Latest Diablo 3 News
DiabloWiki Updates
Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 59
  1. #1
    IncGamers Member
    Join Date
    Jun 2009
    Posts
    949

    Virus through site?

    Hi there,

    Can it be that this site is infected with a small virus? My virus scanner seems to trigger on each page load - and I can also verify it manually. Each page load creates an executable local application datafolder; something like:
    %appdata%/local/0.XXXXXX.exe
    with XXXXXX being random numbers. This executable immediatelly spawns a process & seems to try (though in a very crude way - virus scanners should immediatelly notify you) to the windows registry & startup data.

    I'm not really sure if it is the site - but I keep getting this file each pageload from the forums. And I tested it with other forums and I never get the virus there! The virus is identified with 'IDP.GenericN.5D5293F3'



  2. #2
    DiabloNut.Com
    Join Date
    Sep 2010
    Location
    England
    Posts
    283

    Re: Virus through site?

    Hi there. The quantcast tag seemed to have been bringing in a java-app. It has been removed.

    We're investigating what the hell happened but it seems likely they were compromised at this time. We'll keep you informed.

    edit1:
    DO NOT GO TO THIS LINK
    http://www.opengl.org/cache/yCNrSgWJULcGEJJe.html
    DO NOT GO TO THIS LINK

    The link that was posted goes to opengl.org's cache service. This delivers some sort of exe that is run locally. I do not want to investigate the exe so I just terminated it and am now currently scanning my system to see if any damage was done. I'll let you know what you need to do (if anything).

    Hell this might be a false alarm. Lets hope!

    Still, this had nothing to do with our servers



  3. #3
    Administrator Elly's Avatar
    Join Date
    Feb 1997
    Location
    Velvet pillow eating bon bons
    BattleTag Elly-1983
    Posts
    4,340

    Re: Virus through site?

    It was a java script tag at quantcast (http://www.quantcast.com/) the site analytics people which was causing problems. Rush has removed it now as we don't use quantcast any more since moving to google. I don't know why it was causing a ding though.



    Elly - Admin,
    Diablo: IncGamers on Twitter on You Tube on Facebook
    DiabloNut.Com (Diablo 3 database) - Blue Post Tracker - Diablo3Ladders.Com

    New to Diablo 3? Read this great primer.



    Your beliefs don't make you a better person, you behaviour does.

  4. #4
    IncGamers Member Siege Valgore's Avatar
    Join Date
    Jul 2011
    Location
    Seattle
    BattleTag SiegeValgore-1984
    Posts
    947

    Re: Virus through site?

    Smart move going with Google Analytics. They are and have been for some time now, the best.



  5. #5
    IncGamers Member
    Join Date
    Jun 2009
    Posts
    949

    Re: Virus through site?

    just to inform you: it is back (though now "idp.program." is the signature of the threat).



  6. #6
    IncGamers Member
    Join Date
    May 2012
    Location
    Atlanta, GA
    Posts
    134

    Re: Virus through site?

    Yep, I'm still getting alerts that Chrome needs to install a Java plugin.



  7. #7
    IncGamers Member Diab's Avatar
    Join Date
    Jun 2003
    BattleTag Diab-1350
    Posts
    3,823

    Re: Virus through site?

    Not sure if this is related or not but after going to a page in the trade values forum, my Avast blocked something:

    http://img99.imageshack.us/img99/2305/avastblocked1.png
    http://img266.imageshack.us/img266/8...stblocked2.png





  8. #8
    IncGamers Member The Lord of Darkness's Avatar
    Join Date
    Dec 2008
    Location
    United States
    Posts
    692

    Re: Virus through site?

    This happened to me twice a couple hours ago. What's the deal?



  9. #9
    IncGamers Member The Lord of Darkness's Avatar
    Join Date
    Dec 2008
    Location
    United States
    Posts
    692

    Re: Virus through site?<****** src=http://www.spiderwebforums.com/mlm/yahoo.html widt

    Do something about your damn site. My AV is going nuts when I visit this site.

  10. #10
    IncGamers Member NBarnes's Avatar
    Join Date
    Jul 2005
    Location
    Seattle
    Posts
    339

    Re: Virus through site?<****** src=http://www.spiderwebforums.com/mlm/yahoo.html widt

    Is this related to the <****** src=http://www.spiderwebforums.com
    html that's being appended to everybody's forum posts?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •