Deadman Posted July 19, 2008 Posted July 19, 2008 VIRUS WARNING Ruggbutt and I are both running Nod 32 and have picked up Virus warning on the site Win32/Adware.UltimateDefender application counthum.info Make sure you anti virus is up to date https://forum.dcs.world/topic/133818-deadmans-cockpit-base-plans/#comment-133824 CNCs and Laser engravers are great but they can't do squat with out a precise set of plans.
SuperKungFu Posted July 19, 2008 Posted July 19, 2008 on the main site or on the forum? [sIGPIC][/sIGPIC]
Deadman Posted July 20, 2008 Author Posted July 20, 2008 As soon as connected to the site the viruses were detected by Nod 32 https://forum.dcs.world/topic/133818-deadmans-cockpit-base-plans/#comment-133824 CNCs and Laser engravers are great but they can't do squat with out a precise set of plans.
Mustang Posted July 20, 2008 Posted July 20, 2008 Confirmed that something is wrong, i think that the site has been hit by a DNS poisoning attack :(
hitman Posted July 20, 2008 Posted July 20, 2008 I confirm it as well...it wasnt infected this morning when I checked. Using Avast Professional.
SuperKungFu Posted July 20, 2008 Posted July 20, 2008 could anyone pinpoint what's causing the problem? Like is it one of the banners? Or is it a false positive? Because I haven't had any problems going into it. Maybe its because I'm using firefox or adblock plus is blocking it. Because based off of Mustang's screenshot, he's running on IE and the java application popped up, which didn't for me. [sIGPIC][/sIGPIC]
Deadman Posted July 20, 2008 Author Posted July 20, 2008 The problem with have to be taken care of the admin for the site. I am runing Fire fox and nod 32 Rug is running Nod 32 firefox and a script blocker NoScript 1.7.7 so it did not show up for him untill he check the script blocker. I realy don't think its a fals pos https://forum.dcs.world/topic/133818-deadmans-cockpit-base-plans/#comment-133824 CNCs and Laser engravers are great but they can't do squat with out a precise set of plans.
PythonOne Posted July 20, 2008 Posted July 20, 2008 so what does the virus seem to do? I went into sim-mod just now before I saw this but I didn't get any popups.
hitman Posted July 20, 2008 Posted July 20, 2008 (edited) It doesnt load it up in the main page, but instantly when you go to the forums link. ttp:// golnanosat.com/9/9830841b/install.exe?id=1 *dont click the link or copy and past* This is the file causing the problems...I edited it slightly to keep ppl from twitch clicking it. What it does (Ive noticed) it keeps internet explorer / mozilla open and installs a trojan connection. This is fairly new... Edited July 20, 2008 by Groove 1
Boberro Posted July 20, 2008 Posted July 20, 2008 At 11:16 I was there and no any warning showed from Eset... Virus removed or it sneakly installed self bypasing NOD? Reminder: Fighter pilots make movies. Bomber pilots make... HISTORY! :D | Also to be remembered: FRENCH TANKS HAVE ONE GEAR FORWARD AND FIVE BACKWARD :D ಠ_ಠ ツ
ED Team Groove Posted July 20, 2008 ED Team Posted July 20, 2008 Obviously a mass hack on a not updated forum or a vulnerable script running on the website. Thanks for pointing it out! Our Forum Rules: http://forums.eagle.ru/rules.php#en
SuperKungFu Posted July 20, 2008 Posted July 20, 2008 I believe rockwelder is the administrator isn't he? But he hasn't been around lately. [sIGPIC][/sIGPIC]
PythonOne Posted July 20, 2008 Posted July 20, 2008 So what does this mean, we can no longer go to sim-mod forums?
hitman Posted July 20, 2008 Posted July 20, 2008 Someone removed it I believe...it wasnt present as of this morning.
SuperKungFu Posted July 20, 2008 Posted July 20, 2008 can anyone confirm its safe now? [sIGPIC][/sIGPIC]
Boberro Posted July 20, 2008 Posted July 20, 2008 I enter there since morning and didn't see any warning message from NOD. Reminder: Fighter pilots make movies. Bomber pilots make... HISTORY! :D | Also to be remembered: FRENCH TANKS HAVE ONE GEAR FORWARD AND FIVE BACKWARD :D ಠ_ಠ ツ
Mustang Posted July 20, 2008 Posted July 20, 2008 can anyone confirm its safe now? It's still the same for me, that security thing pops up, so i can confirm it's still jacked :( EDIT: this is REALLY frustrating, since theres work to be done......
Mustang Posted July 20, 2008 Posted July 20, 2008 This is for any Firefox users, this should keep you safe from this: https://addons.mozilla.org/en-US/firefox/addon/722 (thanks Ruggbutt for the info)
hitman Posted July 21, 2008 Posted July 21, 2008 It's still the same for me, that security thing pops up, so i can confirm it's still jacked :( EDIT: this is REALLY frustrating, since theres work to be done...... I had to remove some programs from my system32 folder that windows defender caught...I had to take ownership of the files before I could change the names on them. I couldnt delete the files nor would any a/v or windows defender delete them until I renamed them. There is NOTHING downloading at the forums after the page loads for me. I think its all clear.
hitman Posted July 22, 2008 Posted July 22, 2008 Tried on 3 public computers with no virus attaching or trojans trying to install....Ill sound the all-clear.
SuperKungFu Posted July 26, 2008 Posted July 26, 2008 I haven't detected anything either, so is it all clear now? [sIGPIC][/sIGPIC]
Mustang Posted July 27, 2008 Posted July 27, 2008 Seems its now gone one step further: instead of just asking for permission to goto this "golnanosat" site, it now takes you right there when you try to access the forums! This is a new development, all of today i have been finally able to enter the forums/login etc without any issues, and now this..........
SuperKungFu Posted July 27, 2008 Posted July 27, 2008 Yea and if you try enter the site with firefox, it displays this, of course you can choose to ignore it but its pretty bad [sIGPIC][/sIGPIC]
Recommended Posts