Note: Do not visit any sites you see mentioned in this post (other than Bibby Team). Do not look up any files mentioned in this post. Bad things could happen, and no one should ever have to deal with what I just had to. You've been warned.

The Story :

So, I visit Bibby Team to see what's going on. Not much, it appeared. I check the shout box to see what folks were discussing, and the twisted version of Psycho Waluigi (MFGG April Fools submission) was mentioned. Bored, I figured I'd Google search Psycho Waluigi to see what kind of recognition it had. There was an article on Pixel Prospector about it, so I decide to read what it had to say about it. After about half a minute on the page some fake Security Center popped up along with a fake Anti-Virus scanning thing. In a panic I forced a power-off on the computer, hoping that it was simple a web page I was seeing. I start up as normal, and then discover those same fake security things popping back up. Drat, something had installed itself. Again I force the computer to power off and I start it back up in Safe Mode (without networking). Unfortunately, Safe Mode wasn't safe from the fake Anti-Virus thing - it popped up when everything was done loading. I start Task Manager and discover the offending processes to be a batch of "dwu.exe"s. I opened up the file location, killed the processes, and then discovered that the file wasn't shown to be where it was. "I do not like where this is going..." I try to open up MalwareBytes' Anti-Malware but nope, the fake security programs open back up instead. "Please don't let what's happening be what I think it is..." I try to open RegEdit.exe, but nope, the fake security programs open back up instead. "D'oh. It is totally what I thought it was." Apparently the registry was modified in such a way that opening most exe files, Firefox, and Internet Explorer would instead bring up those fake security programs. I venture over to another computer, get a fix for the exe file extension association, burn it to a disc and merge it into my computer's registry. Success, I could now open up files again! I open up RegEdit.exe and manually go through the registry finding things that referenced "dwu" and fixing them. I wasn't finished there, I wanted to get rid of the program itself. I update MalwareBytes' Anti-Malware and run a scan... and it does nothing. "Curses!" I open up Control Panel and unhide "Protected Operating System Files" in a slightly-hopeless attempt to see if that would do anything, and boom - the file showed up when I looked for it again! It had disguised itself as an important system file. (I'm really lucky it didn't use other methods to hide itself.) I open up another Windows Explorer and copy notepad.exe from its home in C:\Windows\System32 to the folder with the offending file in it. I deleted the offending file and renamed the copy of notepad to "dwu.exe", so that I would know if it ever tried to run again. Now if I see a blank Notepad pop up out of nowhere, I know what's going on - and hopefully after all the stuff I did in the registry, nothing should make this happen. I open Firefox and sigh with relief when neither a blank notepad nor those fake security windows showed up. At this point I restart my computer, boot it up in normal mode, open Firefox again and am yet again relieved to see that neither a blank notepad nor those fake security windows had shown up. I then go to BibbyTeam to warn others to not do what I did, so I made comments in the shoutbox and then typed up this story.

(That's not even the whole story - I also had an epic struggle with a CD Burner, but that wasn't a critical detail, so I left it out.)

So, yeah... don't go to Pixel Prospector. I do not know that that is the offending site, but that's where my problems started showing up, so I assume that could be the problem origin.

Stay safe, friends.

---
Edited by: Miles, May 6th, 2011 @ 3:59 pm

Big thanks! This can save a lot of trouble for all of us!

I'm really glad for you you got your computer working again too, of course.

Thanks for the heads-up on this, and here's hoping everything turns out OK. You need to be careful when dealing with places like that. There are a lot of sites that spider MFGG (and other fangame/indie game sites), and not all of them are reputable or safe.