King’s Bounty HeroScreen interactive guide - Page 3

dzeris · #21 04-07-2010, 06:20 PM

Quote:

Originally Posted by Metathron

AVG says page is fine.

What is wrong with this picture?

Excluding the part where I allow to execute malicious javascript. I don't care what antiviruses say about site. I just look at page source and from that source I can tell that site is infected. sn[edit]sh.ru site randomly fails. Your antivirus might be silent, because infection page fails. Site might be failing now, but if it is not desinfected, one day it won't fail and some user will be infected. If I had to exploit some vulnerability, I would check for vulnerability before loading exploit and would not load it for not vulnerable clients.

Exploit is working for Erkilmarl, because his or her browser is vulnerable.

Erkilmarl · #22 04-08-2010, 09:59 AM

Thanks, dzeris. Can you do the same checking for the other site?

dzeris · #23 04-08-2010, 10:47 AM

Quote:

Originally Posted by Erkilmarl

Thanks, dzeris. Can you do the same checking for the other site?

You can do that yourself. Any normal browser has option to view page source.

In my screenshot used browser is variation of Mozilla Firefox with Firebug, Flashblock, Noscript and some other add-ons. Lower window part is Firebug display of actual page code after javascript is executed.

If you have problems reading page source or noticing anomalies in it, give me site address in private.

"HeroScreen for King’s Bounty: The Legend" link is also infected. Same obstructed javascript in linked swfobject.js script.

BB Shockwave · #24 04-08-2010, 05:55 PM

Just so you know, that link contains a trojan virus. Nod32 gave me a warning when I tried to load the page...

EDIT: Sorry, just saw others noticed it too. Don't mind me...

Erkilmarl · #25 04-09-2010, 09:01 AM

I had IE7 at work... Perhaps 8 would be more safe, don't know. But still I am somewhat confused. Should I be warned as I try to load the page? If the Trojan is activated then, I am checking the code too late. Or is it acteivated as I activate some function on the page?

dzeris · #26 04-09-2010, 10:58 AM

Quote:

Originally Posted by Erkilmarl

I had IE7 at work... Perhaps 8 would be more safe, don't know. But still I am somewhat confused. Should I be warned as I try to load the page? If the Trojan is activated then, I am checking the code too late. Or is it acteivated as I activate some function on the page?

You open page, javascript is automatically executed and that russian sn[edit]sh.ru website is loaded in hidden frame. If your browser is vulnerable and site uses some exploit on it, then you have problem. I usually don't play king bounty as Mage and I don't have gift of prophet. I don't have any idea about stuff served by that russian site or what triggers it. Site is unstable or exploit is served not on every connection.

Looks like site uses some PDF exploit. Make sure that your acrobat reader is not outdated. It definitively targets IE7 on Vista. Not sure about IE8.

Forum admins. For gods sake. How many warnings do you need? The fact that your antiviruses are silent does not mean a thing. Any page source investigation should show that there is something wrong with that website.

rollems · #27 04-12-2010, 04:23 PM

Every time i launch it. my anti virus warns me of virus attack.

dzeris · #28 04-14-2010, 06:19 AM

aurolain.ro site owner cleaned site yesterday.

hippo · #29 02-26-2011, 08:35 AM

Is Heroscreen for Crossworld?

ccx · #30 11-10-2012, 06:25 PM

did anyone ever make one of these for crossworlds?