Security

[SeymourGore]

Going to just repost the blog post here in its entirety - keep safe out there, Legionnaires!

Just a heads up...
There's been a few reports of a user attempting to infect users systems with trojans, keyloggers, etc. Basically, remember to keep some common sense when it comes to installing mods: avoid running any .exe files, don't automatically click on website links posted, only accept files from people you trust, etc.
If anyone approaches you and asks you to download a file or visit a questionable, unknown website, notify your friendly neighborhood Seymour immediately.

 

[SeymourGore]

As a bonus tip: Don't always assume the person presenting you the link or file is the person you think it is.

 

[stefygraff]

Can i point out specific names?

 

[IzRaPiDz]

Man...

 

[Arch]

Got this from blaze today. Not sure if it's legit.

Check out my new website that I made for legions:
[website removed]

You guys can be admin there, check it out.
If you guys get an error, the website requires java and adobe flash.

 

[Fixious]

DO NOT VISIT BLAZE'S WEBSITE.

http://www.microsoft.com/security/p...Backdoor:Win32/Fynloski.A&threatid=2147640184

 

[k e v i n]

DO NOT VISIT BLAZE'S WEBSITE.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor:Win32/Fynloski.A&threatid=2147640184

controls an infected computer? is that how he always seems to beat me?

 

[GundamExia00]

That wasn't shaska, I already talked to seymour about it.

 

[Freeman]

madhank strikes again!

 

[Fixious]

I am a victim of this. Pretty nasty stuff, been battling with it for 6+ hours now. Will likely have to take it someone else who knows more about this stuff.

 

[Ucantry2run]

I am a victim of this. Pretty nasty stuff, been battling with it for 6+ hours now. Will likely have to take it someone else who knows more about this stuff.

 

[Fixious]

Any way to disable my account without deleting it? I'm very likely at risk of pulling a blaze, and would rather have any kind of posting/submitting privileges removed from whoever is responsible for this.

 

[shaskie]

I am a victim of this. Pretty nasty stuff, been battling with it for 6+ hours now. Will likely have to take it someone else who knows more about this stuff.

Took me 10 hours. Sorry fixious

 

[Volt Cruelerz]

For assurance and added security, I would suggest to people in the near future to post entire URL's instead of linking in a word itself just so that people can see it.

Also, note that you could get a link that says something like: www.legionsoverdrive.com.malware.com. Such an address would not go to a subsite of L:O, but instead to a subsite of malware.com. Please read the full URL before following.

 

[Fixious]

The website asked to install a Java plugin, if anyone is curious. It looked like a completely normal java plugin popup, so I went ahead and accepted it. Guess I put too much faith in Google/Chrome. Odd how MSE didn't detect it either, which is generally good at this sort of stuff.

 

[Volt Cruelerz]

In general, they are best at detecting things once they are aware of them. Unfortunately, smaller things can slip through because it doesn't infect enough people that it gets reported to them.

 

[Arch]

If only Legions ran on Linux...

 

[Fixious]

Anyone know what ICC Center is? I saw it when I looked at my startup programs. I saw "Legions OverDrive" and thought it was a bit strange anything related to L:O would be a startup program. It apparently launched from an AppData folder. Something like appdata/ICC Center/Processor Unit, but when manually going to ICC Center the folder is empty. Strange.

A few of the files I couldn't remove came from AppData as well, but this ICC Center stuff never showed up as one of them.

 

[Volt Cruelerz]

Unfortunately, given the situation, I'd say it's probably malicious..

 

[Fixious]

Laptop is back from friend's house, who does computer stuffs for a living. So far so good. ICC folder is gone, both the folder and startup thing, along with malicious files (according to all the scans).