[Updated] Nexus Trojan/Virus alert
Such attacks have become natural on the internet and the fix is often reactive to an attack rather than preemptive. Indeed the patch to fix this issue was only released after several big name players in the internet community had been infected by the attack. It's simply wicked people, normally from Eastern Europe and Asia, preying on individuals who aren't up-to-date with their internet security.
Please insure you take the necessary steps to properly protect yourself from such attacks. Get a good reactive anti-virus (I used AVG and have had no trace of infection despite being warned about the threat) and firewall and switch any settings you might not need to an "ask me" state.
My apologies for the breach of security on these sites.
Update: Google is reporting the site as malicious right now. This is a report from before the fix and despite the problem being fixed there is some lag on getting delisted from Googles filters. Their webmaster tools report the site is completely clear of Malware so this should just be a waiting game.
Update #2: It's now Sunday morning here in the UK and Google are still yet to unblock TESNexus from their blacklist. Fallout 3 Nexus was on their blacklist for around 8 hours and was removed early yesterday. The irony is Fallout 3 Nexus and TESNexus use the same adserver and ergo had the same issues, so if Fallout 3 Nexus is clean, so is TESNexus. Their Webmaster Tools system continues to tell me the site has been inspected and confirmed clear of issues. Please be patient while we wait for Google to pull their thumbs out.
In the mean-time if you are confident in your system's security then HugePinball has written out how to remove the false malware warning when browsing TESNexus.
335 comments
Comments locked
A moderator has closed this comment topic for the time beingNorton has kept my computer safe for a long time now and I trust it.
Ya, I just made up all these posts about the microsoft essentials maleware to spite nexus... my favorite gaming site.
If it's been cleaned up is one thing, but there definitely was a nasty maleware virus in one of the google ads on the 22nd of October.
Seriously, people don't waste their time on Nexus making false claims about viruses. Logic is your friend.
Sorry for my misunderstanding.
Also I thought Malwarebytes was Anti-Malware, not Anti-Spyware. But then again I don't know the difference. ^_^
Anyway it infected the ipsec.sys file, Kaspersky TDSSKiller sorted it out, so if anyones still having problems try downloading it.
I think I got infected due to playing around with my security settings as I was having problems with downloading.
the website mentioned in my post you referenced is NOT any of the Nexus sites. It was to drive home the point that you can get infected without clicking on anything AND you can get infected even if you use Firefox (some people incorrectly think that Firefox is immune) and I wanted to also point out that a fully patched Windows XP (and probably Vista and Win7) by itself is also not enough to thwart drive-by attacks from infected sites / ads.
No, the Nexus sites were not infected, however an ad being funneled through the ad system was infected on a remote site which was cleaned quite quickly despite being temporarily banned by Google and Firefox for 3 or so days after the incident.
Anyone cruzing the Internet needs to be aware and correctly use the tools available to them for protection against such nasty critters. Anti-virus, Firewall, anti-spyware, white/black lists, anti-malware tools, browser add-ons like NoScript and WOT, etc. This is especially true for Windows users since they are the largest audience on the net and thus the largest target for scumbag malware programmers. A Mac guy here at work loves to chime in after we remove or prevent a threat on our network and say Mac users are unaffected The Mac OS might be pretty tight for the moment but malware makes its way in through the weak links which are currently add-ons and services such as Adobe Reader, Flash, XML readers, etc.
Regardless of your trust-level of any site, a good web user should always have an elevated suspicion that something could be wrong because nothing is 100% immune from attacks. I grew up with the saying wish for peace but be ready for war which means YOU take an active part in your own defense.As far as infected ads, this does occur from time to time but are extremely rare. You also have to be aware that sometime the malware does not reveal itself immediately. It might get onto your system and wait for a random amount of time before deploying its payload in order to keep the original source from being easily detected and shutdown. If you visit site of poor quality (crack/keygen sites, porn sites, anything with illegal activity, etc.), do not be surprised if you catch an infection there and don't realize it until much later.
Summary:
Nexus sites are NOT infected. The ads are NOT infected. It doesn't appear that we have a wide-spread problem at this moment. Any ad that is reported to Dark0ne as being irritating (loud sounds, malware, etc.) are quickly removed from the ad rotation. Of course, this relies on the COMMUNITY to identify the offending ads (e.g. SCREENSHOTS or verbal description) which makes it extremely simple for Dark0ne to identify and remove.
LHammonds
Well forgive me if I didn't want to read through 30 pages...
I said what I said based on post #312 by LHammonds.
I thought that you just had to BE on the website (not clicking any ads) to get an infection.