FPSbanana Trojan. Don't go on the site. - Games

Yep I got it, I didn't realize there was a fix for it, so far, all I've done about it is suspend it's process and block it with my firewall.

[QUOTE=Mr. BigShot;23311487] u mad?[/QUOTE] yes

Fuck you guys I'm going on, If I don't come back...I love you bros.

[QUOTE=DrKinkyKinkles;23314928]When will people learn that you do [B]NOT[/B] have to click the ads to catch malware? For those who are frantically searching around their systems for these viruses, I recommend Everything Search Engine. It finds and logs every file and folder in your system to a search window. It works infintely better than the default start menu search feature. [url]http://www.voidtools.com/[/url] For example, [IMG]http://imgur.com/QbIz4.png[/IMG][/QUOTE] So, is that the smss.exe that I need to delete if Everything comes up with that in results, or is that just an example? Because I got two, one in- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_08594380d18f10f0 The other in C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_0a44bc8cceb0dc3c

I completely removed Internet Explorer from my computer, and have been on FPSB alot in the last 2 days and nothing unusual happened for me. I should stop just to be safe.

I actually do have it but it's in my Windows folder not the system 32, should I still delete it?

[QUOTE=Dippeggs;23319596]I actually do have it but it's in my Windows folder not the system 32, should I still delete it?[/QUOTE] If its in windows folder. DO NOT DELETE!! Deleting anything in windows folder is bad idea and could kill your computer.

[QUOTE=Dachande;23318570]So, is that the smss.exe that I need to delete if Everything comes up with that in results, or is that just an example?[/QUOTE] Just an example.

[QUOTE=Matsilagi;23306461]Using avast! Internet Security. OH SH*T!! Every time i runs the Internet explorer, appears one more iexplore.exe on my task manager... However, nothing found in temp... At the moment, only 1 tab and 2 iexplore.exe running. I think its not the virus, because here in my pc is quiet...[/QUOTE] This is just an FYI to those who are concerned with this situation being related to the virus. As far as I can tell, it's not. From what I can gather from a bit of research I did(and I'm not sure if this is only Windows 7 or not), the 2 processes of iexplorer.exe when you have one window of it open is due to one being the window itself, and the other being the Tab Recovery for IE8. [quote]This is normal in IE8. You will have one process for IE8 itself, then another process for each tab opened in IE8. This is part of the built-in tab recovery feature in IE8 so that if one tab crashes in IE8, it's not suppose to crash all of IE8 and allow you to still use IE8 and the other opened tabs.[/quote] It's a precaution, and intended to happen. So relax. That isn't virus related. But in the interest of everyone's benefit, has we discovered a surefire way to detect infection? I looked through every page so far, and it seems like we have ideas, but nothing concrete.

[QUOTE=Singo;23290778]Mac [img]http://www.facepunch.com/fp/emoot/smugdog.gif[/img][/QUOTE] More like Cat box.

I couldn't find "loader.exe" in my temp folder. What do I do now?

Yeah FPSB is still a danger zone MSE just picked up 3 trojans not named loader or smss.

You see, this is why I love Windows 7. It has the ability to completely disable Internet explorer. Background processes, everything. And since the Black Internet Virus can only use Internet Explorer, if you don't have it "installed", then it can't do a thing.

Why do people attack FPSBanana?

[QUOTE=Wootman;23322197]Why do people attack FPSBanana?[/QUOTE] Easy to target. They accept just about any ads.

[QUOTE=Combiner8761;23322265]Easy to target. They accept just about any ads.[/QUOTE] Yup. Seems like they need to be more careful. This is what happens when you're careless.

I just went there to download the n64 tf2 pack, and had noscript on. Nothing so far. Hmm.

Need to find alternatives for fps banana.

[QUOTE=Bosco;23322602]I just went there to download the n64 tf2 pack, and had noscript on. Nothing so far. Hmm.[/QUOTE] noscript blocks it.

I don't have C:\Users\YOURUSERNAME\Appdata\Local\Temp . :ohdear: Also running Windows XP. I see one smss.exe running in the Task Manager but I have a feeling it's the system32 one, no loader.exe, and no iexplorer.exe. The only smss.exe's that folder search has found are in the WINNT folder somewhere.

This is why i go onto Fileplanet :derp:

[QUOTE=devon_wargod;23323802]I don't have C:\Users\YOURUSERNAME\Appdata\Local\Temp . :ohdear: Also running Windows XP. I see one smss.exe running in the Task Manager but I have a feeling it's the system32 one, no loader.exe, and no iexplorer.exe. The only smss.exe's that folder search has found are in the WINNT folder somewhere.[/QUOTE] use any other harddrives, if you have a D:\ use it.

[QUOTE=devon_wargod;23323802]I don't have [b]C:\Users\YOURUSERNAME\Appdata\Local\Temp[/b] . :ohdear: Also running Windows XP. I see one smss.exe running in the Task Manager but I have a feeling it's the system32 one, no loader.exe, and no iexplorer.exe. The only smss.exe's that folder search has found are in the WINNT folder somewhere.[/QUOTE] I think hidden folders are not shown by default. There is a check box in the control panel that allows you to show hidden folders. Just go to the control panel then hit the folder options. then go to view and there should be a check box that says 'show hidden files and folder'. Just check that and see if it is there now.

[QUOTE=Tom @ FPSBanana]Hey guys. First, thanks everybody who is providing support in getting the virus removed. The virus has been removed from the site, but a threat is still there. I'm going to tell you everything I know. - The attack was identical to the attack that occurred 8 or so months ago, whereby the attacker has put malicious code in a footer file on the backend. - Since the last attack I made significant security changes - hardened database statements, file permissions, configuration settings, system users and the webserver. This is why I'm particularly concerned and perplexed by this recent attack. - I don't believe my client machine is infected by the virus on the site but could have been infected earlier by trojan or keylogger which could explain the attack vector. - My alternative theory is there is still a loophole in the application layer of the site - possibly relating to 3rd party modules, uberstyle/tbar editing or file uploads. - The attacker's domain seems to be relatively unknown to Google and infecting FPSBanana exclusively (lucky us!) as opposed to the previous attack which was infecting a lot of sites. - As always this has come at a bad time (it never comes at a good time) as I was getting close to rolling out the new site. If you're still infected, I'm afraid I can't help you apart from the usual advice to try each and every decent antivirus/malware program you can find. The course of action that will always guarantee you to be virus free is to do an OS reload, but that is a major pain. Well, I'm going to get back to work now. Sorry about this guys.[/QUOTE]

I have 2 iexplore.exe running, is this bad?

[QUOTE=haxorfox;23325499][/QUOTE] Wow, that's why it is down right now.

Anyone else notice all that troll news?

[QUOTE=Lexico;23326683]I have 2 iexplore.exe running, is this bad?[/QUOTE] Stop them right now. Even if it wasn't the trojan it wont do harm.

Guy who told OP about the virus here, I got the virus and removed it and I use adblock plus,noscript, and firefx along with AVG. Somehow it managed to enable itself using IE, there are two smss files, usually the virus one is found in the temp folder while the real one is found in system 32 which is NOT to be deleted. Be sure to end the loader.exe and smss.exe in processes before you find and delete them,also end Iexplorer.exe in processes as well when deleting.

[QUOTE=Arclight71;23325116]I think hidden folders are not shown by default. There is a check box in the control panel that allows you to show hidden folders. Just go to the control panel then hit the folder options. then go to view and there should be a check box that says 'show hidden files and folder'. Just check that and see if it is there now.[/QUOTE] Well it says I can see hidden files and folders but I still can't find C:/Users/usernamehere/appdata/local/temp.