Jump to content


Photo

Yoyogames.com Virus


  • This topic is locked This topic is locked
72 replies to this topic

#1 3141592526

3141592526

    GMC Member

  • GMC Member
  • 222 posts

Posted 16 August 2010 - 12:56 AM

norton says this website is unsafe so does AVG hear is the lnk of viruses ADMIN FIX THESE IT FEELS UNSAFE!!


LINK TO WEBSITE SCAN click

Threats found: 3
Here is a complete list:
Threat Name: 	MSIE ADODB.Stream Object File Installation Weakness
Location: 	http://www.yoyogames.com/

	
Threat Name: 	MSIE ADODB.Stream Object File Installation Weakness
Location: 	http://www.yoyogames.com/games/66223-incoming-battle-for-the-planet-earth

	
Threat Name: 	Direct link to MSIE ADODB.Stream Object File Installation Weakness
Location: 	http://www.yoyogames.com/

	
Small-whitebg-red 	Viruses (what's this?)

Threats found: 1
Here is a complete list:
Threat Name: 	Infostealer.Gampass
Location: 	http://www.yoyogames.com/games/5221-rocket/send_download?code=7b5bac384a8bcfcba32ab72e2e5155494378d3a3

  • 0

#2 Chazzmundo

Chazzmundo

    GMC Member

  • New Member
  • 275 posts
  • Version:GM8

Posted 16 August 2010 - 01:08 AM

LOL XD now who would do a thing like that :P
  • 0
Chazz

#3 brianp

brianp

    Brian Prestley

  • GMC Member
  • 111 posts
  • Version:Unknown

Posted 16 August 2010 - 01:09 AM

I get the same notification from Norton Internet Security, along with a message at the bottom of the screen saying an attack has been blocked. When I first visited the site today, an adobe reader window popped up and said that it was blocking the execution of "C:\WINDOWS\System32\cmd.exe." Also, firefox said that an additional plugin was required to display all media, but I have the instantplay plugin, and this has never happened before. Finally, Windows Media Player opened and said that it could not find the desired media file(?).Please fix this, I don't want a virus!

Edited by brianp, 16 August 2010 - 03:02 PM.

  • 0

#4 scream681

scream681

    Nick Larin

  • New Member
  • 1152 posts

Posted 16 August 2010 - 01:23 AM

Great, just great... !

Now my desktop got busted... It restarts while booting, I hope I didn't lose the Darkverse data...

The site been like this almost half a day, or more, none of the yoyogames staff noticed it? wake up, maybe?

If anyone knows what is which exact virus is there, or how to deal with it, please let me know.


Thanks, Yoyogames!

Nick.
  • 0

Posted Image


#5 Aragon1029

Aragon1029

    GMC Member

  • New Member
  • 940 posts

Posted 16 August 2010 - 01:24 AM

I lol'd.
  • 0


Rave Breakout! A new game for iOS devices!
Ever wondered how many lines of code your game has?
Guys, I have a great idea, let's protect the public through censorship.


#6 Ultimate Omicron

Ultimate Omicron

  • GMC:Member
  • 949 posts
  • Version:GM:Studio

Posted 16 August 2010 - 01:26 AM

This has been hapenning lately. Most people believe it is an infected advertisement. I really don't like ads, specially the irritatingly flashing ones they chose for yoyo. But since they don't make money from air to pay for hosting, we have no option.

#7 scream681

scream681

    Nick Larin

  • New Member
  • 1152 posts

Posted 16 August 2010 - 01:31 AM

I never complained about adds, but my desktop is now dead, because I visited yoyogames.com today. It popped a java window without asking my permission and opened winamp which started connecting to an IP. I closed everything and did a complete virus scan, after restarting the PC was no longer booting windows, but resetting itself in the process.
  • 0

Posted Image


#8 Frybone

Frybone

    GMC Member

  • New Member
  • 2 posts

Posted 16 August 2010 - 01:42 AM

When i visited yoyo AVG blocked the site, and my windows media player opened, i closed it as soon as it opened and my PC acts OK so far. I hope there wont be any consequences for visiting the site, and that it will be fixed soon :S
  • 0

#9 2DLuis

2DLuis

    Graphic Designer

  • GMC Member
  • 2527 posts
  • Version:GM8

Posted 16 August 2010 - 02:04 AM

I noticed this a couple of weeks ago thanks to Norton, opened a case with YoYoGames, informed them, and they said they would look into it. However, my threat if I remember correctly was the rocket game. Nonetheless, various viruses have been getting past YoYoGame's virus checker.

Edited by 2DLuis, 16 August 2010 - 02:07 AM.

  • 0

#10 Revel

Revel

    ɹǝqɯǝɯ ɔɯƃ

  • GMC Member
  • 4935 posts
  • Version:GM8

Posted 16 August 2010 - 02:21 AM

Nonetheless, various viruses have been getting past YoYoGame's virus checker.

The virus checker is for uploaded games.


I have no issues on the site. Maybe it has been fixed now or the virus knows that I will make it GTFO if it tries touching my PC :)


@ scream681
Worse case scenario, you can do a boot from a Linux live CD such as unbuntu which will allow you to access your Windows hard drive to get the files you need (such as DarkVerse stuff)

Edited by Revel, 16 August 2010 - 02:23 AM.

  • 0

#11 RedChu

RedChu

    Demented Misanthrope

  • GMC Elder
  • 334 posts
  • Version:GM:Studio

Posted 16 August 2010 - 02:41 AM

Avast has been blocking a malicious URL on there all day today. If you disable Javascript you should be fine.

The same thing happened last week too, except Avast didn't catch that and I ended up with a virus.

Edited by RedChu, 16 August 2010 - 02:42 AM.

  • 0

#12 thatshelby

thatshelby

    GMC Member

  • GMC Member
  • 3823 posts
  • Version:GM8

Posted 16 August 2010 - 03:05 AM

Great, I need to notify my blog followers again not to play my game...

._. Good one YoYo.
  • 0

#13 Vacuusimago

Vacuusimago

    GMC Member

  • New Member
  • 10 posts

Posted 16 August 2010 - 03:11 AM

Great, I need to notify my blog followers again not to play my game...

._. Good one YoYo.



Please do not put the entirety of blame on Yoyo. It is the decision of the advertiser to decide what particular ads go on a site, given the sites make-up, traffic and generally what people come to it. If the company who associates the ad-space is letting obviously malicious groups do these sorts of things, then I believe it is entirely up to the ad-provider to make things right. Yoyo games may actually be a victim - though it should move quickly to ask the "What the hell?" question to that ad company.
  • 0

#14 thatshelby

thatshelby

    GMC Member

  • GMC Member
  • 3823 posts
  • Version:GM8

Posted 16 August 2010 - 03:14 AM

It's not YoYo.

Game Jolt had a recent problem with this- but it's sorted out now. I think the ad server got infiltrated, so when they display, the site is infected.

Does someone who has an ad-blocker want to risk a PC and find out?


  • 0

#15 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 16 August 2010 - 03:19 AM

Don't be an idiot and click Run when Java asks you about an applet on YYG's site.
Posted Image
What I see.

Edited by TheMagicNumber, 16 August 2010 - 03:21 AM.

  • 0

#16 Revel

Revel

    ɹǝqɯǝɯ ɔɯƃ

  • GMC Member
  • 4935 posts
  • Version:GM8

Posted 16 August 2010 - 03:38 AM

Does someone who has an ad-blocker want to risk a PC and find out?


This is most likely why I don't have any problems. I'm using Ad Block Plus and I didn't have any issues with the site.

Edited by Revel, 16 August 2010 - 03:38 AM.

  • 0

#17 D1g1talAli3n

D1g1talAli3n

    BoyGenius

  • GMC Member
  • 965 posts
  • Version:GM8

Posted 16 August 2010 - 04:01 AM

I'm using Adblock Plus for Chrome (AdThwart) and I got the same problem. The site took an unusual long time to load, and showed me that a PDF file wanted to open something. On its description for what file it was referring to, it said: "This file is encrypted. Press "Open" to decrypt."
Obviously a trick.
  • 0

Posted Image


#18 Aragon1029

Aragon1029

    GMC Member

  • New Member
  • 940 posts

Posted 16 August 2010 - 04:03 AM

http://i.imgur.com/fMn5L.png
lolads

https://addons.mozil...fox/addon/1865/
  • 0


Rave Breakout! A new game for iOS devices!
Ever wondered how many lines of code your game has?
Guys, I have a great idea, let's protect the public through censorship.


#19 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 16 August 2010 - 09:28 AM

I don't think the problem is with the advertisements. Take a close look at the report listed above:

Threats found: 1
Here is a complete list:
Threat Name: Infostealer.Gampass
Location: http://www.yoyogames.../send_download?
code=7b5bac384a8bcfcba32ab72e2e5155494378d3a3


The pattern "http://www.yoyogames...download?code=" is triggered by clicking on the Download Game button. This suggests that the virus is in the actual download, not on the web page.

There are two possibilities here:

  • The scanners used are outdated and give a false positive on the game maker engine.
  • The download really does contain the virus or a file that matches the pattern of this virus, but it wasn't found by YoYo Games in-house scanner.

More information about the virus itself can be found here. It does sound like the kind of virus that would be interesting to deploy on a website like YoYo Games, but don't take out your pitchforks just yet - false positives have happened a number of times on the Game Maker engine. They are usually solved when the virus databases are updated.

For now, the best advice is simply not to play this game and report it for YYG to check.
  • 0

#20 theg721

theg721

    G Dawg

  • GMC Member
  • 1959 posts
  • Version:GM8

Posted 16 August 2010 - 10:17 AM

I never complained about adds, but my desktop is now dead, because I visited yoyogames.com today. It popped a java window without asking my permission and opened winamp which started connecting to an IP. I closed everything and did a complete virus scan, after restarting the PC was no longer booting windows, but resetting itself in the process.

D'you mean when you turn it on, it automatically restarts and constantly restarts 'til you pull the plug?
  • 0

#21 robert680

robert680

    Firefox User

  • New Member
  • 968 posts
  • Version:GM7

Posted 16 August 2010 - 12:20 PM

Well it's a good thing I use Firefox with AVG and Comodo and Adblock plus.
  • 0

All of my Games! - Windows Vista GM7.0 Pro

All of my latest videos

I wouldn't recommend clicking the below spoiler...
...Unless you want your LIFE to change FOREVER.


Spoiler


#22 scream681

scream681

    Nick Larin

  • New Member
  • 1152 posts

Posted 16 August 2010 - 12:53 PM

I don't think the problem is with the advertisements. Take a close look at the report listed above:

Threats found: 1
Here is a complete list:
Threat Name: Infostealer.Gampass
Location: http://www.yoyogames.../send_download?
code=7b5bac384a8bcfcba32ab72e2e5155494378d3a3


The pattern "http://www.yoyogames...download?code=" is triggered by clicking on the Download Game button. This suggests that the virus is in the actual download, not on the web page.

There are two possibilities here:

  • The scanners used are outdated and give a false positive on the game maker engine.
  • The download really does contain the virus or a file that matches the pattern of this virus, but it wasn't found by YoYo Games in-house scanner.

More information about the virus itself can be found here. It does sound like the kind of virus that would be interesting to deploy on a website like YoYo Games, but don't take out your pitchforks just yet - false positives have happened a number of times on the Game Maker engine. They are usually solved when the virus databases are updated.

For now, the best advice is simply not to play this game and report it for YYG to check.


All i did was visit yoyogames.com, and Java window popped plus winamp trying tp connect to an adress. Closed everything immediately, and after restart the computer was not bootable. So I doubt its a game, i never even heard of that game anyway.


I never complained about adds, but my desktop is now dead, because I visited yoyogames.com today. It popped a java window without asking my permission and opened winamp which started connecting to an IP. I closed everything and did a complete virus scan, after restarting the PC was no longer booting windows, but resetting itself in the process.

D'you mean when you turn it on, it automatically restarts and constantly restarts 'til you pull the plug?


Yeah, I turned off automatic reboot on error to see what is the cause, it gets an c000021a error while initializing login.
  • 0

Posted Image


#23 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 16 August 2010 - 02:33 PM

All i did was visit yoyogames.com, and Java window popped plus winamp trying tp connect to an adress. Closed everything immediately, and after restart the computer was not bootable. So I doubt its a game, i never even heard of that game anyway.

Look again. I didn't reply to you but to the topic the OP started.
  • 0

#24 Venomous

Venomous

    GMC Member

  • GMC Member
  • 1626 posts
  • Version:GM:Studio

Posted 16 August 2010 - 02:36 PM

Windows Media Player opened by itself a couple of times when I went on YoYoGames.
I closed it right away.
  • 0

#25 Pie Person!

Pie Person!

    GM 6+ Lover

  • GMC Member
  • 1973 posts

Posted 16 August 2010 - 02:42 PM

Well I'm not going to this site again...
  • 0
Cool.

#26 commander of games

commander of games

    Kaos Kreator

  • GMC Member
  • 2883 posts
  • Version:GM:Studio

Posted 16 August 2010 - 02:45 PM

Smarty, I dont think that is the problem. As soon as I go to the YYG site, the Java popup appears.

I never complained about adds, but my desktop is now dead, because I visited yoyogames.com today. It popped a java window without asking my permission and opened winamp which started connecting to an IP. I closed everything and did a complete virus scan, after restarting the PC was no longer booting windows, but resetting itself in the process.

D'you mean when you turn it on, it automatically restarts and constantly restarts 'til you pull the plug?

That happened to be me once. When th GMC got hacked. It sucked. Really bad.

Also, just so everyone knows, I was NOT given the option to choose wether or not to run the Java thing.
  • 0

InvaderX.gif


#27 ManeMan

ManeMan

    GMC Member

  • New Member
  • 6 posts

Posted 16 August 2010 - 03:13 PM

I just joined in to ask more about this. I tried to play a pirates game, and...well enough weird things started happening that I just used processexplorer.exe to kill firefox process tree completely. I didn't try that rocket game at all. I tried two games that I found posted here in the WIP forum, both recently updated, and also the 3d pirate game, same "install plug-in" stuff and the java applet posted above. I am not using any active antivirus, but got PLENTY of warning that not all was cool.
  • 0

#28 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 16 August 2010 - 03:40 PM

Smarty, I dont think that is the problem. As soon as I go to the YYG site, the Java popup appears.

It could also be that there are two different issues here. The one listed in the first post specifically mentions what link is giving a positive on the virus scan, and that's the link that starts the download.

I'm also wondering, and this isn't quite clear from the reports, is it Java or Javascript that is used to trigger the supposed exploit? That's a big difference. Almost anyone visiting the site would have Javascript allowed, but not everyone has Java enabled on their browser.

Edited by Smarty, 16 August 2010 - 03:41 PM.

  • 0

#29 scream681

scream681

    Nick Larin

  • New Member
  • 1152 posts

Posted 16 August 2010 - 03:40 PM

All i did was visit yoyogames.com, and Java window popped plus winamp trying tp connect to an adress. Closed everything immediately, and after restart the computer was not bootable. So I doubt its a game, i never even heard of that game anyway.

Look again. I didn't reply to you but to the topic the OP started.


I know, but we are talking about yoyogames having a virus, and I didn't have to play any games to get my pc infected.
  • 0

Posted Image


#30 2DLuis

2DLuis

    Graphic Designer

  • GMC Member
  • 2527 posts
  • Version:GM8

Posted 16 August 2010 - 04:01 PM

Does someone who has an ad-blocker want to risk a PC and find out?


This is most likely why I don't have any problems. I'm using Ad Block Plus and I didn't have any issues with the site.

I must confess, I too am now using Ad Block Plus and ever since then, no problems with the YYG site.
  • 0

#31 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 16 August 2010 - 04:08 PM

I still think there may be two different issues at hand here, but it would help if people mentioned their browser once they say they did, or did not encounter, the issue with the Media player. I'm using Chrome but haven't seen it. I'm half suspecting IE can launch the media player simply because a WMV file was called. That doesn't necessarily make it a virus, of course, unless some unknown exploit is being used.

Also note that the advertisements on the site are being rotated - it may take a while for the advertisement that causes troubles to reappear.

Edited by Smarty, 16 August 2010 - 04:09 PM.

  • 0

#32 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 16 August 2010 - 04:58 PM

I was using Chrome with AdThwart, what happened is in a screencap in my previous post. It's pretty interesting how it targets many programs.
  • 0

#33 RedChu

RedChu

    Demented Misanthrope

  • GMC Elder
  • 334 posts
  • Version:GM:Studio

Posted 16 August 2010 - 07:02 PM

I use Chrome with AdThwart, however I've noticed ads have been popping up before they're blocked lately - they never used to, at least not that I've noticed.

Posted Image

That's what I saw yesterday on every page of the forums, and it only occurred when Chrome as loading "ads.yoyogames.com", so I assume it came from the ads. However, earlier when I started up my laptop it wouldn't boot at all and I had to do a system restore to an earlier point in time (it didn't say how far), but once I got on, I did a system scan in Malwarebytes and it found two of the same malicious files that I got from YYG last week. Nothing tried to run as far as I know this time, but last week the little Java icon in the task bar tray popped up for a few seconds and closed, which is how I knew something was up.

I'm staying away from YYG for now, at least with Javascript enabled until the problem is fixed. I recommend that you scan your computer thoroughly even if your antivirus said it had been blocked, just to be safe.
  • 0

#34 commander of games

commander of games

    Kaos Kreator

  • GMC Member
  • 2883 posts
  • Version:GM:Studio

Posted 16 August 2010 - 07:22 PM

Phew. Thankfully my computer doesnt have any boot problems(Yet). But I'll be on the look out for them...
  • 0

InvaderX.gif


#35 Smarty

Smarty

    GMC Member

  • GMC Elder
  • 7522 posts
  • Version:GM:Studio

Posted 16 August 2010 - 07:36 PM

If the issue is with any of the adverts, then it would be helpful to find out which advert it could be. There is usually more than one on a page, but any screenshots that show the virus warning with the website in the background may help in tracking it down.
  • 0

#36 thatshelby

thatshelby

    GMC Member

  • GMC Member
  • 3823 posts
  • Version:GM8

Posted 16 August 2010 - 07:36 PM

I agree- this is a serious problem!
  • 0

#37 Rtyp06

Rtyp06

    GMC Member

  • GMC Member
  • 1858 posts
  • Version:GM:Studio

Posted 16 August 2010 - 07:44 PM

Norton is screaming unsafe anywhere I try to go on yoyo. I have Norton and IE. I sure as heck am not going to try downloading anything until this is fixed.
  • 0

#38 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 16 August 2010 - 08:16 PM

The virus is from the ads, visiting the site downloads the virus. It may or may not be run, though, depending on your system's security.
  • 0

#39 Takagi

Takagi

    GMC Member

  • GMC Elder
  • 4284 posts
  • Version:GM:Studio

Posted 16 August 2010 - 08:23 PM

I'm surprised there's been no official word yet from any higher ups.

Honestly, most of the GMC moderators don't frequent YYG forums much, and as a result, we're not as "in the loop" as some would think we are. Also, we have no admin rights on the website besides basic remove/edit games, posts, and profiles.
  • 0

#40 Gupocca

Gupocca

    Artist

  • GMC Member
  • 644 posts
  • Version:Unknown

Posted 16 August 2010 - 08:30 PM

Using Chrome with AdThwart, and a Java splash screen showed up for me. I immediately terminated it and all of its related processes.
Norton came up and labeled it as a "HTTP Java Trojan Download Activity." The attacker URL was 02.2m1sdzs.co.cc/x/f15.zip I don't recommend visiting it.
  • 0

#41 CakeDoer

CakeDoer

    GMC Member

  • New Member
  • 3 posts

Posted 16 August 2010 - 08:36 PM

When visiting any page on the official YoYo Games website, a URL containing malware attempts to be loaded. The URL is:

hxxp://02.2m1sdzs.co.cc/x/index.php (the two 'T's have been replaced with 'X's for user safety)

People with sufficient virus protection should be safe, but those without shouldn't visit the site IMO. It is not a script, as NoScript blocks everything on the page, it's just some sort of URL that gets loaded for some reason.

Edited by CakeDoer, 16 August 2010 - 08:45 PM.

  • 0

#42 TheMagicNumber

TheMagicNumber

    GMC Member

  • GMC Member
  • 5247 posts
  • Version:Unknown

Posted 16 August 2010 - 08:39 PM

Don't visit YoYoGames' site until they fix this for good. :D
  • 0

#43 CakeDoer

CakeDoer

    GMC Member

  • New Member
  • 3 posts

Posted 16 August 2010 - 08:41 PM

Oh, sorry for making another thread guys, I just joined this forum and instantly made a thread. My post was moved. :V

Avast rocks. :D

Also, if any PCs are experiencing problems after visiting the forums/site, just download MalwareBytes and do a quick system scan. That should fix things. :)

edit again: oh hai rob

Edited by CakeDoer, 16 August 2010 - 08:46 PM.

  • 0

#44 thatshelby

thatshelby

    GMC Member

  • GMC Member
  • 3823 posts
  • Version:GM8

Posted 16 August 2010 - 08:44 PM

Hrmmm... I still feel at risk.

Is it likely that these are the same people that hacked the GMC at the end of its glory days?

I think so.


  • 0

#45 ev149

ev149

    NinetySix Design

  • GMC Member
  • 1035 posts
  • Version:GM:Studio

Posted 16 August 2010 - 09:17 PM

Might I suggest reading this? It's got some more information about that virus and how it works.
  • 0
I ain't 'round these parts too much no more...

InfraTerrra

#46 thatshelby

thatshelby

    GMC Member

  • GMC Member
  • 3823 posts
  • Version:GM8

Posted 16 August 2010 - 09:19 PM

I think I just got auto-directed to the YYG site.
  • 0

#47 theweirdn8

theweirdn8

    Unrivaled Legend

  • GMC Member
  • 4108 posts
  • Version:GM8.1

Posted 17 August 2010 - 05:14 PM

ooh no, I may have the virus, my computer is working slower than it should. Does anyone use AVG as their virus scanner? because its not picking up anything. What should I do?
  • 0

[My milkshake brings all the boys to the yard]


2h2fg3c.png


#48 countofcounts

countofcounts

    GMC Member

  • GMC Member
  • 70 posts
  • Version:GM:Studio

Posted 17 August 2010 - 06:14 PM

It's true. Avast Antivirus is amazing! It told me that every page of Yoyogames was infected with the site "02.2m1sdzs.co.cc/x/index.php" <- Don't go to that site!
Anyway, I came back today and Avast shows no more threats. The matter is resolved. :rolleyes:
  • 0

#49 countofcounts

countofcounts

    GMC Member

  • GMC Member
  • 70 posts
  • Version:GM:Studio

Posted 17 August 2010 - 06:17 PM

ooh no, I may have the virus, my computer is working slower than it should. Does anyone use AVG as their virus scanner? because its not picking up anything. What should I do?


I don't have AVG. But it should pick up the virus if you have it. I have Avast Antivirus and it picked up the virus BEFORE it entered the computer. If you have the Professional version of AVG I wouldn't worry about anything. If you have the free version... then MAYBE.
  • 0

#50 commander of games

commander of games

    Kaos Kreator

  • GMC Member
  • 2883 posts
  • Version:GM:Studio

Posted 17 August 2010 - 06:23 PM

Anyway, I came back today and Avast shows no more threats. The matter is resolved. :rolleyes:

I'm not considering it safe until we get official word from a YYG admin.

Also, dont double post.
  • 0

InvaderX.gif