Virus on the main page?
 

The forums don't seem to be affected, but when I try access the main page avast gives me 'A Virus Was Found!' warning and obviously I click abort connection to prevent it loading. Is this just a false positive?

The warning shows:

Filename: http://www.rpgwatch.com/\{gzip}
Malware name: HTML:Iframe-inf
Malware type: Virus/Worm
VPS version: 100710-1, 10/07/2010

I also get this warning but it appears to come from another place:

194.8.250.211/tds/in.cgi?default

194.8.250.211 site info

194.8.250.211 IP:
194.8.250.211

194.8.250.211 server location:
Paraguay

194.8.250.211 ISP:
Donstroy Ltd.

Looks kind of fishy ?

I got a prompt to install some plugin to view additional content. Adblock sees it as a frame, i got alerted by my firewall first for Java attempting a connection. I blocked it and didn't get infected with anything, it seems.

Also blocked the frame with Adblock and it's quiet now.

I certainly can't swear that it is a false positive, but I have been here from day one and never heard of any virus issues on the site. I have seen people say they got false positives over the years.
I know management will respond when they see your question. This is his middle of the night so check back in about 6 to 8 hours.

Could be a false positive, but just recently there were similar issues on the Titan Quest forums; somebody/something had injected the main page code with links to plugins or some other type of infected content. I'm not familiar with the technical details, but it wasn't the site owners doing in any case.

Windows Defender found something,definitely has to do something with Java.

There's an iframe in the banner.

It's the ads delivery that contains the virus.
http://www.rpgwatch.com/Scripts/open…s.php?zoneid=1

I seen the prompt to install missing plug-in as well. I didn't click it but closed it; Microsoft Security Essential didn't alert me of possible virus.

Got the same problem. The owner of the site is Donstroy which apparently owns several .RU websites which makes me concerned. I tried to manually download the \\194.8.250.216\public\veyron.jar file it was trying to access our of curiosity but cannot seem to which is probably for the best. Could be an ad for Bugatti Veyron but I really doubt it.

I suspect they are trying to exploit a security vulnerability on some versions of the java deployment toolkit. So I would recommend updating or disabling that addin in whatever browser you use.

Edit: Link to all the nasty stuff detected from that domain

I tried to email the webmaster of rpgwatch but had no success. info@rpgwatch.com or webmaster@rpgwatch.com didn work.

you should consider trying to install those email accounts for such cases.

but glad others have reported …

I got the 'reported as unsafe website' when I clicked the mentioned link. I promptly then closed internet explorer. I hope I haven't gotten anything nasty, though…

Myrthos is still asleep I guess, and I'm unfortunately not at home at the moment. I'll check what I can when I'm back.

It's definitely fishy. My Esset NOD32 identified it as Java/Exploit.Agent.NAC Troyan Horse coming from http://woonv[dot]in

Firefox 2.x says it wants another plugin to be installed - and that is an "Adobe Reader Plugin" it wants.

This is - by the way - a quite new kind of "drive-by infection" that has become increasingly and alarmingly common.

I think you might switch off the ads altogether and then look what's happening.

I have seen the exactly same advertisement banner both on a game-related web site and on a Poboards-based forum a few months ago, which BOTH triggered the same NOD32 alarm …

So I'm sure this new kind of infection hides within advertisement banners.

I've got the same problem five hours ago. My Nod32 antivirus program gave me a virus threat error. It seems to be fine now.

I disabled the ads until Myrthos can figure out where, why and how this happened. Thanks for the reports everyone and sorry for the delay. Can't offer any further info yet.

Thank you, Arhu, for disabling the ads. I did apparently catch something. However, after a few restarts and a return to the defaults settings for Internet Explorer as well as removing all passwords etc. it seems fine now.

Incidentally, Gameboomers and the Mystery Manor Site have also been the target for attacks by hackers, it seems.

Both Firefox and Chrome now block the site,hope Myrthos can sort it out quickly.

Also don't forget to submit for reevaluation. Mere removing of malicious code is not enough.

Apparently our ads software was hacked. There are some messages on the net that even the latest version of our ads software might not be safe so for the time being we'll just have to live without ads until all the issues are fixed.

In the meantime I've requested to be removed from the malware list, which is helpfull for those using Firefox or Chrome.

Sorry about this.