Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Possible virus on homepage?
Everytime I go to the MMORPG.com homepage, my anti-virus software stops a file from being loaded onto my computer. It insists that I need to reboot to remove it. The name of the "infection" is:
Win32/MSA-935423!exploit
If it's not a virus, I'm sorry for wasting your time.
Seriously.
It's Are'el. This forum doesn't allow apostrophes in usernames.
Comments
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
What do ya mean by "smashed it"? Cause it is still happening I just had it happen twice.
Is it a virus or just something of yours acting up?
Thanks
ya i got microsoft live onecare on and its called a trjan downloader i think it might be a good idee to scann the site or wtv you do in those case it might be a funy guy that when he post it call us anyway now i raised my security and nomore so watch your site plz scan it when you get the chance cause i love this site ty .
might be another name cause im translating its in french for me but its a trojan (downloader or a word like that)
Yeah I have onecare as well. It says it is Trojandownloader:Win3...
Any help is appriciated, cause this is my fav site!
Thanks
Apparently there is a trojan outbreak that exploits a venerability in MS Windows related to the way ANI cursor files are handled (info here http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=141860). We identified the infection almost immediately and deleted the script that was being fired from our web servers.
What we need to know from this point forward:
1) Are you still seeing this warning? If so, are you still seeing it after forcing a cache refresh (Ctrl-F5 will do this)
2) What page(s) are you seeing this on. We only found it on our home page and removed the injected code ASAP.
We are currently searching all of our servers for more instances. Microsoft is working on a patch for this exploit, until then we are left with having to manually find and remove the trojan.
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
I got it about 2 mins before my first post. It was just on the home page from what I could tell, came up like an activex pop up.
Onecare said it was quarantined, so I removed it now I am scaning will check to see if it happens again once it is complete.
Yeah GJ guys didn't happen this time.
I deleted the quarantined file then scanned and it was still there removed it again and now it is gone, so users may want to run an extra scan just to be safe.
I keep get a message from my firewall that it's blocked an intrusion attempt. The IP goes to Korea.
Happens with every page.
Yeah..go figure. I can see them now....
Korean: "They no buy from our in game SUPA-MALL. They just uninstall game when play 2 hour. Send MMORPG the exploit! Then they buy from our SUPA-MALL in game store!"
Oddly, i thought all that (the trojan warning, and intrusion warning)and the "microsoft data access- remote data services,download me" message was just a poor taste april fools joke.
When i went to see what the "trojan" was thru the info at "viruslist.com" it said "can't find virus record".So i just figured it was a bad april fools joke, and that the virus didnt actually exist.
i could be wrong, but id swear its coming from the advertising banner at the top of the page.
"Microsoft Data Access - Remote Data Services Dat.... " from Microsoft Corporation". If you trust the website and the add-on and want to allow it to run, click here.....
That's what I'm getting on every page.
The worm hit us again, this time getting 2 templates (one in the header and one on the home page). The good news is we are fast at locating now. The bad news is that there is *nothing* we can do to stop the worm from re-infecting us until Microsoft releases a hotfix for our web servers
We will do our best to stay on top of this and remove it as it comes in. Being a large portal I think we are going to get it a lot - since it likely feeds off the browing history of those it infects...
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
just happened to me, its on more than just homepage though its every page.
Win32/MSA-935423!exploit my AV says the filename is 7517p[1].jpg
I was about to post about this, everytime i enter this site or forums, my firewall removes a trojan, sucks
I'm seeing on the homepage and on the Post Message editing page (got it when first went to write this)
I did cntl-F5 and that didn't get rid of it.
Nice to know you folks are working on it though.
Edit - also got it when was redirected to the thread after I submitted. Seems to be coming up more often now.
I'm getting the warning every page I visit and also on the forum. NOD32 popups everytime on everypage.
Even after clearing cache and doing force reloads.
----------
currentlyplaying:
age of conan
You know, just want to spread the love.
Same -on this file
7517p[1].jpg - Exploit-ANIFile.c - trojan
http://vil.nai.com/vil/content/v_141860.htm
Cas
Seriously.
It's Are'el. This forum doesn't allow apostrophes in usernames.