I think Facepunch just caused a major problem on my hard drive (malicious website)
80 replies, posted
[URL]http://www.facepunch.com/threads/1025758-Warning-Visiting-this-site-may-harm-your-computer[/URL]!
People here says it's just an image link.
[QUOTE=cdlink14;26016333][url]http://www.sandboxie.com/[/url]
---
Ok within the few minutes I've been running in sandbox mode I've noticed a few files suddenly appearing, those files are in
"D:\Windows\system32\CatRoot2"
Don't know if they're legit, or not.[/QUOTE]
Thanks, looks nice and easy.
[QUOTE=cdlink14;26016333][URL]http://www.sandboxie.com/[/URL]
---
Ok within the few minutes I've been running in sandbox mode I've noticed a few files suddenly appearing, those files are in
"D:\Windows\system32\CatRoot2"
Don't know if they're legit, or not.[/QUOTE]
Catroot is legit.
CatRoot2 is a microsoft update file.
Or maybe it's not. But according to my info, if you have auto windows update on your PC, the file gets there.
[QUOTE=Gvazdas;26016356]CatRoot2 is a microsoft update file.
Or maybe it's not. But according to my info, if you have auto windows update on your PC, the file gets there.[/QUOTE]
Yeah, it is.
I am using Linux, so obviously I am invincible.
Shit, im getting the fuck out of here before its too late.
[QUOTE=Gvazdas;26016163]I just ignore the warning [b]cuz'[/b] I know facepunch is [highlight]NOT[/highlight] 4chan or OIFY or whatever.[/quote]
:argh:
[quote=Gvazdas;26016163]GIt went to C disk and [b]selected everything[/b] and attempted [b]delete[/b].
I then immediately restarted my computer with the tower button.
When I restarted, [b]30GB of my files [highlight]we're[/highlight] gone.[/b][/quote]
:downs:
[quote=Gvazdas;26016163]It is 80% that someone probably hacked Facepunch silently, and it got malicious software in there as well.[/QUOTE]
Nobody hacked FP, it's a malicious ad.
Okay so I consulted my tech and he said it was not a virus but a small web-trojan of some sort. Until he can get some scanning on the PC he can't tell exactly, but the thing that just happened to me can be a human-used or bot-generated web-trojan, by what I am saying is - the thing that just happened to me won't happen to anyone else, or if my tech is wrong, it's just a matter of time. :f:
Well just tried running a scan of my sandboxie folder with MSE and it's showing all clean. Definitely seems like a false positive.
Nod32 isn't telling me anything so far.
Sounds like you have ghosts.
:iiam:
^
Very funny
x2^
Yeah, it wasn't telling me anything either.
I'm using Opera, no warnings or anything here.
[QUOTE=cdlink14;26016394]Well just tried running a scan of my sandboxie folder with MSE and it's showing all clean. Definitely seems like a false positive.[/QUOTE]
Okay, that means either this was what my tech said, it happens to only some people, OR this wasn't anything facepunch.
Okay, summary up:
Chance of facepunch being the fault: 20-50%.
Still, those 'malicious warnings' weren't coming out of nowhere.
[QUOTE=Gvazdas;26016458]Okay, that means either this was what my tech said, it happens to only some people, OR this wasn't anything facepunch.
Still, those 'malicious warnings' weren't coming out of nowhere.[/QUOTE]
From what I've read in a different thread, it's 2 websites that are linked to via ads that are causing the warning to appear. Since ads are randomly shown then it's likely whomever has viewed those ads likely have been attacked.
Members don't get ads, so it's likely that if you weren't signed on before you opened facepunch, your computer could have contracted something from one of the ads that are shown to guests.
[QUOTE=Pascall;26016527]Members don't get ads, so it's likely that if you weren't signed on before you opened facepunch, your computer could have contracted something from one of the ads that are shown to guests.[/QUOTE]
Last time I checked everybody gets ads (unless they use adblock of course). But that was a few weeks ago.
I don't use adblock and I have none. Sooo, I'm assuming they were removed for members a while back.
I use adblock and flashblock by the way.
I also keep my logged in session permanent and never use any other browser than this.
Man this is weiird...
consider the number of people who use facepunch - a lot
now consider the likelihood of at least one of them getting a virus in one day - not unreasonable
that person just happens to get a virus at the same time this debacle happens
coincidence
I can't remember ever getting ads while logged in.
I got an error with firefox too, I just ignored it.
Chrome is telling me facepunch is malicious, what ?
[img]http://i.imgur.com/4zCxB.png[/img]
Nothing here.
Thinking its just a false alarm or something.
[QUOTE=cdlink14;26016504]From what I've read in a different thread, it's 2 websites that are linked to via ads that are causing the warning to appear. Since ads are randomly shown then it's likely whomever has viewed those ads likely have been attacked.[/QUOTE]
Can you figure out what those ad hosts are? I wish to block their entire website via /etc/hosts
Firefox is freaking the fuck out everytime I try to go to Facepunch...had to use IE to even be able to get in and post this
[editline]12th November 2010[/editline]
[QUOTE=lavacano;26017198]Can you figure out what those ad hosts are? I wish to block their entire website via /etc/hosts[/QUOTE]
[quote=Google/Firefox freak out] What happened when Google visited this site?
Of the 797 pages we tested on the site over the past 90 days, 8 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-11-12, and the last time suspicious content was found on this site was on 2010-11-12.
Malicious software is hosted on 3 domain(s), including ernomut.co.cc/, 91.188.60.0/, dionneg.com/.
4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including quickhousesale.eu/, adbrite.com/, laurabermanfortgang.com/.
This site was hosted on 4 network(s) including AS14618 (AMAZON), AS41230 (ASK4), AS16509 (AMAZON). [/quote]
-Snip-
Really late.
Can someone explain why my internet browsers are calling facepunch malicious?
[editline]12th November 2010[/editline]
And firefox is showing facepunch all weird looking
I'm getting the same warnings on my Macbook.
Sorry, you need to Log In to post a reply to this thread.
