Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you: No adverts like this in the forums anymore. Times and dates in your local timezone. Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance. Email notifications for threads you want to watch closely. Being a part of the oldest wargaming community on the net. If you are already a member then feel free to login now.

Everyone I just visited Forgeworld and was hit by some Malware in the form of a fake internet scan which in turn shut down programs such as Taskmanager and my Antivirus.
Basically it shut down everything including visiting over sites by saying that whatever I tried to do was infected and wouldn't be allowed by this program.

Yes I know that these online "virus scans" are always actually a virus but this one gave no choice at all and started automatically.
Now I have to remove the threat and look over my Firefox settings which may have changed from the last update >_>

Yikes...thanks for the heads up....I was going to have a look there later.

Hope someone has managed to let them know...

Padre^.

I had the same virus recently, though I had not been aware of if coming from Forgeworld. used Malwarebytes to get rid of it.

Fancy that, I just got done killing this malware from my computer; I didn't imagine it was the Forge World site that could have done this.

Either way, I had to rename the Malware Bytes executable to "iexplore.exe" to actually get it to run past the "Antivir" malware.

In before Mac users.

Hi Not_u

I got bugged by one of those things a few weeks back.
It is a nuisance

I managed to get rid of it by rebooting the computer in safe mode
I then went into restting the computer from an earlier setting (ie BEFORE the malware warning got hold)

Reboot as normal

Sorry I can't remember where to get the reset dialogue box. will try and find out or someone may kindly say how to do that
hope that makes sense.

Well I just realised that it doesn't happen while you're logged in as another user. So I logged in as another Administrative user and deleted the account, including files. Had everything (well pretty much up to a month ago, so not much anyway) backed up anyway so I'm not losing anything. Basically it gives you a small gap when you start up before its loop of annoyance starts. Any scan has to be fast or it's going nowhere.

Not the first thing I did to attempt to solve it though. But thinking outside the box has worked in the past.

I'll look into that program as well even if this does work.
If all else fails then I'll have to format the computer.

Back up and Restore in Control panel (where else )
Open Restore files
open repair and restore
HTH
apologies if you have already fixed it but hopefully it will be of use if anyone else has a similar problem in the future.

Edit: see you have

Do we know if A) FW have been informed and B) if its still an issue?

Sgt.Roadkill wrote:Do we know if A) FW have been informed and B) if its still an issue?

A) No

and

B) No

So far so good.

What caught my attention and inspired the decision to try this, which I thought would fail, as that when it hit it opened up My Documents then closed it. Quick enough for it to flash on the task bar.

Now I'm able to do scans to ensure that it is gone, but it's currently inactive if it's still on the computer.

What I would obviously suggest to anyone hit by something like this would be to imediately unplug the computer from the Internet, then try to resolve it. I know it's obvious but it makes sense.
If you need to put crap on it use an emty USB thumb drive, which needs scanning after it and transfering files is one way. The infected computer should scan the USB after the problem is resoved.

If I remember the name right it called itself Anti Virus Pro or some other crap like that. It's "scan" made it extremely obvious, if it was possible, as it put discriptions of the "infections" it found under a heading called Location. The pop up bubble thing on the notification area for it displayed the exact same message as the pop up boxes it made. It would also occasionally try to connect to the internet and lso pose as a Spyware detector and a firewall and display "attacks" from the internet. The cable of course was a good two metres away from the port at the time

Thanks everyone for the help so far, this thread can help anyone else hit by this stuff.

There's basically no way your computer was infected by visiting the Forge World website. Viruses don't really work like that.

It happened when I hit on of the section links and yes it appears to be gone now.

MasterSlowPoke wrote:There's basically no way your computer was infected by visiting the Forge World website. Viruses don't really work like that.

Care to elaborate on that champ? I'm pretty sure that they do....

Hmm.. What a bummer.

In order for a virus to infect you, it needs to run a program (not exactly, but that's good enough for laymen) that affects your system. Firefox, IE, whatever, don't expose the functionality necessary for a virus to work. Rarely a security hole the browser is found and exploited but that's extremely rare and newsworthy, and these fake anti-virus viruses are not that sophisticated. He just had a virus that wasn't visible until he coincidentally was on the Forge World website.

MasterSlowPoke wrote:In order for a virus to infect you, it needs to run a program (not exactly, but that's good enough for laymen) that affects your system. Firefox, IE, whatever, don't expose the functionality necessary for a virus to work. Rarely a security hole the browser is found and exploited but that's extremely rare and newsworthy, and these fake anti-virus viruses are not that sophisticated. He just had a virus that wasn't visible until he coincidentally was on the Forge World website.

Actually, this is naive in the extreme but this is not the time nor the place to go into this. By your logic, no-one would ever get a virus/malware since 'rarely a security hole the browser is found and exploited but that's extremely rare and newsworthy'. I think you will find that browsers and security loops are found and exploited all the time and through various means.

Most viruses are gotten by running not-a-virus.exe.

PM me a link to a virus that I could get by visiting it in my browser.

This happened to me a while back, and I think it even infected BoLS for a while. I think it's the banner ads, there's a script that runs when the ad loads that downloads the virus onto your computer. I use Firefox and ever since I got the NoScript add-on it hasn't happened to me again.

Being the crazy fether I am, I just went on FW and voila! No problem.

MasterSlowPoke wrote:Most viruses are gotten by running not-a-virus.exe.

PM me a link to a virus that I could get by visiting it in my browser.

You are splitting hairs now - this isn't about a virus (which is used as a catch-all term) but about malware. The two are different but often have similar goals in mind.

Ok, well show me evidence of a website that will give me malware just by loading the page in my browser.

MasterSlowPoke wrote:Ok, well show me a website that will give me malware just by loading the page in my browser.

There's plenty of them out there - go and visit any porno site at random, most of them are malware infected.

Are you seriously trying to suggest that you cannot be infected in any way through a browser? You really should mention it to Adobe since they spend an awful lot of time and effort patching Flash vulnerabilities.

Flash is just one of many examples of processes by which malicious code or script can be injected onto a user's PC, entirely without their knowledge or say so. Most of them occur through piggybacking seemingly 'legitimate' scripting actions on a page, like an advert or an embedded media content. If you really think that you are perfectly safe browsing the web, with no way of being attacked then I pity you, or rather I pity your bank account details.

Tim the Biovore wrote:Being the crazy fether I am, I just went on FW and voila! No problem.

Yeh I think it's gone, I went round the same area after fixing it and nothing. Should probably edit thread title now that it seems gone.

filbert wrote:Are you seriously trying to suggest that you cannot be infected in any way through a browser? You really should mention it to Adobe since they spend an awful lot of time and effort patching Flash vulnerabilities.

No, just extremely rare. There are far more likely vectors for infection than being one of the first to stumble on a new banner ad exploit.

I'd also say it'd be impossible to get one from Forge World's website, as they don't have any off site ads or whatever.

MasterSlowPoke wrote:

filbert wrote:Are you seriously trying to suggest that you cannot be infected in any way through a browser? You really should mention it to Adobe since they spend an awful lot of time and effort patching Flash vulnerabilities.

No, just extremely rare. There are far more likely vectors for infection than being one of the first to stumble on a new banner ad exploit.

I'd also say it'd be impossible to get one from Forge World's website, as they don't have any off site ads or whatever.

Complete and utter twaddle - and with that, I'm done discussing this with you. If you want to believe that - fine, crack on, it's your life. However, those of us with a modicum of common sense will continue to protect ourselves as befits that latest threats and vulnerabilities.

Seeing as the situation is now solved, I'm just going to lock this then. Cheers for the heads up.