guru3d infected??

Discussion in 'Frontpage news' started by sputnik, Nov 20, 2004.

Thread Status:
Not open for further replies.
  1. sputnik

    sputnik Member

    Messages:
    30
    Likes Received:
    0
    GPU:
    Saphire 8800gts
    Today when i went to the downloadds section I got the I-worm bofra virus. I ran anti-virus cleaned it up and returned to make sure that it was from this site, and sure enough! Anyone else getting this problem?
     
  2. bbsmitz

    bbsmitz Master Guru

    Messages:
    662
    Likes Received:
    1
    GPU:
    Ati Radeon 9700 Pro
    I'm getting something from the forum ad banners I think. My home page is the forum directory, and whenever I go there, zone alarm gives an allow permission for bla.exe, and then the program shuts down.

    Edit: I only get it when I visit this site, but its too early to be jumping the gun, does anyone else have this problem?
     
    Last edited: Nov 20, 2004
  3. TheGr81

    TheGr81 Master Guru

    Messages:
    979
    Likes Received:
    0
    GPU:
    Saphire Radeon HD 7870 OC
    I am using Computer Associates' EZ Armor Firewall which must be in same way associated with ZoneAlarm because they have the exact same interface and I have never had a warning pop up when visiting this site.
     
  4. phaT-X

    phaT-X Member Guru

    Messages:
    179
    Likes Received:
    0
    GPU:
    Geforce GTX 570 x2
    I can't even g3t the "HomePage" on guru3D to appear.. I can access all other pages (e.g: main download section).. but when I click "Home" on their website, the page displays all "black" .. wtf?

    :(
     

  5. PhearFactor

    PhearFactor Guest

    Hold CTRL and push the Refresh button on the toolbar. Might work.
     
  6. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    36,294
    Likes Received:
    5,336
    GPU:
    AMD | NVIDIA
    When you get that virus alert can you quickly make a screenshot of the actual page you are on please. I need to track down where that bug is coming from.
     
  7. crabseed

    crabseed Member

    Messages:
    16
    Likes Received:
    0
    GPU:
    ASUS 660ti OC 3GB
    Confirmed. It happens everytime when I browse this forum then it shuts ie down. It also creates a file called bla.exe(trojan-downloader) in the root directory, as well as a random-named file(backdoor) in the system32 folder.
    [​IMG]
     
    Last edited: Nov 20, 2004
  8. Martys Web

    Martys Web Don Santino Corleone

    Messages:
    7,443
    Likes Received:
    1
    GPU:
    XFX 7600gt
    Sounds like the same thing that happened awile back. Damn hackers hacking the Adservers with a trojan-downloader to infect people with spyware.
     
  9. OwenLotts

    OwenLotts Guest

    Have you tried doing a full scan of your system?

    NAV 2005 detects nothing....
     
  10. InFiD3L

    InFiD3L Maha Guru

    Messages:
    1,141
    Likes Received:
    0
    GPU:
    x1950 Pro

  11. sputnik

    sputnik Member

    Messages:
    30
    Likes Received:
    0
    GPU:
    Saphire 8800gts
    It's not happening anymore, though with the advice of others I've changed to Firefox. However I'll check it out again occasioanlly and get a screenshot if I can.

    thanks
     
  12. Milquetoast

    Milquetoast Member

    Messages:
    11
    Likes Received:
    0
    GPU:
    PNY 6800GT
    ACK!

    LOL.. Guru3d gave me my first virus in years..

    I was playing with tweaks trying to fix HL2 issues, and the last thing I did before I went to bed was turn off McAfee Virus Shield.. (Still set to run daily scans, though)..

    So this morning I'm doing my morning browse and IE keeps closing when I click to the Guru forums..

    Didn't think anything of it til I read this..

    Ran home at lunch time and lo and behold.. I've got a computer full of trojans..

    McAfee back on.. Scanned and cleaned..

    But anyone know how much damage this thing can do? I don't think I have any valuable passwords on the machine to steal.. But if I do.. Have I just given them all away?

    Milque
     
  13. Hiro1000

    Hiro1000 Ancient Guru

    Messages:
    2,603
    Likes Received:
    3
    GPU:
    GTX 670
    2 things, Use firefox. getfirefox.com

    2nd never turn off macafee, even then McAfee sucks, use something better like AVG.

    and if anyone wanted passwords, they would have gotten them, so yes you just gave them all away, it was the stupidest thing you could ever do, is to turn off virus protection. Why in the world, for the love of god, why?????
     
  14. Milquetoast

    Milquetoast Member

    Messages:
    11
    Likes Received:
    0
    GPU:
    PNY 6800GT
    No need to get snippy..

    If you're familiar with the HL2 debacle going on, there's an issue with the loading of sounds, textures, or both.. So what you end up with is a game that plays smooth as glass until you turn a corner or load a section at which point it freezes for a second and the sound skips.. It's really obnoxious..

    So I was playing around with ways to improve disk access.. After defragging and all the other basic ideas, I decided to try turning off the virusshield (which does slow down disk access) and try the game..

    It didn't solve the problem, but I forgot to turn virusshield back on before bed.. Rest is history..

    Anyway, it's cleaned now.. And since I recently reinstalled the system, the only password I could have jeapordized was my Steam account itself.. I've changed that, and the sky hasn't fallen..

    Now back to the trojan itself.. Is this thing new.. I don't think I've seen a virus attack through ad banners before.. That's potentially pretty nasty..

    Milque
     
  15. OwenLotts

    OwenLotts Guest

    "I don't think I've seen a virus attack through ad banners before.. That's potentially pretty nasty.."

    It's happened....

    See The Register Story

    http://www.theregister.co.uk/2004/11/21/register_adserver_attack/

    Quote

    Early on Saturday morning some banner advertising served for The Register by third party ad serving company Falk AG became infected with the Bofra/IFrame exploit. The Register suspended ad serving by this company on discovery of the problem.

    Bofra/IFrame is a currently unpatched exploit which affects Internet Explorer 6.0 on all Windows platforms bar Windows XP SP2. If you may have visited The Register between 6am and 12.30pm GMT on Saturday, Nov 20 using any Windows platform bar XP SP2 we strongly advise you to check your machine with up to date anti-virus software, to install SP2 if you are running Windows XP, and to strongly consider running an alternative browser, at least until Microsoft deals with the issue.
     

  16. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    36,294
    Likes Received:
    5,336
    GPU:
    AMD | NVIDIA
    Yes, we are slowly getting story together. A lot of websites where hit and Falk AG is indeed one of our ad solutions.

    I'm awaiting confirmation on the entire story by the ad provider on Monday.
     
  17. Finchwizard

    Finchwizard Don Apple

    Messages:
    16,442
    Likes Received:
    6
    GPU:
    -
  18. dfwny

    dfwny Ancient Guru

    Messages:
    3,055
    Likes Received:
    1
    GPU:
    EVGA GTX280 SSC Ed. 1GB
  19. Jhetski

    Jhetski The Lonely Guru

    Messages:
    2,635
    Likes Received:
    0
    GPU:
    Palit 7300GT DDR 550/1500 ^_^
    what i always do is check the msconfig and then @ the startup tab, search if any uncommon program running with the startup. if u see something, delete it immediately.
     
  20. trippleottt

    trippleottt Guest

Thread Status:
Not open for further replies.

Share This Page