My anti-virus software picked up some sort of virus last time I tried to access the CORE website- not sure whether you guys are aware or not. It may be spyware from a banner or something. It was a few days ago.
-
We have updated our Community Code of Conduct. Please read through the new rules for the forum that are an integral part of Paradox Interactive’s User Agreement.
Here is some info. I can't really say what this all means. I have Norton Anti Virus, updated daily and am behind a NAT and HW firewall. As far as I know, I haven't been affected. Steel has been PM'd but I haven't heard anything more.
I don't have any expertise in this area...
++++++++++++++++++++++++++++++++++++++++++++++++++++
quote="Generalisimo:
According to Trend Micro Officescan, there are 4 files that are being installed all related to:
JAVA_BYTEVER.A
Malware type: Java Applet
Aliases: Downloader.Trojan, Exploit-ByteVerify, Java.Shinwow.AT, Troj/ByteVeri-F, TrojanDownloader:Java/OpenConnection.K, Win32/ByteVerify.26610!Exploit!Trojan
In the wild: No
Destructive: No
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Encrypted: No
This malware is a component of a malicious Java archive file (JAR) that resides in a malicious Web site. Machines infected with the malware JS_FORTNIGHT.B are redirected to this Web site.
This malware calls and executes another malware, JAVA_JJBLACK.C, which results in modifications to the browser and registry settings of the infected system.
This is Trend Micro's detection for JAVA classes that exploit a known vulnerability in Microsoft Virtual Machine in Windows Operating Systems and Internet Explorer. This flaw allows malicious users to execute codes of his or her choice when a user visits an infected Web site.
To know more of this vulnerability, how to determine a vulnerable system, and how to install security patches, continue reading on Microsoft’s Web site at this link: MS03-011 Security Bulletin
JAVA_BYTEVER.C
Malware type: Others
Aliases: Downloader.Trojan, JV/Shinwow, Java.Shinwow.W, TrojanDownloader:Java/OpenStream.C
In the wild: No
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Description:
This JAVA malware is found in malicious Web sites as part of a Web page applet. It comes in the form of a compiled Java class, and may be called from an HTML page.
It exploits the ByteVerifier vulnerability in unpatched versions of Microsoft (MS) Java Virtual Machine, which could allow a file to be downloaded and executed without a user’s knowledge.
It connects to the following Web site where it downloads a file and saves it as LOADNEW.EXE:
http://ifra<BLOCKED>lars.biz/dl/loadadv479.exe
It then executes the file, which is detected by Trend Micro as TROJ_SMALL.OI.
For solutions visit the following:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A&VSect=Sn
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.C&VSect=Sn
I don't have any expertise in this area...
++++++++++++++++++++++++++++++++++++++++++++++++++++
quote="Generalisimo:
According to Trend Micro Officescan, there are 4 files that are being installed all related to:
JAVA_BYTEVER.A
Malware type: Java Applet
Aliases: Downloader.Trojan, Exploit-ByteVerify, Java.Shinwow.AT, Troj/ByteVeri-F, TrojanDownloader:Java/OpenConnection.K, Win32/ByteVerify.26610!Exploit!Trojan
In the wild: No
Destructive: No
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Encrypted: No
This malware is a component of a malicious Java archive file (JAR) that resides in a malicious Web site. Machines infected with the malware JS_FORTNIGHT.B are redirected to this Web site.
This malware calls and executes another malware, JAVA_JJBLACK.C, which results in modifications to the browser and registry settings of the infected system.
This is Trend Micro's detection for JAVA classes that exploit a known vulnerability in Microsoft Virtual Machine in Windows Operating Systems and Internet Explorer. This flaw allows malicious users to execute codes of his or her choice when a user visits an infected Web site.
To know more of this vulnerability, how to determine a vulnerable system, and how to install security patches, continue reading on Microsoft’s Web site at this link: MS03-011 Security Bulletin
JAVA_BYTEVER.C
Malware type: Others
Aliases: Downloader.Trojan, JV/Shinwow, Java.Shinwow.W, TrojanDownloader:Java/OpenStream.C
In the wild: No
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Description:
This JAVA malware is found in malicious Web sites as part of a Web page applet. It comes in the form of a compiled Java class, and may be called from an HTML page.
It exploits the ByteVerifier vulnerability in unpatched versions of Microsoft (MS) Java Virtual Machine, which could allow a file to be downloaded and executed without a user’s knowledge.
It connects to the following Web site where it downloads a file and saves it as LOADNEW.EXE:
http://ifra<BLOCKED>lars.biz/dl/loadadv479.exe
It then executes the file, which is detected by Trend Micro as TROJ_SMALL.OI.
For solutions visit the following:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A&VSect=Sn
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.C&VSect=Sn
Any way of cleaning it up? I registered at core shortly before this first happened. But I won't go back til it's cleared up.
Both of these are good, but really it's down to CORE to clean up their website, sadly. I'll not be visiting until I've heard that the problem's solved.dacharls said:
Steve.
steveh11 said:
That is a good idea. Follow this site for information as to when it is repaired. We are striving to get the problem solved. Unfortunately we are forced to wait for the site owner to get it cleaned up.
MDow
tiger2004 said:as long as you have opera its alright...
Trust me, you don't want to hear me sing
MDow
I also haven't had any problems (even with IE) going straight to the HoI2 forum at coremod.org (when I went up to the top forum level my anti-virus program screamed at me), but I suggest you have updated av-programs even so. We absolutely do not want anyone to catch a virus from the site, so use caution or stay away for the time being.Sir Humphrey said:
