There is so many people bitching about this virus and where its coming from and they want it to stop showing up and all this other bullshit. People... If you dont wana see the virus anymore stay off the damn site. Or if you want to stop seeing the virus and dont want to worry about getting the damn thing do this quick fix and shut the hell up PLEASE!
This works from any malware/virus/port sniffers/cbexs coming from any website/domain/ip
Find out where it is coming from. In this case its "lil9.cn" Or long -> "http://lil9.cn/c.js%3C/a
1) Browse to Start -> All Programs -> Accessories
2) Right click "Notepad" and select "Run as administrator"
3) Click "Continue" on the UAC prompt
4) Click File -> Open
5) Browse to "C:WindowsSystem32Driversetc"
6) Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7) Select "hosts" and click "Open"
8) Open it with word pad or Notepad it doesn't matter.
In the form of the hosts you need to put the info at the bottom of the file
184.108.40.206 lil9.cn # Fucked up site
Enjoy fpsbanerz without the fkin viruses!
If you want extra info on where its from heres a bit of info:
LIL9.CN - Domain Informationnew
Domain lil9.cn [ Traceroute RBL/DNSBL lookup ]
Registrar åŒ—äº¬æ–°ç½‘æ•°ç ä¿¡æ¯æŠ€æœ¯æœ‰é™å…¬å¸
Whois server whois.cnnic.net.cn
Time Left 362 days 19 hours 8 minutes
DNS servers ns.cnkuai.cn 220.127.116.11
LIL9.CN - Geo Information
IP Address 18.104.22.168
Location CN CN, China
City Jinan, 25 -
Organization CNCGROUP Shandong province network
ISP CNCGROUP Shandong province network
AS Number AS4837 CNCGROUP China169 Backbone
Recently Another one was found.. Throw this one on the "GTFO LIST"
- Just a side note, If fpsbanana wanted to really get rid of the virus, They would start with the advertisements on the site, Thats where the first one came from :P
Well for a start there have been multiple websites attacking FPSB and while it's all well and good to protect yourself Tom needs the feedback of members to tell him where and how the website is being attacked, after all he's only a Demi-God.
Also we now suspect the most likely avenue of attack was SQL injection and not the ADs. Even so Tom has shutdown 3 of his main ad suppliers who make up a lot of the income for this site
And may I ask, why is it that in the very WHOIS information you gave it shows that you joined the DAY AFTER the website came under attack.