Warning: Do Not Use Entropedia [NOTE: now cleared by Google Safebrowsing]

Gewitter

Elite
Joined
Sep 10, 2012
Posts
2,805
Location
Moscow - Russia
Society
Deep Core Mining
Avatar Name
Andrey Andy Russian
Yesterday all was clear.

Today - infected link in frame (...edia.info/paypal.htm (link cropped)) with HEUR:Trojan.Script.Generic

Found today with Kaspersky AntiVirus 2013

Be careful!
 
i was getting the same warning with another anti-virus program and then it was clreared. i dont get the warning anymore....
 
avast says similar and has over a month. Some here claim the problem was cleaned up over a month ago, but since the virus scanners keep finding it, it makes me think they may be wrong, especially since EF was hit with virus a couple of years ago and I think they may be on same sever?...
 
ESET Smart Security is the one i use, not getting the warning since a few days....
 
Norton Internet Security warned me about some malware on entropiawiki.com when i tried to view a weapon's page. so what happened?
 
It's not so much as trying to infect you, it links to an Ad Locker which is stupid because who wants to put up with a locker to donate... but it does happen to link to an ad that link to malware. At no fault of entopedia.

Code:
http://www.arteado.com/blog/El07rV6T.php?id=55811628
is a direct link to the locker. Fell free to go there its not a drive by. But, as usual don't download anything like flash unless its from adobe.com
 
same for me since 1 month ago.
 
Also when u clikc PEauction link on entropedia to get MU on item google safe browsing is marking it as suspicious.
 
Entropedia is infected

For the last couple days Chrome doesnt allow me to open entrpedia as it is infected with Malware.
I know Serica was looking for someone to update it, I wonder if someone can clean the Trojans.

Perv
 
I'm having the same problem.

If someone with access to the server wants to look into it, the problematic code is located here: entropiawiki.com/paypal.htm

Check the way javascript injects ads... :wise:
 
Warning:
People that have internet explorer will not get a warning so be carefull.
Dont just click on the link and say " it works for me"


O2 thanks for the link, I hope someone can clean it
 
If you dont click it you can't get infected? What about adblock will that block the ad?
 
I've send a support case about this subject a few weeks ago. I received as answer that Entropedia.info still could be accessed by Chrome. However, i clearly had issues at that time already. And now even Google seems to block the site completely. They also mentioned that any further issues should be reported to the administrators at entropiaforum.com.

The main issue seem to be Entropiabay.com, of which Entropedia.info has advertisements, that caused the issues in the first place. I did mention that too in the support case, which i submitted. They answered, that Entropiabay.com is not endorse by MindArk, but we can contact them at admin@entropiabay.com.

Feel free send a message to both administrators. Hopefully, they are able to fix their issues.

Entropia Planets still works and without issues. If the above mentioned websites ain't able to get their issues sorted, i suggest that we help out Entropia Planets or any other similar sites, to get their databases up to date.
 
[...]

Meanwhile,

- Internet Explorer users avoid entropedia or install a proper browser.

[...]
 
Last edited:
I use Firefox, in Tools->Add-ons->Plugins you can disable Java.
Firefox does pretty well with add-ons and in the case here will shut the features off for you.


Java has had some issues for over a year now with security. Pretty much started a little after Oracle took over, which didn't surprise me. It was so much better under Sun microsystems.

Truthfully alot of it is false positive, but big enough flaws exist that it is not worth the potential risk.


If you ever used the Java Development Toolkit , it is even more vulnerable.
From mozilla:
Why was it blocked?
The Java Deployment Toolkit plugin is known to be insecure and is unnecessary in most cases. Users should keep it disabled unless strictly necessary.
Who is affected?
All Firefox users who have this plugin installed.
What does this mean?
The problematic add-on or plugin will be automatically disabled and no longer usable.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.
 
Just read the posts above me, do you know if entropiabay and entropedia are hosted in the same server?

In that case, there are some emails and phone numbers linked to the whois information that we could try to contact the owner maybe. No?

entropiawiki.com
entropiabay.com
entropiaforum.com
 
I did notice this while browsing and I tought it could be just the AntiVirus overeacting over nothing
 
If you ask me, i would say to avoid using Entropedia for now. See, it's the site owner's responsibility to make sure that their site is working properly. It's pretty pointless to use a "guide" how to access their website. If they won't or can't fix their issues in a short period, we are forced to head over to somewhere else.
 
Chrome let me on it yesterday with no issue... today though I get the warning message and it blocks it.

Google Chrome has blocked access to www.entropiawiki.com for now. Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware. Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.

I get the same message on the EntropiaBay website too
 
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.entropiawiki.com/

Safe Browsing
Diagnostic page for entropiawiki.com

What is the current listing status for entropiawiki.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 22 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 726 pages we tested on the site over the past 90 days, 232 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-16, and the last time suspicious content was found on this site was on 2014-01-16.

Malicious software is hosted on 1 domain(s), including pintura-escultura.es/.

This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, entropiawiki.com appeared to function as an intermediary for the infection of 1 site(s) including arkadiaforum.com/.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
 
Entropedia was blocked today by Firefox (now need some steps for enter the site)

Not seems that owners in a hurry to remove the malicious link

DO SOMETHING WITH THIS F**** PAYPAL LINK!
 
Reported Attack Page!

This web page at www.entropiawiki.com has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

The above happened just a few minutes ago.

Am pretty safe, since I run noscript and a bunch of other stuff. I don't know about other regular visitors, especially if they see that warning and assume that site is just a malware site.

Without entropedia am pretty sure most of us will cut down on activities in the game. MA should take over entropedia, or create a similar site. Cos in the end, they are the ones who benefit.
 
Quite a few Entropia sites have this problem atm. Best example is Entropiabay, which is clearly infected by something.
 
Last edited:
Why is google saying that entropedia is hosting malicious software?

It claims that more than half the time in the last 90 days that it has visited entropedia it has had malicious software.

Are all of our computers now infected? Does this mean our accounts are not safe?
 
I have wondered the same thing, ran malware bytes scanner, had a trojan on my pc. glad I have a gold card, hope that its not a false sense of security.
 
/mod note/ merged multiple threads, as scattering discussion over multiple threads in different forum sections isn't all that helpful.

This episode seems to have been triggered most recently by something like a dodgy ad on the player-owned entropiabay.com site.

I sent an pm to the owner of that site here on the forum on January 8 to inform him of the issue.
After no reply by January 14, I then followed it up with an email.
His reply said he was working on it, however Firefox is still reporting that as a malicious site.
I've sent him a further email asking him to post his current progress, and what's being down to address the issue.

Entropedia obtains markup information from PEAuction and entropiabay.com once a day, and also allows users to clik on a link to pricing of items on those sites.
I've now sent an email to Witte, advising him of the situation.

Entropedia is one of the Entropia-related sites hosted by 711.
I'm not sure it's on the same server as entropiaforum, as mastermesh suggests above, as last time the site went down, it was planetcalypsoforum that crashed at the same time, not EF.
I've sent 711 a pm, suggesting that he check over the host server.

Hopefully one or more of these people will respond and let us know more about the situation.

In the meantime:
1. don't use entropedia until it's cleared,
2. be sure to have your towel handy at all times, and
3. don't panic!

--------------------
/mod note/ I've now renamed the thread to make it clear the site should not be used.
Once we have more information, or the site is cleared for use, I'll review that.
 
Last edited:
Do these sites run ads ? Is this where the problem is coming from , I run ABP and never see ads . I do however get the google message so am now not visiting that site .
 
Thanks for the heads-up.

It seems in that paypal.html ther is an inserted line javascript src, that is supposed to fetch a file 4vScTbFV... .php on "michaels-verlag.de". Currently it seems that the hosting company of michaels-verlag.de has put the website on a parking page which explains why it's currently safe.

However, since paypal.html has been infected once nothing says it can't be changed again.

(I've visited the website on a sandbox.)

Too bad about the false alarms, it makes us ignore the real ones thinking "oh just an overnervous antivirus program".
 
Last edited:
Back
Top