Fortress Forever

Go Back   Fortress Forever > Off Topic > Tech

Reply
 
Thread Tools Display Modes
Old 07-10-2009, 02:32 PM   #1
Bridget
Banned
 
Bridget's Avatar
 
Join Date: Sep 2008
Class/Position: Soldier
Gametype: AVD
Affiliations: TALOS
Posts Rated Helpful 5 Times
Stay away from FPSBanana!

I'm going to spare you the long and detailed story of my horrible adventures with Win32.Trojan.TDSS. Instead, I'll offer you a friendly warning. STAY THE FUCK AWAY FROM FPSBANANA! In theory, it's a wonderful site with tons of great stuff for customizing your gaming experience, but the website itself is just pure shit. This site has been constantly labelled as an attack site by Google, and after my experience, I understand why.

I was prompted with a "This file can not be opened. Please select a program to open it with" box, which looked legitimate (arguable). After canceling this window, I was presented with a fake security icon in my systray. After closing the unwanted processes in my Task Manager, I proceeded to download Ad-Aware. It didn't install right away, and after a dozen reboots later and a barrage of advertisements, I got it to work. However, Ad-Aware only did the job of detecting the malicious software running and being present on my machine. It did not remove the Trojan after reboot, as it said it would. So, I had to remove the specific file from its hiding spot in my System's Driver files using RootRepeal. Now, an hour and twenty minutes into the new scan; no infected files.

Stay away from FPSB. I'm certain this problem started from browsing that website, and I'm now certain I gave it the lead-way by falling for that faked 'This program can not be opened' bullshit. Just a friendly warning. Don't fall for such bullshit. I'm pretty 'eagle-eye' when it comes to spotting bullshit, but that dialog window convinced me it was my operating system.

How odd such an event to happen after hearing James Randi say [para-phrase] "Everyone can be fooled. No one is immune to trickery. We all have the same 'hunk of meat' in our heads with the same wiring, patterns, and such. " .. Ha

(I'm presuming, of course, that FPSBanana is a "house-hold name" around here.)
Bridget is offline   Reply With Quote


Old 07-10-2009, 02:40 PM   #2
Dr.Satan
Wiki Team
Fortress Forever Staff
 
Dr.Satan's Avatar
 
Join Date: Sep 2007
Location: Greeley, CO
Class/Position: Med / Solly
Gametype: PAYLOAD
Affiliations: DET-
Posts Rated Helpful 19 Times
hmm...I appreciate the info, I go to FPSBanana all the time
__________________
(Released) conc_school | hellion_classic | ksour_PAYLOAD | mulch_faf
(Beta) alchimy_b1
(Lua) base_payload_2015
(Models) props_trainyard
Support FF:
Dr.Satan is offline   Reply With Quote


Old 07-10-2009, 04:08 PM   #3
KubeDawg
Nade Whore
Server Owner
Beta Tester
 
KubeDawg's Avatar
 
Join Date: Sep 2007
Location: Oklahoma
Class/Position: Scout/Soldier
Gametype: CTF/TDM
Affiliations: blunt. Moto
Posts Rated Helpful 128 Times
Paranoia makes me scan most of my downloads before I open them.
__________________
Moto's Funhouse | Dallas, TX - 74.91.114.247:27015

ff_plunder - Complete
KubeDawg is offline   Reply With Quote


Old 07-10-2009, 05:29 PM   #4
PartialSchism
Keep On Keepin' On
 
PartialSchism's Avatar
 
Join Date: Feb 2008
Location: Mississippi
Class/Position: Offense
Gametype: Fun
Affiliations: I'm bad at FF, and my customs suck
Posts Rated Helpful 0 Times
Send a message via AIM to PartialSchism
FPSB is kaka. This is why I have never uploaded my files there.
PartialSchism is offline   Reply With Quote


Old 07-10-2009, 06:17 PM   #5
KubeDawg
Nade Whore
Server Owner
Beta Tester
 
KubeDawg's Avatar
 
Join Date: Sep 2007
Location: Oklahoma
Class/Position: Scout/Soldier
Gametype: CTF/TDM
Affiliations: blunt. Moto
Posts Rated Helpful 128 Times
Care to share another big download site that is better?
__________________
Moto's Funhouse | Dallas, TX - 74.91.114.247:27015

ff_plunder - Complete
KubeDawg is offline   Reply With Quote


Old 07-10-2009, 06:39 PM   #6
Sh4x
Retired FF Staff
 
Join Date: Mar 2007
Posts Rated Helpful 0 Times
Your mom's ass. Err sorry that would be upload.

Last edited by Sh4x; 07-10-2009 at 06:40 PM.
Sh4x is offline   Reply With Quote


Old 07-10-2009, 08:56 PM   #7
BlackHoleSon
Retired FF Staff
 
BlackHoleSon's Avatar
 
Join Date: Jun 2008
Posts Rated Helpful 0 Times
Try installing Firefox with Noscript.

The site has been growing faster than it should have, having thousands of new images put up on it daily. The place has about 6 servers just for images i believe.

long story short, there was an sql injection of some sort from China. (im not knowledgeable with web development and i don't know exactly what it is, i'm going based on what the site owner said)

If you don't want Firefox with noscript (and you can go to the fpsb page, and block anything ending in .cn) then yeah, stay away - or get something like NOD32.

I myself go there almost daily and don't have problems. One of the site's moderators makes a living by traveling places and working with security solutions for business or whoever. Unfortunately he has been missing for months, and he hasn't been able to help the site's security.
__________________
Learning to make new content for FF users since summer 2008.
BlackHoleSon is offline   Reply With Quote


Old 07-10-2009, 11:18 PM   #8
Bridget
Banned
 
Bridget's Avatar
 
Join Date: Sep 2008
Class/Position: Soldier
Gametype: AVD
Affiliations: TALOS
Posts Rated Helpful 5 Times
Quote:
Originally Posted by KubeDawg View Post
Paranoia makes me scan most of my downloads before I open them.
That's all good and dandy, but I didn't become infected from a download. I was attacked via my web browser. Either it installed without by choice, or I fell for a fake windows dialog box.
Bridget is offline   Reply With Quote


Old 07-11-2009, 12:14 AM   #9
-=bingo-bango=-
Spirit Studios
 
-=bingo-bango=-'s Avatar
 
Join Date: Mar 2007
Class/Position: Soldier
Gametype: CTF
Affiliations: Blue Team
Posts Rated Helpful 0 Times
Send a message via AIM to -=bingo-bango=- Send a message via MSN to -=bingo-bango=-
it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell
__________________
Quote:
Originally posted by Bridget [>]
Who gives a shit? Tired of hearing about this...
-=bingo-bango=- is offline   Reply With Quote


Old 07-11-2009, 01:02 AM   #10
Pixel
if(0>1){printf("broked");}
Beta Tester
 
Pixel's Avatar
 
Join Date: Mar 2007
Location: Amerika
Class/Position: O
Posts Rated Helpful 3 Times
Quote:
Originally Posted by Bridget View Post
That's all good and dandy, but I didn't become infected from a download. I was attacked via my web browser. Either it installed without by choice, or I fell for a fake windows dialog box.
What browser where you using?
Pixel is offline   Reply With Quote


Old 07-11-2009, 01:44 AM   #11
Bridget
Banned
 
Bridget's Avatar
 
Join Date: Sep 2008
Class/Position: Soldier
Gametype: AVD
Affiliations: TALOS
Posts Rated Helpful 5 Times
Opera
Bridget is offline   Reply With Quote


Old 07-11-2009, 03:12 AM   #12
Pixel
if(0>1){printf("broked");}
Beta Tester
 
Pixel's Avatar
 
Join Date: Mar 2007
Location: Amerika
Class/Position: O
Posts Rated Helpful 3 Times
Wow that was unexpected
Pixel is offline   Reply With Quote


Old 07-11-2009, 03:31 AM   #13
Bridget
Banned
 
Bridget's Avatar
 
Join Date: Sep 2008
Class/Position: Soldier
Gametype: AVD
Affiliations: TALOS
Posts Rated Helpful 5 Times
My virus scanner and Ad-Aware return that I am free from infection. Ad-Aware did not get rid of a few of the UACD* rootkits, but my virus scanner picked up on them. I tried to delete them through the program, but it failed to do so. I ended up manually deleting the files from my System folder. Now, both of my protection programs tell me that I'm infection free. However, RootRepeal continues to list UACD*.sys as a hidden service.

UACD is supposed to be the information for Account Control. Y'know, that little bastard of a prompt that asks you if you want to do this or that? The prompt that annoys the fuck out of you, by asking permission to run even the most trivial programs? Well, I disabled that when I first installed the OS back in '08, so it's useless to me. Though, I'm stuck now. Is the UACD showing in RootRepeal the real deal, infected, or a clone? Deleting those few UACD files in System has turned Security Alerts from Windows off. Maybe it was legitimate? Goddamn, this is such an annoyance.

In an odd way, when you're infected and get spammed with advertisements, your browsers act in weird ways, and it's only blatantly obvious that you're infected; You're in a good situation. Again, it's obvious you're infected. Here I am, without any sign telling me if I'm infected or not. I guess not. I'll just go about my business. FUCK EVERYTHING.

If all else fails, I'll probably have to buy a new hard drive. Yeah, that bad.
FUCK FPSBanana.
Bridget is offline   Reply With Quote


Old 07-11-2009, 11:24 AM   #14
The Drizzle
D&A Member
 
The Drizzle's Avatar
 
Join Date: Jul 2007
Location: michigan
Class/Position: Sniper Defense
Gametype: AvD
Affiliations: [o-t]
Posts Rated Helpful 0 Times
Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it.

Last edited by The Drizzle; 07-11-2009 at 11:25 AM.
The Drizzle is offline   Reply With Quote


Old 07-11-2009, 04:03 PM   #15
Paft
Beta Tester
 
Paft's Avatar
 
Join Date: Mar 2007
Location: UK - http://forums.fortress-forever.com
Class/Position: [O] Med
Gametype: CTF/Skills
Posts Rated Helpful 67 Times
What area of the site did this happen, can you remember?

I am on it now. Whether ABP and PeerG are protecting me, I don't want to test to find out.

Quote:
it is quite crappy. The site is shit, the management is ass, and the users are dumb as hell
All true, especially the last one ; does have some good content though.
Paft is offline   Reply With Quote


Old 07-11-2009, 08:08 PM   #16
EquilibriuM
G9-
D&A Member
 
EquilibriuM's Avatar
 
Join Date: Sep 2007
Location: Florida
Class/Position: D Solly,Engy
Gametype: ALL
Posts Rated Helpful 0 Times
That site is shit. Good Day Sir!
EquilibriuM is offline   Reply With Quote


Old 07-11-2009, 08:16 PM   #17
Anshinritsumai
_o
 
Anshinritsumai's Avatar
 
Join Date: Mar 2007
Location: 127.0.0.1
Class/Position: Medic & Engy
Gametype: AvD
Affiliations: DM, OC, -[CfH]-
Posts Rated Helpful 0 Times
Never had any problems with FPSB, and I just visited the site like 2 days before you posted the OP.

Quote:
Originally Posted by Paft View Post
All true, especially the last one ; does have some good content though.
Oh, and this too.
__________________

Last edited by Anshinritsumai; 07-11-2009 at 08:17 PM.
Anshinritsumai is offline   Reply With Quote


Old 07-12-2009, 01:37 AM   #18
Bridget
Banned
 
Bridget's Avatar
 
Join Date: Sep 2008
Class/Position: Soldier
Gametype: AVD
Affiliations: TALOS
Posts Rated Helpful 5 Times
I, too, have browsed the website with no problems. At first, I was confused as to what website or download I could have recieved such a trojan from. Maybe it was the dozen roms I downloaded? Though, my suspicion that is was FPSBanana is supported, in a way, because:
  1. FPSbanana is always down.
  2. FPSbanana always has fucked up features.
  3. FPSbanana is often labelled as an attack site by Google.
  4. FPSbanana is always 'being attacked', its TF2 server community says.
  5. I got hit when browsing FPSbanana.
  6. FPSbanana is flooded with ads. The adware spewed the same adverts.

Well, now my computer is being bitchy. The Security Services are offline despite being required by MSConfig to operate on startup, AVG Virus' live components are suddenly gone, and Ad-Aware will no longer connect, thus refusing to even run. If I can't rid of this bullshit, I have no choice but to get an eternal and completely wipe this drive.

Gee, what a fucking adventure. FPSB is getting perma-blocked when I get everything reinstalled. What a fucking joke. I wonder how long it will be before my internet connection is disabled by this piece of shit? If I disappear, you know why. Woo.

EDIT: Cleaned some LOLINFECTION ("Ah! Somebody help, I'm infected!") from my registry. Going to bombard everyone here with updates on how annoying the removal of this bullshit has become. Feel my pain. FPSB is not your friend. Lmao

EDIT: Got Ad-Aware and AVG to work. Restarted Security Service from the services menu. Only problem that exists now is that I am unable to create a restore point through system restore. Fuck it. From now on, I'm assuming I'm free from the bullshit. I'll reformat some later time, anyway. Too much shit, too little time.

Last edited by Bridget; 07-12-2009 at 02:24 AM.
Bridget is offline   Reply With Quote


Old 07-12-2009, 09:44 PM   #19
Ihmhi
[AE] 0112 Ihmhi *SJB
Wiki Team
Fortress Forever Staff
 
Ihmhi's Avatar
 
Join Date: Mar 2007
Location: Newark, NJ, United States
Class/Position: A little bit o' everythin'
Gametype: Also a little bit o' everythin'
Affiliations: [AE] Asseater, *SJB Straight Jacket Brigade
Posts Rated Helpful 3 Times
Send a message via AIM to Ihmhi Send a message via MSN to Ihmhi Send a message via Yahoo to Ihmhi
Quote:
Originally Posted by The Drizzle View Post
Im running Kaspersky internet security and it has blocked trojans on that site for me. Im pretty sure its in some of the banner ads that they have up. I hate going to that site, but theres not many ways around it.
I recommend Kaspersky to all of my customers on account of how awesome it is.

The vulnerability detector is nice. They either:

a) Keep their own stuff up to date without bothering me about it (which sucks for me)

or more likely

b) Call me up and ask me to fix everything. Awesomesauce.
__________________
Support FF:
Anime: The Thread: Reloaded
The one and only anime thread on these here forums.

Select the pistol, and then, select your horse.
Ihmhi is offline   Reply With Quote


Old 07-12-2009, 10:55 PM   #20
Phatman
n00bsauce
 
Join Date: Jan 2008
Location: Tucson, AZ
Class/Position: Soldier/Pyro/ThatOneJerk
Gametype: Anything that involves killing
Posts Rated Helpful 1 Times
Send a message via AIM to Phatman Send a message via MSN to Phatman
Malware Bytes works really well too. I would suggest unplugging your network cable when you go to pull spyware. They tend to dial home when you run the "uninstaller" and set themselves up to reinstall after being removed and all the likes. Run the removal tools in safemod as well. That will kill off the spyware processes for the most part as well.
Phatman is offline   Reply With Quote


Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:21 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.