Jump to content

Important Security Notice


BigBizkit

Recommended Posts

In response to post #77697338. #78184403 is also a reply to the same post.


Thandal wrote: Avast, (and AVG, they are owned by the same outfit now) flags many games' and mods' executables as malware. For example, they keep any game using the Frostbite engine from starting.

There are many alternatives, including free ones (e.g. "Windows Defender", which is built-in to Win10) that do a much better job.
Saggaris wrote: And what of the 'aborted connection to skygems.com' that MANY are concerned about is that safe?, should we just say "yeah, well it's probably OK"


Most people can visit that page fine. I'd guess GEMS either doesn't use SSL or the certificate has expired. Really it's on the GEMS team to sort out whatever is triggering that warning. Edited by Pickysaurus
Link to comment
Share on other sites

  • Replies 286
  • Created
  • Last Reply

Top Posters In This Topic

In response to post #76810703. #77394508, #77676363, #77698568, #77825388 are all replies on the same post.


Regnier1919 wrote: My Avast told me it had safely aborted a connection to Skyrimgems.com because it was infected with HTML:script-inf(susp) Could someone clarify have I downloaded an infected file from Nexus or is this something else?
bvanharjr wrote: Get rid of Avast altogether (it's bad nowadays), and use something better - or, if you are on Windows 10 (and version 1903 or HIGHER), use the built-in protection.

This comes from 5+ years of personally USING THEIR SOFTWARE. Their code is so filled with bugs that it's a miracle that my PC hasn't required me to reinstall Windows from scratch yet.

(not listing every issue I have with Avast - the final straw I had with 'em was with their exclusion system not working AT ALL - quarantining files THAT I PUT ON THAT LIST as "malicious & dangerous" - EVEN THOUGH THOSE FILES WERE 100% CLEAN.)
Dazner wrote: Avast is actually pretty good. I use it and mod skyrim extensively. Not many complaints there.
marijn211 wrote: I used Avast for around 2 years and found myself reinstalling Windows 2 times because of false positives on system files which after that had been removed, now I stick to Malwarebytes, it costs money for more protection than just weekly scans but if you donacdum on the internet that should be enough


Totally agree with this. I too was an avid user of Avast 4+ years (and previous to that, used AVG for 3+ years at home). In both cases; I eventually stopped using them because of many false positives which could not be rectified through a controllable whitelisting system, and their reporting mechanism and remedies for these problems was ineffectual.

Thankfully; Microsoft's previously poor AV products have much improved, so I use that for basic cover now. Malwarebytes is a solid product for all the stuff which gets through the cracks. Even the free/trial mode is a life saver. Sometimes I use Sophos too (as I get home license coverage from work). It's always been very solid (due to good support - not just the client software), but it can be a bit over hard on the machine performance for gamer type scenarios. It's best left on your 'work' machine..
Link to comment
Share on other sites

IT engineer here. You know what the absolute worst thing is for password security? Complex passwords. Counter-intuitive, I know, right? But longer and more complex passwords lead to people reusing more passwords and saving them in Word or Excel documents on their desktops. That's why Microsoft has minimal complexity requirements but encourages (and in some cases requires) MFA. And the cool thing about MFA? A 6 character simple password is no less secure (and arguably more secure) than a 12 character complex password as long as you use MFA.

 

And what's funny is seeing supposed security people talk about brute forcing like it's still how accounts get cracked. "Gotta make the passwords harder to guess!" as if anybody's trying to guess it. Nah, legit hackers don't brute force anymore. If they want your password, they send you phishing e-mails, malware with keyloggers, malware that takes advantage of password manager vulnerabilities (and you thought that would keep you safe), or the real good ones take advantage of website vulnerabilities to steal hashes (oh, look, what happened to Nexus). I do still see brute force attacks, but only in business and they're pretty lazy attacks against outdated protocols where the attacker figures "if they're still using PPTP then they're probably using stupid simple passwords".

 

But what this really boils down to is Nexus screwed up by having bad security and instead of fixing their $%^& they make their users jump through hoops that meet (outdated) "security best practices" but don't actually improve security.

Link to comment
Share on other sites

In response to post #76730058. #76736273, #76754668, #76762448, #76779138, #76782503, #76972618, #77104318, #77109438 are all replies on the same post.


amadeuskun wrote: *uses the same password across every website* "I can't believe I got hacked" *blames The nexus for getting hacked*

Ppl who use one password for everything are playing with fire, just like people who use easy-to-guess passwords and PIN numbers.

Don't use any personally identifiable information in your passwords, bible verses, famous quotes, lucky numbers, easy-to-guess number combinations (12345, 77777, 6969, birthdays, SSNs, etc.) If someone can go on your social media page and write down everything they know about you and break the password, it wasn't a good password.
Saggaris wrote: What do you want, a badge?
Yet another know it all that thinks everyone should have the same grasp as he, let me tell you something, people are different and and MANY can't remember what they go to the toilet for... not everyone has the same outlook as you.
Of the 20 million folks here a good number of them wouldn't understand what the hell you were talking about, they might not have spacebook, facetube or even read the bible.
You're preaching to those that already understand and others that ain't listening and don't care.
I've used the site for 15 years and I still know nothing.
Ethreon wrote: Sorry to break your bubble but if you are on a modding site. You should more knowledgeable than the average user. So yes, if you use the same password everywhere it's your own damn fault.
Saggaris wrote: Wrong...
working in the mental health industry for a decade gives you a different outlook on peoples understanding and their desires, they are in many cases at very different levels.

Now, I say if you have 20 million peoples details, details that you demand when they join, it should be up to you to keep those safe, not each and everyone that you enticed in.
metaphorset wrote: @Saggaris - the badge is yours. This stuff isn't exactly breaking news. In this day and age ignorance is a choice. You chose ignorance and you seem to carry it quite proudly.
Saggaris wrote: Nope, you're the ignorant one that wishes to assume a level ability playing field, you obviously don't mix with folks with different abilities, after all it's down to the hedgehog to learn when to cross the road isn't it?
CommandantShepard wrote: @Saggaris You are correct that it is on the website to protect their (your) data to the highest possible standard. However, ultimately it is a user's responsibility to manage their own personal online security. I don't expect everyone to understand this and am well aware they don't as I work in Software Support, however a user refusing or unwilling to learn more about this does not make it any less true. Not defending NexusMods or this breach in any way, just stating a general fact.

I also think posting what you did and the way you did it is completely unnecessary, as @amadeuskun wasn't specifically bashing anyone but in fact was sharing information that could potentially help someone in a situation of having bad passwords.
SirBrenderick wrote: @Saggaris "Working in the mental health industry"... are you sure you weren't a patient? I am getting a distinct mental health patient vibe here...
DarkDominion wrote: @SirBrenderick
Please keep it civil ?

Thanks
-=DD=-


Remember the hack, when a 100+ megabyte file was replaced with a few kilobytes file (if I remember good) ? How can a 100 digit password help you then? I am not saying that one should not use such passwords, I use combined and different passwords for each account myself, but you know what I am trying to say.
I downloaded the file and ran it. Since then, penis extensions offers have been sent to my (dummy) email address :D Edited by zlostnypopolnik
Link to comment
Share on other sites

In response to post #76810703. #77394508, #77676363, #77698568, #77825388, #78386518, #79101903 are all replies on the same post.


Regnier1919 wrote: My Avast told me it had safely aborted a connection to Skyrimgems.com because it was infected with HTML:script-inf(susp) Could someone clarify have I downloaded an infected file from Nexus or is this something else?
bvanharjr wrote: Get rid of Avast altogether (it's bad nowadays), and use something better - or, if you are on Windows 10 (and version 1903 or HIGHER), use the built-in protection.

This comes from 5+ years of personally USING THEIR SOFTWARE. Their code is so filled with bugs that it's a miracle that my PC hasn't required me to reinstall Windows from scratch yet.

(not listing every issue I have with Avast - the final straw I had with 'em was with their exclusion system not working AT ALL - quarantining files THAT I PUT ON THAT LIST as "malicious & dangerous" - EVEN THOUGH THOSE FILES WERE 100% CLEAN.)
Dazner wrote: Avast is actually pretty good. I use it and mod skyrim extensively. Not many complaints there.
marijn211 wrote: I used Avast for around 2 years and found myself reinstalling Windows 2 times because of false positives on system files which after that had been removed, now I stick to Malwarebytes, it costs money for more protection than just weekly scans but if you donacdum on the internet that should be enough
trishaxuk wrote: Totally agree with this. I too was an avid user of Avast 4+ years (and previous to that, used AVG for 3+ years at home). In both cases; I eventually stopped using them because of many false positives which could not be rectified through a controllable whitelisting system, and their reporting mechanism and remedies for these problems was ineffectual.

Thankfully; Microsoft's previously poor AV products have much improved, so I use that for basic cover now. Malwarebytes is a solid product for all the stuff which gets through the cracks. Even the free/trial mode is a life saver. Sometimes I use Sophos too (as I get home license coverage from work). It's always been very solid (due to good support - not just the client software), but it can be a bit over hard on the machine performance for gamer type scenarios. It's best left on your 'work' machine..
quadraphone wrote: Please limit recommendations to something you have expertise in. If you aren't a doctor or a nurse practitioner, don't hand out medical advice.
If you aren't an IT professional, don't hand out anti-virus recommendations.


Systems Engineer here:

Don't make suggestions if you don't know what you are talking about. Windows Defender isn't a bad anti-virus product in real-world scores, it's better than nothing, but it isn't better than Avast. Avast consistently scores better in real-world tests and has less performance impact.

See for yourself:

https://www.av-test.org/en/antivirus/home-windows/

https://www.av-comparatives.org/consumer/ Edited by quadraphone
Link to comment
Share on other sites

In response to post #77697338. #78184403, #78253598 are all replies on the same post.


Thandal wrote: Avast, (and AVG, they are owned by the same outfit now) flags many games' and mods' executables as malware. For example, they keep any game using the Frostbite engine from starting.

There are many alternatives, including free ones (e.g. "Windows Defender", which is built-in to Win10) that do a much better job.
Saggaris wrote: And what of the 'aborted connection to skygems.com' that MANY are concerned about is that safe?, should we just say "yeah, well it's probably OK"
Pickysaurus wrote: Most people can visit that page fine. I'd guess GEMS either doesn't use SSL or the certificate has expired. Really it's on the GEMS team to sort out whatever is triggering that warning.


Systems Engineer here:

Windows Defender scores in the middle of anti-virus products on the market, in real-world AV tests. . It's better than nothing, but it does not do a much better job than Avast or AVG, both of which consistently score near the top. Edited by quadraphone
Link to comment
Share on other sites

In response to post #76810703. #77394508, #77676363, #77698568, #77825388, #78386518, #79101688 are all replies on the same post.


Regnier1919 wrote: My Avast told me it had safely aborted a connection to Skyrimgems.com because it was infected with HTML:script-inf(susp) Could someone clarify have I downloaded an infected file from Nexus or is this something else?
bvanharjr wrote: Get rid of Avast altogether (it's bad nowadays), and use something better - or, if you are on Windows 10 (and version 1903 or HIGHER), use the built-in protection.

This comes from 5+ years of personally USING THEIR SOFTWARE. Their code is so filled with bugs that it's a miracle that my PC hasn't required me to reinstall Windows from scratch yet.

(not listing every issue I have with Avast - the final straw I had with 'em was with their exclusion system not working AT ALL - quarantining files THAT I PUT ON THAT LIST as "malicious & dangerous" - EVEN THOUGH THOSE FILES WERE 100% CLEAN.)
Dazner wrote: Avast is actually pretty good. I use it and mod skyrim extensively. Not many complaints there.
marijn211 wrote: I used Avast for around 2 years and found myself reinstalling Windows 2 times because of false positives on system files which after that had been removed, now I stick to Malwarebytes, it costs money for more protection than just weekly scans but if you donacdum on the internet that should be enough
trishaxuk wrote: Totally agree with this. I too was an avid user of Avast 4+ years (and previous to that, used AVG for 3+ years at home). In both cases; I eventually stopped using them because of many false positives which could not be rectified through a controllable whitelisting system, and their reporting mechanism and remedies for these problems was ineffectual.

Thankfully; Microsoft's previously poor AV products have much improved, so I use that for basic cover now. Malwarebytes is a solid product for all the stuff which gets through the cracks. Even the free/trial mode is a life saver. Sometimes I use Sophos too (as I get home license coverage from work). It's always been very solid (due to good support - not just the client software), but it can be a bit over hard on the machine performance for gamer type scenarios. It's best left on your 'work' machine..
quadraphone wrote: Systems Engineer here:

Don't make suggestions if you don't know what you are talking about. Windows Defender is one of the lowest performing anti-virus solutions in real-world tests.


Please limit recommendations to something you have expertise in. If you aren't a doctor or a nurse practitioner, don't hand out medical advice.
If you aren't an IT professional, don't hand out anti-virus recommendations. Edited by quadraphone
Link to comment
Share on other sites

In response to post #76810703. #77394508, #77676363, #77698568, #77825388, #78386518, #79101688, #79101903 are all replies on the same post.


Regnier1919 wrote: My Avast told me it had safely aborted a connection to Skyrimgems.com because it was infected with HTML:script-inf(susp) Could someone clarify have I downloaded an infected file from Nexus or is this something else?
bvanharjr wrote: Get rid of Avast altogether (it's bad nowadays), and use something better - or, if you are on Windows 10 (and version 1903 or HIGHER), use the built-in protection.

This comes from 5+ years of personally USING THEIR SOFTWARE. Their code is so filled with bugs that it's a miracle that my PC hasn't required me to reinstall Windows from scratch yet.

(not listing every issue I have with Avast - the final straw I had with 'em was with their exclusion system not working AT ALL - quarantining files THAT I PUT ON THAT LIST as "malicious & dangerous" - EVEN THOUGH THOSE FILES WERE 100% CLEAN.)
Dazner wrote: Avast is actually pretty good. I use it and mod skyrim extensively. Not many complaints there.
marijn211 wrote: I used Avast for around 2 years and found myself reinstalling Windows 2 times because of false positives on system files which after that had been removed, now I stick to Malwarebytes, it costs money for more protection than just weekly scans but if you donacdum on the internet that should be enough
trishaxuk wrote: Totally agree with this. I too was an avid user of Avast 4+ years (and previous to that, used AVG for 3+ years at home). In both cases; I eventually stopped using them because of many false positives which could not be rectified through a controllable whitelisting system, and their reporting mechanism and remedies for these problems was ineffectual.

Thankfully; Microsoft's previously poor AV products have much improved, so I use that for basic cover now. Malwarebytes is a solid product for all the stuff which gets through the cracks. Even the free/trial mode is a life saver. Sometimes I use Sophos too (as I get home license coverage from work). It's always been very solid (due to good support - not just the client software), but it can be a bit over hard on the machine performance for gamer type scenarios. It's best left on your 'work' machine..
quadraphone wrote: Systems Engineer here:

Don't make suggestions if you don't know what you are talking about. Windows Defender isn't a bad anti-virus product in real-world scores, it's better than nothing, but it isn't better than Avast. Avast consistently scores better in real-world tests and has less performance impact.

See for yourself:

https://www.av-test.org/en/antivirus/home-windows/

https://www.av-comparatives.org/consumer/
quadraphone wrote: Please limit recommendations to something you have expertise in. If you aren't a doctor or a nurse practitioner, don't hand out medical advice.
If you aren't an IT professional, don't hand out anti-virus recommendations.


Malwarebytes is a great tool for removing malware infections, but as an anti-virus platform, it is below the middle of the pack in real-world tests. In short, the performance of it's resident protection modules are unacceptable.
Link to comment
Share on other sites

In response to post #76810703. #77394508, #77676363, #77698568, #77825388, #78386518, #79101688, #79101903, #79103693 are all replies on the same post.


Regnier1919 wrote: My Avast told me it had safely aborted a connection to Skyrimgems.com because it was infected with HTML:script-inf(susp) Could someone clarify have I downloaded an infected file from Nexus or is this something else?
bvanharjr wrote: Get rid of Avast altogether (it's bad nowadays), and use something better - or, if you are on Windows 10 (and version 1903 or HIGHER), use the built-in protection.

This comes from 5+ years of personally USING THEIR SOFTWARE. Their code is so filled with bugs that it's a miracle that my PC hasn't required me to reinstall Windows from scratch yet.

(not listing every issue I have with Avast - the final straw I had with 'em was with their exclusion system not working AT ALL - quarantining files THAT I PUT ON THAT LIST as "malicious & dangerous" - EVEN THOUGH THOSE FILES WERE 100% CLEAN.)
Dazner wrote: Avast is actually pretty good. I use it and mod skyrim extensively. Not many complaints there.
marijn211 wrote: I used Avast for around 2 years and found myself reinstalling Windows 2 times because of false positives on system files which after that had been removed, now I stick to Malwarebytes, it costs money for more protection than just weekly scans but if you donacdum on the internet that should be enough
trishaxuk wrote: Totally agree with this. I too was an avid user of Avast 4+ years (and previous to that, used AVG for 3+ years at home). In both cases; I eventually stopped using them because of many false positives which could not be rectified through a controllable whitelisting system, and their reporting mechanism and remedies for these problems was ineffectual.

Thankfully; Microsoft's previously poor AV products have much improved, so I use that for basic cover now. Malwarebytes is a solid product for all the stuff which gets through the cracks. Even the free/trial mode is a life saver. Sometimes I use Sophos too (as I get home license coverage from work). It's always been very solid (due to good support - not just the client software), but it can be a bit over hard on the machine performance for gamer type scenarios. It's best left on your 'work' machine..
quadraphone wrote: Systems Engineer here:

Don't make suggestions if you don't know what you are talking about. Windows Defender isn't a bad anti-virus product in real-world scores, it's better than nothing, but it isn't better than Avast. Avast consistently scores better in real-world tests and has less performance impact.

See for yourself:

https://www.av-test.org/en/antivirus/home-windows/

https://www.av-comparatives.org/consumer/
quadraphone wrote: Please limit recommendations to something you have expertise in. If you aren't a doctor or a nurse practitioner, don't hand out medical advice.
If you aren't an IT professional, don't hand out anti-virus recommendations.
quadraphone wrote: Malwarebytes is a great tool for removing malware infections, but as an anti-virus platform, it is below the middle of the pack in real-world tests. In short, the performance of it's resident protection modules are unacceptable.


This sounds like a malicious script stored in your browser cache.

For future use, you can use a free tool called CCleaner from Piriform to clean the caches of multiple browsers at the same time, and the Windows system temp files:

https://www.ccleaner.com/ccleaner/builds
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...