XD Talk downloaded a Trojan

[94user]

Went to log on and the site

had a notice about being down then windows defender caught the site attempting to download this:

Trojan;win321/Hiloti.gen!D

After defender removed it I did a scan with malewarebytes and it logged this:

Malwarebytes

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/26/2010 8:17:41 AM

mbam-log-2010-09-26 (08-17-41).txt

Scan type: Quick scan

Objects scanned: 121544

Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Owner\Local Settings\Temp\0.5854435425852695.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Gonna do a scan with Mcaffe now

STAY AWAY FROM XDTALK!!

Edited September 26, 2010 by 94user

[tyguy]

TGO...XD Talk...hmmmmmm. Maybe a tech head with an anti- agenda?

[Erik88]

I have been trying to go there for a day or 2 now and the site has been down. I think they had already discovered the problem when I went there so I should be ok.

[Raoul]

TGO...XD Talk...hmmmmmm. Maybe a tech head with an anti- agenda?

Kahr Talk has had problems too. Sounds like a conspiracy to me. No joking.

[TGO David]

I'd say it is a fairly effective conspiracy considering that you've got people telling everyone else to stay away from XYZ forum. See post #1.

Could it be that this is an organized attack on gun-related sites that are all running older versions of Open-X ad software? Why, sure. Does that mean we should start turning against each other inside the community? Absolutely not.

[Guest tnxdshooter]

I'd say it is a fairly effective conspiracy considering that you've got people telling everyone else to stay away from XYZ forum. See post #1.

Could it be that this is an organized attack on gun-related sites that are all running older versions of Open-X ad software? Why, sure. Does that mean we should start turning against each other inside the community? Absolutely not.

Amen no need for the histeria heck I used to put trojans on disk and play around with em from time to time.

[Warbird]

Well I went on there the other day following a link to a search I did on google or bing, can't recall which. Right after I went on there my computer went beserk. The firewall I had up missed it and I tried to immediately use Malware bytes and Spybot and Adaware. It would not let any of the open up. Then I tried to reinstall one of the malware programs and it would not let me. Got all sorts of crazy stuff when I tried to do a search of any kind. I tried a sys restore and it went through after doing it in Safe Mode, but the problem was still there. Now it doesn't even recognize the Mozilla browser and says it doesn't exist.

I am at a loss for what to do next.

[Raoul]

Do you have any AV software that will allow you to do a bootscan?

Avast is one that allows it and they have a free version.

avast! - Download Free Antivirus Software or Internet Security

[Warbird]

I tried to download avast and it would not let me. It was not one of the ones I had on there.

Can I download it from another computer to a mem stick and then try to run it at boot? How do I do that?

[Raoul]

I tried to download avast and it would not let me. It was not one of the ones I had on there.

Can I download it from another computer to a mem stick and then try to run it at boot? How do I do that?

I don't know if that would work. I would guess not.

[Raoul]

I tried to download avast and it would not let me. It was not one of the ones I had on there.

Can I download it from another computer to a mem stick and then try to run it at boot? How do I do that?

Have you tried running Windows Defender? If it's loaded you'll find it in the control panel.

[Warbird]

Well I did that (downloaded avast and put it on mem stick) and started it from the mem stick and it actually is scanning right now. It says it has found 4 inf files thus far and is 1% done. Don't know if it can find the file causing all of the havoc, but hopefully it will. At least this is the first anti-malware I have been able to actually open and start, so I can be cautiously hopeful.

I don't have the Microsoft Defender on there eith I don't think. I had Zone alarm, Malwarebytes, Spybot, Adaware on there.

[Guest TargetShooter84]

Its Obama!

He wants the gun forums gone!

[Raoul]

Well I did that (downloaded avast and put it on mem stick) and started it from the mem stick and it actually is scanning right now. It says it has found 4 inf files thus far and is 1% done. Don't know if it can find the file causing all of the havoc, but hopefully it will. At least this is the first anti-malware I have been able to actually open and start, so I can be cautiously hopeful.

I don't have the Microsoft Defender on there eith I don't think. I had Zone alarm, Malwarebytes, Spybot, Adaware on there.

Cool!. I snagged a couple of java based malware files from an unamed gun forum last week. I did a bootscan with avast and it took care of it. Update us with your progress.

[Warbird]

Cool!. I snagged a couple of java based malware files from an unamed gun forum last week. I did a bootscan with avast and it took care of it. Update us with your progress.

Well the computer is at least running again. It still seems to mess up in IE, but I downloaded Google Chrome browser and it seems to be running OK. Thanks for the tip.

[Raoul]

Well the computer is at least running again. It still seems to mess up in IE, but I downloaded Google Chrome browser and it seems to be running OK. Thanks for the tip.

Dl Malwarebytes and run it now.

Malwarebytes

[Warbird]

Yes I am going to reload Malwarebytes and try it now as well. And Adaware. Lousy scum. These people who do this stuff oughta be hanged by the neck until dead.

[94user]

I'd say it is a fairly effective conspiracy considering that you've got people telling everyone else to stay away from XYZ forum. See post #1.

Could it be that this is an organized attack on gun-related sites that are all running older versions of Open-X ad software? Why, sure. Does that mean we should start turning against each other inside the community? Absolutely not.

Knowing that folks here on this forum visit XDTalk I had to say something. To not have would be irresponsible.

Edited September 27, 2010 by 94user

[TGO David]

Knowing that folks here on this forum visit XDTalk I had to say something. To not have would be irresponsible.

Way to miss my point entirely.

[Steelharp]

Amen no need for the histeria heck I used to put trojans on disk and play around with em from time to time.

Why do I think you're talking about the vending machine Trojans?

[Guest Sgt. Joe]

I also had another alert about a Trojan (the computer type:rolleyes:) on Sunday eve here.

I then shut everything down and ran malwarebytes and it found 37 adwares that all were picked up on Sep 18....Last Saturday......my darn B-day of all days. I told it to delete them all and then ran a full Avast scan and all was and has been good since.

There was also a mention of the problems at XDTalk on the USCCA the other day.

Odd stuff this is...As I have Avast and Malwarebytes set to scan daily at 3AM, yet these were still there and ALL from the same day?

Personally I have no idea what to think and therefore will not speculate as to what is going on or why, I dont know enough about this kind of stuff to even make a guess.

I will just keep my ANTI Virus/adware/malware stuff and Windows Defender turned on and probably run a few scans on my own over the next week or two.

[TGO David]

I also had another alert about a Trojan (the computer type:rolleyes:) on Sunday eve here.

I'm not saying you didn't get the alert, but I do question the software indicating it came from here. I signed up for a year's worth of monitoring from a company that scours TGO daily and will alert me instantly if they discover any malware or links to malware. I don't want to have happen again what happened last week.