Jump to content

Site tried to download files this morning


Guest m&pc9

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Guest Drewsett
In the ballpark but it's not exactly how this happened. This isn't exactly my first rodeo either, it just the first time lately that the bull got me instead of the other way around. It's SOP for me to use lockdown docs like that anytime I install an app. We weren't quite 0-Day with this one, but it happened within the first six days of the exploit going wild.

It did hit us rather fast. That's what made me worry initially that we were being targeted specifically. I wasn't trying to imply you don't know your stuff, you're far beyond where I am now. I got out of the game for a couple of years and when I tried to get back in everything had changed so much that I don't really even bother anymore. I do know though that occasionally the right comment from someone can get the 'ol gears to turning and help me to see something I missed or dismissed initially.

If my comment referencing telnet doesn't show you how dated my knowledge is then how about this one....

the last programming language I mastered was C. Not C++. C.

LMAO

Keep up the good work.

Link to comment
  • Administrator
It would appear to be fixed now. I didn't want to post this considering the way the last thread ended when I "conjectured" as to the problem, but if you use Open X for your ads (which almost everyone does these days) you might find this pertinent.

BTW, you'll find this humorous. I found it elsewhere on a blog where the guy was talking about similar issues...

opensource1.png

http://www.generationmediagroup.com/blog/openx-malware-fix-suspected-attack-site/

I know the guy's pain.

Link to comment
Guest Drewsett
BTW, you'll find this humorous. I found it elsewhere on a blog where the guy was talking about similar issues...

opensource1.png

OpenX Malware, Fix “Suspected Attack Site” | Generation Media Group

I know the guy's pain.

The only thing that would make it funnier is if OpenX was a Google product.

...or perhaps for a more sinister thought, maybe Google was behind the hack in order to push everyone to use Adsense

Link to comment
  • Administrator
It did hit us rather fast. That's what made me worry initially that we were being targeted specifically. I wasn't trying to imply you don't know your stuff, you're far beyond where I am now. I got out of the game for a couple of years and when I tried to get back in everything had changed so much that I don't really even bother anymore. I do know though that occasionally the right comment from someone can get the 'ol gears to turning and help me to see something I missed or dismissed initially.

If my comment referencing telnet doesn't show you how dated my knowledge is then how about this one....

the last programming language I mastered was C. Not C++. C.

LMAO

Keep up the good work.

Nah, didn't mean to come off like that. Just saying it sounds like you and I are on equal footing with our understanding of how this crap happens. I've got Openx locked down so tight it squeaks now... which is going to make it really difficult on me over time just doing admin tasks, but I simply don't trust it any other way at this point. I'm looking at some other alternatives now.

Link to comment

FWIW, I use W 7 and IE8 on this particular laptop.I don't have IE locked down very tight because I have to dl certain data files from a couple of sites. This AM I noticed some pretty flaky OS issues so I shut down and did a bootscan with Avast. I found 3 java malware exploits.

Don't know if it's related, but I thought I'd share.

Link to comment
  • Administrator
FWIW, I use W 7 and IE8 on this particular laptop.I don't have IE locked down very tight because I have to dl certain data files from a couple of sites. This AM I noticed some pretty flaky OS issues so I shut down and did a bootscan with Avast. I found 3 java malware exploits.

Don't know if it's related, but I thought I'd share.

Being that it was Java related, it probably was. Sorry about that.

Link to comment

I've gotten a Google Redirect Virus ever since the site came up harmful. Still can't get it off my computer. I downloaded Firefox and it worked fine for a day until I searched for TGO and clicked on the link. Now Firefox also has a redirect virus that sends me to random sights when I click search links.

Link to comment
I've gotten a Google Redirect Virus ever since the site came up harmful. Still can't get it off my computer. I downloaded Firefox and it worked fine for a day until I searched for TGO and clicked on the link. Now Firefox also has a redirect virus that sends me to random sights when I click search links.

Do a bootscan with your AV software. It should take care of it.

Link to comment
  • Administrator
I've gotten a Google Redirect Virus ever since the site came up harmful. Still can't get it off my computer. I downloaded Firefox and it worked fine for a day until I searched for TGO and clicked on the link. Now Firefox also has a redirect virus that sends me to random sights when I click search links.

ESET - Antivirus Software with Spyware and Malware Protection

I'd recommend downloading a free copy of ESET NOD32 and using it to scan your computer. Or do a search on Google for Malwarebytes and use that. Both of these work remarkably well.

Link to comment
Guest Lester Weevils

Mac Safari is not giving the warning tonight.

It was about time anyway, am doing full AVG scans in safe mode on the two PC's that have been up in the last few days.

During the last few days was accessing TGO on a Unbuntu virtual machine running under Mac VMWare Fusion. With site-blocking turned off. I would leave the VM running and suspend it except when visiting TGO.

This afternoon Fusion popped up a dialog "A virtual machine wants permission to monitor all network traffic". Asking for user admin password. Of course denied the request, then shut down the Ubuntu virtual machine and trashed that disk image. There were two VM's running, the Ubuntu and a Vista. The dialog did not say which virtual machine was asking to monitor all network traffic.

Dunno if it has anything to do with TGO. Am only reporting because have never seen that dialog ever before. Didn't even know that virtual machines can request to monitor all network traffic, or what that even means in this context. Dunno if whatever kind of malware that could possibly have been propogated by the ads would be smart enough to try whatever it seemed to be trying to do.

As an aside, I downloaded a newer Ubuntu 10.04 VM this evening and it works OK, but when I tried to sign in to TGO with user name and password, TGO reported incorrect user name and password. Weird. It is probably some kind of wrong setting in this newer Ubuntu Firefox. Not likely TGO's fault. Only mentioning it in case anyone has ever had linux Firefox incorrectly sign on to TGO because of incorrect user name + password.

Link to comment
ESET - Antivirus Software with Spyware and Malware Protection

I'd recommend downloading a free copy of ESET NOD32 and using it to scan your computer. Or do a search on Google for Malwarebytes and use that. Both of these work remarkably well.

Malwarebytes is on my computer already. It won't load...hour glass comes one for a couple seconds and that's it. This is something that other people had a similar problem with when dealing with the redirect virus...it prevents some malware removal software from opening....I tried it in safe mode too with no luck. AVG doesn't pick it up. I'll try the antivirus you have recommended and see if I have any luck.

Link to comment
Malwarebytes is on my computer already. It won't load...hour glass comes one for a couple seconds and that's it. This is something that other people had a similar problem with when dealing with the redirect virus...it prevents some malware removal software from opening....I tried it in safe mode too with no luck. AVG doesn't pick it up. I'll try the antivirus you have recommended and see if I have any luck.

Try renaming the Malware Bytes executable (not the shortcut).

Link to comment

you have that Google head up the a$$ thing going on and while I appreciate the frustration I'm wondering if Google wasn't right in this whole thing. Give us the lowdown, should we trust Google or not?

Link to comment
Try renaming the Malware Bytes executable (not the shortcut).

I bought the ESET NOD32 Monday and it fixed some of the issues but I have still got something redirecting me on occassion and have had 14 "attacks" since the original clean up. I'm still getting SVC host32 errors where "winders" has to shut the service down. I'm also having issues with it killing my connectivity to the wireless router forcing me to reset up my network.

What else do I need to do to get this locked down David? I did have Malwarebytes and Spybot S&D before this hit, but like the other poster, it shut them down hard Sunday. I'm back up and running with ESET but something still appears to be active. I got redirected by the way searching for ammo using the google search window embedded in my Firefox header....ain't that funny?

Sending you a PM with the stuff in ESET quarantine David.

Edited by Rightwinger
Link to comment
Guest Lester Weevils
Did you check your caps-lock?

:)

I finally realized that not only was the computer power plug disconnected, but the main disconnect in the house breaker box had been turned off!

Link to comment
  • Administrator
you have that Google head up the a$$ thing going on and while I appreciate the frustration I'm wondering if Google wasn't right in this whole thing. Give us the lowdown, should we trust Google or not?

That's a philosophical question. The answer is yes, no... do you want to? The bottom line is that when they initially started reporting it, we were not compromised but one of our advertisers was. As the week wore on, we ended up in the same boat. So were they right? Sort of.

For someone with no tech savvy, trusting it is erring on the side of safety. For someone with more experience than that, no.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.