| User |
Message |
The Ironwarrior
Posts: 2
Joined: 11/11/2006
Credibility: 0 pts
|
| Someone's snuck a trojan into your site |
|
|
|
I've used your site now for a very long time and really enjoy it. It's taken a few tries to finally complete, but perhaps one good thing from this is that it caused me to finally register...
Anyways, I wanted to let you know that the "Factions Map" you have posted is tainted with a trojan named "Exploit-MS06-014".
It doesn't seem hard to remove, I've gotten it and removed it several times just to be sure of this before I post it. I'm guessing it hasn't been mentioned before but I'm sure that someone has a 'clean' map to replace it with.
If your AV doesn't recognize it or cannot remove it, I'm using McAfee and it's does both.
Peace,
|
| 11/12/06 15:36 |
Login to rate this user's post! |
Xaviak
GameAmp Staff
Posts: 1088
Joined: 02/25/2006
Credibility: 4 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
eep.... O.o
EDIT: which browser are ye using?
***THIS POST HAS BEEN EDITED***
AmpWoW<-- Check it out if you need to find something. ^^
WoW@GA is looking for new staffers! More info HERE!
|
| 11/12/06 15:39 |
Login to rate this user's post! |
Lance Wrongbow
Posts: 48
Joined: 03/12/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | I've used your site now for a very long time and really enjoy it. It's taken a few tries to finally complete, but perhaps one good thing from this is that it caused me to finally register...
Anyways, I wanted to let you know that the "Factions Map" you have posted is tainted with a trojan named "Exploit-MS06-014".
It doesn't seem hard to remove, I've gotten it and removed it several times just to be sure of this before I post it. I'm guessing it hasn't been mentioned before but I'm sure that someone has a 'clean' map to replace it with.
If your AV doesn't recognize it or cannot remove it, I'm using McAfee and it's does both.
Peace, |
Ouch, thank god I never looked at that map. Never liked Factions. Thanks for telling us. + cred
***THIS POST HAS BEEN EDITED***
Thank you Maqulvent for this siggy
|
| 11/12/06 15:41 |
Login to rate this user's post! |
The Ironwarrior
Posts: 2
Joined: 11/11/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
I'm using IE7.
and the protections suite provided by comcast from McAfee, it recognized the trojan and removed it... the virus continues to attempt to put itself on your puter as long as the picture is open too.
|
| 11/12/06 15:44 |
Login to rate this user's post! |
mwpeck
GameAmp Staff
Posts: 24
Joined: 11/24/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
I find this hard to believe since all the maps are pictured, compiled and posted by admins.
Oh, and your using McAfee, so I wouldnt believe it 100%.....i've tried it before, and I found AVG(free) and NOD32(trial) BOTH find more than McAfee can. And McAfee also sometimes picks up stuff that isnt really a virus/trojan.
***THIS POST HAS BEEN EDITED***
|
| 11/12/06 15:44 |
Login to rate this user's post! |
One Swordsman
Posts: 67
Joined: 11/21/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | | I find this hard to believe since all the maps are pictured, compiled and posted by admins. |
No it's true, I've had the same issue, and the guys at the WoW site have been complaining about it - including the admins.
I have a flannel to wash my face
if it gets mucky i feel disgraced.
Do you like horlicks, do you like chips.
I'v got 100 pairs of lips
- Gotta love the Warlock forums xD
|
| 11/12/06 15:46 |
Login to rate this user's post! |
Xaviak
GameAmp Staff
Posts: 1088
Joined: 02/25/2006
Credibility: 4 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | | QUOTE | | I find this hard to believe since all the maps are pictured, compiled and posted by admins. |
No it's true, I've had the same issue, and the guys at the WoW site have been complaining about it - including the admins. |
We got Trojans on the WoW side too? :S
AmpWoW<-- Check it out if you need to find something. ^^
WoW@GA is looking for new staffers! More info HERE!
|
| 11/12/06 15:48 |
Login to rate this user's post! |
mwpeck
GameAmp Staff
Posts: 24
Joined: 11/24/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | | QUOTE | | I find this hard to believe since all the maps are pictured, compiled and posted by admins. |
No it's true, I've had the same issue, and the guys at the WoW site have been complaining about it - including the admins. |
interesting.....so someone has hacked the site and placed a few trojans? I wonder if Opera is that good cause I havnt picked up anything.(then again Opera has the most secure browser)
|
| 11/12/06 15:48 |
Login to rate this user's post! |
benjef
Posts: 41
Joined: 01/15/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
What do trojans do exactly cause i don wanna loose my Passwords >>
|
| 11/12/06 15:53 |
Login to rate this user's post! |
Xaviak
GameAmp Staff
Posts: 1088
Joined: 02/25/2006
Credibility: 4 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | | What do trojans do exactly cause i don wanna loose my Passwords >> |
I'm not sure at all but I think they're supposed to go all sneaky like to your comp and open ports so the nastier viruses and worms can get in?O.o
|
| 11/12/06 15:55 |
Login to rate this user's post! |
mwpeck
GameAmp Staff
Posts: 24
Joined: 11/24/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
All ya need to know about trojans.
|
| 11/12/06 16:00 |
Login to rate this user's post! |
binarydumb
Posts: 18
Joined: 09/12/2005
Credibility: 0 pts
|
| RE: Someone\'s snuck a trojan into your site |
|
|
|
First off: Welcome to Gameamp, The Ironwarrior!!
Thank you for giving us a heads up but I scanned the picture with 3 separate PC's (2 desktops plus my laptop) and could not detect this trojan you mentioned.
My gaming desktop is a 64bit rig using Avast. My 2nd desktop is uses XP Pro and uses AVG for its protection. My laptop runs on XP Pro with McAfee for its security.
I downloaded the picture on each of the 3 pc's and scanned the file in question. I came up with it being clean on all 3 tries. Could it be that it was your machine that was tainted? I don't want to trivialize anything with regards to this matter since it can be quite harmful in it's maliciousness. I also made sure that all 3 anti-virus programs were updated before I scanned.
Could you let us know what you find? Incidentally, I have all three PC's set to scan at least once a day in the wee hours of the morning. And so far, I have been lucky. Also I avoid using IE7 or IE6. I primarilly use Opera and Firefox.
Whatever the case may be, I am letting the powers that be know.
***THIS POST HAS BEEN EDITED***
|
| 11/12/06 16:02 |
Login to rate this user's post! |
Albino Monktress
Posts: 239
Joined: 04/09/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
i had a trojen the other day deleted itand hurd nothing else from it
and bianary im callin the police ur post number is 911
Check out my Fan Fic^ Sig made by me!
LEADER of [ToD]Togo Dies Always accepting new members :)
Disclamer My spelling SUXS
|
| 11/12/06 16:11 |
Login to rate this user's post! |
Sunrunner
Posts: 45
Joined: 09/27/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
i use mcafee, norton, and zonealarm, so if anything so much as looks at my computer the wrong way i find it and i have never had a problem with gameamp.
tho it is scary to realize that if a corrupt admin stuck a keylogger or something on the site how many people would be affected
|
| 11/12/06 16:28 |
Login to rate this user's post! |
KnightHawk81
GameAmp Staff
Posts: 14
Joined: 08/22/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
I'll poke through it too. I've got several AV/Syware programs I can run it through. I would like to bring up a possibility that hasn't been brought up...Ads. While Google (and other ad promoters) screen the ads placed, they don't always catch everything. I have 8-10 sites I've created on Angelfire for various games/personal reasons. Since I can't afford to pay a monthly for each one, I run their free service, which means Angelfire placed Ad Javascripts. My Dad and Stepmother check my personal site on occasion. Well, long story short, one of the ads in the Angelfire rotation contained a NASTY virus...and my Dad was forced to re-format to fix it.\
I'm NOT saying that's what it was, just bringing up the possibility.
If Death takes me now I shall not fear, for I have lived and life is good.
WoW Client Download Support Page
|
| 11/12/06 16:30 |
Login to rate this user's post! |
Defense Offenise
Posts: 1
Joined: 06/05/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
guys, do not be sure my cousions cpu can track and find trojons pretty easy seeing he works on stuff like this. if some did sneak a trojon on it ill have him take it off and track who put it on. ok hows that i hope theres not a trojon well ill be calling ym cousion soon so ill have him tae a look at this problem
|
| 11/12/06 16:33 |
Login to rate this user's post! |
Julia Heartilly
Posts: 10
Joined: 11/26/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | I've used your site now for a very long time and really enjoy it. It's taken a few tries to finally complete, but perhaps one good thing from this is that it caused me to finally register...
Anyways, I wanted to let you know that the "Factions Map" you have posted is tainted with a trojan named "Exploit-MS06-014".
It doesn't seem hard to remove, I've gotten it and removed it several times just to be sure of this before I post it. I'm guessing it hasn't been mentioned before but I'm sure that someone has a 'clean' map to replace it with.
If your AV doesn't recognize it or cannot remove it, I'm using McAfee and it's does both.
Peace, |
I'd run a CRC or MD5 check on your virus scanner if I were you cause it looks to me that that is what is infected and being played with, not the map.
Apart from the fact that malicious code .jpg format is both relatively very hard to accomplish and even if done hasn't been done in such a way it was anywhere near hard to detect - at least not in the past time since the rise of polymorphic viruses.
Also I ran scans on it with Webroot Spy Sweeper, NOD32, McAfee Enterprise and Norton AV Corporate (which is no where near similar to standard Norton AV btw) and none detected anything.
|
| 11/12/06 16:39 |
Login to rate this user's post! |
The Ironwarrior
Posts: 2
Joined: 11/11/2006
Credibility: 0 pts
|
| RE: Someone\\\'s snuck a trojan into your site |
|
|
|
I'm not sure either, I just know that each time I click the "Factions Map" my AV comes up with a warning regarding the trojan, and that it's been cleaned. If I keep the picture up, it'll put itself onto my system again, I get the warning, it's cleaned and the cycle continues. Once I close the pic, I scan my system and the messages stop.
I've checked it out and it appears a simple, not so old code that can be put most anywhere and pictures are pretty typical it seems :/
A few links regarding the trojan it found:
http://vil.nai.com/vil/content/v_vul23004.htm
http://www.microsoft.com/technet/security/...n/MS06-014.mspx
I can't explain how it's coming clean on your side or anything like that, but being that I only get the messages when I open the map, I can't imagine it otherwise coming from my computer?
I just meant to help others from being infected, if it truly is this trojan.
EDIT:
Reading those links again it seems that people can update their MDAC (?) to a version 2.8 to completely avoid this issue? Is that the case here, it only effects people 2.7 or below? I'm not a techie in this, so I can't even say what MDAC is really or if mine, yours or other users have 2.7 or 2.8 :)
***THIS POST HAS BEEN EDITED***
|
| 11/12/06 16:45 |
Login to rate this user's post! |
One Swordsman
Posts: 67
Joined: 11/21/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Just as a confirmation, however mine doesn't come up at a specific moment, just randomly.
***THIS POST HAS BEEN EDITED***
I have a flannel to wash my face
if it gets mucky i feel disgraced.
Do you like horlicks, do you like chips.
I'v got 100 pairs of lips
- Gotta love the Warlock forums xD
|
| 11/12/06 17:11 |
Login to rate this user's post! |
The Ironwarrior
Posts: 2
Joined: 11/11/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
That's it! :)
|
| 11/12/06 17:14 |
Login to rate this user's post! |
mwpeck
GameAmp Staff
Posts: 24
Joined: 11/24/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Ok, well, i decided to use 1 of those online virus-scanner things and, well, Here's the results. As you can see, it used the most popular ones(AVG, NOD32, McAfee, Kaspersky, etc.) and a lot of lesser-known ones. And it came up clean with all of them. I'm gonna say the file is clean. If anything, its a false-positive in McAfee(which I KNOW has happened before), or something on your computer already.
EDIT: Yes, I know those things arnt 100% accurate, but I find them to be more accurate than ANY single scanner.
***THIS POST HAS BEEN EDITED***
|
| 11/12/06 17:16 |
Login to rate this user's post! |
KnightHawk81
GameAmp Staff
Posts: 14
Joined: 08/22/2006
Credibility: 0 pts
|
| RE: Someone\\\\\\\\\\\\\\\'s snuck a trojan into your site |
|
|
|
Using Firefox 2 I get nothing...
In IE-7, accessing the Nightfall Map Page and the Factions Map Page both give me a pop-down alert stating:
| QUOTE | | This website wants to run the following add-on: "Microsoft Data Access - Remote Data Services Dat..." from "Microsoft Corporation". If you trust the website and the add-on and want to allow it to run, click here. |
Prophecies Map Page does not give me this pop-down.
Running the Map .jpgs through Norton, Ad-Aware, and Spyware Doctor gave me nothing.
Just a quick Edit: Someone mentioned the WoW portion of the site so I popped over there in IE-7 real quick. The main page gives me the same pop-down alert. So... I went to EVERY other game site located within Gameamp's drop-down menu. Only WoW's main page and the GW Nightfall & Factions map pages give me that alert. What is the same between the pages?
***THIS POST HAS BEEN EDITED***
If Death takes me now I shall not fear, for I have lived and life is good.
WoW Client Download Support Page
|
| 11/12/06 17:27 |
Login to rate this user's post! |
Maqulvent
Posts: 10
Joined: 09/05/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
little off topic, but nice background one swordsman
|
| 11/12/06 17:27 |
Login to rate this user's post! |
laggy
Posts: 0
Joined: 10/03/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Off Topic, but I noticed the Zelda Twilight Princess movie on your desktop One Swordsman.
That game is gonna be good, no not good, Fantastic!
Siggy gone on a little holiday. He promised to return when I thought of something witty.
|
| 11/12/06 17:38 |
Login to rate this user's post! |
The Ironwarrior
Posts: 2
Joined: 11/11/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Just a FYI to anyone looking into this:
At no time did I actually download this map... simply viewing it is where I've 'gotten' this 'trojan'.
Is it possible that by viewing the map via the webiste, it activates an Active-X script that you don't get from downloading and viewing the picture itself?
|
| 11/12/06 17:44 |
Login to rate this user's post! |
*smite*
Posts: 1
Joined: 03/26/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Now, I can't verify the existance of an exploit in the images, (or, rather, I just don't want to, seeing as many others are bothering with that). However, ActiveX controls embedded in images caused a bit of a stir a while back, and I had thought that Microsoft threw some updates around to remove this functionality. There isn't a practical use for it at all, except for exploits. Of course, it seems to me, from the reports here, that the code just doesn't run automatically anymore.
As for false positives in McAffe, the size of the maps could cause the IE resident to bail on scanning the entire file, end up with a corrupt image, and assume there is embedded code. This would explain a clean file in the normal virus scanner. That said, I don't have enough experience in the Windows world to say for sure that McAffe uses a resident like that.
EDIT: As a side note, I'm not sure that file size would be an issue on the WoW site, unless there's something significantly different in the way layout images are divided.
***THIS POST HAS BEEN EDITED***
"He was so intelligent that he had no ambition at all."
- T. S. Eliot
|
| 11/12/06 18:00 |
Login to rate this user's post! |
MikesterBrau
GameAmp Staff
Posts: 63
Joined: 10/27/2006
Credibility: 16 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
I can add that I am getting warnings as well but only on the WOW section of GameAmp. It has happened both at home and work using McAfee Enterprise Edition with the new engine and Dat's along with some nice hardware protection. I love the site and will keep coming but it is a matter of concern and yes Active X does make things easier but also adds the risk. I mostly browse with IE7. Just adding my bits of info. No harm no foul but I am pretty attentive to keeping my system clean.
Thanks for starting the thread and enjoy some well earned ratings. :)
|
| 11/12/06 18:22 |
Login to rate this user's post! |
General Silver
Posts: 9
Joined: 01/13/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Ive been getting some Messages from Zone Alarm Firewall About a unautorized Access so i blocked it i never though it was this site until this topic came out hmmm...
Happy Holidays Everyone
|
| 11/12/06 18:44 |
Login to rate this user's post! |
osmosisjones
Posts: 58
Joined: 11/08/2005
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
Everyone is assuming that it is the map itself that contains this trojan... there are numerous other pictures on there has any one who recieves this message checked which file it says contains the trojan... (if infact there is one).
Edit: one thing I notice is some of the comments pics show up in Firefox but not in IE.
***THIS POST HAS BEEN EDITED***
Warrior/Monk - Finished Chapter 1
Elemtalist/Monk - Finished Chapter 1
Monk/Mesmer - Finished Chapter 1
Ranger/Monk - Finished Chapter 1
guildwars.gameamp.com
|
| 11/12/06 18:46 |
Login to rate this user's post! |
Defense Offenise
Posts: 1
Joined: 06/05/2006
Credibility: 0 pts
|
| RE: Someone's snuck a trojan into your site |
|
|
|
| QUOTE | | guys, do not be sure my cousions cpu can track and find trojons pretty easy seeing he works on stuff like this. if some did sneak a trojon on it ill have him take it off and track who put it on. ok hows that i hope theres not a trojon well ill be calling ym cousion soon so ill have him tae a look at this problem |
good news and bad news... guys my cousion comfirmed there is a trojon onm it (the good news), now the bad news wile atempting to full deleted it he also found who placed it well. if i told u u might now be not very happy + my cousion computer crash after deleting it so hes mad.... he told me who it is i gotta go find were i wrote his name
|
| 11/12/06 18:53 |
Login to rate this user's post! |
