|
Virius alerts [merged with 11/20 updates]
It seems the site is still under some kind of attack. I started my computer and came directly to this site, it was slow to load and I noticed on the lower left corner of my screen it was waiting on an odd URL with the F word in it, something like "www.f*ckthecrisis". As soon as the page loaded, my antivirus went nuts and caught 3 bloodhound exploit files.
The virus name is being reported as Bloodhound.Exploit.193 and it is a .swf file named inEt[1].swf. It definitely came from a ad type of redirect from this site. *edit* Found it in my IE history, it is www.****thecrisis.biz, definitely a hack site stocked w/ viruses. Domain Name: ****THECRISIS.BIZ Domain ID: D32529972-BIZ Sponsoring Registrar: REGTIME LTD. Sponsoring Registrar IANA ID: 1362 Domain Status: ok Registrant ID: CO513949-RT Registrant Name: Anton Robin Registrant Organization: Anton Soft Registrant Address1: Kolitina 16-4 Registrant City: Moscow Registrant State/Province: Moscow Registrant Postal Code: 193009 Registrant Country: Russian Federation Registrant Country Code: RU Registrant Phone Number: +7.4956788435 Registrant Email: *************@pochta.ru Administrative Contact ID: CA513949-RT Administrative Contact Name: Anton Robin Administrative Contact Organization: Anton Soft Administrative Contact Address1: Kolitina 16-4 Administrative Contact City: Moscow Administrative Contact State/Province: Moscow Administrative Contact Postal Code: 193009 Administrative Contact Country: Russian Federation Administrative Contact Country Code: RU Administrative Contact Phone Number: +7.4956788435 Administrative Contact Email: *************@pochta.ru Billing Contact ID: CB513949-RT Billing Contact Name: Anton Robin Billing Contact Organization: Anton Soft Billing Contact Address1: Kolitina 16-4 Billing Contact City: Moscow Billing Contact State/Province: Moscow Billing Contact Postal Code: 193009 Billing Contact Country: Russian Federation Billing Contact Country Code: RU Billing Contact Phone Number: +7.4956788435 Billing Contact Email: *************@pochta.ru Technical Contact ID: CT513949-RT Technical Contact Name: Anton Robin Technical Contact Organization: Anton Soft Technical Contact Address1: Kolitina 16-4 Technical Contact City: Moscow Technical Contact State/Province: Moscow Technical Contact Postal Code: 193009 Technical Contact Country: Russian Federation Technical Contact Country Code: RU Technical Contact Phone Number: +7.4956788435 Technical Contact Email: *************@pochta.ru Name Server: NS1.EVERYDNS.NET Name Server: NS2.EVERYDNS.NET Name Server: NS3.EVERYDNS.NET Name Server: NS4.EVERYDNS.NET Created by Registrar: REGTIME LTD. Last Updated by Registrar: REGTIME LTD. Domain Registration Date: Tue Jun 23 14:11:15 GMT 2009 Domain Expiration Date: Tue Jun 22 23:59:59 GMT 2010 Domain Last Updated Date: Fri Nov 13 12:11:24 GMT 2009 |
Site problems?????
I'm getting the same thing as Chevy Guy.
|
Did this occur on the front/home page:
http://forums.corvetteforum.com/ Or while browsing a specific thread? If the later, it's possible, and has happened before, where a user can hide a "nasty" in their signature of their post. This means that it would get loaded by anyone viewing the thread where the post and signature was present. If this is the case, you'd need to inform where this thread is so the team can take necessary action, as it wouldn't be coming directly from Corvetteforum itself. Of course it's possible that it's not the above and it's something else, such as through the ad network. |
Originally Posted by J T
(Post 1572174705)
Did this occur on the front/home page:
http://forums.corvetteforum.com/ Or while browsing a specific thread? If the later, it's possible, and has happened before, where a user can hide a "nasty" in their signature of their post. This means that it would get loaded by anyone viewing the thread where the post and signature was present. If this is the case, you'd need to inform where this thread is so the team can take necessary action, as it wouldn't be coming directly from Corvetteforum itself. Of course it's possible that it's not the above and it's something else, such as through the ad network. |
I'm using Firefox with AdBlockerPlus and I have all signatures turned off. McAfee has not given me any warning messages and I've been on the forum off and on all day.
I do not go through the front/home page, but use a desktop shortcut to go directly to the C6 General forum or the Off Topic forum. Don't know if this information will help with any diagnosis or not. Just thought it might. |
this just happened to me, lets fix it asap
|
Google Chrome is telling me this......
Warning: Visiting this site may harm your computer! The website at forums.corvetteforum.com contains elements from the site *******.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer. For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for *******.com. Learn more about how to protect yourself from harmful software online. I'm using FireFox now and it let's me through (although I'm scared to be here)...... |
:iagree: AVG detected Javascript Obfuscation (type 714) www.f*ckthecrisis
as I just came on this site http://forums.corvetteforum.com/!:bigears |
I have no fire wall at all and i don't seem to be having any probs.
|
Not sure what's up with the messages some of you are getting, but I'll report the issue to the tech team at IB. I'm not getting any warning messages. :confused:
|
Here's more from Google......
Safe Browsing Diagnostic page for *******.com What is the current listing status for *******.com? Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. What happened when Google visited this site? Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-18, and suspicious content was never found on this site within the past 90 days. Malicious software includes 30 trojan(s). This site was hosted on 1 network(s) including AS39150 (VLTELECOM). Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, *******.com appeared to function as an intermediary for the infection of 5 site(s) including turkforum.net/, webhatti.com/, maktoob.com/. Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. Next steps: Return to the previous page. If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center. Updated 17 hours ago ©2008 Google - Google Home |
Forum has slowed down SIGNIFICANTLY in the last 10 minutes. I got the virus warning 2 hours ago. These clowns are hitting us again. :willy:
|
I came into OT with I.E.8 at 6:27PM and was immediately greeted by 4 notices of viruses by the Antivirus software provided by my ISP. 2 viruses were immediately deleted by my software. 1 was quarantined and 1 was deleted on reboot. I deleted the quarantined item after reboot. I have since scanned twice and appear to be virus free. Here's the log from my Antivirus software:
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache15463225937101245 36.tmp Trojan-Downloader.Java.Agent.ab Deleted 18/11/2009 6:27:04 PM C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache68610812648445384 .tmp Trojan-Downloader.Java.Agent.ab Deleted 18/11/2009 6:27:16 PM C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9R7CAC9X\index[1].htm Trojan-Downloader.JS.Agent.esm Delete at restart 18/11/2009 6:27:24 PM C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDG22NRC\manyWord[1].pdf Exploit.JS.Pdfka.anx Quarantined 18/11/2009 6:27:28 PM File generated by Rogers Online Protection Anti-Virus |
I don't know if it helps but I use the HOSTS file here and I have no warnings from Chrome. I also use FF w/AdBlock Plus.
|
|
Got the bug here too.
What antivirus program will get rid of it? I use McAfee, ran a full scan and found nothing. Can't get rid of what you can't find! |
Originally Posted by Chevy Guy
(Post 1572174396)
The virus name is being reported as Bloodhound.Exploit.193 and it is a .swf file named inEt[1].swf. |
I had to use Malware bytes
see my post on the main C6%2 |
Here's a screen capture of the event - AVG v9, Windows 7, IE8.
http://i43.photobucket.com/albums/e3.../CFWarning.jpg |
Why am I NOT getting anything like this? I'm browsing the forum with google chrome, firefox, and IE7 right now. None of them are getting anything. :confused:
I'm also browsing through a proxy server/firewall. Maybe that has something to do with it?? |
| All times are GMT -4. The time now is 05:52 AM. |
© 2024 MH Sub I, LLC dba Internet Brands