Trojan virus? - Page 2

kyew · #21 07-27-2012, 04:24 AM

Quote:

Originally Posted by MikeG

Note that some security software will give warnings based on perceived behaviors of web pages, not confirmation that there is an actual problem.

Don't know if it's still the case, but some security software would go off at detecting the presence of other security software!

Seems I recall Norton was bad about that...

Cheezywan · #22 07-28-2012, 08:35 AM

Here is an error on page message that I got that may or may not be related.

Webpage error details
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; BRI/1; BRI/2; OfficeLiveConnector.1.5; OfficeLivePatch.1.3)
Timestamp: Sat, 28 Jul 2012 16:23:50 UTC

Message: Invalid character
Line: 1
Char: 7
Code: 0
URI: http://dis.criteo.com/dis/usersync.a...meld.com/match

Message: Invalid character
Line: 1
Char: 7
Code: 0
URI: http://cm.netseer.com/redirect?ex=13...meld.com/match

Not sure if that might help some of you more savy than I?

Cheezywan

fred243 · #23 07-30-2012, 09:46 PM

Had another pop warning saying it blocked access to a potentially malicious site.
The IP Address is 64.34.127.185 and the outgoing port is 49754. This was my second today from the same IP address but I didn't get the port on the other one. Hope this helps !

MikeG · #24 07-31-2012, 05:01 AM

I'll pass the info on, thanks!

pricedo · #25 07-31-2012, 11:59 PM

Quote:

Originally Posted by fred243

I too use Microsoft Security Essentials and Firefox, also use the paid premium version of Malwarebytes. Malware has been blocking things for several weeks now on this site, malicious pages. It's every single time I come to this site ! I've never had this problem with any other site nor have I had problems with Malwarebytes. I mentioned it a couple of weeks ago on here but no one responded.

I use Norton, Firefox and the premium version of Malwarebytes and no problems ever on this site.
Your malware problems might reside a little closer to home.

fred243 · #26 08-01-2012, 03:01 AM

Well, I Googled the IP addresses myself and they both are physically located in the LA, Cali area. On one of them I saw a website called IPVoid and they had this IP address black listed, whatever that means.

fred243 · #27 08-06-2012, 05:27 PM

DID YOU EVER FIND ANYTHING OUT WITH THESE WEBSITES THAT ARE POPPING UP SAYING THEY ARE MALICIOUS ? Didn't realize I was typing in capital letters, Malwarebytes is still blocking these two websites with various ports. I did send an email to MikeG with several examples and they continue to pop up. Thanks guys !

MikeG · #28 08-06-2012, 06:56 PM

I've sent the info on and will let you know as soon as I hear anything. If you find any different sites / ports or any other new information, please do let us know.

Thanks!

fred243 · #29 08-06-2012, 08:23 PM

OK, thank you much ! Just had another one from the same website 64.34.127.185, Port 50823 !

Davers · #30 08-07-2012, 02:21 AM

Quote:

Originally Posted by fred243

DID YOU EVER FIND ANYTHING OUT WITH THESE WEBSITES THAT ARE POPPING UP SAYING THEY ARE MALICIOUS ? Didn't realize I was typing in capital letters, Malwarebytes is still blocking these two websites with various ports. I did send an email to MikeG with several examples and they continue to pop up. Thanks guys !

I just finished visiting another Shooting & Hunting Forum and the same thing pop's up on this one and a few other too. Just wondering if some of these forums are being "hacked" or "Hi-jacked" by some hacker or group that are anti-gun & hunting.

Just a guess.

MikeG · #31 08-07-2012, 05:08 AM

They probably have the same advertising, odds are. Can you tell me the names of the other forums?

Davers · #32 08-07-2012, 05:17 AM

Quote:

Originally Posted by MikeG

They probably have the same advertising, odds are. Can you tell me the names of the other forums?

Rimfire Central & Hunting Indiana.

MikeG · #33 08-07-2012, 05:18 AM

I'll pass that along.

UnCruel · #34 08-07-2012, 06:38 AM

Capturing with Fiddler and browsing the site a bit, I captured some connections to www.feipwas.com and www.eeipwas.com, which use the IP address 64.34.127.185. They appear to be for one of the banner ads, one associated with "Dirtopia". They seem to be unique in that they initiate a Java applet.

I have captures if someone wants to see them.

fred243 · #35 08-07-2012, 11:02 AM

UnCruel,

Are these safe sites then, that's one of the IP addresses that keeps coming up when my malware blocks it ? The other one ends in 187 with all the other numbers being the same.

UnCruel · #36 08-07-2012, 11:30 AM

I couldn't say whether they are safe or not. I'm just trying to help narrow down the possibilities. The Java applet could contain malicious code, or it could be a false alarm.

However, if this is the thing you are experiencing, it means there isn't a problem to be found on the Shooter's Forum server itself. Instead, the source of the problem would be one (or more) of the ads.

MikeG · #37 08-07-2012, 01:36 PM

Right. We think it's one of the ads and are pretty sure which one. But, I don't believe the ad is malicious, it just seems to trip the security software.

Either way, the ad will likely be pulled if it can't be fixed. Can't have members thinking they are getting their machines infected....

Thanks for your help and patience.

kyew · #38 08-17-2012, 06:49 PM

Seems I remember one of the early posts in this thread being about links in the text? I just had this happen to me and I found out how to get rid of it.

How To Remove Text Enhance Spam And Malware/Adware Hover Text Links |

Has directions for Chrome, Firefox, and IE. Was a pretty simple process. Not sure if it applies to anyone here who was having the problem, but if it helps anyone, good deal.

Cheezywan · #39 12-17-2012, 02:02 PM

Was there an event on the board this AM?
My security software found JS/Exploit-Blacole.gq. Noticed that the site went down for awhile after that. Is now fine.

Cheezywan

nvshooter · #40 12-26-2012, 12:02 PM

I use eset's NOD-32, which is said to be the best anti-virus out there. $60 for two years. I also use Malwarebytes. $25 or so, one-time, but there is a free version that you have to trigger yourself before it launches. Both NOD-32 and Malwarebytes constantly update several times a day. No input from you is required if you've bought the pay version of Malwarebytes. NOD-32 is NOT free.

I use JetClean for rapid clean-ups of dud registry values, et cetera. Rips through the important sectors of your primary drive in just seconds, gettin' at the bad stuff. You click to initiate the cleaning, wait a minute or even less, click to eradicate the problems it finds and you're clean. Free download. I surf all over the web, and I never have problems. I use JetClean several times a day, just to stay as clean as I can. Takes so little time...

I also use acronis to back-up my primary drive six times a week, in the evening. Takes about 20 minutes to smash my data into about 45Gb of the special format acronis uses to store it on a second drive. Can't store your back-up on the same drive as the data you want to save. That's just smart, eh? I've lost four or five hard-drives. Devastating. With acronis, it will never happen again. I think acronis is about $30, and is a one-shot purchase. For what you can save for just a few bucks, all these solutions to avoiding a disaster are doubly cheap...