Archive for myfreeforum.org Before posting please check the "stickies" in the support forums.
Please ask questions in real English and not "txt". You will get a better response.
Please do not ask support questions via PMs.
 

The free forums are now under new ownership, a full announcement will be made shortly

       myfreeforum.org Forum Index -> My Fried Forum
24Camshaft24

Major Virus Threats!

PLEASE ENTER THE FOLLOWING>>>>


Enter your myff forum url here (or link to your specific problem) : http://sunsetracing.myfreeforum.org/


Please indicate keywords you have searched on: Virus


Now ask your question in clear English without "txt" speak>>>>


I believe that someone has somehow installed a virus onto my forum. Earlier today, someone posted a link to a website, and someone said they had clicked on it and his virus protection had caught a few viruses. Since then, that link has been taken down, but it was made on this page... http://sunsetracing.myfreeforum.org/ftopic8-0-asc-15140.php . Now, a virus seems to have spread all over the place. I have had 4 trojans attack me today while on the forum, and my computer is continuing to block more. There are pop-ups when I click on different tabs, and sometimes when I go to my Private Messages, I get viruses attempting to attack my computer. I am not the only one having these problems. Three other people on the forum are saying they are getting viruses from the site now.

One member claims he has one of the best virus protections, and these are the errors/viruses that he is getting


--------------------------------------------------------------------------------

HERE IS YOUR PROBLEM!!  MY CISCO SECURITY AT CAT BLOCKED THIS FROM OUR WEBSITE OR SUNSET FORUM....

The process C:\WINDOWS\explorer.exe is attempting to modify the registry key \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Office Excel\shell\edit\command\. Do you wish to allow this?

Troj/Agent-HFZ 9 1 Troj/Agent-HFZ  
Troj/Agent-HGT 10 1 Troj/Agent-HGT

12/20/2008 7:29:48 PM: The current application 'C:\WINDOWS\system32\rundll32.exe' (as user MW\mossshop) attempted to execute the new application 'C:\Documents and Settings\mossshop\Application Data\MySpace\IM\bin\Uninstall.exe'. The operation was denied.



-------------------------------------------------

There are just millions of corrupted files in the last 5 minutes on this mainframe.... im checking the log for ANYTHING that says sunset....

This either happens when a process uses self-modifying code or when a process has been subverted by a buffer overflow attack. The operation was allowed by a rule (rule defaults).","HACL_OVERFLOW_MONITOR","","C:\Documents and Settings\mossshop\Application ",,,2695,,,,"MW\mossshop",,"(t-1229606519 n-310817600 z--21600.php?mode sc-13 dm-1 dc-7 cd-551 p*(i-2695 i-3 i-0 w-C:\Documents%20and%20Settings\mossshop

-------------------------------------------------------


This is getting really hard to find this crap....

'C:\Program Files\Internet Explorer\IEXPLORE.EXE is attempting to invoke an install program. Are you intentionally installing/uninstalling software?' The user was queried and a 'No' response was received.","ACL_QUERY_RSP","","C:\Program Files\Internet Explorer\IEXPLORE.

This is what keeps popping up in the log everytime I log into sunset racing..???  I really have no friggin clue what this is..

----------------------------------

I use both IE and Firefox. Firefox is fine. IE won't let me load any my fan forum websites for sexual, drug, humping, nude, and other various issues.

-----------------------------------


The attempted access was a write (operation = Troj/Agent-HFZ 9 1 Troj/Agent-HFZ  
). The operation was denied. C:\WINDOWS\explorer.exe' has triggered too many log records in the last few minutes. N4b0rqHaxhn*xb0H*d a-CreateFileW i-25491268


------------------------------------------




More and more issues are popping up for our users, and I dont know what to do. Last week, someone threatened to "hack" our forum, and I know I shouldnt say that word, but that is what they threatened. Could it have anything to do with it? People are saying it is getting blocked for reasons such as Nudity and Porn, and I have no idea why.






Could you please help us out, this is a BIG problem...




24Camshaft24   admin of Sunset Racing.
CodyT07

can you pm me the link that was posted?

Never trust a download like that, even if he/she is a trusted member they can inadvertent have a virus on the file.

Quote:

I believe that someone has somehow installed a virus onto my forum

They didn't install a virus on your forum when people go to it, you had to have clicked the link and downloaded the file. If they could easily add a virus like that, this would be more widespread.

Quote:

One member claims he has one of the best virus protections, and these are the errors/viruses that he is getting

No suck thing buddy, every AV has its problems can do 'funny' things.

Your best bet is to COMPLETELY reinstall the Windows Operating System you CANNOT trust a compromised system, even if you think it is clean their lays a chance it is still compromised.
24Camshaft24

I never opened up the link, this is what I dont get. Only the person that said it had a virus opened up the link, and then he told everyone else not to. Ever since I ran all my virus scans again, and Windows Defender, and deleted all the trojans that were installed onto my computer, things have gone back to normal for me. Noone on the forum is complaining anymore, and it is running just like normal now.

I am honestly stumped.

Freak Occurance?
24Camshaft24

I dont know the link to the site that had the original viruses on, only the one member that opened it up does. I will have to ask him, but will not get a response until tomorrow...
myff admin

You can't post a virus on a forum.

Possibly someone posted a link to something bad, but that is all.

Virus checkers are actually not very good at all at detecting malware, if people are using unpatched software or downloading malware from bad links then they will get infected even if they are running virus checkers.
Bravo

Don't download anything unless you completely trust the source.

A common scenario is on Facebook, one of your friends 'sends' you a video (most often they have sent you nothing, just some application has sent itself).  You click on the video to view it, it says 'oh you don't have the codec to view it, click here to download the codec'.  Next thing you know your computer is doing very strange things and is infected to hell.

So, I say again:

Don't download anything unless you completely trust the source.
myff admin

It is not even just trusting the source. e.g. I trust Graham he is in I.T. and emails me a lot. But if I got a download link from him I still would still as a rule not open it if it was a type that could be a virus. email addresses can be forged or his machine may have been infected.

You really have to be paranoid about these things.
Bravo

That is true, an email attachment is a source I would not trust if it didn't relate to the email, or if it was something I wasn't expecting.

If you get the choice to run or save an exe file, save it first, scan it, then if you are sure, run it.

There are a lot of good things to get from the internet by downloading, to never download is ultimately the safest way of course (though unrealistic), just take the extra steps to keep careful.
myff admin

Unless a .exe is something I am explicitly expecting I will not run it EVER.

Scanning is not a good method of determining safety. All a scan can do is verify something is dangerous. A clean scan does not mean a clean file and I am not taking an error rate of 1% or even 10% tests have shown that scanners are woefully poor at detecting current threats. They may be able to claim 99.9% detection rates but that is a false hood. e.g. if you can detect every virus current in the last 999 weeks, but have no clues about this weeks crop then your product can claim 99.9% but actually be 100% useless!
Daniel(u1bd2005)

Viruses are being written all the time, all it takes is a new virus to bypass your scans before it is added to their anti-virus software virus database though an update and you'll be infected.

I update my AVG every day and scan everything I download, but I still wouldn't open an email attachment unless i was expecting it, even then I still scan it.

I have to admit I do push my luck with the amount of stuff I download, have had a few problems, but nothing to major since i switched from Norton to AVG.

Few weeks ago I had a fake trojan pop up and try to get me to purchase their own software to remove it.

AVG wouldn't detect it as it wasn't actually real, it just popped up saying "Trojan Detected: download some sort of software bla bla bla." everytime i restarted my computer or every 15/20 minutes.

I found the actual file, it had disguised itself in the google app data folder, it wouldn't let me delete it though as it was running in the background, but it wasn't running in the processes in the task manager so I had to download some software called KillBox (came reccomended by a friend) and I scanned and run that software) then selected the file and deleted it upon startup to get rid of it completely.

Then just for safety measures I changed any of my passwords of the things I had used recently.

Computer is fine though now.

I run regular comuter scans too.
24Camshaft24

Well, I was just reading through our Random Discussion, trying to figure out if anyone is still having issues. Of the few people on right now, one of the members is still having issues. When I am viewing new pages, I am getting pop-ups. We havent downloaded anything, so we ar trying to come up with a reasonable explanation as to why this might be happening.


1) All of the people having issues, including myself, are using Internet Explorer. We did some research, and Internet Explorer has had a major security issue within the last week. http://www.clipsandcomment.com/20...icrosoft-has-been-trying-to-hide/

=================================

"A malignant security flaw found in all versions of Microsoft’s Internet Explorer browser has yet to be fixed, and the problem is spreading. Microsoft detailed the flaw in a security update blog post six days ago. Since then, the problem has spread across the globe, hitting at least 2 million computers.

Unlike other computer exploits, this one does not require users to click on fishy links or download mysterious software: it plagues computers that simply open an infected Web page.

Internet Explorer is currently used by 69 percent of Web surfers. The flaw hides inside the data binding function of the browser and causes IE to quit unexpectedly and reopen vulnerable to prying eyes. — Brennon Slattery, PC World"

=================================








I think that is the problem right there. Someone on our forum looked up the trojans he was recieving, and it turns out that the trojan can be spread through pictures. One of the main parts of our forum is Nascar Pictures, and I think that one of these images could have contained a virus, and then when the Internet Explorer users viewed the page, we were infected. A very possible explanation....?
myff admin

My understanding of the ie threat was not that is could be spread via pictures. Some old threats could be. This one though I thought would need a posted to post a frame/iframe.

For that to happen you have to have specifically allowed that in your allowed html tags. If you have * for all tags then frames are barred as they are a security risk.
24Camshaft24

Hmm.

Well I have switched to a new Web Browser, Rogers Yahoo, and have been on my forum for about 15 minutes and not had any problems... *knocks on wood*

       myfreeforum.org Forum Index -> My Fried Forum
Page 1 of 1
Create your own free forum | Buy a domain to use with your forum