avoid FPSBanana

[Pogue Mahone]

If you're planning on looking for new maps, UIs or any other mods then avoid FPS Banana for a while. They've been infected with the "Black Internet" trojan.

Full Credit to Rhalle and GTFO Gaming for finding this. Just thought I'd let you all know about this since the only thread on this on the Steam forums is in the CS:S forum.

Here's the links to the threads I got them on and some info I quoted on it:

Rhalle
GTFO

Originally Posted by GTFO
The site is currently infected with the 'Black Internet' trojan.

It's embedded in the site itself somehow, which means all you have to do is go there-- you don't have to download anything, and you'll be infected. All the following programs did not detect the trojan AVG, Ad-Aware and Windows Defender.

If you've been to FPSBanana in the last day or less, check your task manager. Look for iexplore.exe running-- or multiple instances of it if you are surfing with internet explorer, of course. You might also be hearing audio advertisements and/or multiple weird noises and mouseclicks.

Apparently this trojan infects the MBR, to fix the virus problem make all folders viewable in the control panel -> large icons -> folder options -> view -> show hidden files, folders and drives, then reboot in Safe Mode and go here:

C:\Users\YOURUSERNAME\Appdata\Local\Temp

and deleting these two files:

Loader.exe
Smss.exe

And until further notice I strongly suggest that you avoid going to the website.

Originally Posted by GTFO
About this Virus
The new FPSBanana virus is a Rootkit virus known as "Black Internet". It is extremely dangerous to your system and security on your computer. A Rootkit virus buries itself into your Master Boot Record which forces the virus to load upon startup. You cannot disable the virus through safe-mode or "msconfig".
!NOTE!
VIRUS SCANNERS WILL NOT DETECT OR FIND THIS VIRUS! ONLY REAL-TIME VIRUS PROTECTION CAN DETECT AND STOP THIS VIRUS FROM BEING INSTALLED.

As of right now, the only working real-time detection and stopping of this virus is Kaspersky. Kaspersky will NOT remove the virus if you already have it.
The virus is obtained through a Java exploit from the advertisements on FPSBanana. Adblock will NOT stop you from getting this virus. Even if you have Ripe, you can still get this virus.

What does it do?
First, the virus buries itself into your Master Boot Record to keep you from detecting and removing the virus easily with any type of virus protection software. Afterwards, it loads up an application that will keep Internet Explorer open and showing you ads in the background or hidden voice ads. There are also reports of this being a Backdoor virus also which can transfer your sensitive information to the creators.

Symptoms
- Internet Explorer opens with ads randomly
- Windows keep minimizing
- Your computer sound will keep turning up and down randomly
- You will hear the clicks of pages being browsed in the background
- Visiting websites might not work

Do I have the Virus?
Even if you think you do not have the virus, you could still be infected!
There is an easy way to test if you have the virus. Follow these steps...

Step 1)
Press CTRL+ALT+DEL on your keyboard. Click "Open Task Manager".

Step 2)
On the Task Manger, click the "Processes" tabs.

Step 3)
Look through your processes for "loader.exe". If you have that file running, there will also be one or multiple instances of "iexplorer.exe". If so, You are infected!

Image

Removing the Virus
To remove this virus, you are REQUIRED to have a Windows disk corresponding to your version of Windows OR a recovery drive that came from factory. If you do not, you are pretty much screwed... There are other ways but they have a 10% chance of working.

So now, insert your Windows disk into your CD/DVD drive and restart your computer. When it says to "Press any key to continue..." do so. If you have a recovery drive, you will either have to press a key that is defined on the Bios screen or press F8 before Windows loads. Choose to recover your Windows installation.

After you choose the option to recover your Windows Installation, you can choose to use Command Prompt to do so. Once the Command Prompt opens, type the following...

Windows XP: fixmbr
Vista or 7: bootrec.exe /FixMbr

After the process completes, you can then close command prompt and Restart your computer. When the computer loads up again, the Virus has been disabled. You just need to delete the file.

You can either use CCleaner to delete all over your Windows Temporary Files or goto your temp folder in the following location...
Windows XP: C:\Documents and Settings\Application Data\temp
Vista or 7: C:\Users\[YOUR USERNAME]\AppData\Local\Temp

Find the file "loader.exe" and delete it.

You should be all set now and the infection should be gone. Double check by following the the steps to check for the virus above

[SmokeDef]

good call, thx man

...if it isn't an attempt to discredit fpsbanana by some really hard working troll.
Though it's better to avoid fpsbanana until further notice, not that I visit that site much anyway.

[indivisible]

Agree with smoke, would be difficult to replace every download. But maybe I don't know enough and all it would take is changing one line of code in the right place...

Either way, cheers Kiss for the heads up!

[m.tt]

I've been to fps banana quite a lot over the past few weeks but don't seem to have picked up anything even with minimal anti-virus stuff. Maybe the exploit is dependant on having internet explorer installed though...in which case I'm still happy I removed it as far as possible.

Seems a legit problem for some, the post is up on their forums. Good catch.

[Sharp Dagger]

It's had A virus for over a year now. AFAIK, direct downloads from there are alright.

[postie]

you would have to run the .exe to get the rootkit installed. Otherwise there is huge bug in Windows that should be fixed ASAP

[Flynnstone]

Its funny normally a search for a trojans name will turn up mcafee or another security site with details about it, this one just seems to turn up 'don't visit fpsbanana' threads.

[Exterminatus]

Shit, thanks man. I was thinking of looking for some custom skins on it... dodged a bullet on that one, cheers.

[Taekwon-joe]

Lol, since getting both my laptop and my comp i have never bothered to install any anti-virus software. Not once have i had any problems with either. No slow downs, no random crashing. Personally think their more hassle than their worth.

I remember reading an article somewhere that was saying that you don't need one because Windows can handle most things these days. And as long as you have half a brain and don't click on every flashing banner advert you come across you should be ok.

[YamNivek]

Im with you Joe, i use very minimal stuff. I run malware bytes once a month if I can be bothered to remember. I have windows security thing installed but that seems more trouble than its worth at the moment with random slow downs and freezing caused by it.

Like you said, surf clever and dont install any old shit from any old shitty website.