[Updated] Nexus Trojan/Virus alert

[dzorro]

i know, but whenever you browse something else the redpops up again.

[amdsempron2]

with regards to those still suffering from the nexus RED screen of death:

if u are running firefox open up the "tools" tab. click options, then click security, uncheck the box "block reported attack sites. This will solve the issue temporarly but make sure to turn it back on after the issue has been resolved as it will INCREASE the chance of your being infected by another site. I did this to firefox and simply use Chrome for everywhere else.

[LadyXera]

what if I have chrome?

[urdrago]

How can you put a malicious advert ?????? It's such a stupid thing, i cannot understand, someone carring the tes nexus ad's section should be replaced ..... In addiion to some adds that try to borrow your money.

 

This site is a precious site, but this people that takes care now about the ads they are harming it.

Yes but there are not enough Premium Members to support the monthly bill and thus, the addition of the ads are still required.

 

LHammonds

 

 

The problem isn't the ad's, logically they are needed, the problem is the one that purchased this ad without looking it's content, and I claimed that there should be a minimum quality control, to avoid not only viruses, thought also the ads that ask for your credit card data ...

 

Beware of ads.

 

what has happened is very bad since it will limite new upcoming users from now. Nobody registers a attacking site. Each day it passes it will be worst.

[Thandal]

"It's simply wicked people, normally from Eastern Europe and Asia"

Racist? :P

Would it be better if restated as: "most frequently, based on statistical analysis, (see the Center for Internet Security (CIS) work on the topic) operating in Eastern Europe and Asia"? A dig not at the ethnicity of the residents, but at the governance prevalent in much of that part of the world? Criminals prefer to operate where local authorities are either weak, or complicit, (or both.)

[evilneko]

what if I have chrome?

 

 

Well, you could have paid attention to the thread. I posted instructions for Chrome and Opera only a couple pages back.

 

 

I don't know if you can do this but, it's possivle to find a permanent ad for the website?

i mean, these random ad producer sometime make my browser freeze, and believe me, it's a ad problem, as a AMD phenom 2 with a HD5850 and 8gb memo shouldn't freeze so easily, when i scroll down and remove the ads from the screen, the browse works fine again

 

i know the site need some ads, but, can it be a permanent, trustable ad?

 

Sounds like a browser problem to me.

[Nimboss]

Well got back from a weekend trip and it seems Google at last have removed the restriction. I can move (with FireFox) around freely on fallout3nexus without any annoying Warnings, so if more can confirm it this can give Dark0ne the pleasant work to tell this issue is solved :biggrin:

 

Update: Oh, well for me it has moved to tesnexus now, got a red warning on http://www.tesnexus.com/downloads/top.php now instead. Google :wallbash:

[gorbajev777]

Please beware everyone! I was one of the unfortunate ones to get attacked by this $&*#ing trojan (even with registered AVG installed) and it's a PAIN to fix. I've spent a good 8 hours working on the problem and although an entire system scan results in no virus found, I still have very limited access and if online too long, my pc will lock up (due to a highjacking I'm guessing) and one of my "svchost.exe" processes starts eating up my cpu memory like crazy. If anyone out there knows of a fix for this recent attack, PLEASE message me and let me know! I really don't want to re-format my 1TB drive... (>_<)

 

Heya CME, I hope this info helps. Review this for a list of what my logs popped up:

http://www.thenexusforums.com/index.php?/topic/240888-nexus-trojanvirus-alert/page__view__findpost__p__2146374

 

I would suggest downloading and running Malwarebytes since it turned up and fixed the rootkit.

I would also suggest downloading and running the Norton Tidserv HTTPS exploit scan and fix. ( It can't hurt to try it. )

 

Also if you haven't run Microsoft update in some time you can sometimes "wash" a corrupted system by running a major patch. ( it moves system drivers and so forth to a patch uninstall directory after its done and sometimes a "stealth program" will turn up there on a scan after the patching ). If your not running a 100% legal copy of windows you probably don't want to try the patching route.

 

Also, its wise to keep multiple anti-virus packages/anti-malware/anti-spyware packages on hand. You don't need to have them all active but scans from different packages will sometimes turn up things others missed.

 

P.S. About 6 months ago my Sysadmin groups was tasked with evaluating a enterprise anti-virus solution ( the license on our current was expiring).

We scowered hacker sites and compiled a CD composed of close 500 different viruses ( in both uncompressed and compressed formats ) and then ran each of the virus scanners we were evaluating against it. The best ones were averaging in the 90 to 95 percent range but none of the them found all of them and each of them found a few that none of the others did. ( Keep in mind this was evaluating a enterprise solution and not a home user version so the playing field was very different )

[Apprentice Harper]

 

Update: Google is reporting the site as malicious right now. This is a report from before the fix and despite the problem being fixed there is some lag on getting delisted from Googles filters. Their webmaster tools report the site is completely clear of Malware so this should just be a waiting game.

 

Update #2: It's now Sunday morning here in the UK and Google are still yet to unblock TESNexus from their blacklist. Fallout 3 Nexus was on their blacklist for around 8 hours and was removed early yesterday. The irony is Fallout 3 Nexus and TESNexus use the same adserver and ergo had the same issues, so if Fallout 3 Nexus is clean, so is TESNexus. Their Webmaster Tools system continues to tell me the site has been inspected and confirmed clear of issues. Please be patient while we wait for Google to pull their thumbs out.

 

In the mean-time if you are confident in your system's security then HugePinball has written out how to remove the false malware warning when browsing TESNexus.

just to place this at the "top" so to speak cause some folks seem to have missed the update:

 

see the link in the OP for best practice In the mean-time if you are confident in your system's security then HugePinball has written out how to remove the false malware warning when browsing TESNexus.

[Amybot]

Thank you for the heads up!