anyone got a mirror for the client, allso do i still have permission to use patch 1.6 as a base of my mod?
This shit is scary
We should write a letter to Valve to ask them to manual VAC ban FruitFace and his lackeys.
wow this just got really fucking crazy really fucking quick
Is it possible to completely remove the ability to use sprays in later versions of TF2C so we can avoid something similar to this later? I actually completely forgot sprays existed until now.
Who am I kidding, it's probably not that easy. It really does suck, but I am glad someone noticed early enough.
Shit. I haven't played TF2C on my other laptop (am currently using my new one, getting Windows 10 installed) for a few days now; would I somehow even have this file? It's kinda freaking me out.
On the record of banning people, we are already engineering a system to ban people from the mod at this time. People can of course bypass it, especially if they're experienced, but adding a server-side system to kick people on joining or similar should discourage and make those attempts more difficult.
Jesus, I never would have figured something this scary and convoluted would ever actually happen to a freaking mod. I hope everything gets patched up. I don't want this project to die.
It probably won't die, it's just dead right now because it's too dangerous to play on it.
I know a guy who can host a server (garden freeman), I'll ask him if he could set sv_upload to 0 and sv_allowupload to 0 so we could play on TF2C again.
Good thing TF2C has no linux binaries or I might have been hacked!
Here are the scan results
Here's what they say
a variant of Win32/Verti.G potentially unwanted application
a variant of Win32/OpenInstall potentially unwanted application
And here is how they cleaned it:
F:\downloads\7A32.tmp - a variant of Win32/Verti.G potentially unwanted application - cleaned by deleting - quarantined 
F:\downloads\Alsina_Font_Installer.exe - a variant of Win32/OpenInstall potentially unwanted application - cleaned by deleting - quarantined 
Am I safe?
I do not remember downloading these files.
I scanned my 3 drives that I use.
It also had some notes.
 Object cannot be opened. It may be in use by another application or operating system.
 Object has been deleted as it only contained the virus body.
Can't believe he'd be this petty if he was involved either as a lackey or the actual person behind this, not that he has any real motive to do so.
Jesus, I stop lurking the thread for one day and then this happens. Whoever did this is being seriously petty right now.
Well, I ran a windows defender scan, and then a malware bytes scan. I can only hope I'm safe I guess.
Problem is, I joined a server yesterday with TheRubberFruitFace in it...and I'm not sure if he joined servers other than his own.
Was it a VaultF4 server?
note I played one of my own server and a REAL vault server on second day of release and that's it, can confirm my computer is back then and now not infected, but there was no sprays either.
Is this similar to that Garrysmod/TF2 fiasco that happened a while back? I remember being deathly afraid of playing any source game at all. It was the one that changed all the hacked victim's Steam names to the same phrase but I can't at all remember what it was.
vinh'll fix it *cough*
The *cough* virus was more similiar to what you are describing. Valve never updated the engine binaries** for the Source SDK 2013, so that's why it happened
Stop what you're doing.
http://ic3.gov for starting a criminal investigation for the spreading of malware.
If someone can spin up a VM and use Wireshark (or attach it to the VM's virtual network controller), get a packet capture for proof of the malicious act.
If it's really masks itself as spray, don't forget to clean up "download/user_custom" and "materials/temp" folders.
RIP Yiffy Fox.
Judging from Fox's pre-theft username it was an old screenshot.
It's pretty much safe to say if you played with Rubberfruit AT ALL on TF2C you should format your computer and reinstall windows.