[Updated] Nexus Trojan/Virus alert

[alonsomartinez]

I keep getting this error message It just stopped a minute ago

 

http://img714.imageshack.us/img714/9205/65670684.jpg

[Felspar]

iv noticed that my avg virus scanner picked it up cant say its your fault but now thanks to you guys for having the ads on your web other people will suffer from the virus and just might get a f*#@ed up computer for those who dont have virus protection Edited September 25, 2010 by Felspar

[Thor.]

I've been able to ignore the warning and continue downloading mods, Running Kaspersky and reporting it "as not a attack site while doing it".

 

Hopefully the message will get through

 

Oh one thing i forgot to mention, I'm under a heavy firewall so i think it blocked it, just doing a full scan now and nothing seems to be coming up.. 80% done.

[shadowman117]

I too had the virus attempt to infect my PC, AVG blocked it though. I run 3 different security systems so it never got through. I have been noticeing this on other trusted sites as well like myspace.

 

it doesnt suprise me that it would hit here too.

[gorbajev777]

Heya guys, if you found one infection on your system from this issue you may want to look again:

 

I run Norton Internet Security, Spybot - Search and Destory and Malwarebytes' Anti-Malware 1.46, everything up to date.

 

I hit the site last night and when was browsing files ( sorry didn't note the ads displayed ), I got multiple errors from Norton, one error from Malwarebytes and nothing from Spybot.

The Norton errors were multiple block messages displayed below.

 

MSIE Microsoft Windows Help Center Remote Code Exec

MSIE Java Deployment Toolkit Input Invalidation

HTTPS Tidserv Request 2,,,"91.212.226.5, 80"

HTTP Tidserv Request,"clikcpixelabn.com/LVD4w9sP7E3Yp9c9dmVyPTMuOTYmYmlkPW5vbmFtZSZhaWQ9NDA4MDAmc2lkPTAmcmQ9MTI4NTI5MDIzMSZlbmc9d3d3Lmdvb2dsZS5jb20mcT1zcHlib3QlMjBzZWFyY2glMjBhbmQlMjBkZXN0cm95JTIwZG93bmxvYWQ=06k",,"212.117.177.13, 80"

HTTPS Tidserv Request 2,,,"194.28.112.6, 443"

HTTPS Tidserv Request 2,,,"91.212.226.5, 443"

HTTP Eleonore Executable Download,www.hthexhe.co.cc/x44/load.php?spl=newp_&,,"69.50.221.196, 80"

HTTP Acrobat Suspicious Executable File Download,www.hthexhe.co.cc/x44/load.php?spl=newp_&,,"69.50.221.196, 80"

 

Malwarebytes caught the following:

C:\Documents and Settings\Administrator\Local Settings\Temp\F85.tmp (Rootkit.Dropper.Gen) -> Quarantined and deleted successfully.

 

Norton blocked everything but the "HTTPS Tidserv Request 2" exploit. It couldn't remove it because it had gotten embeded in a system file ( pci.sys ) but they provided a link to a removal tool which did detect the trojan and sucessfully removed it. ( http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-090608-3309-99 ).

 

I mention all this because I think the malicious site was running a "laundry list" of exploits. So if your software caught one you may want to take another look with a different package.

 

I hate to be the bearer of bad news but better safe than sorry.

[nomore123]

I love your web site. But its hard getting around the warning alert from both Firefox and Google now. Hope you work out the problem soon. Keep up the great job your doing. Thanks

[DeathKnight16]

Dude, whoever puts trojans on here is a freakin' dirtbag

[toadlet]

This web page at www.fallout3nexus.com has been reported as an attack page..... yada yada

 

 

that's what i get when i try to get on the nexus site. I said ignore, and site doesn't load properly.

 

i barely got this box to use to let you guys know. keeping my fingers crossed.

 

 

[Sativarg2]

I am sorry that I have been cheating for a long time by using fallout3nexus and tesnexus with several addblocking measures in place. I never see any adds on any of the Nexus pages. As a result my system has not been infected. Unfortunately, by blocking all the adds I have also been preventing contributions to the network. I have tried to make useful posts here and there to ease my conscience a bit.

[Nadin]

Hopefully you meant conscience.....