Stay away from FPSBanana!

Bridget · 07-10-2009, 03:32 PM

I'm going to spare you the long and detailed story of my horrible adventures with Win32.Trojan.TDSS. Instead, I'll offer you a friendly warning. STAY THE FUCK AWAY FROM FPSBANANA! In theory, it's a wonderful site with tons of great stuff for customizing your gaming experience, but the website itself is just pure shit. This site has been constantly labelled as an attack site by Google, and after my experience, I understand why.

I was prompted with a "This file can not be opened. Please select a program to open it with" box, which looked legitimate (arguable). After canceling this window, I was presented with a fake security icon in my systray. After closing the unwanted processes in my Task Manager, I proceeded to download Ad-Aware. It didn't install right away, and after a dozen reboots later and a barrage of advertisements, I got it to work. However, Ad-Aware only did the job of detecting the malicious software running and being present on my machine. It did not remove the Trojan after reboot, as it said it would. So, I had to remove the specific file from its hiding spot in my System's Driver files using RootRepeal. Now, an hour and twenty minutes into the new scan; no infected files.

Stay away from FPSB. I'm certain this problem started from browsing that website, and I'm now certain I gave it the lead-way by falling for that faked 'This program can not be opened' bullshit. Just a friendly warning. Don't fall for such bullshit. I'm pretty 'eagle-eye' when it comes to spotting bullshit, but that dialog window convinced me it was my operating system.

How odd such an event to happen after hearing James Randi say [para-phrase] "Everyone can be fooled. No one is immune to trickery. We all have the same 'hunk of meat' in our heads – with the same wiring, patterns, and such. " .. Ha

(I'm presuming, of course, that FPSBanana is a "house-hold name" around here.)

Dr.Satan · 07-10-2009, 03:40 PM

hmm...I appreciate the info, I go to FPSBanana all the time

KubeDawg · 07-10-2009, 05:08 PM

Paranoia makes me scan most of my downloads before I open them.

PartialSchism · 07-10-2009, 06:29 PM

FPSB is kaka. This is why I have never uploaded my files there.

KubeDawg · 07-10-2009, 07:17 PM

Care to share another big download site that is better?

Sh4x · 07-10-2009, 07:39 PM

Your mom's ass. Err sorry that would be upload.

BlackHoleSon · 07-10-2009, 09:56 PM

Try installing Firefox with Noscript.

The site has been growing faster than it should have, having thousands of new images put up on it daily. The place has about 6 servers just for images i believe.

long story short, there was an sql injection of some sort from China. (im not knowledgeable with web development and i don't know exactly what it is, i'm going based on what the site owner said)

If you don't want Firefox with noscript (and you can go to the fpsb page, and block anything ending in .cn) then yeah, stay away - or get something like NOD32.

I myself go there almost daily and don't have problems. One of the site's moderators makes a living by traveling places and working with security solutions for business or whoever. Unfortunately he has been missing for months, and he hasn't been able to help the site's security.

Bridget · 07-11-2009, 12:18 AM

Quote:

Originally Posted by KubeDawg

Paranoia makes me scan most of my downloads before I open them.

That's all good and dandy, but I didn't become infected from a download. I was attacked via my web browser. Either it installed without by choice, or I fell for a fake windows dialog box.

-=bingo-bango=- · 07-11-2009, 01:14 AM

it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell

Pixel · 07-11-2009, 02:02 AM

Quote:

Originally Posted by Bridget

That's all good and dandy, but I didn't become infected from a download. I was attacked via my web browser. Either it installed without by choice, or I fell for a fake windows dialog box.

What browser where you using?

Bridget · 07-11-2009, 02:44 AM

Opera

Pixel · 07-11-2009, 04:12 AM

Wow that was unexpected

Bridget · 07-11-2009, 04:31 AM

My virus scanner and Ad-Aware return that I am free from infection. Ad-Aware did not get rid of a few of the UACD* rootkits, but my virus scanner picked up on them. I tried to delete them through the program, but it failed to do so. I ended up manually deleting the files from my System folder. Now, both of my protection programs tell me that I'm infection free. However, RootRepeal continues to list UACD*.sys as a hidden service.

UACD is supposed to be the information for Account Control. Y'know, that little bastard of a prompt that asks you if you want to do this or that? The prompt that annoys the fuck out of you, by asking permission to run even the most trivial programs? Well, I disabled that when I first installed the OS back in '08, so it's useless to me. Though, I'm stuck now. Is the UACD showing in RootRepeal the real deal, infected, or a clone? Deleting those few UACD files in System has turned Security Alerts from Windows off. Maybe it was legitimate? Goddamn, this is such an annoyance.

In an odd way, when you're infected and get spammed with advertisements, your browsers act in weird ways, and it's only blatantly obvious that you're infected; You're in a good situation. Again, it's obvious you're infected. Here I am, without any sign telling me if I'm infected or not. I guess not. I'll just go about my business. FUCK EVERYTHING.

If all else fails, I'll probably have to buy a new hard drive. Yeah, that bad.
FUCK FPSBanana.

The Drizzle · 07-11-2009, 12:24 PM

Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it.

Paft · 07-11-2009, 05:03 PM

What area of the site did this happen, can you remember?

I am on it now. Whether ABP and PeerG are protecting me, I don't want to test to find out.

Quote:

it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell

All true, especially the last one

; does have some good content though.

EquilibriuM · 07-11-2009, 09:08 PM

That site is shit. Good Day Sir!

Anshinritsumai · 07-11-2009, 09:16 PM

Never had any problems with FPSB, and I just visited the site like 2 days before you posted the OP.

Quote:

Originally Posted by Paft

All true, especially the last one

; does have some good content though.

Oh, and this too.

Bridget · 07-12-2009, 02:37 AM

I, too, have browsed the website with no problems. At first, I was confused as to what website or download I could have recieved such a trojan from. Maybe it was the dozen roms I downloaded? Though, my suspicion that is was FPSBanana is supported, in a way, because:

FPSbanana is always down.
FPSbanana always has fucked up features.
FPSbanana is often labelled as an attack site by Google.
FPSbanana is always 'being attacked', its TF2 server community says.
I got hit when browsing FPSbanana.
FPSbanana is flooded with ads. The adware spewed the same adverts.

Well, now my computer is being bitchy. The Security Services are offline despite being required by MSConfig to operate on startup, AVG Virus' live components are suddenly gone, and Ad-Aware will no longer connect, thus refusing to even run. If I can't rid of this bullshit, I have no choice but to get an eternal and completely wipe this drive.

Gee, what a fucking adventure. FPSB is getting perma-blocked when I get everything reinstalled. What a fucking joke. I wonder how long it will be before my internet connection is disabled by this piece of shit? If I disappear, you know why. Woo.

EDIT: Cleaned some LOLINFECTION ("Ah! Somebody help, I'm infected!") from my registry. Going to bombard everyone here with updates on how annoying the removal of this bullshit has become. Feel my pain. FPSB is not your friend. Lmao

EDIT: Got Ad-Aware and AVG to work. Restarted Security Service from the services menu. Only problem that exists now is that I am unable to create a restore point through system restore. Fuck it. From now on, I'm assuming I'm free from the bullshit. I'll reformat some later time, anyway. Too much shit, too little time.

Ihmhi · 07-12-2009, 10:44 PM

Quote:

Originally Posted by The Drizzle

Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it.

I recommend Kaspersky to all of my customers on account of how awesome it is.

The vulnerability detector is nice. They either:

a) Keep their own stuff up to date without bothering me about it (which sucks for me)

or more likely

b) Call me up and ask me to fix everything. Awesomesauce.

Phatman · 07-12-2009, 11:55 PM

Malware Bytes works really well too. I would suggest unplugging your network cable when you go to pull spyware. They tend to dial home when you run the "uninstaller" and set themselves up to reinstall after being removed and all the likes. Run the removal tools in safemod as well. That will kill off the spyware processes for the most part as well.

07-10-2009, 03:32 PM	#1
Bridget Banned Join Date: Sep 2008 Class/Position: Soldier Gametype: AVD Affiliations: TALOS Posts Rated Helpful 5 Times	Stay away from FPSBanana! I'm going to spare you the long and detailed story of my horrible adventures with Win32.Trojan.TDSS. Instead, I'll offer you a friendly warning. *STAY THE FUCK AWAY FROM FPSBANANA! In theory, it's a wonderful site with tons of great stuff for customizing your gaming experience, but the website itself is just pure shit. This site has been constantly labelled as an attack site by Google, and after my experience, I understand why. I was prompted with a "This file can not be opened. Please select a program to open it with" box, which looked legitimate (arguable). After canceling this window, I was presented with a fake security icon in my systray. After closing the unwanted processes in my Task Manager, I proceeded to download Ad-Aware. It didn't install right away, and after a dozen reboots later and a barrage of advertisements, I got it to work. However, Ad-Aware only did the job of detecting the malicious software running and being present on my machine. It did not remove the Trojan after reboot, as it said it would. So, I had to remove the specific file from its hiding spot in my System's Driver files using RootRepeal. Now, an hour and twenty minutes into the new scan; no infected files. Stay away from FPSB. I'm certain this problem started from browsing that website, and I'm now certain I gave it the lead-way by falling for that faked 'This program can not be opened' bullshit. Just a friendly warning. Don't fall for such bullshit. I'm pretty 'eagle-eye' when it comes to spotting bullshit, but that dialog window convinced me it was my operating system. How odd such an event to happen after hearing James Randi say [para-phrase] "Everyone can be fooled. No one is immune to trickery. We all have the same 'hunk of meat' in our heads – with the same wiring, patterns, and such.* " .. Ha (I'm presuming, of course, that FPSBanana is a "house-hold name" around here.)

07-10-2009, 03:40 PM	#2
Dr.Satan Wiki Team Fortress Forever Staff Join Date: Sep 2007 Location: Greeley, CO Class/Position: Med / Solly Gametype: PAYLOAD Affiliations: DET- Posts Rated Helpful 19 Times	hmm...I appreciate the info, I go to FPSBanana all the time __________________ FF Community Map Pack(s): 1 / 2 (Released) conc_school \| hellion_classic \| ksour_PAYLOAD \| mulch_faf (Beta) alchimy_b1 (Lua) base_payload_2015 (Models) props_trainyard Support FF:

07-10-2009, 05:08 PM	#3
KubeDawg Nade Whore Server Owner Beta Tester Join Date: Sep 2007 Location: Oklahoma Class/Position: Scout/Soldier Gametype: CTF/TDM Affiliations: blunt. Moto Posts Rated Helpful 128 Times	Paranoia makes me scan most of my downloads before I open them. __________________ Moto's Funhouse \| Dallas, TX - 74.91.114.247:27015 ff_plunder - Complete

07-10-2009, 07:17 PM	#5
KubeDawg Nade Whore Server Owner Beta Tester Join Date: Sep 2007 Location: Oklahoma Class/Position: Scout/Soldier Gametype: CTF/TDM Affiliations: blunt. Moto Posts Rated Helpful 128 Times	Care to share another big download site that is better? __________________ Moto's Funhouse \| Dallas, TX - 74.91.114.247:27015 ff_plunder - Complete

07-10-2009, 07:39 PM	#6
Sh4x Retired FF Staff Join Date: Mar 2007 Posts Rated Helpful 0 Times	Your mom's ass. Err sorry that would be upload. Last edited by Sh4x; 07-10-2009 at 07:40 PM.

07-10-2009, 06:29 PM	#4
PartialSchism Keep On Keepin' On Join Date: Feb 2008 Location: Mississippi Class/Position: Offense Gametype: Fun Affiliations: I'm bad at FF, and my customs suck Posts Rated Helpful 0 Times	FPSB is kaka. This is why I have never uploaded my files there.

07-10-2009, 09:56 PM	#7
BlackHoleSon Retired FF Staff Join Date: Jun 2008 Posts Rated Helpful 0 Times	Try installing Firefox with Noscript. The site has been growing faster than it should have, having thousands of new images put up on it daily. The place has about 6 servers just for images i believe. long story short, there was an sql injection of some sort from China. (im not knowledgeable with web development and i don't know exactly what it is, i'm going based on what the site owner said) If you don't want Firefox with noscript (and you can go to the fpsb page, and block anything ending in .cn) then yeah, stay away - or get something like NOD32. I myself go there almost daily and don't have problems. One of the site's moderators makes a living by traveling places and working with security solutions for business or whoever. Unfortunately he has been missing for months, and he hasn't been able to help the site's security. __________________ Learning to make new content for FF users since summer 2008.

07-11-2009, 01:14 AM	#9
-=bingo-bango=- Spirit Studios Join Date: Mar 2007 Class/Position: Soldier Gametype: CTF Affiliations: Blue Team Posts Rated Helpful 0 Times	it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell __________________ Quote: Originally posted by Bridget [>] Who gives a shit? Tired of hearing about this...

07-11-2009, 02:44 AM	#11
Bridget Banned Join Date: Sep 2008 Class/Position: Soldier Gametype: AVD Affiliations: TALOS Posts Rated Helpful 5 Times	Opera

07-11-2009, 04:12 AM	#12
Pixel if(0>1){printf("broked");} Beta Tester Join Date: Mar 2007 Location: Amerika Class/Position: O Posts Rated Helpful 3 Times	Wow that was unexpected

07-11-2009, 04:31 AM	#13
Bridget Banned Join Date: Sep 2008 Class/Position: Soldier Gametype: AVD Affiliations: TALOS Posts Rated Helpful 5 Times	My virus scanner and Ad-Aware return that I am free from infection. Ad-Aware did not get rid of a few of the UACD* rootkits, but my virus scanner picked up on them. I tried to delete them through the program, but it failed to do so. I ended up manually deleting the files from my System folder. Now, both of my protection programs tell me that I'm infection free. However, RootRepeal continues to list UACD*.sys as a hidden service. UACD is supposed to be the information for Account Control. Y'know, that little bastard of a prompt that asks you if you want to do this or that? The prompt that annoys the fuck out of you, by asking permission to run even the most trivial programs? Well, I disabled that when I first installed the OS back in '08, so it's useless to me. Though, I'm stuck now. Is the UACD showing in RootRepeal the real deal, infected, or a clone? Deleting those few UACD files in System has turned Security Alerts from Windows off. Maybe it was legitimate? Goddamn, this is such an annoyance. In an odd way, when you're infected and get spammed with advertisements, your browsers act in weird ways, and it's only blatantly obvious that you're infected; You're in a good situation. Again, it's obvious you're infected. Here I am, without any sign telling me if I'm infected or not. I guess not. I'll just go about my business. FUCK EVERYTHING. If all else fails, I'll probably have to buy a new hard drive. Yeah, that bad. FUCK FPSBanana.

07-11-2009, 12:24 PM	#14
The Drizzle D&A Member Join Date: Jul 2007 Location: michigan Class/Position: Sniper Defense Gametype: AvD Affiliations: [o-t] Posts Rated Helpful 0 Times	Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it. Last edited by The Drizzle; 07-11-2009 at 12:25 PM.

07-11-2009, 09:08 PM	#16
EquilibriuM G9- D&A Member Join Date: Sep 2007 Location: Florida Class/Position: D Solly,Engy Gametype: ALL Posts Rated Helpful 0 Times	That site is shit. Good Day Sir!

07-12-2009, 02:37 AM	#18
Bridget Banned Join Date: Sep 2008 Class/Position: Soldier Gametype: AVD Affiliations: TALOS Posts Rated Helpful 5 Times	I, too, have browsed the website with no problems. At first, I was confused as to what website or download I could have recieved such a trojan from. Maybe it was the dozen roms I downloaded? Though, my suspicion that is was FPSBanana is supported, in a way, because: FPSbanana is always down. FPSbanana always has fucked up features. FPSbanana is often labelled as an attack site by Google. FPSbanana is always 'being attacked', its TF2 server community says. I got hit when browsing FPSbanana. FPSbanana is flooded with ads. The adware spewed the same adverts. Well, now my computer is being bitchy. The Security Services are offline despite being required by MSConfig to operate on startup, AVG Virus' live components are suddenly gone, and Ad-Aware will no longer connect, thus refusing to even run. If I can't rid of this bullshit, I have no choice but to get an eternal and completely wipe this drive. Gee, what a fucking adventure. FPSB is getting perma-blocked when I get everything reinstalled. What a fucking joke. I wonder how long it will be before my internet connection is disabled by this piece of shit? If I disappear, you know why. Woo. EDIT: Cleaned some LOLINFECTION ("Ah! Somebody help, I'm infected!") from my registry. Going to bombard everyone here with updates on how annoying the removal of this bullshit has become. Feel my pain. FPSB is not your friend. Lmao EDIT: Got Ad-Aware and AVG to work. Restarted Security Service from the services menu. Only problem that exists now is that I am unable to create a restore point through system restore. Fuck it. From now on, I'm assuming I'm free from the bullshit. I'll reformat some later time, anyway. Too much shit, too little time. Last edited by Bridget; 07-12-2009 at 03:24 AM.

07-12-2009, 11:55 PM	#20
Phatman n00bsauce Join Date: Jan 2008 Location: Tucson, AZ Class/Position: Soldier/Pyro/ThatOneJerk Gametype: Anything that involves killing Posts Rated Helpful 1 Times	Malware Bytes works really well too. I would suggest unplugging your network cable when you go to pull spyware. They tend to dial home when you run the "uninstaller" and set themselves up to reinstall after being removed and all the likes. Run the removal tools in safemod as well. That will kill off the spyware processes for the most part as well.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)