MM2X Forum

I just opened MM2X in Chrome, but it said "Malware Detected!" everytime I tried to open it. Now I've opened it in a VM, but still, what happened?

Oh! You too see this!? I took a screenshot of it to make a topic in this forum..


@Franch88, what can be this?

It happens on Firefox too, it claims that Google has a blacklist and this site is on it, even though I have never had any problems.

Appeared for me today, althought it never appeared before

Has anyone got this on this site? I just refreshed a topic after last night and it said "MM2X IS BLOCKED, Malware has been detected", So i hit continue and it asked me if i wanted JAVA to be run. :/ Anybody else got anything like that?

WARNING : Guys, on some topics there is a white square for Java on the bottom left. Do not run this, Chrome reports it as malware.

If you guys have seen this square, but Java has run, I advise you to scan your computer.

same thing for me. when i clicked further avg said it removed a treat.
pc is still working though

The website just got infected again today... last time happened in May of past year. So, unfortunately it's not the first time.
Surely all the index pages of the server got edited, I'll look into restoring them all, fortunately there are automatic daily and weekly backups. In the next hours everything should be fine.

good to hear that.

I've taken 2 hours to restore all the files that have got the infection, such as several PHP scripts of this website and all the hosted websites. Now it's all fine, it's left to wait Google bots to scan again this website to find in no more infections and so remove it from its blacklist, this is going to happen tomorrow or in next few days.

i was contacted today from google about the problem..i checked the files but franch already replaced them with a backup...

so i can't see where the malware code was injected.. i just sent the message removal from the google admin page.. i hope it will removed tomorrow..

i think that the malware has been introduced by the HQTM forum or the Riva's site because 26 of the 30 hacked pages are from that 2 sites..

i hope all is working right now..

Good that you've got an advice from Google about the website infection, probably you use their services for the owners of websites. I've been able to fix the problem, like I already did in past with the previous infections, and so I hadn't no important reason to send you an e-mail about what happened, also because could be possible that you could get my message days later (I know that you're busy with personal reasons and that you couldn't have time to spend in this website).
I've restored the infected pages using the weekly backup because when I've connected today I've seen that the daily one got already updated with the infected pages, so, you're in time till the next few hours to check the infected pages present in the daily backup and see how's the inserted code. The infection happened between 12:10 and 12:40 GMT+1 time.
Really the infection has affected pages a bit everywhere in both the servers, and the infected files (HTML, PHP, JS types) were way more than 30.

i checked the files... the code was inserted using a js file wich added a iframe in almost all of the files... but i can't understand how did entered.. it can be from any of the hosted sites...

i'm happy to see that it has been solved for now and i'll try to solve that situation..

thanks a lot franch for your work

So it's gone then? Thanks, Franch and DjDecibel!

So let me get this straight.
By infection you mean hack or something?

That happened to many websites (Especially game ones) in the past week.

Or just some damaged script or anything...

What happened is an infection of the pages, a malicious code of few rows, an iframe this time, was inserted in many PHP, HTML and Javascript files. So those kind of files got edited. When the infected pages get loaded in a browser, throught the inserted code you get connect to some websites, like the one written in the above image. I don't really know how are possible these things, but I would think that's also because of lacunous protection given by the hoster; can't be excluded issues to the structure of the website and its security.
Possibly, DjDecibel, see to do something to avoid future infections of the pages, also because restore them manually is kinda a pain. Dunno, maybe is possible do the restoring automatically by using one of the two backups, but however the daily one already got updated after the infection, and use the weekly one it's not suggested because a bit outdated.