Fpsbanana?

[struki]

Does it still has viruses?

[Caution]

Yes.

[Boobcake]

It had viruses? OH SHIT.

[LunarKirby]

If you mean how it is always buggy with all its broken pages and stuff, yes.

[Harry]

Q: Does *insert any site here that uses an external advertisement CDN* have viruses?

A: Yes.

 

The viruses were put in via the advertisement network. If sites did not expect their users to pay for their server costs via advertisements (I do not mind sites that ask for donations, as that harms no one, and it a lot more friendly than "HOT PORN ADS HERE"), then there would be a lot less cases of this. Advertisement networks are so easy to spread 0-days through onto legit websites.

FPSbanana itself was not "hacked", it was its advertisers putting up ads with viruses in them.

 

I am pretty sure they solved it quickly, though. Though this happened before in the past, and it WILL happen again.

[Teen Panda]

Q: Does *insert any site here that uses an external advertisement CDN* have viruses?

A: Yes.

 

The viruses were put in via the advertisement network. If sites did not expect their users to pay for their server costs via advertisements (I do not mind sites that ask for donations, as that harms no one, and it a lot more friendly than "HOT PORN ADS HERE"), then there would be a lot less cases of this. Advertisement networks are so easy to spread 0-days through onto legit websites.

FPSbanana itself was not "hacked", it was its advertisers putting up ads with viruses in them.

 

I am pretty sure they solved it quickly, though. Though this happened before in the past, and it WILL happen again.

 

Agreed but I don't really think FPS Banana has viruses

[Harry]

Agreed but I don't really think FPS Banana has viruses

It did a few times...

[struki]

i was talking about MORE dangerous virus,so called black internet virus:

 

 

 

The quotes I that found on GTFO below are written by BigRoss on the FPSBanana forums.

 

Quote:

Originally Posted by GTFO

The site is currently infected with the 'Black Internet' trojan.

 

It's embedded in the site itself somehow, which means all you have to do is go there-- you don't have to download anything, and you'll be infected. All the following programs did not detect the trojan AVG, Ad-Aware and Windows Defender.

 

If you've been to FPSBanana in the last day or less, check your task manager. Look for iexplore.exe running-- or multiple instances of it if you are surfing with internet explorer, of course. You might also be hearing audio advertisements and/or multiple weird noises and mouseclicks.

 

Apparently this trojan infects the MBR, to fix the virus problem make all folders viewable in the control panel -> large icons -> folder options -> view -> show hidden files, folders and drives, then reboot in Safe Mode and go here:

 

C:\Users\YOURUSERNAME\Appdata\Local\Temp

 

and deleting these two files:

 

Loader.exe

Smss.exe

 

And until further notice I strongly suggest that you avoid going to the website.

Quote:

Originally Posted by GTFO

About this Virus

The new FPSBanana virus is a Rootkit virus known as "Black Internet". It is extremely dangerous to your system and security on your computer. A Rootkit virus buries itself into your Master Boot Record which forces the virus to load upon startup. You cannot disable the virus through safe-mode or "msconfig".

!NOTE!

VIRUS SCANNERS WILL NOT DETECT OR FIND THIS VIRUS! ONLY REAL-TIME VIRUS PROTECTION CAN DETECT AND STOP THIS VIRUS FROM BEING INSTALLED.

 

As of right now, the only working real-time detection and stopping of this virus is Kaspersky. Kaspersky will NOT remove the virus if you already have it.

The virus is obtained through a Java exploit from the advertisements on FPSBanana. Adblock will NOT stop you from getting this virus. Even if you have Ripe, you can still get this virus.

 

What does it do?

First, the virus buries itself into your Master Boot Record to keep you from detecting and removing the virus easily with any type of virus protection software. Afterwards, it loads up an application that will keep Internet Explorer open and showing you ads in the background or hidden voice ads. There are also reports of this being a Backdoor virus also which can transfer your sensitive information to the creators.

 

Symptoms

- Internet Explorer opens with ads randomly

- Windows keep minimizing

- Your computer sound will keep turning up and down randomly

- You will hear the clicks of pages being browsed in the background

- Visiting websites might not work

 

Do I have the Virus?

Even if you think you do not have the virus, you could still be infected!

There is an easy way to test if you have the virus. Follow these steps...

 

Step 1)

Press CTRL+ALT+DEL on your keyboard. Click "Open Task Manager".

 

Step 2)

On the Task Manger, click the "Processes" tabs.

 

Step 3)

Look through your processes for "loader.exe". If you have that file running, there will also be one or multiple instances of "iexplorer.exe". If so, You are infected!

 

Image

 

Removing the Virus

To remove this virus, you are REQUIRED to have a Windows disk corresponding to your version of Windows OR a recovery drive that came from factory. If you do not, you are pretty much screwed... There are other ways but they have a 10% chance of working.

 

So now, insert your Windows disk into your CD/DVD drive and restart your computer. When it says to "Press any key to continue..." do so. If you have a recovery drive, you will either have to press a key that is defined on the Bios screen or press F8 before Windows loads. Choose to recover your Windows installation.

 

After you choose the option to recover your Windows Installation, you can choose to use Command Prompt to do so. Once the Command Prompt opens, type the following...

 

Windows XP: fixmbr

Vista or 7: bootrec.exe /FixMbr

 

After the process completes, you can then close command prompt and Restart your computer. When the computer loads up again, the Virus has been disabled. You just need to delete the file.

 

You can either use CCleaner to delete all over your Windows Temporary Files or goto your temp folder in the following location...

Windows XP: C:\Documents and Settings\Application Data\temp

Vista or 7: C:\Users\[YOUR USERNAME]\AppData\Local\Temp

 

Find the file "loader.exe" and delete it.

 

You should be all set now and the infection should be gone. Double check by following the the steps to check for the virus above.

Edit: people are getting a little too paranoid over this. Don't panic at every process you don't recognise, if it looks suspicios then a look in google should help you find sites with info on it. At the moment, mainly be concerned about the processes mentioned.

 

Have a read over this again:

 

Quote:

!NOTE!

VIRUS SCANNERS WILL NOT DETECT OR FIND THIS VIRUS! ONLY REAL-TIME VIRUS PROTECTION CAN DETECT AND STOP THIS VIRUS FROM BEING INSTALLED.

 

As of right now, the only working real-time detection and stopping of this virus is Kaspersky. Kaspersky will NOT remove the virus if you already have it.

The virus is obtained through a Java exploit from the advertisements on FPSBanana. Adblock will NOT stop you from getting this virus. Even if you have Ripe, you can still get this virus.

Kaspersky, seems to be your best chance of preventing the virus from being installed.

 

Don't panic, it won't help things. There's a good chance most/many of you don't have it - it's worth a check though.

 

Edit2:

 

I'll try and make this a list of Anti-Virus you can use to avoid this:

 

[#] NOD32 - A lot of people in this thread recommending it.

Update: Read and heard from a people that NOD32 CAN KILL IT. At the moment, this is what I recommend hte highest from this list. Hence the moving it to the top of the list.

 

[#] Kaspersky - will detect and prevent this from installing on your computer.

 

[#] Avast - Somone in this thread somewhere mentioned that Avast also does this. I can't confirm it as I've not heard anything else about Avast for this but I've heard great things about it anyway.

 

 

 

[#] MVPS Hosts - I've been hearing good things about this.

 

[#] Malwarebytes - Quite a lot of people are recommending Malwarebytes to help get rid of unwanted things. Might not be the best for this trojan(I've no idea if it's effective or not in any way for this) but it should at least get rid of the need for people to keep posting it as you'll see it here and I'm sure it's got its uses for other sorts of nasties.

 

[#] Panda Cloud Antivirus - Read a lot of great things about it. Does it's job great apparently, in beta though and isn't feature complete from what I read. Still it's another alternative and worth looking into. Note that I don't know if it's effective in anyway towards protecting you from this trojan.

 

 

Tarun wanted me to link to these. He's got a site for helping people with any problems like these(he's also a resident expert with Malwarebytes - [#] verification) - had a look into it, seems pretty decent:

Website | Forums | Anti-Malware Toolkit | PC Cleanup | PC Security

 

 

Note:-

Norton will not fix this.

If you are using Firefox, using AddBlocker and NoScript will stop the virus from installing.#

 

To turn javascript off on Firefox:

In Firefox go to Tools, Options, Click the Content tab, uncheck "Enable Javascript" and click ok.

 

For Google Chrome users:

Quote:

Originally Posted by Zxaber

This is a javascript virus. If you are worried, disable javascript. For Chrome, make a new shortcut somewhere, and name it something like "Chrome_nojs" if you have to. Then, in Properties, give it the following Target:

Code:

 

Code:

"C:\Documents and Settings\\AppData\Local\Google\Chrome\Application\chrome.exe" -disable-javascript

Keep the quotes, by the way, and do remember to replace the "" with your Windows user name. This will stop Chrome from running all javascripts, including Flash. Keep in mind, you have to close all windows to switch between blocking and allowing javascript; you can't have a window of each running. On the plus side, non-javascript Chrome runs otherwise identical to normal Chrome, so it will remember your saved tabs, recent pages, etc.

Zxaber was the one who posted about turning it off for Chrome. This is Zxabers post.

 

 

I'll list more as I find/read about them. Sorry it's a bit short.

 

Some people are also saying running Kaspersky, Add Block and No Script will block this. I can't confirm this either but it may stop your PC from getting this trojan.

 

Note: Mac and Linux users: You should be fine. You shouldn't need to worry about this(well, I certainly hope so).

 

Note2: For an alternative place to go for TF2 maps, TF2 Maps is a good site to go to and most likely a better alternative. Thanks to Grim Tuesday for reminding me.

 

*(These 2 links below should be safe. If anyone knows for a fact that they're not then let me know please)*

 

TF2 Maps

 

If you're an L4D or L4D2 player, L4D Maps is also a great site and alternative for maps.

 

L4D Maps

 

Note3: People, if you see the task(and you will if you're running Windows) explorer.exe - leave it alone. It is not a virus and it is supposed to be there, stop it running and your task bar goes away until you run it again - explorer.exe is a process that you want to be running.

 

Note4:

Do this:

Quote:

Originally Posted by BoViking

Listen to this while reading the second quote again.

 

 

It makes you notice how serious it is written.

Hilarious to say the least.

Good laugh. If you found that as funny as I did then rep: BoViking, needed something to lighten up the thread a little.

 

Credit to:

 

Fox150 for confirming NOD32 will kill it and that Firefox, AddBlocker and NoScript will stop it installing. I will also re-emphasise(Fox150 wants this as well): "Look through your processes for "loader.exe". If you have that file running, there will also be one or multiple instances of "iexplorer.exe". If so, You are infected!"

 

Update:This has been fixed. FPSBanana is safe to use again for the time being. Even though it's safe at the moment, if you plan on going there, make sure you're protected against this kind of thing before you go there to be safe. Also, just be careful on other sites as well - they could also get something similar and it doesn't hurt to be sure.

 

I'll update this if FPSBanana is compromised again. Untill then though, thank you for sticking with this and thank you to GTFO Gaming for finding and alerting the community about this.

 

Adiggity claims that FPSBanana is still not safe to use:

Quote:

Originally Posted by adiggity

FPSBanana is still not safe to use.

 

ESETNod32 found Trojans in several downloads--including SteamCleaner, ironically--and SpyBot S&D regularly detected spyware after I visited the site.

 

Play it safe and avoid. And please upload custom content somewhere else so we can enjoy it in peace ^^

This is the only report I've got so far of the site still being infected but keep it safe and make sure you are protected.

 

Seems FPS Banana is known for this kind of thing. This is one of the sites you'll have to be very careful with.

 

This is also going to be used as a sort of support thread for the time being now that FPSBanana is safe. This is so users who were affected can post and get help from other members - happening already. Post if your PC was infected(or if you think you may be infected/curious/want to make sure) and you need help to get rid of it. There should be someone around sometime who is willing to help.

[struki]

^

 

 

was from steam forums

[Harry]

i was talking about MORE dangerous virus,so called black internet virus

Yes, it's a typical 0-day virus provided by people using advertising CDNs that are not secure.