RMS is Infected

Mewi · Apr 01, 2010, 05:03 AM

Okay, lately everytime I visit this website, I have become infected with a Rogue Antivirus, and it only happens on this website. It used an exploit through an out dated Adobe Reader.

I found this out after keeping it in the back of my mind, that my main PC became infected only when I visited RMS pages, this is probably due to an advertisement provider that is infected that RMS runs.

I know for a fact that where I am getting this, seems to be from RateMyServer.net because now it happened on my Netbook, while browsing only one website... RMS. In the past I have received weird fake anti virus popups from RMS, so without a doubt this Rogue Antivirus is coming from here.

Also I know it is exploiting my adobe reader ( which is now uninstalled ) Because it was the first thing to load just before I became infected.

What is a Rogue Antivirus? "Antivirus XP Pro" "Antivirus 2009" etc, it pretends to be an antivirus in order to trick you into purchasing it.

Operating System: Windows XP Professional 32 bit
Adobe Reader: 9.1.0

Relics · Apr 01, 2010, 05:33 AM

mmm notified yC..

does it happen on the main page btw?

Mewi · Apr 01, 2010, 05:35 AM

Quote from: Relics on Apr 01, 2010, 05:33 AM
mmm notified yC..

does it happen on the main page btw?

It seemed to have happened only when I was browsing items/monsters. My best guess is that RMS has been using an infected advertiser/has been infected themselves for a couple years now.

Edit: I am now downloading 9.1.0 adobe acrobat reader on my secondary system, I will intentionally try to infect my computer while browsing RMS with 9.1.0 installed, this computer is never used and has a clean install.

DeePee · Apr 01, 2010, 07:38 AM

*looks at date*

yC · Apr 01, 2010, 08:10 AM

We are not using a shared hosting, the chance of the files being infected is low.

I can only think that it could be some advertisement but when I browse on the site I see the dell ad from google most of the time so i can't tell. We don't serve popups or virus obviously.

The one time I got fake anti-virus "worm" infected to my computer lately was when I visited a site of a certain server OR when I installed an ro client of a certain server. I can't tell which was it because I did those around the same time and got infected.

Pandora · Apr 01, 2010, 03:07 PM

I got it once too while using explorer (because I was lazy and didn't want to open firefox which I had closed with a ton of tabs), pretty sure it came from the flash advertisement at the top of a search item page. I'm sure rms doesn't intend for this, it's the ads.

yC · Apr 02, 2010, 11:50 AM

If you still have the problem, please try to get the URL of the ads on the page so I can look into them or contact the network about it.

Pandora · Apr 02, 2010, 12:44 PM

Will do ^^

LemonCrosswalk · Apr 02, 2010, 03:35 PM

RMS has a fever, and the only cure is more cow bell.

Or using an adblocker. May I recommend adblock plus for firefox. If you want to really be safe from flash while browsing you can use flashblock. It blocks flash automatically, but if you want to play it, all you have to do is click on the box. It's sort of like using a condom, better safe than sorry.

Relics · Apr 02, 2010, 06:32 PM

Quote from: LemonCrosswalk on Apr 02, 2010, 03:35 PM
RMS has a fever, and the only cure is more cow bell.

Or using an adblocker. May I recommend adblock plus for firefox. If you want to really be safe from flash while browsing you can use flashblock. It blocks flash automatically, but if you want to play it, all you have to do is click on the box. It's sort of like using a condom, better safe than sorry.

I second this motion, adblock is godly, and almost a necessity nowadays.

Revenant · Apr 02, 2010, 07:26 PM

Adblock Plus
Adblock Plus: Element Hiding Helper
Flashblock
NoScript

No website will be allowed even take a fart without express permission from you in advance.

LemonCrosswalk · Apr 02, 2010, 10:40 PM

Quote from: Relics on Apr 02, 2010, 06:32 PM
Quote from: LemonCrosswalk on Apr 02, 2010, 03:35 PM
RMS has a fever, and the only cure is more cow bell.

Or using an adblocker. May I recommend adblock plus for firefox. If you want to really be safe from flash while browsing you can use flashblock. It blocks flash automatically, but if you want to play it, all you have to do is click on the box. It's sort of like using a condom, better safe than sorry.

I second this motion, adblock is godly, and almost a necessity nowadays.

You know he's right because his name is purple.

Kiyoshiro · Apr 03, 2010, 03:46 AM

Agh -_- my computer just got flooded by a crapload of fake antivirus software crap which ended up making IE useless to use now.
RMS IS infected...o_o
I think I might've gotten rid of it though. I'm not sure.

Mewi · Apr 04, 2010, 05:06 AM

So I monster searched for "Orc" on my secondary ( my secondary's IE8 crashed ) , It took me a few refreshes then suddenly my harddrive was on full work, something about "crackle" on the link, it was a reloading add on the lower left side of the website

Quote from: Kiyoshiro on Apr 03, 2010, 03:46 AM
Agh -_- my computer just got flooded by a crapload of fake antivirus software crap which ended up making IE useless to use now.
RMS IS infected...o_o
I think I might've gotten rid of it though. I'm not sure.

If you need any help, I have removed enough of these to fix it for Windows XP anyway. Somewhat for Vista.

Mushu · Apr 04, 2010, 10:44 PM

This is no lie. I've been infected with the same virus and so have 3 of my other friends. My school even blocks this website for being a known virus host LOL.