NS virus warning!
DemonLordEnigma
23-01-2005, 18:30
This morning, when I came out, I had my antivirus programs with NS up and a flashing box saying NS is infected with a trojan.
As such, after my posts this morning, I will probably only come in through Jolt until I am sure that NS is safe. If Jolt itself is infected, that's going to be a problem.
Texan Hotrodders
23-01-2005, 18:37
Uh...oh. :( :eek:
Fortunately the computers I use have decent security. And they automatically delete downloaded or otherwise acquired files at shutdown.
HC Eredivisie
23-01-2005, 18:51
any idea on what the trojan does?
SalusaSecondus
23-01-2005, 18:55
This morning, when I came out, I had my antivirus programs with NS up and a flashing box saying NS is infected with a trojan.
As such, after my posts this morning, I will probably only come in through Jolt until I am sure that NS is safe. If Jolt itself is infected, that's going to be a problem.
You're going to have to provide more detail than that especially as the likelyhood that NS is infected with anything is extremely small.
Andmerica
23-01-2005, 19:03
a trojan is a sort of "ad-ware" that will sit silently and record everything you do, all information stored of use, and many other things
that is one reason you should never ever use the aol wallet and its equivalents, and don't allow anything to store credit card information in a cookie, as those are accessible too. They are a very bad thing
and then they send the info back after they're done
United Cultures
23-01-2005, 19:07
I KNEW it! NS should really be searched, because I got a Trojan a few weeks ago.
Antogonist
23-01-2005, 19:10
Yeh, latley my computer has been really screwed up, and all I've done is gone on NS.
Varonnia
23-01-2005, 19:11
I somehow doubt that NS has a virus. You were probably just hacked by a random hacker. Happens to me all the time, usually with trojans of various types.
If you get hacked again, see if you can look at the IP, and the soucre, then verify if it did come from NS. If so, either NS is infected (doubt it), or someone is piggybacking a signal through the NS feed.
Yeah! My computer recently slowed down because of NS! I have also installed like 20 games, but no, its cause NS gave me a trojan!
AND I HAVE ACNE! Thanks NS, maybe if you checked for Virus's I wouldn't have Acne AND Terminal Cancer.
Sanctaphrax
23-01-2005, 19:31
My computer also has some 30 different versions of Trojan Horse virus. I didn't know where it was coming from, and I refused to believe it was from NS. Now though, it seems I must change my mind.
DemonLordEnigma
23-01-2005, 20:02
Well, I just deleted three viruses from my computer, all trojans.
They are variants of the same thing, starting with the word "Downloader" followed by other text after a dot, usually "Small" or something like it.
If there is another, I'll know in a few minutes.
Edit: Just confirmed it.
The Trojan is Downloader.Small.15.AS
It sometimes varies from that. How do I know I got it from NS? Only been to9 Yahoo, NS, and Jolt. Yahoo has been eliminated and if Jolt is infected then likely all of its hosted sites are as well.
SalusaSecondus
23-01-2005, 20:45
Andmerica, we know what trojans are, therefore your input is unnecessary.
Artitsa, your input is likewise unnecessary.
DLE, yes please, tell us more when you learn it including:
Why you think it's from NS
What page you found it on
HC Eredivisie
23-01-2005, 20:55
Andmerica, we know what trojans are, therefore your input is unnecessary.
Andmerica only answered my question.
DemonLordEnigma
23-01-2005, 21:02
The reason I think it's NS is because the virus scan (Norton, in my case) directly indicated it was when I got up. Norton hasn't done that in the entire history of me having the program without the site actually having a virus on it. Sadly, I had to use AVG to remove the virus.
I checked, just in case, after I logged on to Yahoo this morning. No viruses found by Norton or AVG. After I came to NS, Norton popped up with warnings the computer was infected about 400 times until I finally was forced to use AVG to find it. Unfortunately, I came to NS and Jolt at the same time after the virus scan.
I'm going to run another one in ten minutes, but so far it's looking like the forums may be safe, meaning Jolt itself isn't infected. That means it's likely the NS mainpage.
The Mindset
23-01-2005, 21:29
I think it's more likely that your browser has been hijacked by adware, which is then downloading trojans when you open your browser. It's highly unlikely that NS itself has a trojan. What browser are you using?
Downloader.Small.15.AS is adware, specifically, CoolWebSearch. Commonly caught from activex popups on warez/porn sites. Most virus checkers simply won't remove it. Try Spybot. (http://www.safer-networking.org/en/index.html)
DemonLordEnigma
23-01-2005, 21:52
I'm still getting the virus, and I'm on the forums. Likely, it's Jolt.
I think it's more likely that your browser has been hijacked by adware, which is then downloading trojans when you open your browser. It's highly unlikely that NS itself has a trojan. What browser are you using?
Downloader.Small.15.AS is adware, specifically, CoolWebSearch. Commonly caught from activex popups on warez/porn sites. Most virus checkers simply won't remove it. Try Spybot. (http://www.safer-networking.org/en/index.html)
That's one of the first things I did. That's the DSO Exploit that pops up, and I've dealt with it many times before. Part of dealing with work.
I'm using IE, and removing the exploit usually is enough. But in this case I'm getting the virus, and variations, popping up while I'm on this site even with the exploit removed.
Nihilistic Beginners
23-01-2005, 22:19
DLE before you logged into Jolt or NS did you update your anti-virus software?
DemonLordEnigma
23-01-2005, 22:44
DLE before you logged into Jolt or NS did you update your anti-virus software?
Between the time I posted the topic start and my posts after that, I have upgraded my virus software, run about 9 virus scans using two virus scanners, run Spybot twice, and am in the process of running another virus scan as a test.
Bitchkitten
23-01-2005, 23:08
I was just in my nation, then suddenly couldn't get in, said it couldn't find server. Now can't get into NS. Guess I'll run scans now.
SalusaSecondus
23-01-2005, 23:10
I've looked through the pages and I don't see anything suggesting that this site is infected. So I'm going to have to wait on more information from you.
Zoidburg XIX
24-01-2005, 00:29
I have dealt with said Trojan before on both my roommate and girlfriend's computers.
As my roommate does not get on either Jolt or NS, I can safely assume that it is not exclusive to NS if that is indeed where the trojan has come from.
Secondly, the Trojan is question is without a doubt, a total bitch to eliminate. It will hide in your computer so deep that actual drilling in safemode is often required. Run a search on the Trojan in Google and you'll come up with sites that will walk you through removal.
Further, I do not believe NS to be infected as I sign on almost every day, and have no hint of a problem, and believe me, if I did, the campus network would reject me as they did to my roommate. This Trojan is sneaky, but not enough to pass through Ad-Aware, Spybot, AVG, Norton, McAfee, and my campus Unix server.
Jjuulliiaann
24-01-2005, 01:07
What is safemode?
I'm not a PC user.
No trojans here after multiple scans. Yahoo and NS are all I sign on to with this computer.
Nihilistic Beginners
24-01-2005, 01:58
No trojans here after multiple scans. Yahoo and NS are all I sign on to with this computer.
When is the last time you updated your anti-virus software?
The Plutonian Empire
24-01-2005, 06:03
The reason I think it's NS is because the virus scan (Norton, in my case) directly indicated it was when I got up. Norton hasn't done that in the entire history of me having the program without the site actually having a virus on it. Sadly, I had to use AVG to remove the virus.
I checked, just in case, after I logged on to Yahoo this morning. No viruses found by Norton or AVG. After I came to NS, Norton popped up with warnings the computer was infected about 400 times until I finally was forced to use AVG to find it. Unfortunately, I came to NS and Jolt at the same time after the virus scan.
I'm going to run another one in ten minutes, but so far it's looking like the forums may be safe, meaning Jolt itself isn't infected. That means it's likely the NS mainpage.
What's AVG?
Flibbleites
24-01-2005, 07:14
What's AVG?
It's a free anti-virus software program. It can be found at www.grisoft.com
When is the last time you updated your anti-virus software?
Today, again.
Flibbleites
24-01-2005, 07:25
You might want to try using the program CWShredder to remove the trojan form your system. It can be found at http://www.intermute.com/spysubtract/cwshredder_download.html.
GMC Military Arms
24-01-2005, 08:28
Stop using internet exploder and use Firefox instead.
The Plutonian Empire
24-01-2005, 09:01
What's so special about Firefox anyhow?
GMC Military Arms
24-01-2005, 09:46
Principle of supply and demand:
Most people still have Internet Explorer, far fewer have Firefox. As a hacker, you want to affect as many users as possible, so you'll naturally target IE over Firefox because you have a higher number of potential targets. Hence, part of the reason Firefox is 'secure' is simply because people aren't trying to hack it.
Secondly, a lot of existing nastiness doesn't work with it, and it is more secure.
[One might also argue that Firefox users are more security-concious on the basis they deemed it necessary to replace their existing browser [and so are more likely to have other software for handling internet Nastyshit like Spybot S&D, Adaware, and so on], but that's not necessarily true]
Der Lieben
24-01-2005, 10:01
One word: NOD32. You can get a trial at eset.com Its the most effective anti-v I've ever used, and moreover it is not bloatware like the newer versions of Norton(takes about half the resources that norton does.) The last time I used Norton it errored on me and told me to do a reinstall. I tried to remove it and the uninstall FAILED. Yes, I said failed. 3 times it failed, before it finally managed to remove itself. NOD32 is just so much more reliable, faster, and easier to use. It also doesn't bug you constantly about updating (I guess this could be bad if you're forgetful, but for me it's a plus.)
Didn't Jolt have a virus warning a littlw while back?
Right thinking whites
24-01-2005, 10:49
Didn't Jolt have a virus warning a littlw while back?
that was from people using a fake @jolt.co.uk email account to send some link to you
Henrytopia
24-01-2005, 17:32
Intersting.. I use NS at work and at home and I have never had a trojan warning. It would be most evident at work where we have the super firewall and antivirus. I would know in an instant if there were any intrusion attempts only becuase they have everything at work set to ridiculous mode. At home I use a combination of Symantec and other tools to make sure I don't get whacked by spyware and pop-ups, living behind a couple of firewalls helps too I guess.
FutureEngland
24-01-2005, 22:36
i shall now point out why is isn't NS or Jolt that is infected and it is because you've gone on a site thats not NS or Jolt and its downloaded an activex onto your pc and downloaded the trojan.
with the amount of people that use jolt and NS i would be pretty certain they'd have the common sense to be hind a hardware and software firewall industry standard antivirus and antispyware/ad-ware so tis ging to be pretty hard for a hacker or someone to break in and piggyback the server and packets.
most likely is a script or activex has hi-jacked your internet browser and downloads the trojan if it doesn't detect it on your pc and i suggest geting microsoft's new anti-spyware tool its in beta but is stable and amazing better than spybot and ad-aware which i used to use both of them and i suggest updating your anti-virus continually and also to cut a long story short get rid and dont use norton its the worst there is (no offence sysmantec) use avg or something like that
The Plutonian Empire
24-01-2005, 22:39
Why is norton the worst?
Neo-Anarchists
25-01-2005, 07:44
Hmm.
I have loads of viruses and adware, but I don't have this one DLE is speaking of, and I've accessed NS both with Firefox and IE within the past weeks. I don't have a working firewall or anything to stop infection at the moment, either.
[violet]
25-01-2005, 11:06
I can guarantee you that the NationStates game isn't giving you a virus. I can't guarantee the forums, because I don't have total access to Jolt's servers, but if they were spreading a virus it would shock the hell out of me.
There are only two ways to get a virus: (a) You install/run a program (like an email attachment) and it does things to your computer that you don't expect, or (b) There is a security hole in your browser/viewer/email/whatever program, and just using it normally to view a (for example) web site will allow that site to run a nasty program.
You never have to download or run anything as part of NationStates, and we don't send you e-mails with attachments, so that rules out (a). As for (b), you don't need to take my word for it that NS isn't nasty; just make sure your browser is up to date.
(Blatant personal opinion: Mozilla Firefox (http://www.mozilla.org/products/firefox/) is cooler, more powerful, more secure, and more customizable than Windows Internet Explorer. Make the switch.)
Once your PC is infected with malware, it can be very difficult to permanently erase. Some of it "filters" the web sites you view, inserting ads in it or redirecting your clicks. So it can look like an innocent web site is being naughty when in fact it's your compromised browser.
Sanctaphrax
25-01-2005, 11:17
I don't go on any websites at all excepting NS and Invisionfree forums.
As with regards to various comments made.
AVG is rubbish. The free version at least. It tells me I have 70 viruses then tells me it can only clean 3 of them. :rolleyes:
The Microsoft Spyware is brilliant for removing spyware, unfortunately it isn't great at removing Trojan. I have 30 odd, and it removed one.
The Mindset
25-01-2005, 14:34
Those with viruses who cannot seem to remove them probably suffer from the files in question being "locked", that is, the operating system is setting those files to read-only so they cannot be deleted while in use. Therefore, it's best to a. close all programs before running a scan, and b. run the scan in safe mode (press F8 as Windows boots up, then select safemode).
You could also try the online scanner at http://housecall.trendmicro.com/ - it's pretty good, and up to date.
The Hitler Jugend
25-01-2005, 14:46
A) NS does NOT have any viruses, and even if their server did, they wouldnt be passed on to you
B) Do NOT use Internet Explorer (IE), use Mozilla Firefox (http://www.mozilla.org/products/firefox/)
C) Do NOT use Microsoft Outlook, use Mozilla Thunderbird (http://www.mozilla.org/products/thunderbird/)
Once you switch to Mozilla, you'll be free of viruses, trojans, macros, and pop-ups. You'll be a lot happier too.
P.S. A free kickass Virus Scanner program is HERE (http://www.free-av.com/). It works a lot better than Norton, and it uses less system resources.
Henrytopia
25-01-2005, 15:13
One word: NOD32. You can get a trial at eset.com
Thank you.. will add that to my list of A/V software to test. I have a firewall box that I could run it on and see how it does. I know it seems like overkill to have a box just to serve as a firewall but I like living behind my security blanket. :) This is the actual link (http://www.nod32.com/home/home.htm) to the nod32..
Jeruselem
25-01-2005, 15:39
I've been here for 2 years and NS has NEVER installed any spyware or put viruses on any of my PCs (except the cookie for jolt). Other sites have really weird pop-ups or misleading flash ads which install spyware but for me, not NS.
Spyware installs other associated spyware so you have a never-ending cycle of infection unless you clean the lot out.
Ironlock
25-01-2005, 15:54
The amount of computer security ignorance in this thread is amazing. Neither NS or jolt have viruses, you cannot get a virus just by browsing a website. You would have to download something. Get a better browser than IE, or if you can't manage that, switch off MS ActiveX controls.
Petsburg
25-01-2005, 16:10
NS is run through a UNIX apache server, so I doubt the trojan would have come from NS. It's much more likely to be a random attack from someone else.
FutureEngland
25-01-2005, 17:56
the reason nortons the worst is because i switch to avg and the same with the rest of my family and we found 10 viruses on my pc that norton didn't find