Stay away from FPSBanana!
 

I'm going to spare you the long and detailed story of my horrible adventures with Win32.Trojan.TDSS. Instead, I'll offer you a friendly warning. STAY THE FUCK AWAY FROM FPSBANANA! In theory, it's a wonderful site with tons of great stuff for customizing your gaming experience, but the website itself is just pure shit. This site has been constantly labelled as an attack site by Google, and after my experience, I understand why.

I was prompted with a "This file can not be opened. Please select a program to open it with" box, which looked legitimate (arguable). After canceling this window, I was presented with a fake security icon in my systray. After closing the unwanted processes in my Task Manager, I proceeded to download Ad-Aware. It didn't install right away, and after a dozen reboots later and a barrage of advertisements, I got it to work. However, Ad-Aware only did the job of detecting the malicious software running and being present on my machine. It did not remove the Trojan after reboot, as it said it would. So, I had to remove the specific file from its hiding spot in my System's Driver files using RootRepeal. Now, an hour and twenty minutes into the new scan; no infected files.

Stay away from FPSB. I'm certain this problem started from browsing that website, and I'm now certain I gave it the lead-way by falling for that faked 'This program can not be opened' bullshit. Just a friendly warning. Don't fall for such bullshit. I'm pretty 'eagle-eye' when it comes to spotting bullshit, but that dialog window convinced me it was my operating system.

How odd such an event to happen after hearing James Randi say [para-phrase] "Everyone can be fooled. No one is immune to trickery. We all have the same 'hunk of meat' in our heads – with the same wiring, patterns, and such. " .. Ha

(I'm presuming, of course, that FPSBanana is a "house-hold name" around here.)

hmm...I appreciate the info, I go to FPSBanana all the time

Paranoia makes me scan most of my downloads before I open them.

FPSB is kaka. This is why I have never uploaded my files there.

Care to share another big download site that is better?

Your mom's ass. Err sorry that would be upload. :D

Try installing Firefox with Noscript.

The site has been growing faster than it should have, having thousands of new images put up on it daily. The place has about 6 servers just for images i believe.

long story short, there was an sql injection of some sort from China. (im not knowledgeable with web development and i don't know exactly what it is, i'm going based on what the site owner said)

If you don't want Firefox with noscript (and you can go to the fpsb page, and block anything ending in .cn) then yeah, stay away - or get something like NOD32.

I myself go there almost daily and don't have problems. One of the site's moderators makes a living by traveling places and working with security solutions for business or whoever. Unfortunately he has been missing for months, and he hasn't been able to help the site's security.

That's all good and dandy, but I didn't become infected from a download. I was attacked via my web browser. Either it installed without by choice, or I fell for a fake windows dialog box.

it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell

What browser where you using?

Opera

Wow that was unexpected

My virus scanner and Ad-Aware return that I am free from infection. Ad-Aware did not get rid of a few of the UACD* rootkits, but my virus scanner picked up on them. I tried to delete them through the program, but it failed to do so. I ended up manually deleting the files from my System folder. Now, both of my protection programs tell me that I'm infection free. However, RootRepeal continues to list UACD*.sys as a hidden service.

UACD is supposed to be the information for Account Control. Y'know, that little bastard of a prompt that asks you if you want to do this or that? The prompt that annoys the fuck out of you, by asking permission to run even the most trivial programs? Well, I disabled that when I first installed the OS back in '08, so it's useless to me. Though, I'm stuck now. Is the UACD showing in RootRepeal the real deal, infected, or a clone? Deleting those few UACD files in System has turned Security Alerts from Windows off. Maybe it was legitimate? Goddamn, this is such an annoyance.

In an odd way, when you're infected and get spammed with advertisements, your browsers act in weird ways, and it's only blatantly obvious that you're infected; You're in a good situation. Again, it's obvious you're infected. Here I am, without any sign telling me if I'm infected or not. I guess not. I'll just go about my business. FUCK EVERYTHING.

If all else fails, I'll probably have to buy a new hard drive. Yeah, that bad.
FUCK FPSBanana.

Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it.

What area of the site did this happen, can you remember?

I am on it now. Whether ABP and PeerG are protecting me, I don't want to test to find out.

All true, especially the last one :); does have some good content though.

That site is shit. Good Day Sir!

Never had any problems with FPSB, and I just visited the site like 2 days before you posted the OP.

Oh, and this too.

I, too, have browsed the website with no problems. At first, I was confused as to what website or download I could have recieved such a trojan from. Maybe it was the dozen roms I downloaded? Though, my suspicion that is was FPSBanana is supported, in a way, because:

1. FPSbanana is always down.
2. FPSbanana always has fucked up features.
3. FPSbanana is often labelled as an attack site by Google.
4. FPSbanana is always 'being attacked', its TF2 server community says.
5. I got hit when browsing FPSbanana.
6. FPSbanana is flooded with ads. The adware spewed the same adverts.

Well, now my computer is being bitchy. The Security Services are offline despite being required by MSConfig to operate on startup, AVG Virus' live components are suddenly gone, and Ad-Aware will no longer connect, thus refusing to even run. If I can't rid of this bullshit, I have no choice but to get an eternal and completely wipe this drive.

Gee, what a fucking adventure. FPSB is getting perma-blocked when I get everything reinstalled. What a fucking joke. I wonder how long it will be before my internet connection is disabled by this piece of shit? If I disappear, you know why. Woo.

EDIT: Cleaned some LOLINFECTION ("Ah! Somebody help, I'm infected!") from my registry. Going to bombard everyone here with updates on how annoying the removal of this bullshit has become. Feel my pain. FPSB is not your friend. Lmao

EDIT: Got Ad-Aware and AVG to work. Restarted Security Service from the services menu. Only problem that exists now is that I am unable to create a restore point through system restore. Fuck it. From now on, I'm assuming I'm free from the bullshit. I'll reformat some later time, anyway. Too much shit, too little time.

I recommend Kaspersky to all of my customers on account of how awesome it is.

The vulnerability detector is nice. They either:

a) Keep their own stuff up to date without bothering me about it (which sucks for me)

or more likely

b) Call me up and ask me to fix everything. Awesomesauce.

Malware Bytes works really well too. I would suggest unplugging your network cable when you go to pull spyware. They tend to dial home when you run the "uninstaller" and set themselves up to reinstall after being removed and all the likes. Run the removal tools in safemod as well. That will kill off the spyware processes for the most part as well.