Malware alert???
Thread Starter
Team Owner
Joined: Mar 2007
Posts: 35,183
Likes: 2,125
From: Right Corner Pocket of Illinois
No-IL Events Coordinator
2026 Corvette of the Year Finalist - Unmodified
2025 C6 of the Year Winner - Unmodified
2020 C6 of the Year Finalist - Unmodified
2020 Corvette of the Year Finalist (appearance mods)
2019 C6 of Year Winner (appearance mods)
2018 C6 of Year Finalist
St. Jude Donor '12 thru '26
Malware alert???
Anyone else getting an antivirus alert every time they open a post here???
"URL: http://simbeppc.com/jscript/pixel.js"
Base of suspicious web addresses:
"URL: http://simbeppc.com/jscript/pixel.js"
Base of suspicious web addresses:
Race Director
Joined: Jun 2003
Posts: 14,051
Likes: 9
From: Houston TX
Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Last edited by RC45; Jan 31, 2012 at 11:16 AM.
Thread Starter
Team Owner
Joined: Mar 2007
Posts: 35,183
Likes: 2,125
From: Right Corner Pocket of Illinois
No-IL Events Coordinator
2026 Corvette of the Year Finalist - Unmodified
2025 C6 of the Year Winner - Unmodified
2020 C6 of the Year Finalist - Unmodified
2020 Corvette of the Year Finalist (appearance mods)
2019 C6 of Year Winner (appearance mods)
2018 C6 of Year Finalist
St. Jude Donor '12 thru '26
FYI: I am no longer getting the Kaspersky AV alert... 
IB Staff
Joined: Feb 2009
Posts: 10,579
Likes: 4
Corvette Stories
The Best of Corvette for Corvette Enthusiasts
Top 10 Most Expensive Corvettes Ever Sold on Bring A Trailer
Brett Foote
10 Things Every Corvette Owner Needs (2026 Edition)
Michael S. Palmer
8 Most "Only Corvette Owners Understand" Quirks and Problems
Pouria Savadkouei
10 Reasons the C6 Z06 is Still A Performance Benchmark After 20 Years
Joe Kucinski
How Much Horsepower Every Corvette Engine "LOST" in 1972
Joe Kucinski
Top 10 DOs and DON'Ts for Protecting Your Convertible Top!
Michael S. Palmer
Top 10 Most Explosive Corvettes Ever Made: Power-to-Weight Ratio Ranked!
Joe Kucinski
150 hp to 1,250 hp: Every Corvette Generation Compared by the Specs That Matter
Joe Kucinski
8 Coolest Corvette Pace Cars (and Replicas) of All Time
Verdad Gallardo
IB Staff
Joined: Feb 2009
Posts: 10,579
Likes: 4
Race Director
Joined: Jun 2003
Posts: 14,051
Likes: 9
From: Houston TX
This is from the 8:20am log - the last incident I had.
And this was the activity at 8:05am - the injection and the infection. Both caught by ESET.
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 HTML/ScrInject.B.Gen virus connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 » GZ » file.htm HTML/ScrInject.B.Gen virus
http : //forums.corvetteforum.com/c5-parts-for-sale-wanted-53 » GZ » file.htm HTML/ScrInject.B.Gen virus
1/31/2012 8:05:14 AM HTTP filter archive http : //forums.corvetteforum.com/politics-religion-and-controversy-88 HTML/ScrInject.B.Gen virus connection terminated - quarantined HPLAPTOP1\Administrator Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
1/31/2012 8:05:34 AM Real-time file system protection file C:\Users\Administrator\AppData\Local\Mic rosoft\Windows\Temporary Internet Files\Content.IE5\J8FVHUZT\politics-religion-and-controversy-88[1].htm HTML/ScrInject.B.Gen virus deleted HPLAPTOP1\Administrator Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
1/31/2012 8:05:34 AM Real-time file system protection file C:\Users\Administrator\AppData\Local\Mic rosoft\Windows\Temporary Internet Files\Content.IE5\J8FVHUZT\politics-religion-and-controversy-88[1].htm HTML/ScrInject.B.Gen virus deleted HPLAPTOP1\Administrator Event occurred during an attempt to access the file by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.
Last edited by RC45; Jan 31, 2012 at 01:35 PM.
Moderator
Joined: Jul 2005
Posts: 29,346
Likes: 3,886
From: West MI
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'17, '21
Heads up to thise that do not have proper AV software, I browsed the forum last night at about 2am from my 2nd laptop - a new build and had not yet installed AV software. The Malware has a pretty nasty payload.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
Injects a System Check utility that looks like a legit Windows program that scans your PC and finds issues with your drive, memory and system and then shows you disk "crashing" - looks like all your files are gone, but what it does is set the +H (hidden attrib) to your drive as it is running its "check".
Took a couple hours to isolate and remove, including pre and post cleanup scans.
Are these rogue malware infections coming via unpoliced banner ads on CF?
ESET Nod32 caught the malware on my main laptop.
I run AVG and keep it updated but no warnings, the system check popped up and could not get rid of it. The Repair place said this has been popping up a lot lately
Team Owner
Joined: May 2001
Posts: 87,367
Likes: 1,593
From: Western NY
Race Director
Joined: Jun 2003
Posts: 14,051
Likes: 9
From: Houston TX
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
Moderator
Joined: Jul 2005
Posts: 29,346
Likes: 3,886
From: West MI
CF Banner Relay Captain
West MI & JAX/NE Florida
Events Coordinator
St. Jude Donor '11-'17, '21
The key is to not panic when these utils fake data loss.
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
It is unlikely they can delete the system files whil ethe machine is running, that is why I suspected they where running the attrib -h util to fake me into buying their software.
Good AV software - ESET Nod32 is very good. Keep Process Explorer ready to launch to see these malicious bits of code executing.
And above all else, keep all your precious data in a single folder int he root called data with all your folders under there and back it up regularly to a USB stick (they are availabl ein 128GB sizes now) and to external hard drives.
That way if something does fry your laptop/PC, no sweat, you only lose a day or 2 of data.
I was having issues prior when I logged in to windows so the system check didn't seem odd at the time. I couldn't get rid of it and then all the files were hidden
Best to keep things backed up! There are plenty of online services that will do it automatically too for those of us who don't always hook up the external hard drive. 
Race Director
Joined: Mar 2009
Posts: 19,777
Likes: 4,592
From: Canada's capital
2020 Corvette of the Year Finalist (appearance mods)
C1 of Year Finalist (appearance mods) 2019
Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
IB Staff
Joined: Feb 2009
Posts: 10,579
Likes: 4
I'm not aware of any recent events on CF since the last confirmation approximately 2 weeks ago.
Windows security didn't catch any of the TWELVE viruses i picked up, and I mostly only go on here. Machine was s l o w i n g down a lot. I had to load avg to pick them up, and still had to go back 3 days to get rid of them. I hope this isn't going to be a reoccurring problem, I don't need the grief!
