[Updated] Nexus Trojan/Virus alert

[Ferryt]

You can click "Ignore this Warning" in very small writing in the bottom right of the red box.

 

Well ... yes. Of course. It's the only way to get past the warning pop-over, and that should be pretty obvious to anyone who doesn't just have a knee-jerk reaction and actually bothers to read the entire warning. Unfortunately, you have to do this for every single page you attempt to access in our files section, which is unacceptable behavior from Firefox, as far as I'm concerned. I said once that I wanted to ignore the fact that Google thinks this site is infected. I shouldn't have to say it again ... and again ... and again ... ad nauseum. Add to that the fact that you can't seem to set up an exception for this site (I'm using build 20100914125854 of Firefox, in case that makes a difference) and this compounds the frustration. Then, even after you've told Firefox to ignore the warning it STILL puts a big bright red warning bar at the top of the page, chewing up yet more screen real estate -- and it's very ugly and very annoying and very unnecessary since I had to click through a flipping pop-over that warned me about the problem in the first place!

 

Instructions on how to totally disable warnings for blacklisted sites have been posted, but I wonder how many people who would never have had their computers infected from this site will forget to switch it back on when they pop over to some other site to check something out while browsing here -- and then get infected because they've disabled their first line of defense. It will happen. People just don't think about things like this in the heat of trying to track down information or files.

[Pushkatu]

I have accesed Nexus both from home and from work and I have not experienced any problems regaring trojans or viruses, ever. I'm glad it now has been fixed.

[DrakeTheDragon]

Didn't Dark0ne write it was an exploit performed by the adserving company ("blacktreegaming" I guess) itself?

Well, whatever it was, the ad provider is responsible for not distributing infected, harmful or otherwise malicious ads.

 

Let me add that many of their ads already were "harmful" in my eyes even without any viruses or trojans in them. The little netbook I'm currently stuck with almost broke when there was again one of those videos playing, without asking me if it may. Getting these insanely loud sound effects all of a sudden in the middle of the night wasn't much better. But those ads which weren't actually much animated or anything else suspicious but still managed to prevent scrolling down, clicking links or even closing windows really put me off.

 

And now they even managed to get the functionality of this site damaged to a point where there are no searches possible and one has to click on "ignore" for every link you click and can only pray that you get through to the location you were aiming at and won't just end up somewhere else entirely due to the redirect killing yet other url parameters!

 

If you ask me, this is a good opportunity to reconsider sticking to this in-my-eyes-"untrustworthy" ad provider altogether now. There must be many far superior ones out there.

 

 

...oh, well,... for the time being until this Google-issue gets settled and the site gets operational again in Firefox browsers I'll just fall back to using Internet Explorer for browsing the Nexus.

All hail to Microsoft for not relying on Google that insanely much! (God, I can't believe I hailed MS! But Google managed to become yet more unbearable for the moment.)

[cme2529]

Please beware everyone! I was one of the unfortunate ones to get attacked by this $&*#ing trojan (even with registered AVG installed) and it's a PAIN to fix. I've spent a good 8 hours working on the problem and although an entire system scan results in no virus found, I still have very limited access and if online too long, my pc will lock up (due to a highjacking I'm guessing) and one of my "svchost.exe" processes starts eating up my cpu memory like crazy. If anyone out there knows of a fix for this recent attack, PLEASE message me and let me know! I really don't want to re-format my 1TB drive... (>_<)

 

Heya CME, I hope this info helps. Review this for a list of what my logs popped up:

http://www.thenexusforums.com/index.php?/topic/240888-nexus-trojanvirus-alert/page__view__findpost__p__2146374

 

I would suggest downloading and running Malwarebytes since it turned up and fixed the rootkit.

I would also suggest downloading and running the Norton Tidserv HTTPS exploit scan and fix. ( It can't hurt to try it. )

 

Also if you haven't run Microsoft update in some time you can sometimes "wash" a corrupted system by running a major patch. ( it moves system drivers and so forth to a patch uninstall directory after its done and sometimes a "stealth program" will turn up there on a scan after the patching ). If your not running a 100% legal copy of windows you probably don't want to try the patching route.

 

Also, its wise to keep multiple anti-virus packages/anti-malware/anti-spyware packages on hand. You don't need to have them all active but scans from different packages will sometimes turn up things others missed.

 

P.S. About 6 months ago my Sysadmin groups was tasked with evaluating a enterprise anti-virus solution ( the license on our current was expiring).

We scowered hacker sites and compiled a CD composed of close 500 different viruses ( in both uncompressed and compressed formats ) and then ran each of the virus scanners we were evaluating against it. The best ones were averaging in the 90 to 95 percent range but none of the them found all of them and each of them found a few that none of the others did. ( Keep in mind this was evaluating a enterprise solution and not a home user version so the playing field was very different )

 

Thanks for the info. I am running a completely legal version of Windows, but this problem keeps me from accessing Windows updates/patches as well as using any system restore points. I'm going to go over all this new info from everyone and see if anything works. Thanks again for all your help. It's great to have such a helpful community when times get tough.

[DirTek]

Apparently I'm still getting the error but only when using the www. adress. If I'm using http://tesnexus.com it's working perfectly.

[themage_obl]

I seem to get the error when i am searching for files on the site, but if i am on the home page, i don't get it at all.

 

 

[LilLee]

holy...how can these attack site report still appear on tes, nothing happen on fallout3

[Dark0ne]

Hopefully today is the day Google finally sort themselves out!

[cpoindex]

Please beware everyone! I was one of the unfortunate ones to get attacked by this $&*#ing trojan (even with registered AVG installed) and it's a PAIN to fix. I've spent a good 8 hours working on the problem and although an entire system scan results in no virus found, I still have very limited access and if online too long, my pc will lock up (due to a highjacking I'm guessing) and one of my "svchost.exe" processes starts eating up my cpu memory like crazy. If anyone out there knows of a fix for this recent attack, PLEASE message me and let me know! I really don't want to re-format my 1TB drive... (>_<)

 

I've managed to get infected with these on more than a few occasions. What I do is restart windows in Safe Mode with Networking, then run TDSSKiller (sometimes it turns up nothing, sometimes it will close explorer.exe; if this happens, ctrl+alt+delete and Run>>explorer.exe. ANOTHER problem with these things is sometimes it screws up the registry for .exe files. If this happens to you, Google "exe fix" and you should find some help).

 

After that, I update Malwarebytes and then perform a full scan. So far this has worked everytime for me when I get this stupid things. I recently registered Malwarebytes so that I can get real-time protection and hopefully avoid this problem in the future.

 

Hope that helps either you or anyone else who gets this crap.

[starfox246]

i use microsoft security essentials 2 protect my pc and laptop from virus and mal ware