Quantcast

Malware on popups?

binary visions

binary visions

The voice of reason
Jun 13, 2002
22,100
1,150
NC
Okay, in case anyone hadn't noticed, this definitely didn't go unnoticed or acted upon. It looks like whoever caused the problem that started this thread created a hole that they got into again.

The servers have been seriously locked down and we have locked down access to the admin tools by whitelisting only approved IP addresses and restricted access of the modification of any site files. We will remain in this mode until we're sure it can't happen again.

I am seriously frustrated that this occurred. Have no reason to believe the site is dangerous at this point but we'll continue to monitor. The locking down of the admin tools should prevent even other back doors from being utilized to break into the server.

Will continue to post updates as necessary. Sorry, guys. The "warning" messages aren't indicating an active threat condition, the site got blacklisted and the warning messages won't go away until the site is re-scanned, at which point it will come up clean.
 
blackohio

blackohio

Generous jaywalker
Mar 12, 2009
2,773
122
Hellafornia. Formerly stumptown.
strange enough, google redirect virus, and a few trojans popped up on my work PC lastnight. What a nightmare, They are tearing through my machine and patience.

I would highly advise anyone on here to go to emsisoft and download their anti-maleware program. MSRT (or whatever the microsoft malicious file program is and malware bytes found nothing) Rkill.exe ended the processes enough to run the emsisoft software. After quarantine and deletion of trojans and malicious files Vista boots to black screen.

2 days of working on this thing and i'm not closer than where I began. I keep snatching defeat from the jaws of victory.

Oh BV, I emailed Gabe about whereabouts of the converters and havent heard back yet :( He said he would be sending them out to me so hang in there!
 
binary visions

binary visions

The voice of reason
Jun 13, 2002
22,100
1,150
NC
Sorry, I thought the "...at this point" indicated that we had cleaned up anything found.

Still pissed this happened. :monkey:
 
-dustin

-dustin

boring
Jun 10, 2002
7,155
1
austin
can I ignore the malware warning that Safari is giving me? Don't feel like digging and looking since every click brings up the malware warning.
 
blackohio

blackohio

Generous jaywalker
Mar 12, 2009
2,773
122
Hellafornia. Formerly stumptown.
I never got asked to D/L anything, however I certainly got some malware recently, as well as those few trojans I dug out. I'll post the log of the ticks emsisoft dug out.

- not saying the malware came from here.
 
Last edited:
blackohio

blackohio

Generous jaywalker
Mar 12, 2009
2,773
122
Hellafornia. Formerly stumptown.
Trojan.Win32.Swisyn!IK
Exploit.Java.CVE!IK
Java.Trojan-Downloader.OpenConnection!IK
Trojan-Downloader.Java.OpenStream!IK
Trojan-Downloader.Java.OpenStream!IK
Java.Exploit.CVE-2010-0094!IK
Exploit.Java.CVE-2010-0094!IK
Exploit.Java.CVE-2010-0094!IK
Trojan.SuspectCRC!IK
Java.Trojan-Downloader.OpenConnection!IK

the rest of the stuff in the quarrantine log seemed to be tracking cookies
 
Last edited:
blackohio

blackohio

Generous jaywalker
Mar 12, 2009
2,773
122
Hellafornia. Formerly stumptown.
Im not really sure how I got rid of the google redirect. In the last two days i've used Malware Bytes anti-malware, emsisoft anti-maleware, RKIll, TDSSKiller, and MRT.exe from the command line. Im not sure which one killed it, but the combination of them all somehow got rid of it.

Most people seem to be able to kill it using TDSSKiller alone, however it didnt spot anyone when I used it by itself.
 
P

pillete

Monkey
Mar 25, 2005
111
0
It has been quite the battle to get rid of this nasty virus, I've tried all the software previously mentioned in this tread with no luck.
The only thing that worked for me was Hitman 3.5, the free version will do the trick, but you do have to activate it.

here is the link http://www.surfright.nl/en/downloads/

good luck guys
 
Pesqueeb

Pesqueeb

bicycle in airplane hangar
Feb 2, 2007
40,327
16,792
Riding the baggage carousel.
It is my understanding that if your still getting re-directed you need to clear your cache's and temp files.


Thanks BV for all your hard work. Being busy at work yesterday was the only thing that kept me from going through withdraws. :twitch: :panic:
 
zdubyadubya

zdubyadubya

Turbo Monkey
Apr 13, 2008
1,273
96
Ellicott City, MD
blackohio said:
strange enough, google redirect virus, and a few trojans popped up on my work PC lastnight. What a nightmare, They are tearing through my machine and patience.

I would highly advise anyone on here to go to emsisoft and download their anti-maleware program. MSRT (or whatever the microsoft malicious file program is and malware bytes found nothing) Rkill.exe ended the processes enough to run the emsisoft software. After quarantine and deletion of trojans and malicious files Vista boots to black screen.

2 days of working on this thing and i'm not closer than where I began. I keep snatching defeat from the jaws of victory.

Oh BV, I emailed Gabe about whereabouts of the converters and havent heard back yet :( He said he would be sending them out to me so hang in there!
Click to expand...

you werent kidding about emsisoft. i run both mcafee and malwarebytes regularly. but per your recommendation, downloaded and ran emsisoft's anti-malware last night and it pulled up over 100 objects. suck. thanks for the recommendation! and sure enough, some of the corrupted cookies came from this site.
 
blackohio

blackohio

Generous jaywalker
Mar 12, 2009
2,773
122
Hellafornia. Formerly stumptown.
zdubyadubya said:
you werent kidding about emsisoft. i run both mcafee and malwarebytes regularly. but per your recommendation, downloaded and ran emsisoft's anti-malware last night and it pulled up over 100 objects. suck. thanks for the recommendation! and sure enough, some of the corrupted cookies came from this site.
Click to expand...


glad it worked for you, first time I ran it Vista freaked out on reboot, ran it in safe mode and went back to a previous date. re-downloaded emsisoft and ran it, still found a gang of crap and deleted it, machines now fine.

Im totally paying for that software.
 
Routier07

Routier07

Monkey
Mar 14, 2009
259
0
My anti-virus is telling me this everytime I try to access the site...... furthereck.co.cc/couz2mzxwfed//
 
binary visions

binary visions

The voice of reason
Jun 13, 2002
22,100
1,150
NC
Routier07 said:
My anti-virus is telling me this everytime I try to access the site...... furthereck.co.cc/couz2mzxwfed//
Click to expand...
When did this start? Does it tell you anything more than that site name? Does it happen on other sites? Have you tried doing a full system scan with your antivirus?
 
Routier07

Routier07

Monkey
Mar 14, 2009
259
0
binary visions said:
When did this start? Does it tell you anything more than that site name? Does it happen on other sites? Have you tried doing a full system scan with your antivirus?
Click to expand...
Other than...

infection : URL:Mal

It started this morning but thought nothing of it and than came back from a ride and it was still warning me. Ive just finished running a full scan and everything on my end seems 110%. I can still access everything but it warns me everytime im switching pages.
 
binary visions

binary visions

The voice of reason
Jun 13, 2002
22,100
1,150
NC
All pages? Just threads? Just forums listings? Just the parent forum?

Sorry, just trying to make sure everything is 100% nailed down on our end.

edit: also, what antivirus app?
 
Routier07

Routier07

Monkey
Mar 14, 2009
259
0
I should've been more specific...hah

Its happening on every page on the site... no matter what the page is on the site my anti-virus is warning of a threat. Im using AVG and Avast and im on FireFox.
 
BadDNA

BadDNA

hophead
Mar 31, 2006
4,257
231
Living the dream.
I just started getting it again this morning BV. I wasn't on much over the weekend though.

Edit: Not every page is throwing it at me. I'll try and keep tabs on where I see it.
 

Attachments

Last edited:
binary visions

binary visions

The voice of reason
Jun 13, 2002
22,100
1,150
NC
Well effing hell, we seem to have a very persistent hacker.

I believe the root of the vulnerability that was allowing him or her in has been discovered and disabled. Please report up any issues you may find.
 
Damo

Damo

Short One Marshmallow
Sep 7, 2006
4,603
27
French Alps
I have something very different now (I also had the block which caused all of you to miss my birthday *sob*).

What I am getting is something that causes my screen to 'crack' very slightly down the middle. All text becomes misaligned. I am talking only very very slightly, it doesn't cause any significant problems, but it is just on this site. I load a page and within the first 2 seconds, I can see the two halves of the screen shift vertically.

Not sure if this is a problem, just thought you'd like to know BV....
 
Quo Fan

Quo Fan

don't make me kick your ass
Mar 31, 2006
5,909
36
Here. I'm just not sure where "here" is.
Damo said:
I have something very different now (I also had the block which caused all of you to miss my birthday *sob*).

What I am getting is something that causes my screen to 'crack' very slightly down the middle. All text becomes misaligned. I am talking only very very slightly, it doesn't cause any significant problems, but it is just on this site. I load a page and within the first 2 seconds, I can see the two halves of the screen shift vertically.

Not sure if this is a problem, just thought you'd like to know BV....
Click to expand...
Have you tried logging in sober? :D
 
You must log in or register to reply here.
Top Bottom