Notices
Help Forum How To | General Corvetteforum Questions | Feedback

Malware alert???

 
Old 01-31-2012, 08:47 AM
  #1  
Quick Silver Z
CF Senior Member
Thread Starter
 
Quick Silver Z's Avatar
 
Member Since: Mar 2007
Location: Right Corner Pocket of Illinois
Posts: 23,755
Received 194 Likes on 172 Posts
No-IL Events Coordinator
C6 of Year Winner (appearance mods) 2019
2018 C6 of Year Finalist
St. Jude Donor '12-'13-'14-'15-'16-'17-'18-'19
Default Malware alert???

Anyone else getting an antivirus alert every time they open a post here???

"URL: http://simbeppc.com/jscript/pixel.js"

Base of suspicious web addresses:
Quick Silver Z is offline  
Old 01-31-2012, 09:19 AM
  #2  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

We're looking into it. Thanks for the report.
J T is online now  
Old 01-31-2012, 11:14 AM
  #3  
RC45
CF Senior Member
 
Member Since: Jun 2003
Location: Houston TX
Posts: 14,051
Likes: 0
Received 1 Like on 1 Post
Default

Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.

Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".

Took a couple hours to isolate and remove, including pre and post cleanup scans.

Are these rogue malware infections coming via unpoliced banner ads on CF?

ESET Nod32 caught the malware on my main laptop.

Last edited by RC45; 01-31-2012 at 11:16 AM.
RC45 is offline  
Old 01-31-2012, 11:17 AM
  #4  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

It's still being investigated, but it's not believed to be through advertisements.
J T is online now  
Old 01-31-2012, 12:00 PM
  #5  
Quick Silver Z
CF Senior Member
Thread Starter
 
Quick Silver Z's Avatar
 
Member Since: Mar 2007
Location: Right Corner Pocket of Illinois
Posts: 23,755
Received 194 Likes on 172 Posts
No-IL Events Coordinator
C6 of Year Winner (appearance mods) 2019
2018 C6 of Year Finalist
St. Jude Donor '12-'13-'14-'15-'16-'17-'18-'19
Default

FYI: I am no longer getting the Kaspersky AV alert...
Quick Silver Z is offline  
Old 01-31-2012, 12:03 PM
  #6  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

To clarify, the link was removed shortly after your posting. Investigating how and to prevent it in the future is what's currently being done.

Thanks!
J T is online now  
Old 01-31-2012, 12:09 PM
  #7  
1%r
CF Senior Member
Support Corvetteforum!
 
1%r's Avatar
 
Member Since: Mar 2003
Location: Americans First
Posts: 76,034
Received 76 Likes on 54 Posts
St. Jude Donor '03 through '17

Default

My Malware has only alerted me to tracking cookies, nothing else?
1%r is offline  
Old 01-31-2012, 12:12 PM
  #8  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

You won't be alerted unless the issue is live, which it was earlier this morning. It was removed shortly after Quick Silver Z's, so there currently is no threat.

Originally Posted by jersey jay View Post
My Malware has only alerted me to tracking cookies, nothing else?
J T is online now  
Old 01-31-2012, 12:24 PM
  #9  
hcvone
CF Senior Member
Support Corvetteforum!
 
Member Since: Aug 1999
Location: Huntingdon Valley Pa
Posts: 18,952
Received 598 Likes on 399 Posts
Default

Got it a minite ago 12:24 ET
hcvone is offline  
Old 01-31-2012, 12:27 PM
  #10  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

Can you provide the exact details as to what the alert was regarding and what page you was on that generated the error?

I just scanned and don't see any issue.
Originally Posted by hcvone View Post
Got it a minite ago 12:24 ET
J T is online now  
Old 01-31-2012, 01:28 PM
  #11  
RC45
CF Senior Member
 
Member Since: Jun 2003
Location: Houston TX
Posts: 14,051
Likes: 0
Received 1 Like on 1 Post
Default

This is from the 8:20am log - the last incident I had.

http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 HTML/ScrInject.B.Gen virus connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 GZ file.htm HTML/ScrInject.B.Gen virus
And this was the activity at 8:05am - the injection and the infection. Both caught by ESET.

1/31/2012 8:05:14 AM HTTP filter archive http : //forums.corvetteforum.com/politics-religion-and-controversy-88 HTML/ScrInject.B.Gen virus connection terminated - quarantined HPLAPTOP1\Administrator Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
1/31/2012 8:05:34 AM Real-time file system protection file C:\Users\Administrator\AppData\Local\Mic rosoft\Windows\Temporary Internet Files\Content.IE5\J8FVHUZT\politics-religion-and-controversy-88[1].htm HTML/ScrInject.B.Gen virus deleted HPLAPTOP1\Administrator Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.

Last edited by RC45; 01-31-2012 at 01:35 PM.
RC45 is offline  
Old 01-31-2012, 05:06 PM
  #12  
DebRedZR1
Moderator
Support Corvetteforum!
 
DebRedZR1's Avatar
 
Member Since: Jul 2005
Location: West MICH, and JAX, FLA
Posts: 18,100
Received 1,482 Likes on 759 Posts
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'12-'13-'14-'15-'16-'17
Default

Originally Posted by RC45 View Post
Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.

Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".

Took a couple hours to isolate and remove, including pre and post cleanup scans.

Are these rogue malware infections coming via unpoliced banner ads on CF?

ESET Nod32 caught the malware on my main laptop.
This is exactly what crashed my laptop beyond repair 2 weeks ago. I run AVG and keep it updated but no warnings, the system check popped up and could not get rid of it. The Repair place said this has been popping up a lot lately
DebRedZR1 is offline  
Old 01-31-2012, 07:26 PM
  #13  
leadfoot4
CF Senior Member
 
leadfoot4's Avatar
 
Member Since: May 2001
Location: Western NY
Posts: 59,634
Received 460 Likes on 425 Posts
Default

Originally Posted by DebRedZR1GSVert View Post
This is exactly what crashed my laptop beyond repair 2 weeks ago. I run AVG and keep it updated but no warnings, the system check popped up and could not get rid of it. The Repair place said this has been popping up a lot lately
For the sake of everybody else's peace of mind, did your "repair place" suggest any means of preventing further attacks?


leadfoot4 is offline  
Old 02-01-2012, 01:01 AM
  #14  
RC45
CF Senior Member
 
Member Since: Jun 2003
Location: Houston TX
Posts: 14,051
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by leadfoot4 View Post
For the sake of everybody else's peace of mind, did your "repair place" suggest any means of preventing further attacks?


The key is to not panic when these utils fake data loss.

It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.

Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.

And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.

That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
RC45 is offline  
Old 02-09-2012, 01:58 PM
  #15  
DebRedZR1
Moderator
Support Corvetteforum!
 
DebRedZR1's Avatar
 
Member Since: Jul 2005
Location: West MICH, and JAX, FLA
Posts: 18,100
Received 1,482 Likes on 759 Posts
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'12-'13-'14-'15-'16-'17
Default

Originally Posted by leadfoot4 View Post
For the sake of everybody else's peace of mind, did your "repair place" suggest any means of preventing further attacks?

Not really, the advice below is much better!

Originally Posted by RC45 View Post
The key is to not panic when these utils fake data loss.

It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.

Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.

And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.

That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
Now that I know what it was I was having issues prior when I logged in to windows so the system check didn't seem odd at the time. I couldn't get rid of it and then all the files were hidden
Best to keep things backed up! There are plenty of online services that will do it automatically too for those of us who don't always hook up the external hard drive.
DebRedZR1 is offline  
Old 02-14-2012, 01:21 PM
  #16  
Kerrmudgeon
CF Senior Member
 
Kerrmudgeon's Avatar
 
Member Since: Mar 2009
Location: The Great White North. Mellowing with age like fine wine!
Posts: 18,010
Received 2,115 Likes on 1,173 Posts
Default

Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
Kerrmudgeon is offline  
Old 02-14-2012, 01:25 PM
  #17  
J T
Administrative Contributor
 
J T's Avatar
 
Member Since: Feb 2009
Posts: 6,169
Likes: 0
Received 2 Likes on 2 Posts
Default

I'm not aware of any recent events on CF since the last confirmation approximately 2 weeks ago.
Originally Posted by Kerrmudgeon View Post
Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
J T is online now  

Thread Tools
Search this Thread
Quick Reply: Malware alert???


Contact Us - About Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: