Database Breach - An Update

[StuartDean]

BBen I have done a clean install of windows, with a fully formatted new drive. I have a clean system, no viruses. And this exploit literally only affects systems that are vulnerable because they don't have the security patch that windows updates offers. A system with said patch is closed to the exploit and it won't even register because it cannot get onto your system do to the security hole being patched. This is why there are only a few people that would ever be vulnerable to it in the world, because most people would have it patched. And windows updates files still kill my system, even with all new equipment.

[bben46]

Obviously you have a special problem that none of our other 10 million members have - I suggest taking it to a professional.

[Neobane]

In response to post #32465260.

StuartDean wrote:

BBen I have done a clean install of windows, with a fully formatted new drive. I have a clean system, no viruses. And this exploit literally only affects systems that are vulnerable because they don't have the security patch that windows updates offers. A system with said patch is closed to the exploit and it won't even register because it cannot get onto your system do to the security hole being patched. This is why there are only a few people that would ever be vulnerable to it in the world, because most people would have it patched. And windows updates files still kill my system, even with all new equipment.

This is not going to get you anything. If there is any kind of malicious content within the site or it's associated calls (ads, etc.), then you either need to avoid the site or do a bit of investigating on your own. Load up a packet sniffer and see if you can determine what is being flagged and where "EXACTLY" it is coming from.

Navigating to a website does not mean the site itself is the source of the malware. You make a bunch of external connections when you navigate to one site. Without examing the traffic itself, you cannot say for certain WHERE the malware is coming from.

I would focus on fixing your installation of windows. You cannot leave your system in the vulnerable state it is in and expect the REST of the world to ensure that you don't get exploited. Fix you stuff.

[deadrabbitsvspec]

In response to post #31714675. #31724210, #31725155, #31726105, #31727505, #32440485 are all replies on the same post.

SirPhoenixBlood wrote: i think the site might be infected i got a redirect to a mailware site on a Fresh boot pc that was rebooted a day ago (full reinstall of windows) so i know i dont got any virus or mailwear on my end but the site it self keeps sending me to some site caiming that my firefox needs to be updated when i just installed a New firefox fully updated

SirNesta wrote: I think your PC already got a malware :/ The site is completely safe and i never had any abusive redirection or that kind of stuff.
Try to scan your pc with your antivirus and malwarebytes for exemples.

I'm french so... sorry for my bad english ^^

rambojambo21 wrote: Use Chrome

ZedLeppelin wrote: You say a fresh windows reinstall, but that begs the question... Did you format your drive before the reinstall? If not, any virus/malware that was on your PC prior to the install, could still be there. Also, I've been using the Nexus mods site since 2011, and can tell you I've never gotten malware or a virus from this site. Not saying it can't happen, but pointing out that this is a pretty well run and maintained site. But then, I don't click banner ads. If a banner add interests me, I google whatever the ad is about and get to the content that way. Banner ads aren't under the control of the site usually, so they cannot guarantee a banner ad's legitimacy. And as the other poster commented, try run a virus scan, and if you don't have it, download Malwarebytes (you can git it from download'dot'com) and run that as well. In any case, you definitely have a browser hijacker of some sort on your PC. Good luck!

ZedLeppelin wrote: Yeah, and switch to Chrome.

faedragon wrote: Tons better than my French would be...

I'm getting them same issue, and I only get the redirect on nexus mods. There has to be some malicious code left over.

My pc is completely clean of any virus's or malware as well.

[deadrabbitsvspec]

In response to post #32469775.

bben46 wrote:

Obviously you have a special problem that none of our other 10 million members have - I suggest taking it to a professional.

He's not the only one with this issue, I've been getting the exact same redirect ever since the database breach.

[StuartDean]

*Sigh* I'm only trying to help you here, there's no need to be so stand off ish about it. And now you see someone else has a experienced the problem.

[bben46]

The data breach was 3 years ago. :rolleyes:

The recent kerfluie was that someone who got a copy of the old data was able to finally crack several passwords of people who had not changed their passwords since way back then and try to get control of their Nexus accounts. The passwords that were cracked were simple. ( short, minimum number of characters or common words) If you were not a member 3 years ago you are not affected at all. If you have changed your password since then you are not affected at all. If you use a reasonably complex password (more than the minimum number of characters, not a common word or one of the list of common passwords) you were not affected But still change your password anyway. :yes:

 

The reason they want your password is they hope you are dumb enough to use the same password on some other site where you might have something worth stealing. Nexus has none of your personal info in our database. The only thing we have is an alias (user name) and email account - and every site you ever visit has that. If you want to see a site that has a lot of your personal info look no furthur than FaceBook. They require your real name and a lot of other personally identifiable info that we really have no interest in. If you buy anything from Nexus - instead of us keeping any financial info you are sent to PayPal where the transaction is actually done. That way we don't have any financial info here that can be stolen at all. We not only don't have any personal or financial info - we don't want it because we don't need it for what we do.

 

Viruses DO NOT work by spending 3 years to crack a few passwords in a random database just to redirect you to some other site where they get less than a tenth of a cent per look. They use bogus emails or advertisements to get you to download their virus. Then, if you do download the virus, they use it for various things - like searching your computer for financial information, they harvest your contacts and send them an email from you with the virus, use your computer as part of a zombie net to send DDOS attacks. Or blackmail you by encrypting your data and charging you a fee to get it back. They are really not interested in what mods you downloaded or what you said on a game forum. :whistling:

 

Redirects are typically from stuff YOU downloaded and allowed to install - One of the hardest to get rid of is Conduit - it is not considered a virus or malware by some AV because you must allow it yourself. Then it hides and redirects searches through it's own servers just to collect the advertising revenue. It uses several tricks to hide and come back when you scan. I have had the best luck using JRT to get rid of it. There are several others nearly as bad, such as the ASK toolbar that will be installed if you use ASK. :pinch: MOST AV programs will not actually remove these. Because you had to agree to install them - usually in the small print buried 4 pages down in an end user agreement for some FREE program you downloaded.

 

Have you ever installed anything from Yazzle? (They use several other names as well.) Included with EVERYTHING downloaded from them - games, ring tones, screen savers, utility programs, IM programs and other FREE STUFF!!!! - you agree to install their own advertising software - that will occasionally pop up (or pop under) an advertisement based on your internet activities - meaning that if you are visiting a game site (such as Nexus) you might see an advertisement. YOU gave them permission to advertise to you. :wallbash: This is NOT malware. This is how they pay for those free games. And because you agreed it cannot be classed as malware.

 

@Stewart, Did you do any of what I suggested already? If not stand down until you have.

Download and run the FREE Linux based rescue disk I recommended. This finds viruses that can hide from windows based scanners

Run the FREE JRT. This will get rid of things like conduit that can hide from a lot of AV programs.

Run the FREE malwarebytes. This is what the geeks use to clean out viruses.

Reboot and run a registry cleaner I prefer Ccleaner, but nearly any will do ( rebooting before and after cleaning the registry is important)

If you find a infected Windows system file you may have to format and reinstall using a known good copy of Windows (NOT some random copy from a sleazy torrent)

Restoring files after a reinstall can possibly reinstall the malware as well depending on how well it hides itself. :mad:

There are other programs that other people will recommend - these are the ones I currently use.

I have only been working on computers for the last 40 years. I may have learned something about removing malware in that time. :tongue:

[gimmilfactory]

lolol I deff have been on here since '09; and with the same password....Just changed it ^_^

[BlueGunk]

I've been using Nexus since the dinosaurs were wiped out and I've never had a virus, site redirect or anything from the Nexus site. Any I've downloaded hundreds of mods. Robin runs a tight ship.

 

That said, file downloads from the site should always be given the once over with an antivirus before using them. Not because the site is riddled with viruses, but simply because that is good practice for *any* file downloaded from the Internet. There is always that outside chance someone - maybe a disgruntled modder? - might have an infected file.

 

Using common sense and good practice I can truthfully say I have never, ever had a virus or malware problem with the Nexus site. Even the recent dsound.dll issue was probably a turkey.

 

Now what I would like to know is why, when clicking on a mod's "images" tab I am getting 'E' instead of lots of great images from the mod's author?!! I think I might need a hint on what to tweak on my brand new PC...lol.

 

[StuartDean]

You aren't hearing me, my system is clean, I have a new hard drive, fresh brand new installation of windows 2 weeks ago. And I've only been getting the alert from my AV about the problem for about 2 months, and I've been a member since 2012. And I only get alerted from my AV about the exploits attempting to install on my system when I visit ANY nexusmods site. And even after getting new gear and re-installing windows, WITHOUT having a backup because my backup drive happened to get dropped and broke, so I had nothing from my old drive coming over to the new one, not even one music file or picture. My system is clean! And once again, I am only trying to help you here.