1. Post #201
    Gold Member
    Limed00d's Avatar
    February 2011
    12,058 Posts
    Can someone who only has TF2C installed be impacted by this? I have it on my computer but never really play it...
    nope
    Reply With Quote Edit / Delete Windows 7 Waterfox Norway Show Events Agree Agree x 4Informative Informative x 1 (list)

  2. Post #202
    Puuurple
    Keychain's Avatar
    May 2008
    18,800 Posts
    Can someone who only has TF2C installed be impacted by this? I have it on my computer but never really play it...
    No. As long as you don't join the server you're fine. To be safe, don't join any servers until the problem is fixed.
    Reply With Quote Edit / Delete Windows 10 Chrome United States Show Events Agree Agree x 1 (list)

  3. Post #203
    darkspire17's Avatar
    October 2013
    116 Posts
    anyone got a mirror for the client, allso do i still have permission to use patch 1.6 as a base of my mod?
    Reply With Quote Edit / Delete Windows 7 Firefox Australia Show Events Zing Zing x 1 (list)

  4. Post #204
    evilcake567's Avatar
    September 2015
    13 Posts
    This shit is scary
    Reply With Quote Edit / Delete Windows 8.1 Firefox Show Events Agree Agree x 6 (list)

  5. Post #205
    Gold Member
    chipsnapper2's Avatar
    August 2012
    3,281 Posts
    anyone got a mirror for the client, allso do i still have permission to use patch 1.6 as a base of my mod?
    How do you plan on doing that if you don't have the 1.6-era code?
    Reply With Quote Edit / Delete iPhone Safari United States Show Events

  6. Post #206
    Dennab
    July 2013
    1,996 Posts
    We should write a letter to Valve to ask them to manual VAC ban FruitFace and his lackeys.
    Reply With Quote Edit / Delete Windows 10 Internet Explorer 11 Singapore Show Events Agree Agree x 13Funny Funny x 3Disagree Disagree x 1 (list)

  7. Post #207
    Gold Member
    NitronikALT's Avatar
    September 2010
    10,452 Posts
    We should write a letter to Valve to ask them to manual VAC ban FruitFace and his lackeys.
    You guys need to lay down the accusations.

    This is just a big spiral of shit - there's no hard evidence as to who did what.
    Reply With Quote Edit / Delete Windows 8.1 Firefox Italy Show Events Dumb Dumb x 1 (list)

  8. Post #208
    MiyuLynx's Avatar
    December 2014
    24 Posts
    You guys need to lay down the accusations.

    This is just a big spiral of shit - there's no hard evidence as to who did what.
    yes there is
    Reply With Quote Edit / Delete Windows 10 Firefox United States Show Events Dumb Dumb x 6 (list)

  9. Post #209
    Dennab
    January 2015
    897 Posts
    wow this just got really fucking crazy really fucking quick
    Reply With Quote Edit / Delete Linux Chrome Show Events Agree Agree x 4 (list)

  10. Post #210

    February 2015
    43 Posts
    A certain server has a virus that can download on your computer via spray images, and can block your steam and fp accounts, steal your items, and many other undesirable things. Moral of the story: stay off of TF2C until further notice.
    can also infect other servers and so just dont get on for now
    Reply With Quote Edit / Delete Windows 10 Chrome United States Show Events Dumb Dumb x 1 (list)

  11. Post #211
    Su_Bu's Avatar
    May 2015
    76 Posts
    Is it possible to completely remove the ability to use sprays in later versions of TF2C so we can avoid something similar to this later? I actually completely forgot sprays existed until now.

    Who am I kidding, it's probably not that easy. It really does suck, but I am glad someone noticed early enough.
    Reply With Quote Edit / Delete Windows 7 Chrome United States Show Events Agree Agree x 1 (list)

  12. Post #212
    PimpinDemopan's Avatar
    February 2012
    1,131 Posts
    Shit. I haven't played TF2C on my other laptop (am currently using my new one, getting Windows 10 installed) for a few days now; would I somehow even have this file? It's kinda freaking me out.
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events

  13. Post #213
    PistonMiner's Avatar
    May 2015
    36 Posts
    On the record of banning people, we are already engineering a system to ban people from the mod at this time. People can of course bypass it, especially if they're experienced, but adding a server-side system to kick people on joining or similar should discourage and make those attempts more difficult.
    Reply With Quote Edit / Delete Windows 8.1 Firefox Germany Show Events Winner Winner x 2 (list)

  14. Post #214
    Dennab
    January 2015
    897 Posts
    Shit. I haven't played TF2C on my other laptop (am currently using my new one, getting Windows 10 installed) for a few days now; would I somehow even have this file? It's kinda freaking me out.

    If you have joined the infected server, yes.

    I suggest scanning your source sdk mp base 13 for viruses immediatly.
    Reply With Quote Edit / Delete Linux Chrome Show Events Agree Agree x 1 (list)

  15. Post #215
    jimbobjoe1234's Avatar
    August 2012
    4,102 Posts
    Jesus, I never would have figured something this scary and convoluted would ever actually happen to a freaking mod. I hope everything gets patched up. I don't want this project to die.
    Reply With Quote Edit / Delete Android Chrome United States Show Events Friendly Friendly x 9 (list)

  16. Post #216
    Cpt. Cakes's Avatar
    November 2014
    979 Posts
    It probably won't die, it's just dead right now because it's too dangerous to play on it.

    I know a guy who can host a server (garden freeman), I'll ask him if he could set sv_upload to 0 and sv_allowupload to 0 so we could play on TF2C again.
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events Agree Agree x 1 (list)

  17. Post #217
    Gold Member

    August 2012
    2,015 Posts
    Good thing TF2C has no linux binaries or I might have been hacked!
    Reply With Quote Edit / Delete THIS BUG NEEDS FIXING, BUT I DONT KNOW WHAT CAUSES IT, SO SHUT UP AND STOP POSTING ABOUT IT. Thanks. United States Show Events Funny Funny x 7Zing Zing x 3 (list)

  18. Post #218
    Cpt. Cakes's Avatar
    November 2014
    979 Posts
    Here are the scan results

    Here's what they say

    F:\downloads\7A32.tmp
    a variant of Win32/Verti.G potentially unwanted application

    F:\downloads\Alsina_Font_Installer.exe

    a variant of Win32/OpenInstall potentially unwanted application

    And here is how they cleaned it:

    F:\downloads\7A32.tmp - a variant of Win32/Verti.G potentially unwanted application - cleaned by deleting - quarantined [1]

    F:\downloads\Alsina_Font_Installer.exe - a variant of Win32/OpenInstall potentially unwanted application - cleaned by deleting - quarantined [1]

    Am I safe?



    I do not remember downloading these files.

    I scanned my 3 drives that I use.

    It also had some notes.

    Notes:

    [4] Object cannot be opened. It may be in use by another application or operating system.

    [1] Object has been deleted as it only contained the virus body.
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events Dumb Dumb x 1 (list)

  19. Post #219
    Gold Member
    NitronikALT's Avatar
    September 2010
    10,452 Posts
    It probably won't die, it's just dead right now because it's too dangerous to play on it.

    I know a guy who can host a server (garden freeman), I'll ask him if he could set sv_upload to 0 and sv_allowupload to 0 so we could play on TF2C again.
    You really should hold off playing until we finish sorting things out.
    Reply With Quote Edit / Delete Windows 8.1 Firefox Italy Show Events Agree Agree x 2 (list)

  20. Post #220
    Dr. Kyuros's Avatar
    June 2014
    2,891 Posts
    Apparently everybody is now saying that this guy is the one responsible - http://steamcommunity.com/id/TheAlucardFromHell.
    That Alucard? As in the former poster boy of Find the worst Steam profiles?

    Can't believe he'd be this petty if he was involved either as a lackey or the actual person behind this, not that he has any real motive to do so.
    Reply With Quote Edit / Delete Windows 10 Chrome United States Show Events

  21. Post #221
    Kierany9's Avatar
    September 2013
    1,615 Posts
    Jesus, I stop lurking the thread for one day and then this happens. Whoever did this is being seriously petty right now.
    Reply With Quote Edit / Delete Windows 7 Firefox Spain Show Events Friendly Friendly x 3 (list)

  22. Post #222
    Well, I ran a windows defender scan, and then a malware bytes scan. I can only hope I'm safe I guess.

    Problem is, I joined a server yesterday with TheRubberFruitFace in it...and I'm not sure if he joined servers other than his own.
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events Friendly Friendly x 3 (list)

  23. Post #223
    Cpt. Cakes's Avatar
    November 2014
    979 Posts
    Was it a VaultF4 server?
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events

  24. Post #224
    Was it a VaultF4 server?
    I honestly don't remember, I just know he was there. But probably yeah.
    Reply With Quote Edit / Delete Windows 8.1 Chrome United States Show Events

  25. Post #225
    Cpt. Cakes's Avatar
    November 2014
    979 Posts
    I honestly don't remember, I just know he was there. But probably yeah.
    Well, do a virus scan with ESET NOD32 (this antivirus can detect the virus) and select all your hard drives and scan just to be safe.
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events Useful Useful x 1Late Late x 1Agree Agree x 1 (list)

  26. Post #226

    April 2015
    2,208 Posts
    note I played one of my own server and a REAL vault server on second day of release and that's it, can confirm my computer is back then and now not infected, but there was no sprays either.
    Reply With Quote Edit / Delete Windows 10 Chrome United States Show Events

  27. Post #227
    austin0331's Avatar
    July 2011
    1,190 Posts
    Is this similar to that Garrysmod/TF2 fiasco that happened a while back? I remember being deathly afraid of playing any source game at all. It was the one that changed all the hacked victim's Steam names to the same phrase but I can't at all remember what it was.
    vinh'll fix it *cough*
    yeeah thats it. whatever happened to that? I sort of remember it being harmless but only affected people's usernames to get Valve to fix a big hole in their security to prevent things like this in the future. Or am I thinking of something else?
    Reply With Quote Edit / Delete Windows 7 Chrome Canada Show Events Agree Agree x 4 (list)

  28. Post #228
    Gold Member
    LittleBabyman's Avatar
    November 2010
    7,251 Posts
    vinh'll fix it *cough*
    Reply With Quote Edit / Delete Windows 7 New Opera Finland Show Events Agree Agree x 4Funny Funny x 3Dumb Dumb x 1 (list)

  29. Post #229
    Gold Member
    NitronikALT's Avatar
    September 2010
    10,452 Posts
    Is this similar to that Garrysmod/TF2 fiasco that happened a while back? I remember being deathly afraid of playing any source game at all. It was the one that changed all the hacked victim's Steam names to the same phrase but I can't at all remember what it was.


    yeeah thats it. whatever happened to that? I sort of remember it being harmless but only affected people's usernames to get Valve to fix a big hole in their security to prevent things like this in the future. Or am I thinking of something else?
    That was another thing entirely.

    The *cough* virus was more similiar to what you are describing. Valve never updated the engine binaries** for the Source SDK 2013, so that's why it happened
    Reply With Quote Edit / Delete Windows 8.1 Firefox Italy Show Events Agree Agree x 1 (list)

  30. Post #230
    Nicknine's Avatar
    November 2014
    458 Posts
    That was another thing entirely.

    The *cough* virus was more similiar to what you are describing. Valve never updated the source code for the Source SDK 2013, so that's why it happened
    It's not the source code that is the problem it's that Valve hasn't updated engine binaries for SDK 2013 Base MP.
    Reply With Quote Edit / Delete Windows 7 Firefox Russian Federation Show Events

  31. Post #231
    Gold Member
    NitronikALT's Avatar
    September 2010
    10,452 Posts
    It's not the source code that is the problem it's that Valve hasn't updated engine binaries for SDK 2013 Base MP.
    Woops. Fixed it!
    Reply With Quote Edit / Delete Windows 8.1 Firefox Italy Show Events

  32. Post #232
    PimpinDemopan's Avatar
    February 2012
    1,131 Posts
    If you have joined the infected server, yes.

    I suggest scanning your source sdk mp base 13 for viruses immediatly.
    I don't think I did so I might be all set. Gonna do a virus scan just in case though.
    Reply With Quote Edit / Delete Windows 10 Chrome United States Show Events

  33. Post #233
    Yoshiatom's Avatar
    June 2015
    30 Posts
    The Source SDK Base 2013 Multiplayer has update queued for me.

    In the words of Jane Doe himself; "I'VE GOT A GOOD FEELING ABOUT THIS!"
    Reply With Quote Edit / Delete Windows 8.1 Firefox United Kingdom Show Events Agree Agree x 10 (list)

  34. Post #234
    Prolonged exposure to my opinions can be mentally scarring or in some cases FATAL
    Dennab
    April 2011
    15,501 Posts
    Stop what you're doing.

    http://ic3.gov for starting a criminal investigation for the spreading of malware.

    If someone can spin up a VM and use Wireshark (or attach it to the VM's virtual network controller), get a packet capture for proof of the malicious act.
    Reply With Quote Edit / Delete Windows 7 Chrome Canada Show Events Informative Informative x 4 (list)

  35. Post #235
    Gazyi's Avatar
    April 2009
    560 Posts
    If it's really masks itself as spray, don't forget to clean up "download/user_custom" and "materials/temp" folders.
    Reply With Quote Edit / Delete Windows XP Firefox Russian Federation Show Events Agree Agree x 2 (list)

  36. Post #236
    Gold Member

    August 2012
    2,015 Posts
    RIP Yiffy Fox.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Agree Agree x 3Friendly Friendly x 1 (list)

  37. Post #237
    Nicknine's Avatar
    November 2014
    458 Posts
    Judging from Fox's pre-theft username it was an old screenshot.
    Reply With Quote Edit / Delete Android Chrome Russian Federation Show Events Friendly Friendly x 4 (list)

  38. Post #238
    Gold Member

    August 2012
    2,015 Posts
    It's pretty much safe to say if you played with Rubberfruit AT ALL on TF2C you should format your computer and reinstall windows.
    Reply With Quote Edit / Delete Windows 7 Firefox United States Show Events Friendly Friendly x 4Agree Agree x 2 (list)

  39. Post #239
    Cpt. Cakes's Avatar
    November 2014
    979 Posts
    It's pretty much safe to say if you played with Rubberfruit AT ALL on TF2C you should format your computer and reinstall windows.
    I have played with him. I have scanned my computer with Malwarebytes and ESET NOD32 antivirus (eset nod32 can detect that virus), no virus. Should I still format my computer and reinstall windows?
    Reply With Quote Edit / Delete Windows 10 Edge United States Show Events

  40. Post #240
    Doctor_Lazlo's Avatar
    November 2014
    714 Posts
    I have played with him. I have scanned my computer with Malwarebytes and ESET NOD32 antivirus (eset nod32 can detect that virus), no virus. Should I still format my computer and reinstall windows?
    Do it anyway just to be safe.
    Reply With Quote Edit / Delete Windows 7 Chrome United Kingdom Show Events