[False alarm] MALWARE POP UPS in wesnoth.org

Discussion of all aspects of the website, wiki, and forums, including support requests and new ideas.

Moderators: Forum Moderators, Developers

Locked
Pepe
Posts: 57
Joined: July 7th, 2014, 6:50 am
Location: Spain

[False alarm] MALWARE POP UPS in wesnoth.org

Post by Pepe » January 25th, 2015, 5:28 pm

[2015-02-23] Locking this topic as it turned out to not be a problem with wesnoth.org at all. Read on for details. ― shadowm

Anyone else have seen a popup that try to install malware when you click a link at forums or any other wesnoth.org page?

It looks like if wesnoth.org has suffered a hacking attack or something like that.

Pepe
------------------------------------------------------

Note: you can see some new links with capitol letters and a green arrow that popups to install supposed utility or security software.

Im afraid that this post has some of that links that i have not writen myself in it.
Last edited by Iris on February 23rd, 2015, 4:11 am, edited 2 times in total.

User avatar
ancestral
Developer
Posts: 1108
Joined: August 1st, 2006, 5:29 am
Location: Motion City

Re: MALWARE POP UPS in wesnoth.org

Post by ancestral » January 25th, 2015, 5:31 pm

Pepe,

No, I don’t. It sounds like you have adware installed on your own computer.

Check your browser add-ons and check with your computer support for help with removing adware from your computer.
Wesnoth BestiaryPREVIEW IT HERE )
Unit tree and stat browser
CanvasPREVIEW IT HERE )
Exp. map viewer

Pepe
Posts: 57
Joined: July 7th, 2014, 6:50 am
Location: Spain

Re: MALWARE POP UPS in wesnoth.org

Post by Pepe » January 25th, 2015, 5:51 pm

Thank for answer.

I cannot undertand how can i see that popups at my windows 7 computer and at an Ubuntu virtual machine too.

I will try to check my machine for some kind of virus anyway.

Malware name is something like eFix Pro

Pepe
---------------------------------------------------------------------------------------------------------------

User avatar
Iris
Site Administrator
Posts: 6587
Joined: November 14th, 2006, 5:54 pm
Location: Chile
Contact:

Re: MALWARE POP UPS in wesnoth.org

Post by Iris » January 25th, 2015, 6:04 pm

If you don’t see this on every other site, perhaps there’s malware on your computer redirecting requests for the Google Analytics script — that’s the only Javascript request shared by both the forums and the front page. If both Windows 7 and your Ubuntu VM are on the same host, the malware running on the host may be rewriting HTTP traffic to/from GA or wesnoth.org at the driver level, or redirecting name lookups for google-analytics.com by tampering with your DNS or etc\hosts configuration (yes, %systemroot%\system32\drivers\etc\hosts is a thing on Windows).
Author of the unofficial UtBS sequels Invasion from the Unknown and After the Storm.

User avatar
Elvish_Hunter
Forum Moderator
Posts: 1405
Joined: September 4th, 2009, 2:39 pm
Location: Lintanir Forest...

Re: MALWARE POP UPS in wesnoth.org

Post by Elvish_Hunter » January 25th, 2015, 6:36 pm

Pepe wrote:Malware name is something like eFix Pro
Yes, by a quick search it appears to be one of these annoying adware, and as such your antivirus may not recognize it as malware. Some of the removal procedures that I found (like this one, for example) suggest to try using MalwareBytes Anti-Malware and AdwCleaner, but I never used these programs so far, so I can't vouch for them.
Current maintainer of these add-ons:
1.14: The Sojournings of Grog, A Rough Life, The White Troll (co-author), Wesnoth Lua Pack
1.12: Children of Dragons

Pepe
Posts: 57
Joined: July 7th, 2014, 6:50 am
Location: Spain

Re: MALWARE POP UPS in wesnoth.org

Post by Pepe » January 25th, 2015, 6:39 pm

Yes, i had a malware in my w7 host computer. Im cleaning it now. i have removed something with the name WP from my program list with an installation date of today. I dont know what it is but i have antivirus working in my hard disk now.

Thanks for help.

Wesnoth was the first web i saw today and i thought it was under some kind of hacking attack but i saw that other web pages were poping too with that malware in my computer.

Pepe
-------------------------------------------------------

User avatar
Paulomat4
Moderator Emeritus
Posts: 719
Joined: October 16th, 2012, 3:32 pm
Location: Wesmere library, probably summoning Zhangor

Re: MALWARE POP UPS in wesnoth.org

Post by Paulomat4 » January 25th, 2015, 8:20 pm

Yes, by a quick search it appears to be one of these annoying adware, and as such your antivirus may not recognize it as malware. Some of the removal procedures that I found (like this one, for example) suggest to try using MalwareBytes Anti-Malware and AdwCleaner, but I never used these programs so far, so I can't vouch for them.
I used adwCleaner once, and found it to be very easy to use and effective.
Creator of Dawn of Thunder and Global Unitmarkers

"I thought Naga's used semi-automatic crossbows with incendiary thermite arrows . . . my beliefs that this race is awesome are now shattered." - Evil Earl

Locked