I was browsing forums on my work computer and got an update prompt saying that java was in use on the page and if i wanted to update and use it.

Well I did the first time and apparently it loaded some pho windows security program said there were issues on the computer. It locked out the internet saying it was unsafe and insisted it let this program be installed.

I shut it down in safe mode and did a system restore, and have AVG and malwarebytes loaded on my work comp as well as my home comps.

Since I have done the restore I have had the same prompt from java saying java is in use on the forum pages and do I want to update and install.

I have been declining and canceling since then, and today I just saw it on my brand new home laptop, my scanners do not report anything malicious but I am still declining it all.

Anyone else had a problem like this on the forums? Didn't know where else to post. I guess I'll dup this onto blue forum too.

Sounds like you got tricked into downloading a virus. You shouldn't need to update anything to view these forums.

Well I dont do anything on my work computer except browse forums and game sites. And I didnt have any real protection on it, but I dont understand how the same pop up would show up on my laptop at home and only prompt me while I'm browsing forums.

AVG still says I have no malicious stuff that it can detect.

Wierd, super paranoid now.

I seem to get random attempts asking me to authorize java. I just always say no at this point unless its a site I absolutely know needs java to run. Malwarebytes is good, and so is TDSS Killer and Norton's Power Eraser (both free). TDSS only detects low level registry and root errors, etc. NPE is highly agressive and you need to be careful using it, as it can flag things like your .exe handling registry as malicious, but it does a good job at finding low and high level things that can be a problem. Then lastly i run malwarebytes to get the last of w/e was attacking me.

I've also noticed a few pop ups that shouldn't be happening.. but it may have been related to other virus's I possibly obtained from a different website.

If you see javascript code in the source of the website anywhere that shouldn't be there, let me know asap.

i got hit by one from this website as well.

i was browsing here when i saw something attempted to turn off my firewall on my pc.

I was slaying dragons so i figured i would check it out in a few. about 1 hour later, all the normal bells and whistles from that xpantivirus 2012 malware started popping up. a back door rootkit came along for fun this time. ping.exe was a nasty variant of this infection. it will lag the fuck out of our pc, since it ramps your cpu processes up to 100%.

this happened saturday.

If you see anything like that, make a note of which ads were displayed at the time and which page it was on.

If it's recent enough, you should be able to go into offline mode and revisit the page as it appeared, firefox has a more detailed and accurate cache than ie though.

Make sure your Java is patched to the latest version to prevent banner ads from injecting malware.

My virus scanner has been blocking something trying to enter my system everytime I browse the forums. The page will lock up and then after it contains it, it runs the page smoothly.

i got hit by one from this website as well.

i was browsing here when i saw something attempted to turn off my firewall on my pc.

I was slaying dragons so i figured i would check it out in a few. about 1 hour later, all the normal bells and whistles from that xpantivirus 2012 malware started popping up. a back door rootkit came along for fun this time. ping.exe was a nasty variant of this infection. it will lag the fuck out of our pc, since it ramps your cpu processes up to 100%.

this happened saturday.

I had this exact same thing happen to me twice. I would be in EQ with these forums open in the background and the XP antivirus 2012 would pop up. Did a system rollback both times which fixed it. Also, I changed my browser to chrome and haven't had the issue since.

a guildmate of mine just experienced the issue right now, like 2 minutes ago.

just an FYI, maybe track the ads from the last 10-15 minutes or so?

Ads are unique to you, it's not something anyone else can see. Google chooses them for you based on your browsing, the forum is just the place where the box they appear in resides.

This has also happened to me about the time this thread popped up.

Except i cant seem to get it to let me roll back either. I just have to keep task master up all the time now.

I swear i got the virus from these forums.

If you get a virus blocked message, check out what virus was named, and what antivirus you are using. For anyone concerned about viruses and this forum, it would be a simple search to find out if that malware spreads through ads or forum posts.

Avast hasn't found anything on my machine yet, for what it is worth.

This has also happened to me about the time this thread popped up.

Except i cant seem to get it to let me roll back either. I just have to keep task master up all the time now.

I swear i got the virus from these forums.

I had gotten that virus and removed it, I acquired it through a torrent,

What im getting is exactly what getsome has. You have to remove "ping" and the soandso.com in the processes.

I dont download torrents, well i havent in over a year. This is recent.

What im getting is exactly what getsome has. You have to remove "ping" and the soandso.com in the processes.

I dont download torrents, well i havent in over a year. This is recent.

Do you happen to remember the name of the virus, as described by your antivirus software? I did a search for ping.exe and apparently there's a few of them. There's also a virus named Ping.door which seems to be trouble. I'm assuming soandso.com was just a placeholder for the real .com file name.

Im really terrible with computers, didnt want to say it but i dont even use virus protection, whenever something goes bad i just give it to a buddy and he fixes it.

The process that brings up the antivirus popup (fake av) is called something like skh.exe.
It used to pop up every time i qould click on EQ or click my sound meter down at the bottom right, next to the time.

I just manhandle it through task manager and it goes away for a bit.

3 steps to assist your browsing pleasure:

1. Download AdBlock Plus
2. Install AdBlock Plus
3. Run AdBlock Plus

Im really terrible with computers, didnt want to say it but i dont even use virus protection, whenever something goes bad i just give it to a buddy and he fixes it.

Its really worth it to take the time and get antivirus installed. You can even go the route I did, with Avast, because its free. It should be easy to install -- the hardest part is dodging around their attempts to get you to buy the non-free version (which has the same basic features... free is more than good enough).

As has been stated here, you really can't trust anything on the internet these days -- not even the work of our illustrious developers. I'd try to give you an analogy, depicting computer viruses like real life human infections, but frankly, the internet is such a cespool of rampant promiscuity that the analogy would probably have to be put in the Rants and Raves (NSFW) forum.

I don't know what you use your computer for besides eq99, but in general, I'd avoid typing your credit card or banking information into your computer from now until you reinstall windows (or move on to a new machine with antivirus). While, in the past, viruses have been relatively benign, focusing on replication, modern viruses bankrolled heavily by eastern European and Russian mafia is much more focused on monetizable data. Without knowing what particular virus you were hit with, there's no way of telling if something more insidious was left behind -- many viruses now open back doors that let "paying customers" put just about any software they please on your machine. Talk to your friend and see if he can identify the actual virus that hit you. A trip to the Symantec webpage for that virus will tell you if you have the benign replicating kind, or the moneygrubbing kind (look for words like "backdoor").

Antivirus doesn't make you invulnerable to these things, but it sure makes you the harder target.

All of these reports are mostly useless and devoid of any relevant information. If you suspect that you've picked up a virus,

Step 1: Make sure you can see hidden files
http://i43.tinypic.com/ddes6d.jpg

Step 2: Find the files the virus put on your computer. Pay attention to the date and time stamp.
http://i43.tinypic.com/103sdp1.jpg
You can delete it if you want, you might have to kill the process or service first. I'm not going to go into detail on how to do that here.

Step 3: Make sure there isn't anything set to happen at the next bootup.
http://i40.tinypic.com/166wxw6.jpg

I'm not so concerned with telling you how to get it off of your computer, there are many more specialized pages on the internet for doing that, and several tailored to each particular virus. They might not have an obvious name like this. Some use the names of legitimate executables. So if you see anything executable turn up, it's suspect.

Now that you have the exact date and time that it was placed onto your pc, go into your browsing history, and pinpoint everything that you were doing at that exact time. Sorting the 'modified on' search by date and time, you should be able to get a pretty good impression. The sooner after picking one up that you do this, the better the odds are that you'll be able to narrow it down.

So far no one has given any specifics as far as origin. Fix that.