Forum › Forums › Site Questions and Help and Features › Virus?
- This topic has 35 replies, 11 voices, and was last updated 13 years, 1 month ago by Little_Grizzly.
-
AuthorPosts
-
-
October 8, 2011 at 9:39 pm #30417
I just installed Firefox on the home computer because every time I go here on IE my antivirus deletes a virus!
-
October 9, 2011 at 12:40 am #33318
I dunno what that is all about, Tin. I just opened CTOA under IE (I normally use Firefox) and didn't see any problems. I run Microsoft Security Essentials for my antivirus program.
-
October 9, 2011 at 1:51 am #33319
I'm running Norton 360 at home and AVG at the cabin and both detect and block root toolkit attacks from the home page but not the forums page. Hal needs to address this soon. I would hate to see another evolution of CTOA.
Account deleted.
-
October 9, 2011 at 9:11 am #33320
I too am running Microsoft security essentials and it is detecting and removing the problem from the home page. Security essentials seems to work quite well on this computer running 7 but can't seem to find anything ( at least before it's too late) at the shop on XP. There I'm running Panda cloud antivirus and Malware bytes anti-malware and only use Firefox or Chrome. I've been targeted there so many times I can't count, and I suspect it's because my company is incorporated. I've heard that's becoming more common, and the attacks are coming mostly from China.
-
October 9, 2011 at 12:49 pm #33321
This is a screenshot showing who the purported attacker is, or at least the fake address they used.
Well that didn't work. Thought you could “Paste from Word”!
Account deleted.
-
October 10, 2011 at 12:32 am #33326
I have gotten several hits when logging in the past several days. Security Essentials took care of them. Today I got one classified as Severe.
I sent a PM to Hal asking him to check it out.
RonJ
ronjin
-
October 10, 2011 at 1:52 am #33327
yep i getting the same.
-
October 10, 2011 at 6:49 am #33330
I am aware of this problem, having troubles fixing it/locating the problem. If any of you have details please post here. I do no believe it is doing anything other then attempting to redirect. Probably hidden in a IFRAME, but not able locate it.
I do have a security firm looking into it too, sorry guys, doing the best that I can.
CTOA - Founder
-
October 10, 2011 at 7:44 am #33335
Malware Bytes log report from last night (I don't know what it means, hope it helps)-
15:55:17 Owner MESSAGE Protection started successfully
15:55:22 Owner MESSAGE IP Protection started successfully
19:43:57 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54748, Process: iexplore.exe)
19:44:21 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54784, Process: iexplore.exe)
19:44:21 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54785, Process: iexplore.exe)
19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54816, Process: iexplore.exe)
19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54817, Process: iexplore.exe)
19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54818, Process: iexplore.exe)
19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54819, Process: iexplore.exe)
19:46:30 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54825, Process: iexplore.exe)
19:46:30 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54826, Process: iexplore.exe)
19:47:10 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54836, Process: iexplore.exe)
19:47:18 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54843, Process: iexplore.exe) -
October 10, 2011 at 11:32 am #33336
My irony is I'm worried about all the attacks at work and reading about corporations all across America being targeted from somewhere in China, and I'm using an Anti-virus named Panda
-
October 10, 2011 at 2:28 pm #33313
The security firm informed me that have found and removed the problem. However, they ask to please verify that. If anyone is still getting any warning on the CTOA website please post it here as soon as possible.
Again, effective 2:24pm central standard time on Oct. 10, 2011 the issue is believed to have been removed.
CTOA - Founder
-
October 10, 2011 at 3:06 pm #33338
Just got this at 1:04 PDT from AVG:
The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.URL: kiranaytli.345.pl/iframe.php?id=2b8325qvzjut0iv8b87u9nlxnan0kpc
Name: Blackhole Exploit Kit (type 2060)Account deleted.
-
October 10, 2011 at 3:24 pm #33340
Is it possible that the page was not refreshed from your last visit to the site? I cleared out all cookies too on my end and closed out my browser then tried and didn't see anything, but again, it has been a strange problem that doesn't show itself up every single time.
Also, I have only had the problem with my IE8 not with Firefox.
CTOA - Founder
-
October 10, 2011 at 3:47 pm #33341
Biggerten, that message is telling you that your system it trying to send data to an IP in Moscow. I would say that you have a problem.
And Microsoft wonders why the popularity of Windows keep dropping off.
Those corporate breakins, the law enforcement agencies in the south east and BART (Bay Area Rapid Transit) that were broken into were all Windows based. In all fairness the bargain hosts no matter what they use have very lacking security.
I don't see any of the problems reported by others but again I don't use Windows so a Windows root kit has no effect.
-
October 10, 2011 at 3:53 pm #33342
Rebooted and all appears to be ok now.
@Larry: Are you running a Mac or do you use a different OS?
I'm using a tethered phone at the cabin for my hotspot. No other choices except $atellite.
Account deleted.
-
October 10, 2011 at 4:34 pm #33344
Bob, at my desk I have two computers
that I can switch via KVM. One runs pclinux OS. The other is an
iMac. When I got the iMac I loaded parallels on it an sucked a
whole Windows machine contenst including operating system inside the
Mac. I could then run Windows inside the Mac if I needed to. It
actually runs better and faster than on its own. However, I have not
fired up the Windows side of things in a long while as I simply have
not needed it for anything. I do run Mac scan on the Mac every couple
of days. All it ever finds are not problems other than advertisers
tracking cookies which it deletes.On my netbook and notebook I use
Ubuntu. That works very well.I use my cell phone as a hotspot all
the time with my netbook. It works great.I used many operating systems including
Windows for years. But with Windows I came to the conclusion that
they are never going to get the issues solved. With each new version
they seem to reintroduce security problems that they already solved
in the past versions. Rather than fix the security issues they
release a malicious software removal tool. I think a better approach
would be to address the problem of how the malicious software got on
the computer in the first place. For me enough was enough.–>
-
October 10, 2011 at 7:13 pm #33349
I have been using Ubuntu (linux) for years with no problems. My only complaint is I have to keep a Windows box for Turbotax, ISP support, etc.
-
October 10, 2011 at 10:30 pm #33350
pepage, if you are talking about a couple of apps you could run them inside a virtual box. I have not played with that on Ubuntu. The virtual box on pclinuxos works well to run windows apps. Larry
-
October 11, 2011 at 11:45 am #33358
Larry,
When I say “Windows box” I am talking about a cheap desk top computer i.e. two computers.
My guiding principle today is KISS. In the past I have use System Commander to create two DOS disks, one for online use and one for offline use but later found out that all I had to do was delete one file and both DOS disks could be seen. Today I use a notebook with Ubuntu ( w/o Wine) for online activity and a desktop with Windows that I only go to trusted sites for security. My feeling is that you trust only hardware with Windows, not software. And since you did not ask, I am not a fan of “CLOUD” computing.
-
October 11, 2011 at 1:20 pm #33363
That's smart. Cloud computing is the biggest risk to security known to man. On my new smart phone there is an application called backup tool that backs up my data in the cloud. It does not tell me where exactly it is being backed up, who has access to it or anything else. There is no way I will use it.
-
October 11, 2011 at 4:05 pm #33365
It's still happening to me:
URL: ikran2012.in/main.php?page=00e03d09ee7a506d
Name: Blackhole Exploit Kit (type 1889)Account deleted.
-
October 11, 2011 at 8:30 pm #33369
-
October 11, 2011 at 8:36 pm #33370
And again:
URL: ncghg.ce.ms/showthread.php?t=72291731
Name: Blackhole Exploit Kit (type 2061)Account deleted.
-
October 12, 2011 at 2:09 am #33372
I got it too and sent another Email to Hal
RonJ
ronjin
-
October 12, 2011 at 6:02 am #33373
Just got another. It isn't fixed yet.
Account deleted.
-
October 12, 2011 at 9:59 am #33374
I'm not seeing that, but I use Firefox and my bookmark for this site is set to the forum page, not to the main page,so I rarely see that page, if ever.
-
October 12, 2011 at 10:49 am #33375
Sorry guys, again, please post as much detail about what warnings you may still be getting.
Be sure you have cleared your browser history and cookies too just in case the website was cached and that is causing the issue to still appear.
Anyone got ideas, I am alwasy open to them. I do however have a tech firm searching for and trying to fix any issues. They have done well in the past, and I have trust in them currently too!
It is a company called http://www.wewatchyourwebsite.com/ for those that also may have ever had issues with a site you have hosted somewhere.
CTOA - Founder
-
October 12, 2011 at 9:03 pm #33387
Tomorrow you should be able to download the newest version of Ubuntu, 11.10. Its free, uses firefox and can dual boot with Windows.
-
November 4, 2011 at 3:29 am #33604
The attacks are back more serious than before. For me anyway.
Account deleted.
-
November 4, 2011 at 8:10 am #33605
Yesterday (November 3rd), my McAfee antivirus software blocked access to the site because of a virus and today it seems to be okay.
-
November 4, 2011 at 11:44 am #33606
It's strange and a little disturbing that I've never had my AV software say a peep about this site. Both at home and at work (different operating systems, different browsers and different AV software). I'm not at all saying it's not there but quite the opposite. It seems to be getting through unnoticed! What is the effect of this virus?
-
November 4, 2011 at 12:10 pm #33607
Now it’s totally blocking the site.
“Mass lframe injection attack 2”
Can’t go on like this.Doing this via phone.
Account deleted.
-
November 4, 2011 at 1:07 pm #33608
I will dig around a little to see what I can find out about the site and security.
-
November 5, 2011 at 1:38 am #33612
Well I hope Hal can do somethig about it. I can’t do much on my end.
Account deleted.
-
November 10, 2011 at 6:21 pm #33646
I believe we have cleaned up the issues. If anything shows up please post it or email me about it a.s.a.p.
The site has been checked and rechecked and additional security measures to prevent sql interjecions etc.. have been implemented on the site server.
Some of these security issues may cause other issues, but I have not noticed them yet.
I do the best I can..hope everyone understands!
CTOA - Founder
-
November 11, 2011 at 10:04 am #33649
I never experienced any problems until the site went down. But we do appreciate the hard work it takes nowadays to keep a site running.
-
-
AuthorPosts
- You must be logged in to reply to this topic.