Jump to content


cef_browser_process.exe


  • Please log in to reply
16 replies to this topic

Ozric #1 Posted Oct 14 2018 - 03:23

    Sergeant

  • Players
  • 22622 battles
  • 184
  • Member since:
    04-25-2012

I get an out of game popup Javascript Alert from siteadvisorpc.com  saying 'Windows Security Center: Your McAfee subscription has expired today.  Renew now to protect your computer from the latest Ransomware viruses.' 

 

Process traces to cef_browser_process.exe described as World of Tanks Chromium Embedded Browser of which there are 3 processes running.

 

Anyone else?  I don't even run McAfee.



PickleWater #2 Posted Oct 14 2018 - 03:40

    Staff sergeant

  • Players
  • 21329 battles
  • 400
  • Member since:
    02-06-2013

When I went to task manager I found three instances of squirrel_in_underpants.exe



Ndtm #3 Posted Oct 14 2018 - 03:44

    Major

  • Players
  • 17376 battles
  • 4,049
  • Member since:
    05-01-2012
While it is the browser component these kinds of things typically trace back to mods, some people go rouge after having had a clean version out for a while, or those are the stories i've heard anyway as i luckily haven't had to deal with anything like it

PickleWater #4 Posted Oct 14 2018 - 03:47

    Staff sergeant

  • Players
  • 21329 battles
  • 400
  • Member since:
    02-06-2013

View PostNdtm, on Oct 13 2018 - 21:44, said:

some people go rouge after having had a clean version out for a while

 

Who are you to judge if they choose to have a little color in their cheeks?

atila_xD #5 Posted Oct 14 2018 - 03:50

    Sergeant

  • -Players-
  • 7110 battles
  • 229
  • [YOUJO] YOUJO
  • Member since:
    10-13-2014
You clearly got malware. Try malware bytes and ADW cleaner. If these 2 programs fail you i recommend a fresh install

Edited by atila_xD, Oct 14 2018 - 05:43.


ColonelShakes #6 Posted Oct 14 2018 - 04:12

    Captain

  • -Players-
  • 11673 battles
  • 1,099
  • [CDN] CDN
  • Member since:
    01-17-2016

Some malware rode in with your latest mods or other programs you installed.  

 

You got phished.  Take the exact wording of the popup and put it in Google.  



Insanefriend #7 Posted Oct 14 2018 - 04:18

    Staff sergeant

  • Players
  • 38733 battles
  • 437
  • Member since:
    04-06-2012
Then figure your computer has been owned and reinstall windows.  Also change all pass words for accounts you may have used.  Computer security rules of thumb to ensure you never get hacked.

Isola_di_Fano #8 Posted Oct 14 2018 - 06:09

    Major

  • Players
  • 21743 battles
  • 3,573
  • Member since:
    11-05-2012

Depending on what you do, Windows Defender might be enough, you can also do offline scans to fix problems.

 

It ranks top 5 to 7 depending on tests and labs. For Mr and Mrs everybody like me it is more than enough protection.

 

And, big plus in my book, very easy to set up.



WhineMaker #9 Posted Oct 14 2018 - 07:52

    Major

  • Players
  • 33871 battles
  • 3,793
  • Member since:
    04-21-2011

1) Learn Python

 

2) Decompile some of the mods you run

 

3) Browse through some of the decompiled mod scripts

 

4) Freak out as to how many keylogger scripts you freely downloaded and executed on your pc

 

5) Go vanilla

 

 



steelandpain #10 Posted Oct 14 2018 - 11:58

    Sergeant

  • -Players-
  • 11041 battles
  • 193
  • [VAHLA] VAHLA
  • Member since:
    05-03-2015

View PostWhineMaker, on Oct 14 2018 - 07:52, said:

1) Learn Python

 

2) Decompile some of the mods you run

 

3) Browse through some of the decompiled mod scripts

 

4) Freak out as to how many keylogger scripts you freely downloaded and executed on your pc

 

5) Go vanilla

 

 

 

If you're aware of key-logger scripts in Wargaming approved mods, why don't you report them and list them here, otherwise I call BS on this.

BlackFive #11 Posted Oct 14 2018 - 16:43

    Major

  • Players
  • 28990 battles
  • 3,410
  • [_E_] _E_
  • Member since:
    09-09-2013

View PostWhineMaker, on Oct 14 2018 - 07:52, said:

1) Learn Python

 

2) Decompile some of the mods you run

 

3) Browse through some of the decompiled mod scripts

 

4) Freak out as to how many keylogger scripts you freely downloaded and executed on your pc

 

5) Go vanilla

 

 

 

View Poststeelandpain, on Oct 14 2018 - 11:58, said:

 

If you're aware of key-logger scripts in Wargaming approved mods, why don't you report them and list them here, otherwise I call BS on this.

 

Really?

 

You just blindly accept that the Russian mod makers are doing it for free out of the goodness of their hearts?  I've reported on several occasions that the mod makers are cryptomining... And no changes have been made.

 

Given the age of the game, and that WG does not care - I'd be very suspicious of the mods 



Krautjaeger #12 Posted Oct 14 2018 - 17:21

    Staff sergeant

  • -Players-
  • 1596 battles
  • 338
  • [K00KS] K00KS
  • Member since:
    05-27-2017

1) Stay away from Ekspoint-mods as he's already been caught redhanded doing stuff like that.

 

2) Open the mod(s) you use, .pyc-files, in a text editor and search for the words 'pjorion_protected', if you find it know that you can not decode and check the code and you have to decide if you want to take the risk of running it.

 

3) Get a python decompiler for the rest, decompile and read through the code. You don't have to know too much about programming to see if there's shady stuff in there and since you can do this it is less likely that there is any such as well.


Edited by Krautjaeger, Oct 14 2018 - 17:21.


782GearUSMC #13 Posted Oct 14 2018 - 18:26

    Major

  • Players
  • 27294 battles
  • 3,596
  • Member since:
    09-03-2013

Read about SiteAdvisor.

 

https://news.ycombin...item?id=2401357



Atragon #14 Posted Oct 14 2018 - 19:26

    Major

  • Players
  • 38647 battles
  • 2,945
  • [-_-] -_-
  • Member since:
    04-22-2012

deleted

 

wrong error

 

 



WhineMaker #15 Posted Yesterday, 05:50 PM

    Major

  • Players
  • 33871 battles
  • 3,793
  • Member since:
    04-21-2011

View Poststeelandpain, on Oct 14 2018 - 02:58, said:

 

If you're aware of key-logger scripts in Wargaming approved mods, why don't you report them and list them here, otherwise I call BS on this.

 

I retired from programming many moons ago, and with no pay for this work, there's no need for me to provide WG with anything you suggest... :coin:

 

Hate to be the one to inform you, keyloggers aren't the only scripts buried in mods...

 

 

 

Here's a suggestion, maybe you might want to invest a small amount of time to learn programming basics, before providing your uneducated opinion... ;)



3nr0n #16 Posted Yesterday, 07:02 PM

    First lieutenant

  • Players
  • 18189 battles
  • 902
  • [K-H] K-H
  • Member since:
    06-11-2012

Hmm get rid of Facebook also.

https://www.npr.org/2018/10/13/657172112/facebook-says-14-million-accounts-had-broad-array-of-personal-data-stolen



steelandpain #17 Posted Yesterday, 08:46 PM

    Sergeant

  • -Players-
  • 11041 battles
  • 193
  • [VAHLA] VAHLA
  • Member since:
    05-03-2015

View PostWhineMaker, on Oct 15 2018 - 17:50, said:

 

I retired from programming many moons ago, and with no pay for this work, there's no need for me to provide WG with anything you suggest... :coin:

 

Hate to be the one to inform you, keyloggers aren't the only scripts buried in mods...

 

 

 

Here's a suggestion, maybe you might want to invest a small amount of time to learn programming basics, before providing your uneducated opinion... ;)

 

lol, if you retired from programming a long time ago, perhaps it's time to get off your high horse and not assume you know better

 

Anyway, this fear mongering is useless. People take risks when they install anything on their machine, including WOT, so while some mods can be malicious, it's not a reason to lose trust in the whole mod community. 






1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users