1C Home   |   Register   |   Today Posts   |   Members   |   UserCP   |   Calendar   |   Search   |   FAQ

Go Back   Official 1C Company forum > 1C Publishing > King's Bounty > King's Bounty: Armored Princess

King's Bounty: Armored Princess Sequel to the critically acclaimed King’s Bounty: The Legend.

Reply
 
Thread Tools Display Modes
  #21  
Old 04-07-2010, 05:20 PM
dzeris dzeris is offline
Junior Member
 
Join Date: Feb 2010
Posts: 22
Default

Quote:
Originally Posted by Metathron View Post
AVG says page is fine.
What is wrong with this picture?


Excluding the part where I allow to execute malicious javascript. I don't care what antiviruses say about site. I just look at page source and from that source I can tell that site is infected. sn[edit]sh.ru site randomly fails. Your antivirus might be silent, because infection page fails. Site might be failing now, but if it is not desinfected, one day it won't fail and some user will be infected. If I had to exploit some vulnerability, I would check for vulnerability before loading exploit and would not load it for not vulnerable clients.

Exploit is working for Erkilmarl, because his or her browser is vulnerable.

Last edited by dzeris; 04-07-2010 at 05:48 PM.
Reply With Quote
  #22  
Old 04-08-2010, 08:59 AM
Erkilmarl Erkilmarl is offline
Approved Member
 
Join Date: Jan 2010
Location: Finland
Posts: 141
Default

Thanks, dzeris. Can you do the same checking for the other site?
Reply With Quote
  #23  
Old 04-08-2010, 09:47 AM
dzeris dzeris is offline
Junior Member
 
Join Date: Feb 2010
Posts: 22
Default

Quote:
Originally Posted by Erkilmarl View Post
Thanks, dzeris. Can you do the same checking for the other site?
You can do that yourself. Any normal browser has option to view page source.

In my screenshot used browser is variation of Mozilla Firefox with Firebug, Flashblock, Noscript and some other add-ons. Lower window part is Firebug display of actual page code after javascript is executed.

If you have problems reading page source or noticing anomalies in it, give me site address in private.

"HeroScreen for King’s Bounty: The Legend" link is also infected. Same obstructed javascript in linked swfobject.js script.

Last edited by dzeris; 04-08-2010 at 10:00 AM.
Reply With Quote
  #24  
Old 04-08-2010, 04:55 PM
BB Shockwave BB Shockwave is offline
Approved Member
 
Join Date: Jan 2009
Posts: 633
Default

Just so you know, that link contains a trojan virus. Nod32 gave me a warning when I tried to load the page...

EDIT: Sorry, just saw others noticed it too. Don't mind me...
Reply With Quote
  #25  
Old 04-09-2010, 08:01 AM
Erkilmarl Erkilmarl is offline
Approved Member
 
Join Date: Jan 2010
Location: Finland
Posts: 141
Default

I had IE7 at work... Perhaps 8 would be more safe, don't know. But still I am somewhat confused. Should I be warned as I try to load the page? If the Trojan is activated then, I am checking the code too late. Or is it acteivated as I activate some function on the page?
Reply With Quote
  #26  
Old 04-09-2010, 09:58 AM
dzeris dzeris is offline
Junior Member
 
Join Date: Feb 2010
Posts: 22
Default

Quote:
Originally Posted by Erkilmarl View Post
I had IE7 at work... Perhaps 8 would be more safe, don't know. But still I am somewhat confused. Should I be warned as I try to load the page? If the Trojan is activated then, I am checking the code too late. Or is it acteivated as I activate some function on the page?
You open page, javascript is automatically executed and that russian sn[edit]sh.ru website is loaded in hidden frame. If your browser is vulnerable and site uses some exploit on it, then you have problem. I usually don't play king bounty as Mage and I don't have gift of prophet. I don't have any idea about stuff served by that russian site or what triggers it. Site is unstable or exploit is served not on every connection.

Looks like site uses some PDF exploit. Make sure that your acrobat reader is not outdated. It definitively targets IE7 on Vista. Not sure about IE8.

Forum admins. For gods sake. How many warnings do you need? The fact that your antiviruses are silent does not mean a thing. Any page source investigation should show that there is something wrong with that website.

Last edited by dzeris; 04-09-2010 at 10:05 AM.
Reply With Quote
  #27  
Old 04-12-2010, 03:23 PM
rollems rollems is offline
Member
 
Join Date: Jan 2010
Posts: 64
Default

Every time i launch it. my anti virus warns me of virus attack.
Reply With Quote
  #28  
Old 04-14-2010, 05:19 AM
dzeris dzeris is offline
Junior Member
 
Join Date: Feb 2010
Posts: 22
Default

aurolain.ro site owner cleaned site yesterday.
Reply With Quote
  #29  
Old 02-26-2011, 07:35 AM
hippo hippo is offline
Approved Member
 
Join Date: Dec 2010
Posts: 34
Default

Is Heroscreen for Crossworld?
Reply With Quote
  #30  
Old 11-10-2012, 05:25 PM
ccx ccx is offline
Junior Member
 
Join Date: Sep 2012
Posts: 3
Default

did anyone ever make one of these for crossworlds?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:49 PM.

Based on a design by: Miner Skinz.com

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright © 2007 1C Company. All rights reserved.