Matrix Games Forums

Forums  Register  Login  Photo Gallery  Member List  Search  Calendars  FAQ 

My Profile  Inbox  Address Book  My Subscription  My Forums  Log Out

JS.Trojan.Seeker-based

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [General] >> General Discussion >> JS.Trojan.Seeker-based Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
JS.Trojan.Seeker-based - 9/20/2001 12:27:00 AM   
Janusz

 

Posts: 27
Joined: 7/7/2001
From: Poland
Status: offline
Everytime i visit www.matrixgames.com i got message
"Virus JS.Trojan.Seeker-based found"
???

_____________________________

Post #: 1
- 9/20/2001 3:39:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
Hmmm, we will look into it, but trojans are typically not spread via websites, but direct insertion, or email. HAs anyone else seen this? CHeck an anti-virus website like www.norton.com you may be the one infected? [ September 19, 2001: Message edited by: Paul Vebber ] [ September 19, 2001: Message edited by: Paul Vebber ]



_____________________________


(in reply to Janusz)
Post #: 2
- 9/20/2001 6:37:00 AM   
New York Jets


Posts: 2087
Joined: 6/25/2001
From: St. Louis, MO but stuck in Bremerton,WA
Status: offline
I have been getting virus detect messages from my anti-virus program (Norton 2001)when I access the website. Please advise.

_____________________________

"There comes a time in every man's life, and I've had plenty of 'em."

- Casey Stengel -

(in reply to Janusz)
Post #: 3
- 9/20/2001 7:40:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
Which virus? I have that same software and it says my system and the pages are clean??

_____________________________


(in reply to Janusz)
Post #: 4
- 9/20/2001 8:39:00 AM   
Les_the_Sarge_9_1

 

Posts: 4392
Joined: 12/29/2000
Status: offline
Hey guys, having gotten a virus only twice in my time computing, and once it was likely a wargame related download, (another site though), this all seems to point to the virus affected individuals having not kept their anti virus totally up to date (as was the case in my case). This is absolutely vital when downloading stuff that is essentially stuff that involves running programs.
This advice is the stuff most would call obvious, but we obviously hear of lots of people that forget the obvious.
In both cases my computer acted funny until I got suspicious and updated anti virus. Which is the point where it first noticed the offending virus. And I must say I know of numerous individuals that even run computers without anti virus protection. Some people say anti virus programs are "intrusive" on the computers operational performance". But then there are no small number of people that say the same of condums too for that matter. Currently I see nothing wrong with Matrix myself. It is clearly obvious that anyone with a hassle getting here, has a bug that affects online performance.
And that is clearly the problem of the users computer. Which is in my view, potentially the reason for many "bug" reports in game performance.
Cause I have yet to ever see anything ever go wrong in any of my games (other than bad strategies heheh).

_____________________________

I LIKE that my life bothers them,
Why should I be the only one bothered by it eh.

(in reply to Janusz)
Post #: 5
- 9/20/2001 9:14:00 AM   
New York Jets


Posts: 2087
Joined: 6/25/2001
From: St. Louis, MO but stuck in Bremerton,WA
Status: offline
quote:

Originally posted by Paul Vebber:
Which virus? I have that same software and it says my system and the pages are clean??
The next time I get it I will record it and let you know. Thank you.

_____________________________

"There comes a time in every man's life, and I've had plenty of 'em."

- Casey Stengel -

(in reply to Janusz)
Post #: 6
- 9/20/2001 11:03:00 AM   
New York Jets


Posts: 2087
Joined: 6/25/2001
From: St. Louis, MO but stuck in Bremerton,WA
Status: offline
quote:

Originally posted by Paul Vebber:
Which virus? I have that same software and it says my system and the pages are clean??
Paul, When I go from the entry page to the main menu page I get the following alert from Norton 2001 File: Program Object:Windows Script Host Shell Activity: RegWrite I hope this helps. Thanks.

_____________________________

"There comes a time in every man's life, and I've had plenty of 'em."

- Casey Stengel -

(in reply to Janusz)
Post #: 7
- 9/23/2001 9:21:00 AM   
Big Bill

 

Posts: 177
Joined: 3/24/2001
From: LI. NY. , USA
Status: offline
When I first got Norton 2001 I had warnings when any of my reguler programs tried to write to the disk. Look at your Norton configuration and see if you can set it to let matrix have access.

_____________________________


(in reply to Janusz)
Post #: 8
- 9/23/2001 12:22:00 PM   
New York Jets


Posts: 2087
Joined: 6/25/2001
From: St. Louis, MO but stuck in Bremerton,WA
Status: offline
Thank you, Bill. I'm still a little new to some of the technical aspects of this stuff.

_____________________________

"There comes a time in every man's life, and I've had plenty of 'em."

- Casey Stengel -

(in reply to Janusz)
Post #: 9
- 9/24/2001 12:14:00 AM   
Janusz

 

Posts: 27
Joined: 7/7/2001
From: Poland
Status: offline
OK - next info I use AVP (Kaspersky Lab) and one of the newest version MSIE. Today I turn off AVP Monitor and vist www.matrixgames.com and ... MSIE can't load site ... and don't responding. then I turn on AVP Monitor - web site loads and AVP Monitor "found Virus: JS.Trojan.Seeker-based"

_____________________________


(in reply to Janusz)
Post #: 10
- 9/24/2001 4:10:00 AM   
GI Seve


Posts: 101
Joined: 6/27/2000
From: Oulu, Finland
Status: offline
Well I have experinece this just once. Actually right when I logged in today (23.9 at 11.55 pm). My F-Prot virus detector made that virus alert(Finnish based but multiracially upkeeped virus protection program www.datafellows.com). I said that there were some trojan horse virus on this site. I suggest Matrix administrator to check his system with his virus protection programs latest updated version urgently!!!

_____________________________

HallelujaaGobble!

(in reply to Janusz)
Post #: 11
- 9/24/2001 6:13:00 AM   
Tombstone

 

Posts: 764
Joined: 6/1/2000
From: Los Angeles, California
Status: offline
I was getting this from my home machine, but not from my work machine. I was getting the reg write warning from Norton AV. I reinstalled Norton, and went through the live update and everything seems to be ok, but on a side note although none of my files appear to be infected I cannot complete a full system scan with NAV. Dunno, could be something there... Tomo

_____________________________


(in reply to Janusz)
Post #: 12
- 9/24/2001 7:56:00 AM   
David Heath


Posts: 3274
Joined: 3/29/2000
From: Staten Island NY
Status: offline
Hi Guys We use a virus program on our servers and I am sure its not the server. If it was the server EVERY one would have the problem.

_____________________________


(in reply to Janusz)
Post #: 13
- 9/25/2001 12:16:00 AM   
KING

 

Posts: 16
Joined: 12/7/2000
From: Suomi, Finland
Status: offline
That virus comes to me too from matrixgames.com. I just sended email to Forums administrators before I saw this topic. I use also F-Prot Anti-Virus. If there is not virus in Matrixgames, then there must be some other thing which causes that. Perhaps spyware or something which alarms Anti-Virus. That "virus" wasn´t there few weeks ago when I last time visited in Forums. Have you there in Matrixgames installed some new software or done some changes to pages code or so? Matrixgames.com is the only site which causes that Trojan warning.

_____________________________

...You all know me and I know you. I know that everyone of you is prepared to do his duty until death...

(in reply to Janusz)
Post #: 14
- 9/25/2001 2:46:00 AM   
Paulus Pak

 

Posts: 109
Joined: 1/23/2001
From: Warsaw, Poland
Status: offline
I'm sorry but I posted a new topic before reading this. I have exactly the same problem as CHRIS TROG. What's going on??

_____________________________

Pawel
A wargamer from Poland

(in reply to Janusz)
Post #: 15
- 9/25/2001 7:52:00 AM   
sinner

 

Posts: 174
Joined: 5/7/2001
From: North Carolina
Status: offline
A suggestion from an IT professional: Can you guys move the whole web to an Apache-based webserver? Apache (which runs on WindowsNT, Linux, FreeBSD, AIX, Solaris...) is known for its solidity and securiy. Qwest carries Apache as well. MS-IIS + Windows2000 , unfortunately are not very secure nor reliable. How difficult it would be to do move the whole site? Apache supports .asp and things usualy considered "Microsoft only". You would get better reliability (uptime), if managed in a usual way, no security issues, is less expensive (if you have to pay for the software, like Qwest. So I do not know if this actualy translates to the "end users", like MatrixGames), better handling of heavy traffic loads, less resource-intensive (so the same machine can do more work)... and no users complaining about a worm gotten from your site.
Please check the Gartner Group on MS-IIS here: http://www3.gartner.com/DisplayDocument?doc_cd=101034
Gartner Group
Salut,
Sinner

_____________________________

Sinner from the Prairy<br />"Thalassa! Thalassa!"

(in reply to Janusz)
Post #: 16
- 9/25/2001 8:11:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
See my post on the shockwave applet - there is no worm.

_____________________________


(in reply to Janusz)
Post #: 17
- 9/25/2001 11:19:00 PM   
nexus

 

Posts: 83
Joined: 6/28/2001
From: Siegen / Germany
Status: offline
quote:

Originally posted by Janusz:
Everytime i visit www.matrixgames.com i got message
"Virus JS.Trojan.Seeker-based found"
???

hello. after reading this thread i just checked my system f. viruses. and there was one found in windows/system/..... named "Trojan ???".
But i don´t know if i got this thru this webside....could be possible i think. what does such a "trojan" ??? anyone knows?

_____________________________

Greetings Frank

(in reply to Janusz)
Post #: 18
- 9/26/2001 12:56:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
It lets a hacker access your computer. They are commonly used to perform massive denial of service attacks against web sites. They are commonly inserted into your computer remotely. Anybody that has an IP address that does not change routinely is vulnerable to having a trojan inserted by hacker activity (they are effectively "broadcast" to vulnerable groups of IP addresses and then the hacker waits for those that are successful to report in. They are typically not distributed via a website. We have up to date virus protection on our servers and if you do not have firewall, and have a cabla modem of other type of connection that uses semi-permanant IP address, then you are vulnerable to have one of these programs sent via the internet to your system. THe bottom line is if you rely on your computer and spend a lot of time on the web, invest in personal firewall softwall as well as virus detection

_____________________________


(in reply to Janusz)
Post #: 19
- 9/26/2001 3:51:00 AM   
nexus

 

Posts: 83
Joined: 6/28/2001
From: Siegen / Germany
Status: offline
quote:

Originally posted by Paul Vebber:
It lets a hacker access your computer. They are commonly used to perform massive denial of service attacks against web sites. They are commonly inserted into your computer remotely. Anybody that has an IP address that does not change routinely is vulnerable to having a trojan inserted by hacker activity (they are effectively "broadcast" to vulnerable groups of IP addresses and then the hacker waits for those that are successful to report in. They are typically not distributed via a website. We have up to date virus protection on our servers and if you do not have firewall, and have a cabla modem of other type of connection that uses semi-permanant IP address, then you are vulnerable to have one of these programs sent via the internet to your system. THe bottom line is if you rely on your computer and spend a lot of time on the web, invest in personal firewall softwall as well as virus detection

do trojan´s delete save games??? overnight all my saved games from SPWAW are gone!! all files in save directory are gone,except an old outosave on slot 1. i´m SHURE i did not deleted them,´cause there were 2 campaigns ongoing. yesterday i downloaded WIR 3.1, btw.... i don´t know what it was,but it´s deleted by my anti virus program.

_____________________________

Greetings Frank

(in reply to Janusz)
Post #: 20
- 9/26/2001 4:38:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
What was deleted by your anti-virus program...?? Trojans don't typically delete anything but in effect can give control of your PC to a remote operator, just like PC anywhere does. I just DL'd the Wir 3.1 Win and scanned it for viruses and it had none.

_____________________________


(in reply to Janusz)
Post #: 21
- 9/26/2001 5:53:00 AM   
Big Bill

 

Posts: 177
Joined: 3/24/2001
From: LI. NY. , USA
Status: offline
After I was infected with a trojin horse I downloaded Zone Alarm's free firewall, after a year I haven't had any problems with this type of attack. This Trogin horse problem is more prevelent with someone using a high speed connection. The hackers use a bot program to scan the internet for these connections and then place the Trojin, Zone Alarm makes your computer invisable to this kind of attack. It's free and it works.

_____________________________


(in reply to Janusz)
Post #: 22
- 9/26/2001 11:21:00 PM   
nexus

 

Posts: 83
Joined: 6/28/2001
From: Siegen / Germany
Status: offline
quote:

Originally posted by Big Bill:
After I was infected with a trojin horse I downloaded Zone Alarm's free firewall, after a year I haven't had any problems with this type of attack. This Trogin horse problem is more prevelent with someone using a high speed connection. The hackers use a bot program to scan the internet for these connections and then place the Trojin, Zone Alarm makes your computer invisable to this kind of attack. It's free and it works.

hello and thanx. can you give me the website adress please??

_____________________________

Greetings Frank

(in reply to Janusz)
Post #: 23
- 10/2/2001 2:01:00 AM   
majama

 

Posts: 46
Joined: 7/25/2001
From: Poland
Status: offline
I have comunicat by my AVP Monitor :
Virus : JS.Trojan.Seeker-based in C:\Windows\temporary internet...content.IE5\CP6VCT2Z\default(1).js AVP cannot remove this virus :
dangerous situacion i MUST LESS TRUST MATRIX SITES ? majama

_____________________________


(in reply to Janusz)
Post #: 24
- 10/2/2001 2:13:00 AM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
No, We have and continue to monitor the site for viruses, this appears to be a flase alarm caused by Macromedia SHockwave. Neither Norton nor mcAfee says there are any virus present.

_____________________________


(in reply to Janusz)
Post #: 25
- 10/3/2001 4:38:00 AM   
majama

 

Posts: 46
Joined: 7/25/2001
From: Poland
Status: offline
OK, thanks

_____________________________


(in reply to Janusz)
Post #: 26
- 10/5/2001 6:20:00 PM   
Halgary

 

Posts: 52
Joined: 6/4/2001
From: Oulu, Finland
Status: offline
quote:

Originally posted by Paul Vebber:
No, We have and continue to monitor the site for viruses, this appears to be a flase alarm caused by Macromedia SHockwave. Neither Norton nor mcAfee says there are any virus present.
Hope so. This troyan jumped on me when I went to see info about Combat Leader. Strangely enough, it didn't happen when I used Opera, but when I switched to IExplorer... WHAM! I feel a bit nervous, since my anti-virus -program says it can't be removed. I'm using F-Secure anti-virus software, if that helps.

_____________________________


(in reply to Janusz)
Post #: 27
- 10/5/2001 9:40:00 PM   
Paul Vebber


Posts: 11430
Joined: 3/29/2000
From: Portsmouth RI
Status: offline
Script based viruses are generally pretty obvious if you "view source" of the web page. If you "view source" and there is a block of code that calls registry edits, creating or renaming files etc, then you have to watch out. Unfortunately in an attempt to get "protection" out there many products just block all scripts period. Once they get a bit more sohisticated, there will "false alarm" less often. We take site security very seriously, but the script threat is one that a coule minutes of investigation of the source can clear up as a valid concern, or a false alarm. We need the specific page link that caused teh problem, the virus checker and version, and a copy of any suspicious script you find for a report of web virus to be helpful.

_____________________________


(in reply to Janusz)
Post #: 28
- 10/6/2001 7:57:00 PM   
Halgary

 

Posts: 52
Joined: 6/4/2001
From: Oulu, Finland
Status: offline
Hmm. Every page on your server that has some kind of Flash-animation causes this. I think I'll report this to F-secure. Propably a bug in the anti-virus -software. I'm using F-Secure Anti-Virus 5.30 build 7262 [ October 07, 2001: Message edited by: Halgary ]



_____________________________


(in reply to Janusz)
Post #: 29
- 10/7/2001 6:13:00 AM   
Galahad

 

Posts: 7
Joined: 10/6/2001
Status: offline
I encountered the virus alert as well. Hopefully, this information will help. It seems to be most prevelant on the link to the new napoleon game page. I use Norton Anti Virus, and just updated the virus definitons two or three days before finding the alert here. The alert is a was a registry edit script. Norton gave me the option of ending the script, which I did. That shut down all open windows of Internet Explorer. I tried again on a different and expendable platform. I ran a virus check, and it was virus free. I went to the Nap game page, and allowed the script to run. No apparaent effects, BUT A virus scan then showed an infection with the WScript.KakWorm virus. Hope this helps. Galahad
(Formerly Repo Man, with all of 6 posts)

_____________________________


(in reply to Janusz)
Post #: 30
Page:   [1] 2   next >   >>
All Forums >> [General] >> General Discussion >> JS.Trojan.Seeker-based Page: [1] 2   next >   >>
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

1.125