Page 1 of 2
DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 9:42 pm
by Adam Parker
Wargamer is under a massive virus attack.
Just visiting the site right NOW will bugger up your PC. Trogans, other attacks etc.
Wait until we receive official word that the site is clear again.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 10:35 pm
by Adam Parker
This is a particularly nasty attack.
It's called "Trojan malscript!html".
It is a high risk attack and though my AV was able to locate and remove it, it will still run some pesky .exe's that in my case changed a couple of things in my registry.
If fully successful it will take down the system's AV.
If someone could tell the Wargamer folks to take their site off line now, they will be doing us all a service and confirm it here please.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 10:51 pm
by oldspec4
I ran a full scan w/ Norton Internet Security 2009 after trying to open the Wargamer site.
Nothing was found on my system...so far anyway.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 11:12 pm
by Adam Parker
What seems to happening to some folks is that as soon as the site is visited and a forum thread opened, Adobe Acrobat pops up and starts running a script.
The files e.exe and winupdate.exe are then loaded and executed as part of the Trojan.
Norton will pick the trojan up and remove it but by then the damage is done.
The changes to my registry were all fixable. Check to see if you can open Task Manager and change your wall paper. They are some of the symptoms.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 11:45 pm
by Adam Parker
Has anyone opened the thread at Wargamer where a couple of guys are talking about a Trojan or strange behavior at the Wargamer?
That's when I got hit.
Don't try it now! Just wondering.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 11:48 pm
by junk2drive
Earlier today I posted in that thread that my av, Avast, had warned me that it was blocking a malicious site. I quit going after that and reading that there was nothing that could be done till Monday.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sat Aug 29, 2009 11:56 pm
by Adam Parker
Thanks, I couldn't get that far!
I think I'm going to change AV suites soon.
This is the 2nd year that Norton let a threat get by before stopping it. Avast did well for you.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 12:02 am
by junk2drive
Running a full scan now just for the heck of it, but it seemed to stop it.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 12:04 am
by Adam Parker
Check you Preftech folder for those 2 exe's too:
e.exe
winupdate.exe
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 12:06 am
by WallysWorld
Before reading this, I visited the Wargamer forum for a second and noticed it looked weird and quickly got out. My anti-virus software reported nothing and no unusual executables ran so I think I dodged the bullet.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 12:43 am
by junk2drive
Scan found nothing and those two exes aren't around.
Avast is free and one of the recommended av's in a recent thread here at Matrix.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 8:39 am
by Guppy
Thanks for the heads up on the exe's
When I tried to goto the Wargamer site my Avast red screened a problem. I disconnected from the web and did a full scan.
Fortunately nothing was found. It's a good thing I use Foxit.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 6:55 pm
by Arctic Blast
ORIGINAL: Guppy
Thanks for the heads up on the exe's
When I tried to goto the Wargamer site my Avast red screened a problem. I disconnected from the web and did a full scan.
Fortunately nothing was found. It's a good thing I use Foxit.
Yep, same thing happened with me. Wonder if it's cleared yet?
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 6:57 pm
by Poolmick
why does it always seem to happen to them for?
And no I didnt go there.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 7:21 pm
by Prince of Eckmühl
ORIGINAL: Mickey
why does it always seem to happen to them for?
Most likely because something critical didn't get patched, the server OS perhaps.
PoE (aka ivanmoe)
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 9:02 pm
by Qwixt
ORIGINAL: Adam Parker
What seems to happening to some folks is that as soon as the site is visited and a forum thread opened, Adobe Acrobat pops up and starts running a script.
The files e.exe and winupdate.exe are then loaded and executed as part of the Trojan.
Norton will pick the trojan up and remove it but by then the damage is done.
The changes to my registry were all fixable. Check to see if you can open Task Manager and change your wall paper. They are some of the symptoms.
There was a recent patch, within last month, for acrobat because of a security issue. Sounds like it's trying to take advantage of this weakness for people that have not updated yet.
RE: DO NOT VISIT THE WARGAMER!
Posted: Sun Aug 30, 2009 9:04 pm
by doomtrader
You know that 83% of people, are doing exactly those things that you are suggesting them not to do?
RE: DO NOT VISIT THE WARGAMER!
Posted: Mon Aug 31, 2009 2:09 am
by martok
Hmm, I've not noticed any problems logging onto the Wargamer this evening. Might it have something to do with my using FireFox with Ad-block, or has the threat already been removed?
RE: DO NOT VISIT THE WARGAMER!
Posted: Mon Aug 31, 2009 9:22 am
by Arsan
So... it is clean already?? [&:]
Could somebody else please go there wait a while for a possible infection and come back here and report [:'(][:D]
Thanks in advance! [:)]
RE: DO NOT VISIT THE WARGAMER!
Posted: Mon Aug 31, 2009 1:46 pm
by Phatguy
Arsan, after a secret vote of the secret society, we voted for you to go to the Wargamer site and "reconoiter" for us...
Thanx [:D]