couldn't resist;)
Or T3 :D, or Optical.
To get on topic, any news about Tak?

this Tak guy should be beaten with an ore....

yea well hes not the first. and at least he isn't spreading the client as crazily as some others.

I think there is something that can be done to the (*$#@&*(*()_^* that would involve pine tar!!!

this Tak guy should be beaten with an ore....

I say Keel Haul the Scurvy Dog.... aye... rrrrrrrrrrr

AYE.... what Duck said.... AAAARRRGGGHHHHHHHHH

Arrrr......I am a folding Pirate...........

yea well hes not the first. and at least he isn't spreading the client as crazily as some others.


I like it, Iron ore, would be fine. Come to think of a boat oar be OK too... :p

might not be sever enough, maybe throw in the pine tar also.

how about black tar and feathers?

yea well hes not the first. and at least he isn't spreading the client as crazily as some others.

True.

pics changed to .gif :p

yeh, it just ticks me off that people would do this type of thing.



there just Flippin!!! idiots!!! GOSH!!!! :D

Any news on this fellow?

they now have the file and once all the facts are in place and they are certain that there is no doubt what, and who, is behind this, the appropriate action will be taken.

they now have the file and once all the facts are in place and they are certain that there is no doubt what, and who, is behind this, the appropriate action will be taken.


Sweet! I hope they bust his XXX good.

The installer has been dissected in the mods room at Folding Community. It is most definately very suspicious. Runs as sys32.exe and installs as a service called "DirectX Support".

Vijay hasnt taken any direct action as yet.

The installer has been dissected in the mods room at Folding Community. It is most definately very suspicious. Runs as sys32.exe and installs as a service called "DirectX Support".

Vijay hasnt taken any direct action as yet.

Thanks for the update, chief. ;)

The installer has been dissected in the mods room at Folding Community. It is most definately very suspicious. Runs as sys32.exe and installs as a service called "DirectX Support".

Vijay hasnt taken any direct action as yet.

yeh, the regkeys that i had to delete were all in a directory called directX support.

The installer has been dissected in the mods room at Folding Community. It is most definately very suspicious. Runs as sys32.exe and installs as a service called "DirectX Support".

Vijay hasnt taken any direct action as yet.

I missed this post yesterday. Glad to hear the mods are looking into the matter. Thanks for the update David, keep us posted.

Sounds like its proven to be a sham,,, zero him out and bust him out of the distro... Whats the problem??

Any more news on this?