Watch out for vidiotmaps.com

I went to vidiotmaps.com this morning to check and see which badges I needed in Warburg. When I went to the Warburg map page I was redirected to an antivirus scan bot. It looks to me like someone hacked the site. I don't think the administrators of vidiotmaps.com would do something like this. If you are reading this and you are one of those administrators please see what you can do to fix this.

I just checked that page as well as various other pages on the site and everything seems to be working fine. You might want to check your own computer for an infection. I've seen people have stuff on their computers that they didn't know was there, but would cause behavior like you described. Specifically, run msconfig and see if there's anything you don't recognize on the Startup tab.

I know 2 players who's computers were infected while visiting badge-hunter week or so ago. At the same time vidiotmaps and badge-hunter were blocked for me by IE as unsafe. Before that, NAV reported that "pidief" trojan is contained in the files downloaded from vidiotmaps and badge-hunter. Both vidiotmaps and badge-hunter were fine last week. It is possible these were hacked again tho

There's something with the ad at the very bottom. I just got redirected to a fake "virus checker" site from there. I hit reload (after blocking that site) and got a regular ad.

I got a map from there awhile ago, and I dont really need it anymore. How do I delete it?

There's nothing wrong with the maps, and no way to get a virus from them.

I don't recall if there's an uninstall in included, but you can simply go into the "Data\texture_library" directory of you CoH folder and delete the "MAPS" and "V_MAPS" folders.

The problem may be something different.

There is currently an active virus who's name I cannot for the life of me recall. It begins with an A and the extension I believe is .CT or something odd like that..

The virus's most common functions are browser redirects. So when you click a link or bookmark it will try to redirect you to another site, generally advertising or another malware site. If I can dig up the name I will post it up. It is however a VERY tenacious virus, going undetected by many scanners and even finding ways to reinstall itself if you do clean it as it also alters the host DNS settings to allow a reinstall if it is wiped.

While a virus is always a possibility, the fact that I've only had one browser redirect, and it was only when I went to the Vidiotmaps site, and wouldn't happen again once I had blocked clicksor.com (the ad site) even after some 30 reloads of the site, make it much less likely that it's a virus causing the problem.

I've shot the site admins a notice about the problems with their ad provider.

Hopefully they find some way to correct it or do without the ads.

Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.

http://malwarebytes.org/

Try malwarebytes antimalware scanner. Its free and highly effective. If for any reason it wont start up or install, its likely you are infected.

I immediately ran spybot S&D and CCleaner (Crap Cleaner). They are two great programs that I rely on regularly and highly recommend. Both are free.

See this thread for more info: http://boards.cityofheroes.com/showthread.php?t=208266

Okay guys, got a reply from Beef Cake over at Badge Hunter.

Clicking on the linked image above will take you off the City of Heroes site. However, the guides will be linked back here.

Thanks Hyper, I hope they get it under control soon because I really love vidiotmaps and badge-hunter.

Hello everyone,

I just wanted to come in here and give everyone the details as to what had happened. And what we have done to correct the situation.

As some of you may've seen, we recently added a Ad Service to our site to help generate some money to help keep the site running due to server costs..etc..etc Well the Ad Service we used was Clicksor.com

Everything seemed to be fine until I had the same thing happen to me when visiting my own site. I thought I actually had a virus, but that wasn't the case. Afterwards, I did what most of you may have done and ran my Virus Scanner and Malware program. The end results were fine, I wasn't infected. And I truly hope no one else was either.

It happened a second time when visiting my site, and that's when it dawned on me, the only thing different on my site was the Ad Service. So I contacted the Ad Service and reported this situation with Clicksor.com immediately.

After about 2 days and no results, I finally decided to remove that Ad Service, after I received the two emails, it told me it wasn't just me and my hunch was correct about it being the Ad Service. Since then, I haven't had any issues. That Ad Service will never be used again, nor will I ever send anyone to them in the future.

I contacted BidVertiser (another ad site) in regards to this same situation and they assured me, that their system has protection against things like this and can not happen. So the site will be fine as of yesterday. But I'm not worried about the site, I'm more worried about the community and its thoughts when it comes tot he site. So the issue has been "Removed" all together with no future of it ever happening again. (At least I hope not)

So I'd like to "Wholehearted" apologize to anyone who may have experienced this over at my site. I wish it had never happened and if I knew such a threat was possible, I never would have placed it on my site to begin with. So I hope you can understand that.

And in the future, if anything like this should ever happen again, I would hope I would get a email ASAP. I think I did from 2 different members, one being in this thread. Another actually had the info I needed, which was given to Clicksor.com but I wasn't waiting for a fix, I removed the service and will never look back to them.

Again, I really apologize for this and hope you can forgive my ignorance.

Sincerely,
Rob
aka Beef Cake

From me, at least, no worries at all. I'd rather you had adds than stop having a host, and I think it's pretty clear this wasn't somehow directly the site admins' faults.

I can't imagine any ad site fessing up to vulnerability to such things ahead of time, and plenty of hosts of all types have turned up hacked via various injection or XSS vulnerabilities. All we can do is keep our eyes open and let folks like you know when weird stuff happens.

This did prompt me to look into hardening my own browser a bit more, which isn't a bad thing.

Another related link:

http://boards.cityofheroes.com/showthread.php?t=208266

bad adsite. Bad.

Probably only an issue if people arent running adblock/ no script or are on explorer.

Searching Google, this appears to be a common problem with anyone who uses Clicksor.com. So don't use it.