!! WARNING !!

[Pat89]

Update:

There is no more threat on our website www.rometotalrealism.org.
We will keep you updated if it happens again...
(And please keep us updated as well if you notice something strange!! )

Regards,

PatricianS


Original message:

Spoiler Alert, click show to read: 

Please don't visit our official site (the .org) at the moment!!

Someone who thought to be funny has put a virus on the site!!

Tony just got this message when visiting it:


I had something similar... A message popping up saying that my comp was infected and I neede to download something to do a _free_ scan (yeah sure)

So unless you are really sure of yourself, please don't go there!!!

[kepper]

I just have go to site and all is ok at lest from my, i don´t receive any message about a virus.

[Pat89]

I just have go to site and all is ok at lest from my, i don´t receive any message about a virus.

That can either be very possitive or extremely negative

[kepper]

Something is wrong it my PC.
I getting messages all over the pc screen saying.
RTR4ever are is next preview

[Pat89]

lol

[Quinctius Cincinnatus]

hehe
Kepper jokes the day


BTW: all RTR fans please Rep me for my awesome new signature, or you'll regret it.

Q.

[Tony83]

OK guys, try not to panic too much!

This is probably not a Trojan but the result of the RTR site's host using a market research tracker. I don't know too much about this practice but, apparently, most commercial sites use these companies to tab your browsing habits - Big Brother really is watching you!

Most times this isn't a problem, but in this instance the ESET virus checker software appears to be identifying the tracker as a Trojan! It may well be that someone using Norton, or other virus checking software, won't get this, and we would appreciate it if anyone out there using virus software other than ESET would let us know whether or not they are getting any problems logging into www.rometotalrealism.org.

Using a product called PeerGuardian to monitor these trackers, the following image was obtained.



As you can see, it appears to be an entity known as Interland.

Doing a search on one of the IP addresses we come up with this company:

.

Not being a techie myself, I don't understand the full implications of what's happenning here, but I will try and find out and see if there is some easy solution.

In the meantime, strangely enough, if you go directly to our site's download page, which you will find a link for in the RTR - Downloads and Mod Index, you will bypass the problem! :hmmm:

Watch this space - we will look into it.

[Jamey]

I get stoned by my antivirus as well (AVG). This is the info from Google about the website:

Spoiler Alert, click show to read: 

Safe Browsing

Diagnostic page for 58.65.234.0

What is the current listing status for 58.65.234.0?

This site is not currently listed as suspicious.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 40 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-10-07, and suspicious content was never found on this site within the past 90 days.Malicious software includes 78 trojan(s), 32 adware(s). Successful infection resulted in an average of 0 new processes on the target machine.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, 58.65.234.0 appeared to function as an intermediary for the infection of 42 site(s) including superior.cz, extra.hu, onestop-entertainment.com.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 49 domain(s), including langas.lt, mobilizam.com, elviatravel.nl.

Next steps:

• Return to the previous page.
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

If rometotalrealism.org is on a shared box, it's possible that another site is doing something bad. It's also possible that someone hacked the server and did something bad. If this is the market research tracker from the webhost, it might be time to try a different webhost.

The name "JS/TrojanDownloader.Small.NBF" says to me that the AV is detecting javascript that downloads a Trojan. This string is pretty much a dead end other than that (someone who speaks Hungarian might try - eset.hu has several references to this in their support section).

[Corelias]

Mcafee Site advisor is also blocking the site.

[Pat89]

Not that I understand most of what you just said... But it doesn't sound good

So acording to Google, our site rometotarealism.org is infected by "Malicious software includes 78 trojan(s), 32 adware(s)."? That's not good

Thanks for looking this up Jamey

[kepper]

I have Avast and don´t receive any information about a virus, in all the time i go and visite the org page of RTR.

[Tony83]

I'm glad to announce that, thanks to some timely advice from Bladerunner900, the problem with the front page has been resolved.

We hope that this will be a permanent fix and we will be monitoring the site closely over the next few days.

Again, our thanks to Bladerunner900.

[bladerunner900]

I'm glad to announce that, thanks to some timely advice from Bladerunner900, the problem with the front page has been resolved.

We hope that this will be a permanent fix and we will be monitoring the site closely over the next few days.

Again, our thanks to Bladerunner900.

Glad I could help. There are definitely some pathetic "wasters" out there.

[Tony83]

It seems that the same problem is back with the front page of the RTR Website. So we are looking at getting a more permanent solution this time.

[Prince Nuada]

me 2 i dont have that warning so is it safe?

[Pat89]

I didn't get any message this time

[Kylan271]

I checked today and I used Mozilla Firefox with ScriptBlocker and the link is listed as "UNSAFE". I dropped the script blocker and saw the page,my AVAST did not say anything. But,if unsafe it means something is amiss. I think maybe your webhost is the prob? I am not computer tech though,just a guess.

[Tony83]

I'm not familiar with Scriptblocker but I've just logged into the RTR site without problem. If this persistes with you, perhaps you could send us a screenshot of the error message you are getting.

[Kylan271]

Sorry it is called "NoScript" and no error message just a note listing it as 'untrusted'. Screenshot in attachment.

[bladerunner900]

I think it's just detecting the java script used to pr-load some of the images. :hmmm: