V-I-R-U-S Alert!

To the website manager!

gamerankings dot com is infected with PWS-lineage dot dll.

 My McAfee blocked it. do not know who to alert, mainly because there is no clear alert adress.

Please forward this to the apropriate parties!

Using Norton Antivirus 2002 I also detected a VIRUS on Gamespot.

This is the link I got the virus at and my logfile.

http://www.gamespot.com/pc/action/jointoperations/review.html?om_act=convert&om_clk=gssummary&tag=summary;review

Date: 4/2/2007, Time: 0:08:26, user on USER
The file
C:\WINDOWSmppds.exe
is infected with the Infostealer.Gampass virus.
Unable to repair this file.

Date: 4/2/2007, Time: 0:08:26, user on USER
The file
C:\WINDOWSmppds.exe
is infected with the Infostealer.Gampass virus.
Access to the file was denied.

The file
C:\Documents and SettingsmynameLocal SettingsTemporary Internet FilesContent.IE54H2R8HMZa[1].exe
is infected with the Infostealer.Gampass virus.
Unable to repair this file.

Date: 4/2/2007, Time: 0:23:34, user on USER
The file
C:\Documents and SettingsmynameLocal SettingsTemporary Internet FilesContent.IE54H2R8HMZa[1].exe
is infected with the Infostealer.Gampass virus.
Access to the file was denied.

yeah same here McAfee blocked it tho.

I was checking the STALKER page and Viva pinata page

I've noticed Internet Explorer crashes when attempting to load a certain URL. It loads the gamespace just fine, stops, then starts loading this URL and freezes. The page it's loading is in Chinese and contains one link to some stats page or whatever it is.

Since I have no idea what's there it could potentially be very unsafe. I'm posting it because it might be the source of the virus problems, so don't go to the page if you're unsure. It might be completely harmless, but be careful nonetheless.

[spoiler] The URL is: http://www.82087871.com/css3.htm and in case you didn't read my warning, a reminder that it could be unsafe. It probably isn't, since the source doesn't show much that could deal with viruses, and it links to a login page for website statistics, but be careful nonetheless [/spoiler]

Since I couldn't find that URL in the page source it's probably something to do with an advert.

Also, I tried opening that page in IE and it didn't crash, so I could be wrong. 

EDIT: I am 99% certain it's that URL that's causing IE and other Trident-based browsers to crash, as I just added it to my URL filter (an IE add-on) and it did not crash on the pages it used to crash on.

[spoiler] http://www.gamespot.com/pc/rpg/silverfall/index.html?tag=similargames;title;2 Gives: Virus Profile: Exploit-ANIfile.c Risk Assessment - Home Users: Low - Corporate Users: Low Date Discovered: 3/28/2007 Date Added: 3/28/2007 Origin: N/A Length: varies Type: Trojan SubType: Exploit DAT Required: 4995 Virus Characteristics This detection covers ANI files that attempt to exploit a recent ANI file format handling vulnerability. AVERT has confirmed that the exploit affects at least systems running Microsoft Internet Explorer 6 & 7 on Windows XP SP2. Systems running Windows XP SP1 and Windows XP SP0 do not seem vulnerable to this exploit. These malicious ANI files may be hosted by websites, which when visited can result in silent execution of arbitrary code. One such sample silently downloaded a new downloader trojan, Downloader-BBH. Indications of Infection This exploit runs silently without showing any obvious symptoms. This exploit is simply a transport mechanism for other malicious code; whatever the attack chooses to include. Method of Infection Malicious code can be delivered via a web page or email message. Removal Instructions AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination. Additional Windows ME/XP removal considerations Aliases TROJ_ANICMOO.AX (Trend Micro) [/spoiler] iratheous

I have a strong suspicion that the URL I posted earlier has something to do with it, since according to that report it only affects IE based browsers, which presumably you're running. If you are using IE, and you get hit with the virus warning every time you visit that gamespace, do you think you could give this a try?

1. Download and install the add-on IE7 pro or any other add-ons that have some form of URL filtering (the one I linked to is safe to use).
2. Start IE and look for the IE7 pro logo on the status bar. Click it and select "preferences".
3. In the new window, click "ad filter" from the side bar.
4. Make sure "enable ad filter" is checked, and in the text box at the bottom type "*.82087871.*" and click add (make sure it's set to URL block filter)
5. Go back to the gamespace that's affecting you and see if it happens again.

If that solves your problem, GameSpot needs to stop the domain www.82087871.com from loading stuff on GS pages. If it doesn't help, then I've just wasted my time to an extent (that method at least stops IE from crashing).

To the website manager!

 

gamerankings dot com is infected with PWS-lineage dot dll.

My McAfee blocked it. do not know who to alert, mainly because there is no clear alert adress.

 

Please forward this to the apropriate parties!

 

 

Lawrencevanrijn

Is it a problem with GameFaqs? And I think we should put a notice up on the website to prevent this virus spreadingzepman71

Bloodhound.Exploit.131 is what I got looking at STALKER pics and infooscar_rangel

What does it do? Is it just like a typical virus?

[spoiler] The URL is: http://www.82087871.com/css3.htm and in case you didn't read my warning, a reminder that it could be unsafe. It probably isn't, since the source doesn't show much that could deal with viruses, and it links to a login page for website statistics, but be careful nonetheless [/spoiler] EJ902

Everytime I open that link, it forces my AOL Browser to op-up.  Of course it doesn't work because it needs a password.

[QUOTE="EJ902"]

[spoiler] The URL is: http://www.82087871.com/css3.htm and in case you didn't read my warning, a reminder that it could be unsafe. It probably isn't, since the source doesn't show much that could deal with viruses, and it links to a login page for website statistics, but be careful nonetheless [/spoiler] LTomlinson21

Everytime I open that link, it forces my AOL Browser to op-up.  Of course it doesn't work because it needs a password.

I stand by my opinion that this site is in some way related to the virus, as it only occurs on the gamespace summary, the same pages the virus warnings are allegedly popping up, and how blocking that URL stops IE from crashing on those pages.

EDIT: And just like that it's gone. If people are still getting virus warnings on Gamespaces and there's no trace of 82087871.com attempting to load, then you'll know I was wrong.

When researching this, it appears the trojan is "infostealer.gampass".

Infostealer.Gampass is a generic detection for a Trojan horse that steals online game accounts, such as Lineage, Ragnarok online, Rohan, and Rexue Jianghu. Also, a few antivirus websites indicate some of the variations of this trojan can have a keylogger embedded in it. With that in mind, I would hate to have any of the passwords to my accounts/games/websites stolen.

Not sure if this has anything to do with the virus or not, but every time I shut IE down, another window pops up to a pornographic site and it always seems to happen if I've visited any of the game/shared forums. I hadn't been on any other website today and I got that pop up. Is anyone else getting this?Wren28

[QUOTE="Wren28"]Not sure if this has anything to do with the virus or not, but every time I shut IE down, another window pops up to a pornographic site and it always seems to happen if I've visited any of the game/shared forums. I hadn't been on any other website today and I got that pop up. Is anyone else getting this?EJ902

Wouldn't Norton get rid of it? I have Norton SystemWorks 2007...if not, well, I'll go from there.