Argonath RPG Police Department
General => General Discussion => Topic started by: Ronnel on June 24, 2011, 22:06:03 pm
-
Please note that some users may get a JAVA popup screen when opening the site. This is due to a possible infection.
We are checking all files and will remove any problem.
Do not install anything.
-
Well I'm f**ked then
-
Aw shit, I believe i clicked yes once by mistake but my antivirus detected a trojan and deleted a file. Good to know, I thought it's a false-treat
-
I believe I accepted it and derp, no antivirus installed.
If you have also clicked it, immediately check your process list and terminate s.exe. It is one of the suspected threats of the keylogger dropped on the forum.
Run a full system scan too if you haven't already.
-
ARFD forums don't seem to be infected, either do ADF or UA. I believe this is isolated to RON's FTP server.
-
(http://i55.tinypic.com/r1fos3.png)
Here is what happens when you delete the virus from it's location.
The antivirus moves it to a chest since the virus fights back as much as it can.
-
ARFD forums don't seem to be infected, either do ADF or UA. I believe this is isolated to RON's FTP server.
The forum was infected
-
Please note that some users may get a JAVA popup screen when opening the site. This is due to a possible infection.
We are checking all files and will remove any problem.
Do not install anything.
I dnt install but I get the pop up.
-
ARFD forums don't seem to be infected, either do ADF or UA. I believe this is isolated to RON's FTP server.
The forum was infected
No it wasn't. Something is being exploited. We are looking into it. I already decrypted the JavaScript code and we have a website URL already. This hacker just got out-hacked. More to come soon.
Oh ya, warn your friends!
-
I get the pop ups on main site only but am start enough to know not to click anything popping up on the internet ;)
-
So..I just got avast anti-virus since its the best one, informed by friends and no threats were found. However I did run that pop up.
-
MSE rocks bud disinfected the virus and made him shut up even before poping up i love ya MSE!
-
ARFD forums don't seem to be infected, either do ADF or UA. I believe this is isolated to RON's FTP server.
True. usaa.argonathrpg also stayed up and clean. It runs on caion's VPN
-
I just denied it access when I got it yesterday, as I never clicked anything ;)
Does it go under the name 'S.exe.?
-
Thank f**k for McAfee. Detected it as a Trojan and deleted it for me :sheriff:
-
AVG is shit. End of.
I could have done with this topic before allowing it once...downloaded MalwareBytes, so it stopped it spreading further, chucking it into quarantine!
s.exe may be the one to look out for in Task Manager. If it is running, find out where the file location is, remember it, and make sure your anti-virus gets rid of the spreading. Reboot your computer, and if it is no longer in Task Manager, delete s.exe manually by going into the specified location. Do not open it.
I did that...no more virus ;)
-
Oddly enough I never got a popup or anything. :lol:
-
I just denied it access when I got it yesterday, as I never clicked anything ;)
Does it go under the name 'S.exe.?
yes , that's what i got
-
I just denied it access when I got it yesterday, as I never clicked anything ;)
Does it go under the name 'S.exe.?
yes , that's what i got
High five to the other innocent fool, who thought it was actually Java :lol:
-
Java plugin needs my permission to run.. good thing I seen this first. Doubt I would've installed it anyway as I was wary why it was popping up in the first place. :conf:
-
Yes, to confirm, s.exe is the malicious file. The website has been reported to the authorities and shall cease operations soon. Various Argo sites and servers are also continuing to be DDoS'ed. Just hang in there guys. We'll catch the bastard. I already got his website, shouldn't be hard now.
-
I clicked a few times on it. :hit: :help:
Anyone know where I can find it? I did a scan, found nothing. I am still unsure if it is there.
-
I clicked a few times on it. :hit: :help:
Anyone know where I can find it? I did a scan, found nothing. I am still unsure if it is there.
Scan with both Anti-Virus and Anti-Spyware.
-
I clicked a few times on it. :hit: :help:
Anyone know where I can find it? I did a scan, found nothing. I am still unsure if it is there.
Scan with both Anti-Virus and Anti-Spyware.
But where can I find the virus inside my PC? Should I search for it?
-
I clicked a few times on it. :hit: :help:
Anyone know where I can find it? I did a scan, found nothing. I am still unsure if it is there.
Scan with both Anti-Virus and Anti-Spyware.
But where can I find the virus inside my PC? Should I search for it?
No. Scan. You're not looking for one specific file with a predictable name. It could be running in your computer's memory too.
-
I clicked a few times on it. :hit: :help:
Anyone know where I can find it? I did a scan, found nothing. I am still unsure if it is there.
Scan with both Anti-Virus and Anti-Spyware.
But where can I find the virus inside my PC? Should I search for it?
No. Scan. You're not looking for one specific file with a predictable name. It could be running in your computer's memory too.
Alright, hopefully I don't have anything... :neutral:
-
My anti-virus program, aka derek finished the job.
American History X - Derek shows who's the boss (http://www.youtube.com/watch?v=dgn7SUzGZpw#ws)
-
WOW I still remember the password of my ARPD forum acc.Last post was in 2009 :D Passed the word on to Hidduh and some other people in MSN.
-
WOW I still remember the password of my ARPD forum acc.Last post was in 2009 :D Passed the word on to Hidduh and some other people in MSN.
/me facepalms hard
-
f**k. I killed 's.exe' using task manager, but my anti virus didn't pick anything up.
-
f**k. I killed 's.exe' using task manager, but my anti virus didn't pick anything up.
I'm not sure if the actual name of the file being downloaded is the same as the one that executes the malicious download, but that's highly suspicious regardless. Update everything and boot into Safe Mode and have your A/V and A/S BOTH fully scan your computer.
-
I have Webroot, and it's meant to be an anti virus with a spy scanner ._. That's all I've got.
-
I have Webroot, and it's meant to be an anti virus with a spy scanner ._. That's all I've got.
Silly asian software your parents have. :sheriff:
-
I have Webroot, and it's meant to be an anti virus with a spy scanner ._. That's all I've got.
Just a suggestion, never trust an Anti-Virus software that claims to also remove Spyware, because it's a BS marketing gimmick. They are SOMETIMES able to detect it, but they can next to never remove it, and they almost never detect it anyway, so you're left wide open. If you have Windows XP or higher, get or turn on Windows Defender in addition to your Anti-Virus software.
Edit: Oops, fixed a weird typo.
-
How do you perform a full scan with Windows Defender? When I press 'Scan', it only performs a quick scan.
-
There is a down arrow by the 'scan' button on top. Click it and go down to full scan.
-
More information can be found here Argonath Club (http://club.argonathrpg.com/)
-
Um is this suppose to happen?....
(http://i55.tinypic.com/6ofn7m.png)
It's been on for the whole day, restarted my laptop and still, wth?
-
There is a down arrow by the 'scan' button on top. Click it and go down to full scan.
Oh. Duh.
-
There is a down arrow by the 'scan' button on top. Click it and go down to full scan.
Oh. Duh.
Fail.
-
Um is this suppose to happen?....
(http://i55.tinypic.com/6ofn7m.png)
It's been on for the whole day, restarted my laptop and still, wth?
It's an attack on Argo. Ignore the popup and do NOT run it.
Edit: Oh! The image loaded for me after I posted. Clear your browser cache and then come back to the page and hit Ctrl+F5 to do a hard refresh.
Double Edit: Seems IE is running the JavaScript automatically, even in IE9. Scan your computer and avoid using the website in that browser for the time being.
-
My PC got f***ed earlier with s**tloads of viruses. But I managed to remove them all! :war:
Warning
**To windows users if Windows Defender suddenly pops up while on the forums saying 1 threat to computer and it asks for a scan DO NOT scan it! It's a fake program that uses the same java from "Windows Defender" and when you scan it downloads the virus into your pc.
Java is not the virus! (in this situation) because, Windows Defender tricks you mkaing it look like it is the virus when the fake Windows Defender itself is the virus.***
To MAC osx or other users Java could be your virus, if you accidentially did click yes close "s.exe" And any other "java.exe" BUT!! with a suspicious number EX: java23.exe <- VIRUS!
This was confirmed by Windows because I had contacted them earlier when I had sh**tloads of viruses on my pc.
-
My PC got f***ed earlier with s**tloads of viruses. But I managed to remove them all! :war:
Warning
**To windows users if Windows Defender suddenly pops up while on the forums saying 1 threat to computer and it asks for a scan DO NOT scan it! It's a fake program that uses the same java from "Windows Defender" and when you scan it downloads the virus into your pc.
Java is not the virus! (in this situation) because, Windows Defender tricks you mkaing it look like it is the virus when the fake Windows Defender itself is the virus.***
To MAC osx or other users Java could be your virus, if you accidentially did click yes close "s.exe" And any other "java.exe" BUT!! with a suspicious number EX: java23.exe <- VIRUS!
This was confirmed by Windows because I had contacted them earlier when I had sh**tloads of viruses on my pc.
Windows Defender is not a virus. Read my second edit in the post above your's. You infected your own computer by mistake and it attacked your Windows Defender. What really happened is IE9's default JavaScript settings fail, so they automatically ran the JavaScript attack which loaded Java, which ran the malicious executable on the other site containing the virus on your computer. This then detected you had Windows Defender installed, and "hacked" it so that it would be useless and possibly output invalid information, as well as possibly installing fake anti-malware on your computer. Immediately redownload Windows Defender from the MS website and boot into safe mode, remove your viruses, install Windows Defender, scan with that, and then update your computer and don't use IE on ARPD forums until the attack has been blocked.
-
Forums are loading a bit slower after that. Normally i'd load 3 pages at the same time and they would naturally load then all after 10 seconds, now, after 30 seconds, they are still loading and i gotta refresh then to load... bah
-
(http://i55.tinypic.com/246w55f.png)
It almost struck me on Chrome
-
No issues, and I use FireFox 5.0. Hm...Must only target certain browsers.
-
Forums are loading a bit slower after that. Normally i'd load 3 pages at the same time and they would naturally load then all after 10 seconds, now, after 30 seconds, they are still loading and i gotta refresh then to load... bah
Ya, a DDoS attack is happening at the same time.
(http://i55.tinypic.com/246w55f.png)
It almost struck me on Chrome
Ya, thankfully Chrome will stop it with default settings. :cop:
No issues, and I use FireFox 5.0. Hm...Must only target certain browsers.
No, all browsers are affected. It's just down to your JavaScript settings on whether it runs or not. IE9, unfortunately, has default settings to auto-run them so it's easier on users, but less secure, which is why users are getting infected with it.
-
Um is this suppose to happen?....
(http://i55.tinypic.com/6ofn7m.png)
I have the same problem, any way to change it... If not just wait? :help:
-
I'd say you have to wait until whatever is happening is done with.
-
Edit: Oh! The image loaded for me after I posted. Clear your browser cache and then come back to the page and hit Ctrl+F5 to do a hard refresh.
Double Edit: Seems IE is running the JavaScript automatically, even in IE9. Scan your computer and avoid using the website in that browser for the time being.
-
Windows Defender did not pick anything up. Is this a good thing, or a bad thing?
-
Windows Defender did not pick anything up. Is this a good thing, or a bad thing?
Good.
-
What should i do if i opened the popup several times..
Also the main argo webiste doesnt open for me many times, refreshing restarting e.t.c doesnt help but it automatically fixes in a few hours
-
Forums are loading a bit slower after that. Normally i'd load 3 pages at the same time and they would naturally load then all after 10 seconds, now, after 30 seconds, they are still loading and i gotta refresh then to load... bah
Ya, a DDoS attack is happening at the same time.
(http://i55.tinypic.com/246w55f.png)
It almost struck me on Chrome
Ya, thankfully Chrome will stop it with default settings. :cop:
No issues, and I use FireFox 5.0. Hm...Must only target certain browsers.
No, all browsers are affected. It's just down to your JavaScript settings on whether it runs or not. IE9, unfortunately, has default settings to auto-run them so it's easier on users, but less secure, which is why users are getting infected with it.
I chose always run on this site, what to do D:
-
1. Stop double posting and follow the rules.
2. Read the whole topic. :P
Scan your whole computer with Anti-Virus and Anti-Spyware, and modify your browser's settings and remove the exception for this site.
-
Oddly enough I never got a popup or anything. :lol:
Same
-
Okay. Local disk, prngram files, users, <you>, appdata, local, temp...s.exe! Thats where i found it i think.
Get malwarebytes, its free and effective. Do a full scan, and quarantine/remove anything you get.
-
Okay. Local disk, prngram files, users, <you>, appdata, local, temp...s.exe! Thats where i found it i think.
Get malwarebytes, its free and effective. Do a full scan, and quarantine/remove anything you get.
Yes, "s.exe" is the malicious file responsible.
-
CHROME PIC
It almost struck me on Chrome
Yup, got the same thing...
But I chose "Always run on this site", how can I remove it now?
-
Try uninstalling Java and re-installing it.
-
In Google Chrome: Wrench Icon > Options > Under The Hood > Content Settings > JavaScript > Manage Exceptions.
-
Tutorials on disabling Java for Web Browsers....
Firefox
Step #1: Go to firefox Settings (from top left corner ) > Options. At Contents tab, unmark Java Scriptthen OK.
Just reverse this setting to enable java script on your browser.
Google Chrome
Step #1: Click on settings icon at the top right corner then Options. Now Under the Hood > Content Settings.
Step #2: Look for the Java Script thing under Content Settings. You may block and allow different sites, or turn it off.
Just reverse this setting to enable java script on your browser
Internet Explorer
Step #1: Click on Tools > Internet Options > Security Tab. Now click on Internet Icon then Custom Lavel.
Step #2: Change the Scripting to Disable or Prompt (Default is always: Enable)
Just reverse this setting to enable java script on your browser
-
f**k the time right now argonath forum got hack with this screen
(http://desmond.yfrog.com/Himg818/scaled.php?tn=0&server=818&filename=viruse.png&xsize=640&ysize=640)
-
Someone mentioned that there was a keylogger downloaded by the Trojan.
Find and delete the Trojan and anything that it downloaded, THEN CHANGE YOUR PASSWORDS. It won't do you any good if the keylogger's still in the computer.
-
Someone mentioned that there was a keylogger downloaded by the Trojan.
Find and delete the Trojan and anything that it downloaded, THEN CHANGE YOUR PASSWORDS. It won't do you any good if the keylogger's still in the computer.
've just ran AVG, Advanced SystemCare and defragmented my PC, nothing found yet... :o
I think I canceled the pop up yesterday..
-
Someone mentioned that there was a keylogger downloaded by the Trojan.
Find and delete the Trojan and anything that it downloaded, THEN CHANGE YOUR PASSWORDS. It won't do you any good if the keylogger's still in the computer.
Meep. Do you know what the name of the file is? Also, my Windows Defender didn't find anything, so...
-
Someone mentioned that there was a keylogger downloaded by the Trojan.
Find and delete the Trojan and anything that it downloaded, THEN CHANGE YOUR PASSWORDS. It won't do you any good if the keylogger's still in the computer.
Meep. Do you know what the name of the file is? Also, my Windows Defender didn't find anything, so...
It was called s.exe for me
-
Where can I find s.exe if I have it?
-
Where can I find s.exe if I have it?
You can check if it's running in the Task Manager under the Processes tab.
-
Ok thanks, well I can't see any s.exe. :)
-
Ok thanks, well I can't see any s.exe. :)
That's a good sign.
-
I just denied it access when I got it yesterday, as I never clicked anything ;)
Does it go under the name 'S.exe.?
Yes it runs under the name s.exe with a random description.
-
If you have this, chances are that AVG, Windows Defender will not find it, SOOO:
Download Malwarebytes Antimalware
If anything will do it, that will.
That guy thinks he's awesome, chances are he's either 11, or an unloved 50 year old Virgin with no life. It has not yet struck him that even when you use a proxy etc, your details can be retrieved from the proxy itself.
-
This is still going on so this won't be locked.
-
f**k the time right now argonath forum got hack with this screen
(http://desmond.yfrog.com/Himg818/scaled.php?tn=0&server=818&filename=viruse.png&xsize=640&ysize=640)
He used 'you're' instead of 'your' and he spelt apparently wrong.
So Regarding the 'f**k with the Best' bit, he ain't the best as the best can spell <: D
-
This is still going on so this won't be locked.
Why would you lock a topic like this anyway, even if this ends we still need to discuss it..