Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you: No adverts like this in the forums anymore. Times and dates in your local timezone. Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance. Email notifications for threads you want to watch closely. Being a part of the oldest wargaming community on the net. If you are already a member then feel free to login now.

Hi all,

Yesterday I spent about 7 hours fighting an insidious and clever computer virus that was masquerading as a piece of anti-virus software. It took several tries, me digging into the registry, and even a trip across town to find a functioning internet connection to download new anti-virus software, but the virus was dealt with.

It all started when I got a fake trojan alert whilst browsing BOLS. Now, normally I wouldn't ascribe such a danger to a single website, but given that I just got a call from a friend of mine who got the exact same fake tojan alert whilst visiting BOLS, I thought it best to warn everyone here:

Avoid BOLS for the time being - someone has done something to their website. If anyone has an E-mail address for MKerr and the rest of the gang, let them know.

Thanks!

I think this virus is doing the rounds at the moment. From what I can tell it uses an exploit in Java to install itself, and gets in through exploited advertising servers - not original websites themselves.

If you use firefox, I recommend going to edit > preferences then deselect enable java to minimise the risk of this evil trojan from infecting you.

Thanks for the heads up and ways to avoid getting it.

Ahhh. So that is where it came from. I belive it was a sysgaurd virus. I was wondering how I got it twice in a week!

I agree, it is getting through the advertisements. Something popped up while I was on a FF wiki, which I found out, the whole "YOUR COMPUTER IS INFECTED" adware/spyware and it mnimized all my windows. Thankfully that was the extent of it and it didn't actually infect my system.

Its an ad served to them with sysguard embedded. Turn off Javascript and Sysguard can't propogate.

Edit:
That said, if you don't have some solid computer-fu, stay off BOLS.
their admins have been made aware.

Edit 2:
Yakface/Mods : you might want to take another look at your served ads as well.

Does Ad Block Plus protect you? I have been there several times in the last day and have not experienced any problems.

For those of you concerned about Sysguard:

http://www.softpedia.com/progDownload/Remove-System-Guard-2009-Download-122168.html
http://forums.majorgeeks.com/showthread.php?t=185527
http://www.pctools.com/mrc/infections/id/RogueAntiSpyware.Sysguard/
http://www.exterminate-it.com/malpedia/remove-sysguard
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=105x9088117

Edit:
Short answer - probably not. Sysguard is a troublesome creature and the 2010 version is more so.

Hi guys,

Bigred here from BoLS.

Ad providers are reporting that malware operators were isolated and removed this evening. Apparently there was a big push by these scumbags internet wide and everything from the big political sites, to news and sports got hit.

Thanks for reporting. I've updated the title of this thread so people are not put off now that is is sorted.

Cheers Bigred. Knew we could count on you.

Thanks for the fast response legoburner and Oldgrue,

And H.B.M.C., track me down at Adepticon if you're going. I'll buy you a brewski.

Man, I was wondering what the hell was going on, I've gotten that same virus at least three fething times and could never figure out how...it just seemed to get on my comp at random while I was browsing different sites. It's really fethed up my computer.

Thanks for posting those links.

So quick Q..

Whats the best way to get rid of it if you have it? Want to know in case it pops up.

There is no quick way, but there's some handy-dandy links I supplied above for just that purpose.

Edit:
My professional opinion is to confirm your important data is backed up (Why wasn't it? Hmm? ) and perform a low level format before reinstalling the OS to ensure a secondary payload wasn't buried somewhere you missed. The links above are much more reasonable if less thorough.

Firefox users also have two browser add ons that can be very helpful

No Script
https://addons.mozilla.org/en-US/firefox/addon/722

Adblock
https://addons.mozilla.org/en-US/firefox/addon/1865

Read up on both on how to configure them, and enjoy your web surfing again.

legoburner wrote:Thanks for reporting. I've updated the title of this thread so people are not put off now that is is sorted.

Don't think it is safe... I got caught a few days ago...
ended up doing a full strip and rebuild of my lappy as it was the only way to get rid of it...
Went back to BOLS this afternoon and got infected again..!!!

I'm glad I don't care for Bols that much.. phew.. dodged a bullet.

Yeah I was trying to help everyone here, not take a dig at BLoS.

And Big Red, despite what my flag says, I'm actually in Australia. And as much as I'd love to attend an adepticon, right now affording food is my biggest priority, not plane tickets. But thanks anyway.


Automatically Appended Next Post:
Ok, not 100% fixed it seems.

Just went to BOLS and my virus scanner popped up two alerts for something called "nikuraka.com".

Just thought y'all should know.

Yeah, we had a problem with Personal Antivirus (another piece of malware) a couple of months ago. Had to wipe the hard drive in the end. Cheers for the warning, I really don't want to go through that hassle again. The people who put this stuff on the web should have their insides ripped out and fed to them.

Moopy wrote:Firefox users...

Sigh... here we go again. Look, I use the default IE browser and have never had these problems. How? By doing the following...

Tools > Internet Options > Privacy > turn on the popup blocker and click settings button > go to the bottom and set the block level to HIGH.

If you like using a non-IE browser, fine. Good for you. Have fun. But leave the Firefox fanboy crap for the Warcraft forums.

I wasn't aware Web Browsers could have fanboys and these are Warcraft Forums?? y'learn something new everyday!

Breotan wrote:If you like using a non-IE browser, fine. Good for you. Have fun. But leave the Firefox fanboy crap for the Warcraft forums.

I'm pretty sure there was nobody gushing over the joys and pleasures of non-IE browsers. Looked a lot more like "If you happen to have this browser, here is an option for you." The same thing you did by showing IE users where they can adjust their pop-up blocker sensitivity.

You might want to stop visiting the Warcraft forums for a while, they appear to be infecting your reactions to innocuous statements.

Breotan wrote:

Moopy wrote:Firefox users...

Sigh... here we go again. Look, I use the default IE browser and have never had these problems. How? By doing the following...

Tools > Internet Options > Privacy > turn on the popup blocker and click settings button > go to the bottom and set the block level to HIGH.

If you like using a non-IE browser, fine. Good for you. Have fun. But leave the Firefox fanboy crap for the Warcraft forums.

Fly of the hinge much?

Breotan wrote:

Moopy wrote:Firefox users...

Sigh... here we go again. Look, I use the default IE browser and have never had these problems. How? By doing the following...

Tools > Internet Options > Privacy > turn on the popup blocker and click settings button > go to the bottom and set the block level to HIGH.

If you like using a non-IE browser, fine. Good for you. Have fun. But leave the Firefox fanboy crap for the Warcraft forums.

So I take it that irrational hatred of popular things is back in fashion?

lord_blackfang wrote:
So I take it that irrational hatred of popular things is back in fashion?

It never goes out of fashion here at El Dakka Ranch senior!

Breotan wrote:Sigh... here we go again. Look, I use the default IE browser and have never had these problems. How? By doing the following...

Tools > Internet Options > Privacy > turn on the popup blocker and click settings button > go to the bottom and set the block level to HIGH.

If you like using a non-IE browser, fine. Good for you. Have fun. But leave the Firefox fanboy crap for the Warcraft forums.

So, basically, I shouldn't say anything right now about using a mac?

Actually, using a Mac and FireFox w/ Ad Block Plus might be bad in the long run, because honestly I never even know about stuff like this until i read about it. It is like I have overprotective parents and I will never know what is out there till I end up using IE for the first time and all of a sudden I am dead from syphilis.

Firefox+No Script+ Ad-Block = no worries.

Dont forget flash block and disable java or you'll still get hit by exploits in those plugins.

legoburner wrote:Dont forget flash block and disable java or you'll still get hit by exploits in those plugins.

Absolutely!