Malware warning ?!- Mtbr.com
Results 1 to 30 of 30
  1. #1
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456

    Malware warning ?!

    Is anyone else getting malware warnings similar to the below show up on certain threads at the moment?

    I was getting them a fair bit in Goldidggers Project in the making thread and now they are staring to show up in JezV's Micro Cable Gland thread.

    Malware warning ?!-mtb-malware.jpg

  2. #2
    M8 M12 M15 deez nuts
    Reputation: Leopold Porkstacker's Avatar
    Join Date
    Apr 2010
    Posts
    8,499
    Nope. But then again, I don’t have that retarded Windoze icon at the lower-left corner of my screen telling me how to sort out my zeros and ones. Looks as though Chinese and/or Russian 1337boys have your Ballmer by the balls, so to speak.
    Don’t frail and blow if you’re going to Braille and Flow.

  3. #3
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456
    But it's not a windoze issue, I'm surfing with google chrome

  4. #4
    mtbr member
    Reputation: Wombat's Avatar
    Join Date
    Jan 2004
    Posts
    2,195
    I'm not getting it using Firefox or IE8. It might be a Chrome "issue". But perhaps that may be because Chrome has the best detection software.

    Tim

  5. #5
    mtbr member
    Reputation:
    Join Date
    Apr 2010
    Posts
    205
    Firefox + Avira antivirus + Comodo firewall (all freeware) = no headaches.
    Maybe Google Crome sucks?

  6. #6
    mtbr member
    Reputation:
    Join Date
    Oct 2009
    Posts
    179
    Yes, I get the same error on both the threads Emu26 mentions and I also use Chrome. Incidentally I get the same warning using Chrome for Windows and Chrome for Linux (Ubuntu)

  7. #7
    mtbr member
    Reputation:
    Join Date
    Apr 2006
    Posts
    520
    I get the same issue with Chrome.

    The windows comment is just stupid. I guess the OS doesn't make the user any smarter...

    I posted about it in forum issues, but the site mods didn't seem to care, so I just browse MTBR less, if they don't care about site security than wwell....

    I believe it comes from one of the banner ads, so it can come up on any page depending if that ad rotates in.

    Realistically the ad should be thrown out of rotation.
    www.mtbiker.ca

    My Rides:
    FSR XC -R7 Platinum - SRAM X7 (26.5lbs)
    Cervelo SLC - SRAM Rival - Reynolds DV46T (16.25 lbs)

  8. #8
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456
    Yeah, thats what I think as well, about the banner add.

    At first I thought Mr Lee must have linked in a dodgy site, it coincidently popped up a couple of times when I got thread notifications saying he had posted something , but it's not there all the time. I looked when it wasn't there and Mr Lee hadn't linked anything. (Sorry for the bad thoughts Mr Lee)

    Given that it does come and go, and I have only seen it on this lights forum page, I'm guessing its a light banner ad.

  9. #9
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333


    I blame goldigger :-)

    http://forums.mtbr.com/showthread.php?t=667257

    Looks like his hosting has been compromised (main page includes to some unfriendly javascript from Russia).

    I'll ping him a PM.
    Last edited by MrLee; 12-06-2010 at 01:32 PM.

  10. #10
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    I'll have a look into this guys.. not sure what's happened.. but apologies if its caused you guys any problems..

  11. #11
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    Right guys, I'm at my PC and have had a look on my hosting space..
    I cant find anything suspicious.. I did have some cab files on there that might be ringing alarm bells for some people's security..
    Anyway I've deleted them all and any zip files..
    Are you guys still getting any warnings? Any chance mr lee you can shed some more info on the russian javascript please???

    UPDATE.. i found two html files that i have no idea how they got there.. One was advertizing viagra the other i didnt open, i just deleted them both.
    Now i need to call the hosting company, to run a scan and change my passwords etc.. plus i need to get google to review it so you guys dont get any warnings..!!!
    Last edited by Goldigger; 12-06-2010 at 02:19 PM.

  12. #12
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333
    Sure, I suspect either your hosting company or your account has been compromised some how, the output of your homepage includes some additional javascript - see below:

    Edit: The script block above that looks bad too.



    I'm using Firefox, so this is the link it gives for cleaning up an requesting that your domain is removed from the bad list -

    https://www.stopbadware.org/firefox?...9.zen.co.uk%2F

    PM me if you need some help sorting it.

  13. #13
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    this makes sense, if you go here http://www.google.com/safebrowsing/d...4279.zen.co.uk this tells me that two files on my site were reported as unsafe..
    I have deleted two files..so hopefully thats killed it..
    But like i said i need to get google to review it, submitted a request already..
    Need to call the hosting company..

    Apologies guys if you have downloaded any nasties..but not a lot i can do in this world of sad hacking knob heads!!

  14. #14
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333
    Unfortunately not, it still contains the script block, you'll need to go and edit your html pages and remove them.

    A quick google suggests a possible form of infection using this script is that malware on your computer stole your saved password from your ftp client, I'd also be running a virus scan if I was you :-(

  15. #15
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    Quote Originally Posted by MrLee
    Unfortunately not, it still contains the script block, you'll need to go and edit your html pages and remove them.

    A quick google suggests a possible form of infection using this script is that malware on your computer stole your saved password from your ftp client, I'd also be running a virus scan if I was you :-(
    all pages have now been edited.. the sript was on the bottom of all of them..

    I am running a virus scan...its up to date..

  16. #16
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333
    Not to worry guys, you won't catch anything from GD's photos, except maybe the desire to polish stuff up all shiny, just don't go visiting his website directly.

  17. #17
    mtbr member
    Reputation: yetibetty's Avatar
    Join Date
    Dec 2007
    Posts
    1,781
    I'm using IE9 and having no problems with either thread.

  18. #18
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    All crap has no been removed from my website, so there should be no risk to you guys now..
    There is no infection on my machine, so i can only assume somebody hacked my website and added the scripts and 2 extra web pages.. that no doubt direct you to some nasties..
    If you want to snoop around all pics can be found here
    http://www.zen74279.zen.co.uk/DIY
    http://www.zen74279.zen.co.uk/ledhead/
    http://www.zen74279.zen.co.uk/Torch/

  19. #19
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456
    well done boys.

    Mr Lee, thanks for the help clearing this up and Goldigger, no need to apologise, this sort of **** happens.

    I'm not surprised Google Chrome picks it up and some of the other browsers didn't, I hear Google has had a lot of experience dealing with malware add ons although I did think it was more from China than Russia

    I'll keep an eye on both threads over the next couple of days and let you know if it is still popping up.

    Thanks again to both of you

  20. #20
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333
    No worries.

    You'll still see the warnings for a while until google rescans and updates its records

  21. #21
    M8 M12 M15 deez nuts
    Reputation: Leopold Porkstacker's Avatar
    Join Date
    Apr 2010
    Posts
    8,499
    Wow, surprising to see so many still use Windoze. I worked for Compaq/HP for just short of eight (8) years, and ALWAYS had problems with intardnut sekyouritee on teh Windoze. From NT4.0 all the way through Vista, the problems just persisted. Like a retarded child, you can only hope things will improve over time… but they never did. Seriously, just minding my own freakin’ business, a random person on our “trusted” distribution list sends out a Macroshaft .Turd doc(ument), and WHAM BLAM SHIZZAFLAM, everyone has teh syphilis in their megahurtz. Oh, but never ever second-guess your IT department, oh no… they know EVERYTHING, and are always there to help you.

    No, friends, this is NOT a Windoze flame post, rather, isn’t it time you were able to just power on your computer and not worry about this bullshit??? It PAINS me to see my friends/family struggle with keeping their computers virus-free all the freakin’ time. From 1979 to the present they have always regarded me as the “family computer expert guy”, and every time I hear of their problems, I keep going back to 1984………………………………………………………………………………………………………………………… …………………… ARRRRRRRRGHHH!!! Either we round up and KILL all the stupid people, or Macroshaft needs to be FORCED by the government and/or Better Business Bureau to SECURE THEIR 2-BIT OS.

    Don’t get me wrong, I love to play games. GAMES GAMES GAMES GAMES GAMES. Oh wait, do work on Windoze??? Nuke-and-repave every six months. Oh, and god forbid you should attempt to run a server on the WWW with a Windoze OS… jesus crap I just vomited.

    Please ignore this post if you are self-respecting, and just continue on as you would normally…………………………………………………………………… Otherwise the Chinese and Russian hackers will goatse your Megahurtz!!!
    Don’t frail and blow if you’re going to Braille and Flow.

  22. #22
    mtbr member
    Reputation:
    Join Date
    Sep 2010
    Posts
    467
    i had this same problem using OSX and google chrome...

  23. #23
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456
    I'm hearing you Leopold!!

    I'm interested to hear that you work at HP though and you are so against windoze. Can you please tell me then why my HP lappy that is 1 1/2yrs old came preloaded with Windoze OS on it?

    Some objects are immovable mate, and we just have to deal with them as best we can

  24. #24
    mtbr member
    Reputation:
    Join Date
    Feb 2010
    Posts
    121
    As soon as I don't have to spend countless hours configuring my system to do what I want, I'll switch to Linux. Every time I've tried, I run into nothing but hardware compatibility issues and a serious lack of drivers. The last laptop I had that I tried to put Linux on, the wifi card wouldn't even power up.

    I'm a Windows developer anyway, which pretty much locks me into the OS.

  25. #25
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    Guys, just a quick update, my website/space is crap free, my hosting company have confirmed that it's sqeaky clean..
    For me google is not reporting my site as unsafe anymore, is that the same for you guys?

    The hosting company are certain that somebody got my password somehow.. As my laptop is virus/malware free i can only come to this conclusion..its a wild one..

    I installed droid ftp on my htc desire, the password and username were saved.. I'm wondering if there was some naughty code in the app that stole my details and sent them to some knob jockey who has nothing better to do than cock people's computers up..

  26. #26
    mtbr member
    Reputation:
    Join Date
    May 2010
    Posts
    333
    Yup, no warnings here.

  27. #27
    mtbr member
    Reputation: Goldigger's Avatar
    Join Date
    Nov 2009
    Posts
    1,670
    Cool.. cheers for flagging this up guys, thanks for your help to mr lee..

  28. #28
    mtbr member
    Reputation:
    Join Date
    Oct 2009
    Posts
    179
    Same here, all good now.

    Despite some of the negative comments, I'm impressed that Chrome reported the malware.

    Goldigger, thanks for sorting it out. Not your fault and you fixed quickly when you became aware.

  29. #29
    A waste of time it is is
    Reputation: emu26's Avatar
    Join Date
    Jun 2008
    Posts
    3,456
    +2

  30. #30
    www.hahntronix.com
    Reputation: mhahn@hvc.rr.com's Avatar
    Join Date
    Mar 2007
    Posts
    252
    Everybody:
    Anybody else had any credit card fraud alerts happen to them in the last few days?

    My card got pulled because somebody pretending to be me called and asked for my available balance. Luckily most credit card companies get suspicious and call your home number to ask if you just called them. Or maybe it was the thick Russian accent

    I've gotten burned like this a couple of times, and both times it has been a site I was buying something from that had been hacked. But it always freaks me out and I have to scan all my computers for viri (or is it viruses).

    jtemple:
    Look at Mint. Mint has everything you need to get linux up and running pretty painlessly. I'm a windows programmer (sometimes) who is slowly being converted to Linux. And the user forums will help out with the occasional driver issue.

    I have a laptop I run as a dual boot system. This latest credit card hassle has made me remember I need to do my online buying running Linux (probably with the Chrome browser).

    leopold:
    +1 on lets all dump windoze. Just wish the folks who made the software tools I use for microcontroller programming would always produce a Linux version.

    goldigger:
    Your site was probably hacked because your ISP f*cked up. They just never like to admit that it happened. A site of mine got hacked to include a Chinese URL on each page.

    mrlee could also be right. If you use a public domain FTP client like FileZilla, always clear your history before exiting. The info gets saved in an encrypted file, but since the encryption code is in the public domain ... well it's not to hard to pull passwords off a computer using one of these clients.

    Now if I just get my replacement card in time for xmas shopping,

    Mark
    Nimium est melior!

Members who have read this thread: 0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

THE SITE

ABOUT MTBR

VISIT US AT

© Copyright 2020 VerticalScope Inc. All rights reserved.