Jump to content
  • Advertisement
Sign in to follow this  
Endurion

HTML Script Virus Warning

This topic is 4492 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...

Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...

Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?


First, you'd better disconnect from the intarweb, block all connections except those done by your browser (not IE. Install another one, even if you use it only for a few minutes) and run your antivirus software. If the processes doesn't disapear, try to get a newer version of your antivirus and redo.

If the process are still there, then you're in trouble, as I don't know what they do.

Share this post


Link to post
Share on other sites
Quote:
Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...

Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?


The process is a downloader, it downloads trojans and other fun stuff, so it can be a large host of things. I recommend you try running ad-aware, SpybotSD, and a virus scanner. Afterwards update your windows.

Share this post


Link to post
Share on other sites
Quote:
Original post by Emmanuel Deloget
Quote:
Original post by haphazardlynamed
I've had this happen to me as well.
Before I was able to kill the iexplorer(due to the huge lag the script casued) some strange new processes showed up...

Anyone have any info on the specifics of this attack and what It may have done that I'll need to clean out?


First, you'd better disconnect from the intarweb, block all connections except those done by your browser (not IE. Install another one, even if you use it only for a few minutes) and run your antivirus software. If the processes doesn't disapear, try to get a newer version of your antivirus and redo.

If the process are still there, then you're in trouble, as I don't know what they do.


Erm how about taking the site down and removing this crap, rather than distributing it?? Leaving the site up when you know it has these problems makes you just as bad as the writer of the malicious code.

Have a look at your hosting contract, does it not say something to the effect
Quote:
To knowingly upload, copy, post, publish, transmit, reproduce, distribute or participate in the
transfer or transmit any files that contain viruses, corrupted files, malicious code or any other
similar software or programs or ...


But the again your legal terms do say
Quote:
...PROVIDER DOES NOT WARRANT 1) THAT THE SOFTWARE IS ERROR FREE, VIRUS FREE,....



Bring on the rhino!

Share this post


Link to post
Share on other sites
Quote:
Original post by dmail
Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...
If you're concerned about it so much, why are you still visiting the site?

Share this post


Link to post
Share on other sites
Quote:
Original post by Evil Steve
Quote:
Original post by dmail
Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...
If you're concerned about it so much, why are you still visiting the site?


My concern was not myself, I use firefox and a script blocker(NoScript), my concern was for the site and other users!

[edit]
Erm don't know what is going on there, maybe something which has been added just recently is causing this, the post times are incorrect and this new post is being inserted before earlier posts.

Share this post


Link to post
Share on other sites
Yes, the new one is asking to download the a "VML" renderer.

The other thing was that before I blocked newx0x.com, it copied and tried to install PWS:Win32/Lmir.gen (a password stealer) to my PC. Fortunately OneCare caught it before it could do any harm.

Share this post


Link to post
Share on other sites
Quote:
Original post by dmail
Erm how about taking the site down and removing this crap, rather than distributing it?? Leaving the site up when you know it has these problems makes you just as bad as the writer of the malicious code.

I have to disagree. Further, I have to point out that we have curtailed the malicious code previously, but experienced adverse interactions with other site software. Even further, we have now taken extensive steps to correct not only the vulnerability but also other configuration issues. There will be some minor breakages (images not fully loading here and there) as caches are repopulated, etc, but we're managing to do so without taking the site down.

You, as an individual, may think it is okay for the site to go down. Our audience, in aggregate, however, does not. That audience includes people who are paying for a subscription service, such as GDNet+, or companies that pay to advertise products and jobs. Downtime is an absolute worst-case scenario, and we want to avoid it if at all possible.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!