Issue: Members being blocked from Forum!

I have strong reason to believe that a recent update to the Pokemon Game Editor created by member Gamer2020 has purposely created a simple hosts file within the Windows\System32\Drivers\Ect\ folder that blocks all access to the PokeCommunity website. Moving or deleting this file will allow access again, but if you've been blocked, you obviously can't read this post. =/ So I request that a moderator please send out a email message detailing this problem in case someone else has downloaded this game that can be found through this forum.

I've sent a report to the moderators and a pm to one, but haven't gotten any replies yet, so I'm posting this here in case someone else wants to get a hold of them and let them know, or has friends who are currently blocked because of this.

And I urge all members to refrain from downloading anything from Gamer2020. This time it wasn't dangerous, just annoying (and difficult for members if they don't get help from someone), but next time it might be worse.

EDIT:
I just confirmed that installing Gamer2020's Pokemon Game Editor program will create this file. On his forum he has posted the following in response to my statements:
"Oh wow LOL
I haven't even been programing lately. PGE does no such thing...
I can still access PC so idk what the problem could be =/
I know I didn't write anything like that into my program. It just edits ROMs."

So either he's lying and he did put it in there, or one of the programs within his collection created it, but given his known hatred for the way this place is moderated, I'm more likely to believe he put it in there purposely.

countryemo said:

...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :.

...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :/

Click to expand...

What he means is that the application edits the 'hosts' file in system32. That file has a list of a sort of 'redirects' associating web sites with some other IP addresses. It has nothing to do with whether one is banned or not.

And this is a semi-rational concern, really. Although now the problem would be that the application is technically a virus, since it edits system files without user permission.

AdvancedK47 said:

What he means is that the application edits the 'hosts' file in system32. That file has a list of a sort of 'redirects' associating web sites with some other IP addresses. It has nothing to do with whether one is banned or not.

And this is a semi-rational concern, really. Although now the problem would be that the application is technically a virus, since it edits system files without user permission.

Click to expand...

Yeah it doesn't "ban" anyone, it just blocks any entry to the website, can't even look at it. So unless you've memorized how I said to fix it, I suggest you not go and download it to try it. You can't download it unless you join his forum anyway, which I think it only linked in his signature, so you have to actually try if you want it, but I think some people will (just as I did). I'm just trying to prevent others from falling into the trap and help save people who already have. There's no way to tell if someone has been blocked, because they can't post here. The only way is to email everyone, and I don't think I can do that. We need a moderator.

countryemo said:

...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :.

Click to expand...

He perhaps talked to over people via communication other than on PC, and following on from the recent case of someone mysteriously finding PC in their hosts file? Don't be so quick to brush this off.

Anyway, shouldn't something like this require a UAC prompt to be permitted on Windows Vista or 7? People should be wary of a program such as this requesting that kind of unnecessary permission.

The 100 Mega Shock said:

He perhaps talked to over people via communication other than on PC, and following on from the recent case of someone mysteriously finding PC in their hosts file? Don't be so quick to brush this off.

Anyway, shouldn't something like this require a UAC prompt to be permitted on Windows Vista or 7? People should be wary of a program such as this requesting that kind of unnecessary permission.

Click to expand...

I actually just had the problem myself, and went searching for answer, which I found at Gamer2020's forum, as Pino19 over there had the problem too, but lucky for me he found the solution. It was then that I found the question: "Can only get on Pokecommunity through ip" that M4 posted.

And yes the UAC prompt does appear when installing the program, and I'm an idiot for allowing it.. >_< I'm just glad that's the only malicious thing the program seems to do right now. After a complete scan with Microsoft Security Essentials, I was notified that my computer is free of any viruses. And this problem is an easy fix, as long as you're able to find the info on how to fix it.

Are you running a 64-bit version of Windows, Team Fail? The attempt may not work on a 64-bit OS as Windows doesn't allow programs running in 32-bit (Which it may be) to access things like the hosts file.

e: wait you might wanna close and reopen your browser before declaring your hosts file unchanged

I STRONGLY suggest you not download / install this program at all.

We can not go emailing every user to inform a few that got burned by it, sorry.

If you are, or know someone who is having access issues, the best way to solve them is to email the webmaster, IM me at ppnsteve on aim or gtalk (on gtalk 24/7), by tweeting us at @pokecommunity

or use our contact form by going to https://174.133.255.180/sendmessage.php

provide an nslookup (dig) and tracert (traceroute) to pokecommunity.com in your message.

pass this on..

Team Fail said:

I'm running a 32-bit version. And I restarted all my browsers. Nothing different. I'm still here.

Click to expand...

It doesn't place it there when you install it. It places it there after you run the program and install the updates.

Rukario said:

I STRONGLY suggest you not download / install this program at all.
We can not go emailing every user to inform a few that got burned by it, sorry.

Click to expand...

I really don't know anyone on this forum, but I thought that as moderators you would care to inform your people and care for the ones who would be hurt by attacks that were really directed at you. =/ Some who are affected by this may not have the intellect and searching skills to find out how to fix it, and they cannot contact anyone if they can't even reach this site, so they're helpless. A simple email could be ignored (or at least alert) those unaffected, but would be helpful for those who might be. I'm pretty sure most forums allow mass-emails to their members, right? Wouldn't be any effort at all.

After now having some knowledge of Gamer2020, witnessing his cheap attempts at denial, deleting posts of anything against him, and changing the names of users to "I_Have_a_Small_P****" (without the *'s), I've come to realize he is a child. Well, I've done my best at alerting everyone of this attack.

Don't misread my email statement as we don't care, in fact we take great strides to ensure PC is a safe environment. Its just not very practical to send out 120,000 emails to cover a few people.

there are ways to find access to PC.. we have other domains that point here.. Google search can get our others and IP to connect on, etc.

Team Fail said:

Even then, nothing has happened after what seems like a billion updates. And they don't stop coming.

Click to expand...

Well you must have the world's most robust operating system because it does replace your hosts with one that resolves PC http and IP (or at least somebody's IP address, was this a new addition?) addresses to 127.0.0.1, I just tried it.

It also opens your browser to some hilarious tl;dr's about Pokémon (At least I presume they're hilarious - my eyes tend to glaze over long rants about Pokémon websites).

I was in fact only notified of this yesterday and did not know anything about this. Someone just linked me to this thread a couple of minutes ago.

People should have asked me if there was something wrong with my program instead of just starting rumors. In any case I apologize for any inconvenience and I will get to the bottom of this.

I actually did release my source code yesterday to prove that I had nothing to do with this. Feel free to look through it.
{link removed}

Rules to using the source.

1 - It is for learning purposes only.

2 - I am not responsible for what is done with it.

3 - Do not try to re-release these programs as your own.

k23time said:

It doesn't place it there when you install it. It places it there after you run the program and install the updates.



I really don't know anyone on this forum, but I thought that as moderators you would care to inform your people and care for the ones who would be hurt by attacks that were really directed at you. =/ Some who are affected by this may not have the intellect and searching skills to find out how to fix it, and they cannot contact anyone if they can't even reach this site, so they're helpless. A simple email could be ignored (or at least alert) those unaffected, but would be helpful for those who might be. I'm pretty sure most forums allow mass-emails to their members, right? Wouldn't be any effort at all.

After now having some knowledge of Gamer2020, witnessing his cheap attempts at denial, deleting posts of anything against him, and changing the names of users to "I_Have_a_Small_P****" (without the *'s), I've come to realize he is a child. Well, I've done my best at alerting everyone of this attack.

Click to expand...

I only did that because I thought you were spreading a rumor to scare people. When one of my friends emailed me with the same issue I realized this was not the case. I apologize for that now.

Gamer, it doesn't really make ANY sense how this could happen on accident. Somewhere along the lines you did something, and now you're trying to cover it up. Very smoothy I must add.

lets give him a chance to find the issue..

also since the source is released, feel free to look through his code yourself.

TRWTF is VB.net. The file is hosted on a server and everything is open to public :O. No index or htaccess at all.

And saying that somehow a file hosted on their own server magically changed to malicious code.

A joke? If that's a joke that's a pretty bad one. And if it changes your host files that's considered a virus. That's not a joke.

Nice job trying to cover it up.

Virus, trojan whatever either way it's specifically designed to be malicious and disrupt people's usage according to someone else's' instructions.

It's malware.

countryemo said:

antivirus's doing their job, what.

Click to expand...

While a program overwriting the contents of hosts is something that should probably be picked up on more closely by security applications, the user already gave the program express permission to modify the system via accepting the UAC popup, so that sort of makes it hard for such a thing to work like that.

Especially because a small, unknown application like this isn't going to trigger any scanning software if it doesn't contain any publicly known malware code or particularly blatant attempts to damage the system (above the scope of writing a new hosts file to the system)

(Heuristics doesn't really work that way anyway when we're only talking a small line of code embedded in a program to write one file)