Virus?

Viewing 35 reply threads
  • Author
    Posts
    • #30417
      Tinbender
      Participant
        • Offline

        I just installed Firefox on the home computer because every time I go here on IE my antivirus deletes a virus!

      • #33318
        RichWaugh
        Participant
          • Offline

          I dunno what that is all about, Tin.  I just opened CTOA under IE (I normally use Firefox) and didn't see any problems.  I run Microsoft Security Essentials for my antivirus program.

        • #33319
          Bob Rooks
          Participant
            • Offline

            I'm running Norton 360 at home and AVG at the cabin and both detect and block root toolkit attacks from the home page but not the forums page. Hal needs to address this soon. I would hate to see another evolution of CTOA.

            Account deleted.

          • #33320
            Tinbender
            Participant
              • Offline

              I too am running Microsoft security essentials and it is detecting and removing the problem from the home page. Security essentials seems to work quite well on this computer running 7 but can't seem to find anything ( at least before it's too late) at the shop on XP.  There I'm running Panda cloud antivirus and Malware bytes anti-malware and only use Firefox or Chrome. I've been targeted there so many times I can't count, and I suspect it's because my company is incorporated. I've heard that's becoming more common, and the attacks are coming mostly from China.

            • #33321
              Bob Rooks
              Participant
                • Offline

                 This is a screenshot showing who the purported attacker is, or at least the fake address they used.

                Well that didn't work. Thought you could “Paste from Word”!

                Account deleted.

              • #33326
                ronjin
                Participant
                  • Offline

                  I have gotten several hits when logging in the past several days.  Security Essentials took care of them.  Today I got one classified as Severe.

                  I sent a PM to Hal asking him to check it out.

                  RonJ

                  ronjin

                • #33327
                  cjimmybond
                  Participant
                    • Offline

                    yep i getting the same.

                  • #33330
                    CTOA
                    Keymaster
                      • Offline

                      I am aware of this problem, having troubles fixing it/locating the problem. If any of you have details please post here. I do no believe it is doing anything other then attempting to redirect. Probably hidden in a IFRAME, but not able locate it.

                       

                      I do have a security firm looking into it too, sorry guys, doing the best that I can. readin

                      CTOA - Founder

                    • #33335
                      biggerten
                      Participant
                        • Offline

                        Malware Bytes log report from last night (I don't know what it means, hope it helps)-

                        15:55:17 Owner MESSAGE Protection started successfully
                        15:55:22 Owner MESSAGE IP Protection started successfully
                        19:43:57 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54748, Process: iexplore.exe)
                        19:44:21 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54784, Process: iexplore.exe)
                        19:44:21 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54785, Process: iexplore.exe)
                        19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54816, Process: iexplore.exe)
                        19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54817, Process: iexplore.exe)
                        19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54818, Process: iexplore.exe)
                        19:46:22 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54819, Process: iexplore.exe)
                        19:46:30 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54825, Process: iexplore.exe)
                        19:46:30 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54826, Process: iexplore.exe)
                        19:47:10 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54836, Process: iexplore.exe)
                        19:47:18 Owner IP-BLOCK 95.163.66.209 (Type: outgoing, Port: 54843, Process: iexplore.exe)

                      • #33336
                        Tinbender
                        Participant
                          • Offline

                          My irony is I'm worried about all the attacks at work and reading about corporations all across America being targeted from somewhere in China, and I'm using an Anti-virus named Panda hmmmroflmao

                        • #33313
                          CTOA
                          Keymaster
                            • Offline

                            The security firm informed me that have found and removed the problem. However, they ask to please verify that. If anyone is still getting any warning on the CTOA website please post it here as soon as possible.

                             

                            Again, effective 2:24pm central standard time on Oct. 10, 2011 the issue is believed to have been removed. yell

                            CTOA - Founder

                          • #33338
                            Bob Rooks
                            Participant
                              • Offline

                              Just got this at 1:04 PDT from AVG:

                               

                              The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

                              URL: kiranaytli.345.pl/iframe.php?id=2b8325qvzjut0iv8b87u9nlxnan0kpc
                              Name: Blackhole Exploit Kit (type 2060)

                              Account deleted.

                            • #33340
                              CTOA
                              Keymaster
                                • Offline

                                Is it possible that the page was not refreshed from your last visit to the site? I cleared out all cookies too on my end and closed out my browser then tried and didn't see anything, but again, it has been a strange problem that doesn't show itself up every single time.

                                Also, I have only had the problem with my IE8 not with Firefox. punch

                                CTOA - Founder

                              • #33341
                                SpringValley
                                Participant
                                  • Offline

                                  Biggerten,  that message is telling you that your system it trying to send data to an IP in Moscow. I would say that you have a problem.

                                  And Microsoft wonders why the popularity of Windows keep dropping off. roflmao

                                  Those corporate breakins, the law enforcement agencies in the south east and BART (Bay Area Rapid Transit) that were broken into were all Windows based.  In all fairness the bargain hosts no matter what they use have very lacking security.    

                                  I don't see any of the problems reported by others but again I don't use Windows so a Windows root kit has no effect.  neener 

                                • #33342
                                  Bob Rooks
                                  Participant
                                    • Offline

                                    Rebooted and all appears to be ok now.

                                     

                                    @Larry: Are you running a Mac or do you use a different OS?

                                    I'm using a tethered phone at the cabin for my hotspot. No other choices except $atellite.

                                    Account deleted.

                                  • #33344
                                    SpringValley
                                    Participant
                                      • Offline

                                      Bob, at my desk I have two computers
                                      that I can switch via KVM. One runs pclinux OS. The other is an
                                      iMac. When I got the iMac I loaded parallels on it an sucked a
                                      whole Windows machine contenst including operating system inside the
                                      Mac. I could then run Windows inside the Mac if I needed to. It
                                      actually runs better and faster than on its own. However, I have not
                                      fired up the Windows side of things in a long while as I simply have
                                      not needed it for anything. I do run Mac scan on the Mac every couple
                                      of days. All it ever finds are not problems other than advertisers
                                      tracking cookies which it deletes.

                                      On my netbook and notebook I use
                                      Ubuntu. That works very well.

                                      I use my cell phone as a hotspot all
                                      the time with my netbook. It works great.

                                      I used many operating systems including
                                      Windows for years. But with Windows I came to the conclusion that
                                      they are never going to get the issues solved. With each new version
                                      they seem to reintroduce security problems that they already solved
                                      in the past versions. Rather than fix the security issues they
                                      release a malicious software removal tool. I think a better approach
                                      would be to address the problem of how the malicious software got on
                                      the computer in the first place. For me enough was enough.

                                      –>

                                    • #33349
                                      pepage
                                      Participant
                                        • Offline

                                        I have been using Ubuntu (linux) for years with no problems. My only complaint is I have to keep a Windows box for Turbotax, ISP support, etc.

                                      • #33350
                                        SpringValley
                                        Participant
                                          • Offline

                                          pepage, if you are talking about a couple of apps you could run them inside a virtual box.  I have not played with that on Ubuntu.  The virtual box on pclinuxos works well to run windows apps.  Larry

                                        • #33358
                                          pepage
                                          Participant
                                            • Offline

                                            Larry,

                                            When I say “Windows box” I am talking about a cheap desk top computer i.e. two computers.

                                            My guiding principle today is KISS. In the past I have use System Commander to create two DOS disks, one for online use and one for offline use but later found out that all I had to do was delete one file and both DOS disks could be seen. Today I use a notebook with Ubuntu ( w/o Wine) for online activity and a desktop with Windows that I only go to trusted sites for security. My feeling is that you trust only hardware with Windows, not software. And since you did not ask, I am not a fan of “CLOUD” computing.

                                          • #33363
                                            SpringValley
                                            Participant
                                              • Offline

                                              That's smart.  Cloud computing is the biggest risk to security known to man.  On my new smart phone there is an application called backup tool that backs up my data in the cloud.  It does not tell me where exactly it is being backed up, who has access to it or anything else.  There is no way I will use it.  

                                            • #33365
                                              Bob Rooks
                                              Participant
                                                • Offline

                                                It's still happening to me:

                                                 

                                                URL: ikran2012.in/main.php?page=00e03d09ee7a506d
                                                Name: Blackhole Exploit Kit (type 1889)

                                                Account deleted.

                                              • #33369
                                                SpringValley
                                                Participant
                                                  • Offline
                                                • #33370
                                                  Bob Rooks
                                                  Participant
                                                    • Offline

                                                    And again:

                                                    URL: ncghg.ce.ms/showthread.php?t=72291731
                                                    Name: Blackhole Exploit Kit (type 2061)

                                                    Account deleted.

                                                  • #33372
                                                    ronjin
                                                    Participant
                                                      • Offline

                                                      I got it too and sent another Email to Hal

                                                      RonJ

                                                      ronjin

                                                    • #33373
                                                      Bob Rooks
                                                      Participant
                                                        • Offline

                                                        Just got another. It isn't fixed yet.

                                                        Account deleted.

                                                      • #33374
                                                        RichWaugh
                                                        Participant
                                                          • Offline

                                                          I'm not seeing that, but I use Firefox and my bookmark for this site is set to the forum page, not to the main page,so I rarely see that page, if ever.

                                                        • #33375
                                                          CTOA
                                                          Keymaster
                                                            • Offline

                                                            Sorry guys, again, please post as much detail about what warnings you may still be getting.

                                                            Be sure you have cleared your browser history and cookies too just in case the website was cached and that is causing the issue to still appear.

                                                             

                                                            Anyone got ideas, I am alwasy open to them. I do however have a tech firm searching for and trying to fix any issues. They have done well in the past, and I have trust in them currently too! hailking

                                                             

                                                            It is a company called http://www.wewatchyourwebsite.com/ for those that also may have ever had issues with a site you have hosted somewhere.

                                                            CTOA - Founder

                                                          • #33387
                                                            pepage
                                                            Participant
                                                              • Offline

                                                              Tomorrow you should be able to download the newest version of Ubuntu, 11.10. Its free, uses firefox and can dual boot with Windows.

                                                              http://www.ubuntu.com/ubuntu

                                                            • #33604
                                                              Bob Rooks
                                                              Participant
                                                                • Offline

                                                                The attacks are back more serious than before. For me anyway.

                                                                Account deleted.

                                                              • #33605
                                                                Bert
                                                                Participant
                                                                  • Offline

                                                                  Yesterday (November 3rd), my McAfee antivirus software blocked access to the site because of a virus and today it seems to be okay.

                                                                • #33606
                                                                  Little_Grizzly
                                                                  Participant
                                                                    • Offline

                                                                    It's strange and a little disturbing that I've never had my AV software say a peep about this site.  Both at home and at work (different operating systems, different browsers and different AV software).  I'm not at all saying it's not there but quite the opposite.  It seems to be getting through unnoticed!  What is the effect of this virus?

                                                                  • #33607
                                                                    Bob Rooks
                                                                    Participant
                                                                      • Offline

                                                                      Now it’s totally blocking the site.
                                                                      “Mass lframe injection attack 2”
                                                                      Can’t go on like this.

                                                                      Doing this via phone.

                                                                      Account deleted.

                                                                    • #33608
                                                                      SpringValley
                                                                      Participant
                                                                        • Offline

                                                                        I will dig around a little to see what I can find out about the site and security.

                                                                      • #33612
                                                                        Bob Rooks
                                                                        Participant
                                                                          • Offline

                                                                          Well I hope Hal can do somethig about it. I can’t do much on my end.

                                                                          Account deleted.

                                                                        • #33646
                                                                          CTOA
                                                                          Keymaster
                                                                            • Offline

                                                                            I believe we have cleaned up the issues. If anything shows up please post it or email me about it a.s.a.p.

                                                                            The site has been checked and rechecked and additional security measures to prevent sql interjecions etc.. have been implemented on the site server.

                                                                            Some of these security issues may cause other issues, but I have not noticed them yet.

                                                                            I do the best I can..hope everyone understands!

                                                                            CTOA - Founder

                                                                          • #33649
                                                                            Little_Grizzly
                                                                            Participant
                                                                              • Offline

                                                                              I never experienced any problems until the site went down.  But we do appreciate the hard work it takes nowadays to keep a site running. hailking

                                                                          Viewing 35 reply threads
                                                                          • You must be logged in to reply to this topic.