Larian Banner: Baldur's Gate Patch 9
Previous Thread
Next Thread
Print Thread
#455149 10/05/12 06:38 PM
Joined: Dec 2009
M
addict
OP Offline
addict
M
Joined: Dec 2009
I use AVG Free edition, and since yesterday, everytime I open a window, I get a pop-up as he blocked a threat.

http://img856.imageshack.us/img856/3894/larian.jpg

Got a security problem ? smile

Joined: Mar 2003
Location: Canada
Support
Offline
Support
Joined: Mar 2003
Location: Canada

Just this forum?

Raze #455151 10/05/12 08:48 PM
Joined: Apr 2011
enthusiast
Offline
enthusiast
Joined: Apr 2011
Looks like you have a spyware infection which are typically not detected by antivirus programs as they are legitimate programs but are just a nuicance. They are typically installed when installing 'free' software from websites and most just track your surfing habits so they can display tailored adverts.

I recommend malwarebytes (malwarebytes.org) to get rid of rouge spyware and adware. Finds a lot of stuff antivirus programs miss and it's free. The paid version has realtime protection but the free one works great for one time removals. I used to use it when I worked in a PC repair shop & it removed a program that drove me nuts - random internet explorer windows would open diaplaying all sorts of crap even when I wasn't using the PC. All other programs failed to find it.

A word of caution though; back up your system first as malwarebytes removes even the most stubborn malware and if windows system files have been modified by malware it can delete the files somtimes rendering your system unbootable.

Last edited by Arokh; 10/05/12 08:55 PM.

By fire and by blood I join with thee in the Order of the Flame!

Arokh's Lair - Drakan & Severance: Blade of Darkness forums - https://www.arokhslair.net

Arokh #455152 11/05/12 07:54 AM
Joined: Mar 2003
veteran
Offline
veteran
Joined: Mar 2003
If you looked into HTML source code of someone forum page then you will find in the first line a javascript request to an external site (like in the screenshot). NoScript (Firefox addon) tells me, that some elements of this forum are blocked and the blocked elements refers to this external site. Looks like someone hacked the forum or inspected the code in some way.


Xanlosch's Home - Fortombla hortomosch !
Kein Support via Foren-PM - postet mehr im Forum.
Joined: Mar 2003
Location: Canada
Support
Offline
Support
Joined: Mar 2003
Location: Canada

I noticed that URL coming up in the status bar after I posted (the next time I checked for new posts).

Raze #455154 11/05/12 09:05 AM
Joined: Dec 2003
Location: Krynn
old hand
Offline
old hand
Joined: Dec 2003
Location: Krynn
Someone managed to insert one line in a config file of this forum. But that's all they could do, they couldn't read the file, or the database, just insert text into one file.

Thanks for the heads up, fixed it and I'm looking into ubbthreads security updates.


Tweeting @forktong
Joined: Apr 2011
enthusiast
Offline
enthusiast
Joined: Apr 2011
Ah right, never thought about looking at the HTML. Just that I see so many computers with similar problems I suspected spyware. Also I wasn't getting the problem on my system.

My forum got hacked a few years ago, the only problem I have is with spambots.


By fire and by blood I join with thee in the Order of the Flame!

Arokh's Lair - Drakan & Severance: Blade of Darkness forums - https://www.arokhslair.net

Arokh #455158 11/05/12 09:44 PM
Joined: Dec 2009
M
addict
OP Offline
addict
M
Joined: Dec 2009
Was just this forum ^^

The popup doesn't show anymore.

Joined: Mar 2003
A
veteran
Offline
veteran
A
Joined: Mar 2003
@Xanlosch : A tiny article in the current issue of the magazine "c't" hints towards a certain kind of forum hacking for using it to earn money through advertisements in a way ... I don't recall everything correctly anymore, especially since I'm very, very tired right now.


When you find a big kettle of crazy, it's best not to stir it.
--Dilbert cartoon

"Interplay.some zombiefied unlife thing going on there" - skavenhorde at RPGWatch

Moderated by  Larian_QA, Lar_q, Lynn, Macbeth, Raze 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.5