Virus on Forum

[countryslim]

Quote:

Originally Posted by kneukm03

The big problem would be finding them. I would bet a lot of money they aren't in the United States. Most of this junk comes from Russia, China, etc. - if they were here, I wouldn't just sue them - I could get them thrown in jail.

Nonsqtr, it sounds like you are still seeing it. Was it still trying to install something when you made this post, or are you talking about stuff you saw earlier? If you can verify that it would be very helpful.

I run IE and had an "attack" here one night and had everal active x controls downloaded without my knowledge.. I Believe it was due to a trojan I picked up that kept re-setting my Cookie slider to 0 as soon as I rebooted, I could check my settings .. I chased the programs down with a program called HijackFree that shows all the processes and hidden files that auto run..I printed a list of Infections out and I'll post them as soon as I find them.

There were a couple of programs.. Speed monitor installed itself here and I caught so many popups my machine locked up...


this is an Excellent Freeware version for advanced users. I used it to find my Infections and remove them... GREAT online support! check the system requirements first before downloading.. I'm not sure if it will work on ME or 98, but I know it works well with XP.


a-squared HiJackFree

Quote:

a-squared HiJackFree Feature Overview
Running Processes

Like the Windows Task Manager, the a-squared HiJackFree Processes section lists all running processes. But additionally it shows tons of useful information at the details pane. File properties, loaded modules, online information and process details that indicate whether the program runs as a service, was started by an autorun entry or opens TCP and UDP ports.

Open Ports

The Ports section of a-squared HiJackFree shows all local open ports. An open port means that there is a process running which listens on the port number for input from outside.

The Ports Manager shows also the processes which listens on the ports so you can quickly see which processes must be shut down to close a specific port. You can kill a process and put it to quarantine for a later restore if needed.

Autoruns

View and edit all autorun entries. More than 30 different autorun locations are displayed and can be edited as well. Beside the default registry autoruns of the current user (HKCU) and all users (HKLM), a-squared HiJackFree also shows autoruns in files like win.ini, system.ini, autoexec.bat and config.sys. Additionally it lists all programs which are automatically run by the autorun start menu folder.

Autoruns can be deactivated temporarily or removed permanently.

The tricky autoruns cover all locations of the registry which are not mainly used to autorun files, but can also be used to start processes like the default screensaver path and others.

Services

With the included Service Manager you can easily see which services are installed and started. Additionally to the Windows Service Manager it shows the full path to the executable service file in the list to help identifying potential harmful services quickly. It also lists services that are not shown in the Windows Service Manager

Others
Explorer- and Browser-Addons

The Addons section of a-squared HiJackFree allows you to view and edit plugins and addons of the Windows Explorer and Internet Explorer. Addons are mainly Browser Helper Objects (BHOs) which extend the functionality of the browser or additional Toolbars.

LSP Protocols
The LSP section shows all installed Layered Service Providers which are some kind of network drivers. Some spywares use LSPs to place ads on transferred website files you view with your browser.

Hosts File

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS.

You can use the Hosts file to redirect ad network server names to localhost to avoid ads on websites. Another 'feature' of the Hosts file is used by worms. Many of them use that file to redirect all requests to websites of Antivirus companies to localhost to avoid removal of the worm.

Active-X
The Active-X section shows all installed Active-X modules (DLLs) on the system. The list shows invalid references which can be removed.

Quarantine

When removing Malware, you may be in a situation where you are not completely sure if a program is really malicious or not. In such cases it is useful to remove a specific file or autorun, but keep a backup copy at the quarantine for a later restore. Check the "Save Backup" option when killing and removing a task at the Processes or Ports lists.

Online Analysis
The a-squared HiJackFree Online Analysis is a very powerful helper feature to see quickly which autoruns, processes, addons or open ports are harmful. You can click the "Refresh Online Data" button to get the online analysis directly at the program or you can also click the "Online Analysis" button at the right top of HiJackFree, to see a combined analysis web page. There a new brower window comes up with a detail analysis of your system configuration. The report is stored so you can also tell the web address of the report to specialists if needed.

Kneukm, I think I can send you a list of my process's that were running at the time.

[Gummer]

About 20 years ago ..... I became aware of viruses..... and other internet CRIME ...... I said then..... anyone convicted of such should be a subject of a prime time tv program ..... broadcast worldwide ..... where the convicted would be beaten to death on LIVE tv ..... why the hell aren't we doing this? Now!

[Lummy]

Trojan.Downloader.Agent.ZPD

[aintyourbusiness]

Quote:

Originally Posted by kneukm03

Using details from GoRightAndYouCan'tGoWrong, and after testing around with several computers accessing this site, I was able to get one of the computers infected with a virus from this site using Internet Explorer. So it is clear that somehow a virus is infecting people through the site.

I don't believe that this was caused by the ads on this site given what happened to the computer I infected. I think the confusion is because what hit my computer is some kind of malicious advertising software. In essence, it automatically starts sending you to its own advertisements (popups, etc.). I think this is why people were saying "the ads gave me a virus" - there is confusion about what the site's ads are. The only ads that this site recently put up were two banners. Stuff that takes you somewhere else was not part of that. What I think happened is that the ads did not give you a virus - the site has a virus that took you to a bunch of other ads.

The virus that I got was through an ActiveX control (not something the ads could run to my knowledge). I didn't have to click on an ad - it simply ran without my permission and installed itself. It only happened via Internet Explorer, and didn't happen with every computer I used.

I would be very careful visiting the site with IE. I would try Chrome or Firefox for the time being instead. If you do use IE, do not allow this site to install any ActiveX controls or other software.

Googling around based on stuff I saw, I found several other Vbulletin forums that had something like this. My theory right now is that the site itself may be infected somehow. I'm having the host look into it (they will have to scan the server). At least one other forum managed to get rid of their problem via the web host. I'm taking the ads down for now to see what happens.

Please report in this thread if you experience anything that appears to be a virus from this site. Remember, though, I need DETAILS. Saying that you got a virus or trojan horse doesn't help - I need the exact text of whatever your virus program said. The exact text of whatever ad web sites you were sent to, what the ads were for, etc. I want this to send to the web host to help them search.

I got one but seeing as it completly fucked my OS there is no text and it is from those adbrite ads other sites that have those yiled similar results. Im not at my main comptuers right for some days I will give you the PC cillin readouts from a sitet with adbrite ads and show it was them,. I haVe on machine that I dont need and can get results from surfing those sites.

[aintyourbusiness]

next time hold a fucking bake sale. There alternative to 100 dollar a year forums that really are not that less capable.

[jebe]

yes Nukem. when you were running the adds, i got nailed once like that. out of nowhere, i was on a different page. i didnt have time to identify it. i just hit the " turn off power " button. i do use IE, but my son installed some free shit off the net, that throws most of it, in a trash can, and what it cant throw, it puts in an escapeproof box. thanks fer taking down the adds. BIG QUESTION HERE! when will you have a postal mailing address, so we can mail you money orders?

[areyoushittin'me?]

So far with free AVG and using Firefox, I haven't been having problems.

[Lasher]

Quote:

Originally Posted by Gummer

Oh lord hon..... try McAfee... when i had a pc.... I bought Norton.... that pile of crap slowed my puter so much it was nearly .... unuseable... <---- is that a word?

Do you mean you don't know if a word you use is really a word? Damn, toothless old fart, you are some ignorant pussy boy, aren't you? Why not put your picture with Lasher's face on it up to show us all how witty you are?

[Lasher]

Quote:

Originally Posted by Gummer

About 20 years ago ..... I became aware of viruses..... especially the HIV..... and other STDs...... I said then..... anyone convicted of such should be a subject of a prime time tv program ..... broadcast worldwide ..... where the infected would be beaten to death on LIVE tv ..... why the hell aren't we doing this? Now!

Gosh Toothless, you mean you want to be beaten to death? Are you some sort of ultra-masochist? Are you full-blown AIDS yet? Gee old man, Lasher really feels for you, but He just can't quite reach you.

[Lasher]

Toothless old man, you really thrill the Lash when you talk tough.