No , Camino as noted - much more OS X feel built on Firefox engine -
Again it doesn't happen often but once this morning and once just now - was just letting the admins know it's completely browser based and nothing to do with any Windows exploit , the initial pop-up and redirection is possible on any platform apparently -
The payload of course only works on Windows machines though but the spyware attempt can happen across the board it seems - and whatever they did earlier didn't do anything to stop it because this second time just happened about 10-15 mins ago
We are really stumped on this one. None of us are getting this pop up and I installed Trend Micro Security 2008 and it also has not sniffed anything out. We shut off our ads for a couple hours and we still had a couple reports - we turned them on a couple hours ago and have still had just a couple (compared to dozens this monring when we first heard about it).
It is definately not affecting most users - only a select few. Normally if something like this is happening to the majority we get masses of emails/posts per hour, and we are really seeing a small amount of comments on this now.
Because we cannot recreate the pop up it is nearly impossible to troubleshoot...especially because the users that do seem to get it only see it once in a rare while - so it is not like we can test different things
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
I got it at class this morning the sticker for me at least was it completely redirects the browser, so you cant see what was on the page at the time of the popup.
Making it hard to figure out what the offending add is.
Not sure if it helps or not Admins , but both times I have seen this have been on forum pages , have left the main mmorpg page up for hours and nothing from there -
I just got the pop up while viewing this forum post. Got while i was reading threw the secong page. The IE window minimized and then I got Windows window pop-up telling me my anti-virus was out of date, which i had just updated, and the www_xpantivirus add pop-up is in the bottom corner of my screen.
We will try to find out what is causing this. I am not getting this but if people could post the following:
1) Your browser : IE 7
2) Any ads that are on the page when you see this: Same as noted in thread
3) The software giving you the warning (your spyware/virus scanner, etc) Same as noted in thread
4) The exact warning message : Same as noted in thread
This could never happen on our internal ads since we place the SWF or GIF/JPG directly on the page ourselves - but we do use 2 seperate outside netowrks. While I would hope they would
Just so it be known I got this warning while at work , but our corperate AV didnt flag it , it was a pop up , it happeend both time on the forums section.
We are really stumped on this one. None of us are getting this pop up and I installed Trend Micro Security 2008 and it also has not sniffed anything out. We shut off our ads for a couple hours and we still had a couple reports - we turned them on a couple hours ago and have still had just a couple (compared to dozens this monring when we first heard about it). It is definately not affecting most users - only a select few. Normally if something like this is happening to the majority we get masses of emails/posts per hour, and we are really seeing a small amount of comments on this now. Because we cannot recreate the pop up it is nearly impossible to troubleshoot...especially because the users that do seem to get it only see it once in a rare while - so it is not like we can test different things
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
Played (more than a month): SWG, Second Life, Tabula Rasa, Lineage 2, Everquest 2, EvE, MxO, Ryzom.
We are really stumped on this one. None of us are getting this pop up and I installed Trend Micro Security 2008 and it also has not sniffed anything out. We shut off our ads for a couple hours and we still had a couple reports - we turned them on a couple hours ago and have still had just a couple (compared to dozens this monring when we first heard about it). It is definately not affecting most users - only a select few. Normally if something like this is happening to the majority we get masses of emails/posts per hour, and we are really seeing a small amount of comments on this now. Because we cannot recreate the pop up it is nearly impossible to troubleshoot...especially because the users that do seem to get it only see it once in a rare while - so it is not like we can test different things
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
I don't think so because it is happening on many pages of the site (that is what we have heard anyways) - so far we have heard the forums, blogs and game list pages.
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
We are really stumped on this one. None of us are getting this pop up and I installed Trend Micro Security 2008 and it also has not sniffed anything out. We shut off our ads for a couple hours and we still had a couple reports - we turned them on a couple hours ago and have still had just a couple (compared to dozens this monring when we first heard about it). It is definately not affecting most users - only a select few. Normally if something like this is happening to the majority we get masses of emails/posts per hour, and we are really seeing a small amount of comments on this now. Because we cannot recreate the pop up it is nearly impossible to troubleshoot...especially because the users that do seem to get it only see it once in a rare while - so it is not like we can test different things
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
I don't think so because it is happening on many pages of the site (that is what we have heard anyways) - so far we have heard the forums, blogs and game list pages.
I JUST got this after reading about it 30minutes prior whilst surfing the MMORPG forums (reading a blog about censorship) when this hit me. I hope this helps!!
These are known as spyware "Traps". They make you think your infected via some misc scanner checking your PC (impossible, note I'm using Firefox and it doesn't allow such things unless I tell it to specifically, after turning off several warnings lol!) in order to infect your PC with trojans and other such malware.
-Draga
The Theory of Conservative Conservation of Ignorant Stupidity: Having a different opinion must mean you're a troll.
What we really need is a screen of our webpage when it popped up. Looking at your taskbar our page is still there - just minimized. I think these steps would help:
1) After pop up, click F4 to force close that window (if you click anything on that pop up it will re-direct our page to the trojan installer)
2) Click back on our site on the taskbar
3) Take a screen shot (more multiples if the page is longer than one screen) - we really need to see all the ads
4) Right click on the page and select "View Source" - save this as a txt file and email to admin@mmorpg.com
Thanks!
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
This just happened to me on firefox and I wasn't able to give you a screenshot. It didn't minimize my browser it appears to take my entire browser over making it into just a dialog box asking if I want to scan my system or something like that. I hit alt F4 and it removed the mmorpg.com session and started scanning my computer. This is very upsetting!!
Happened for the first time for me today after clicking on a frontpage forum post. Minimized my Firefox and popped up a browser in the lower right, similar to when Vista has messages for you.
Clicked it closed and it opened a full page "scanning" my comp. Closed it immediately.
I have not received any of these pop ups making it something attached to an external ad site as from my 60K line host file does a good job at removing most external ads from web pagesm not I still get all the ads hosted on the MMORPG.com servers.
We just received a good email report from a user (thanks Dalevi1) that had some page source. We did notice one common ad in the two pages and have disabled it.
I will be very anxious to know if this still happens to anyone (due to page caching it might take a couple hours to really know)
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
We just received a good email report from a user (thanks Dalevi1) that had some page source. We did notice one common ad in the two pages and have disabled it. I will be very anxious to know if this still happens to anyone (due to page caching it might take a couple hours to really know)
We just received a good email report from a user (thanks Dalevi1) that had some page source. We did notice one common ad in the two pages and have disabled it. I will be very anxious to know if this still happens to anyone (due to page caching it might take a couple hours to really know)
Would the sneaky devils have put in code to only have it pop up sometimes to make it harder to find the source of the "infection"? What ad was it?
I tried to get some info but it makes it impossible to get the page source. It physically makes the web page a minimun sized window in the lower right of the screen and minimizes it. Then it puts up a dialog box saying your computer might be infected do you want to scan yes or no. No matter what you do it will open the browser max window size and it runs some scanner application and asks you to install some software.
I tried accessing the browser windows to get the source but the window wasn't accessable. the dialog box would take focus back no matter what you did. If you wnt into task manager only the single browser process shows up.
AVG is stopping this Trojan running on every page of site, since yesterday: http://www.mmorpg.com/scripts/wddx.js?002unp28199963 This has happened before, you guys really need to do something about your security.
-------------------- Member of Coreli corp. We have the boosters you crave!
You'll get a faster response if you e-mail support AT mmorpg.com than you will if you just post in a forum.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Comments
No , Camino as noted - much more OS X feel built on Firefox engine -
Again it doesn't happen often but once this morning and once just now - was just letting the admins know it's completely browser based and nothing to do with any Windows exploit , the initial pop-up and redirection is possible on any platform apparently -
The payload of course only works on Windows machines though but the spyware attempt can happen across the board it seems - and whatever they did earlier didn't do anything to stop it because this second time just happened about 10-15 mins ago
We are really stumped on this one. None of us are getting this pop up and I installed Trend Micro Security 2008 and it also has not sniffed anything out. We shut off our ads for a couple hours and we still had a couple reports - we turned them on a couple hours ago and have still had just a couple (compared to dozens this monring when we first heard about it).
It is definately not affecting most users - only a select few. Normally if something like this is happening to the majority we get masses of emails/posts per hour, and we are really seeing a small amount of comments on this now.
Because we cannot recreate the pop up it is nearly impossible to troubleshoot...especially because the users that do seem to get it only see it once in a rare while - so it is not like we can test different things
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
I got it at class this morning the sticker for me at least was it completely redirects the browser, so you cant see what was on the page at the time of the popup.
Making it hard to figure out what the offending add is.
Not sure if it helps or not Admins , but both times I have seen this have been on forum pages , have left the main mmorpg page up for hours and nothing from there -
I just got the pop up while viewing this forum post. Got while i was reading threw the secong page. The IE window minimized and then I got Windows window pop-up telling me my anti-virus was out of date, which i had just updated, and the www_xpantivirus add pop-up is in the bottom corner of my screen.
We will try to find out what is causing this. I am not getting this but if people could post the following:
1) Your browser : IE 7
2) Any ads that are on the page when you see this: Same as noted in thread
3) The software giving you the warning (your spyware/virus scanner, etc) Same as noted in thread
4) The exact warning message : Same as noted in thread
This could never happen on our internal ads since we place the SWF or GIF/JPG directly on the page ourselves - but we do use 2 seperate outside netowrks. While I would hope they would
Just so it be known I got this warning while at work , but our corperate AV didnt flag it , it was a pop up , it happeend both time on the forums section.
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
Played (more than a month): SWG, Second Life, Tabula Rasa, Lineage 2, Everquest 2, EvE, MxO, Ryzom.
Tried: WoW, Shadowbane, Anarchy Online, Everquest, WWII Online, Planetside
Beta: Lotro, Tabula Rasa, WAR.
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
I don't think so because it is happening on many pages of the site (that is what we have heard anyways) - so far we have heard the forums, blogs and game list pages.
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
Could this possibly be culled from a user importing a graphic/script from a 3rd party site?
I don't think so because it is happening on many pages of the site (that is what we have heard anyways) - so far we have heard the forums, blogs and game list pages.
I JUST got this after reading about it 30minutes prior whilst surfing the MMORPG forums (reading a blog about censorship) when this hit me. I hope this helps!!
i36.photobucket.com/albums/e15/Fadedspirit/MMORPGinfected.jpg
These are known as spyware "Traps". They make you think your infected via some misc scanner checking your PC (impossible, note I'm using Firefox and it doesn't allow such things unless I tell it to specifically, after turning off several warnings lol!) in order to infect your PC with trojans and other such malware.
-Draga
The Theory of Conservative Conservation of Ignorant Stupidity:
Having a different opinion must mean you're a troll.
What we really need is a screen of our webpage when it popped up. Looking at your taskbar our page is still there - just minimized. I think these steps would help:
1) After pop up, click F4 to force close that window (if you click anything on that pop up it will re-direct our page to the trojan installer)
2) Click back on our site on the taskbar
3) Take a screen shot (more multiples if the page is longer than one screen) - we really need to see all the ads
4) Right click on the page and select "View Source" - save this as a txt file and email to admin@mmorpg.com
Thanks!
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
This just happened to me on firefox and I wasn't able to give you a screenshot. It didn't minimize my browser it appears to take my entire browser over making it into just a dialog box asking if I want to scan my system or something like that. I hit alt F4 and it removed the mmorpg.com session and started scanning my computer. This is very upsetting!!
---
Ethion
Happened for the first time for me today after clicking on a frontpage forum post. Minimized my Firefox and popped up a browser in the lower right, similar to when Vista has messages for you.
Clicked it closed and it opened a full page "scanning" my comp. Closed it immediately.
I have not received any of these pop ups making it something attached to an external ad site as from my 60K line host file does a good job at removing most external ads from web pagesm not I still get all the ads hosted on the MMORPG.com servers.
Just got this about 5 minutes ago, will do what you said when/if it happens again.
|Mortal Online|Gnostaria|
We just received a good email report from a user (thanks Dalevi1) that had some page source. We did notice one common ad in the two pages and have disabled it.
I will be very anxious to know if this still happens to anyone (due to page caching it might take a couple hours to really know)
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
Just sent mine as well.
|Mortal Online|Gnostaria|
Would the sneaky devils have put in code to only have it pop up sometimes to make it harder to find the source of the "infection"? What ad was it?
it just happened to me again.
I tried to get some info but it makes it impossible to get the page source. It physically makes the web page a minimun sized window in the lower right of the screen and minimizes it. Then it puts up a dialog box saying your computer might be infected do you want to scan yes or no. No matter what you do it will open the browser max window size and it runs some scanner application and asks you to install some software.
I tried accessing the browser windows to get the source but the window wasn't accessable. the dialog box would take focus back no matter what you did. If you wnt into task manager only the single browser process shows up.
this is running firefox version 2.x
---
Ethion
i just got it too, couldnt take any shots as FF minimised and i had to end task
That xpantivirus bogus program has been "popping" up at other MMORPG sites...hopefully that scam site can get shut down soon.
It has been several days since I've seen this popup. I'm pretty hopeful that it has finally be erradicated!!
---
Ethion
http://www.mmorpg.com/scripts/wddx.js?002unp28199963
This has happened before, you guys really need to do something about your security.
--------------------
Member of Coreli corp.
We have the boosters you crave!
Any page ob mmorpg.com i browse, Avast keeps popping up with
Virus found, Trojan Horse
HTML:RogueIframe [Trj]
in
http://www.mmorpg.com/scripts/wddx.js?002unp67722409
I'm running Avast 4.7. Home, Virus DB 03/17/08 v080317-0 and Firefix 2.0.0.12.
You'll get a faster response if you e-mail support AT mmorpg.com than you will if you just post in a forum.