trojan/malware warning (merged threads)

so. I'm in a training class yesterday and one of the guys brings his lap top out at lunch.. (his work computer,) he's done and I ask if I can check the sight. I did before the class on my work computer with no issues. I hop on and am done in less than 5 min. Trojans popped up out the waaahzoo. and now it shows links to porn. Porn on a work machine is a terminating offense. There were plenty of witnesses and he'll be ok. but DAMN! I'm putting a posse together and hunting those responable. start with paper cuts and tobasco followed by target practice with a .22

 

ugh... #-o ](*,) not sure what to say, i have exhausted my abilities to fight this, went back to check and got some more malicious code out that apparently was injected again or i missed. I am thinking it could be server side because some of the malicious code i have removed previously was back were it was.

i am taking a break now, will let george handle the issue from here as i have spent too much time trying to fix this problem. I have already suggested what ever i could to george and also advised him that he changes every single password - /ftp/ssh/database/root/etc...

 

I found the workaround. I now have no problems with this site on my work machine, cause I'm runnin windoze on a naked xp3 box with no AV, firewall, nothing.

Hums right along!



...this machine gets restored from image every night.

 

Thanks for the effort Moka, clearly you went above and beyond. I suspect there are more vuneralbilties (obvious) either existing on newly created by the invaders. In IT for 20 years but unfortunately not my true expertise.

And all the folks that want to "get" these guys get your passport ready to "insert nefarious region in far away place". Best thing to do is just try to stay ahead, it's here to stay and in will be an "techno-arms race" for years to come. ... Gosh I am full if good news today

 

This malware is making it impossible for me to browse and post on STR using Safari...

 

Moka - huge props above and beyond call of duty.

So what does George have to say about this. Seems notoriously quiet. What's up godfather. Is this the fall of Rome?

 

I haven't had any problems in safari.
*knock on wood*

 

^^ george quiet about something? shocking!



"Pay no attention to that man behind the curtain."

 

What's it gonna take to fix the problem........money .?.someone tell me:?: I'm down to drop some cash STR's way to fix it . This blows .........just tell me where to send the cash .

 

Moka,

The time you spent trying to fix this problem greatly appreciated. If Julia and I make it to Turnbull manana would love it if you joined us for dinner.

-Elvia

 

I just came back after 3 days and got a Trojan hit from my AVG. I guess it still isnt fixed

 

Changed a ton of system and database passwords, updated forum software, looked through logs, etc etc. Can't find the code that Google said was injected but then again IMALLSLO's post ^ isn't very encouraging. It's hard for me to diagnose when it's been fixed or not since I'm on a Mac so I may have to reinstall Parallels and run windows in there again. Does anybody know of an online scanner that was/is able to detect the malware?

Still a few things it could be - mainly third party software (vbSEO, classifieds, or photo gallery). If the changes made today don't seem to help then Saturday we'll go the worst case scenario plan which means updating as much software as possible and then changing passwords again right after.

Just a heads up about that though is that it will mean the site goes down for a good part of the day. The forum software will be the biggest upgrade - it'll go from 3 to 4.0 (most likely the publishing suite version). Templates will have to be done from scratch again. vbSEO will be upgraded as well. The old photo gallery will most likely be disabled and replaced by the new built in photo albums feature in vBulletin 4.0. Classifieds software looks to have a new version which is compatible with the new forum software so that will also need to be upgraded.

Upside of the major upgrade is it will probably take care of the malware issue (crossing fingers on that one) and vBulletin 4.0 publishing suite has a ton of cool features including better groups, events, blogs, etc (click for complete feature list)

If you're able to, keep letting us know if you see or hear about any new infections.

 

Thanks George. I'm on a Mac as well and can get on with Firefox as long as I uncheck "Block reported attack site" otherwise this is what I see:

 

Norton 360 just detected a critical attack on the str homepage. It is still not fixed. (I think my STR addiction is finally cured.)

 

I'm having no problems viewing STR on my iPhone. But is my phone really safe?

 

I haven't had any issues with the site at all. I am running Windows 7 home edition on both work and personal computers.

@LBmtb: And I join in with offers of some cash for upgrades/fixes if it should be needed.

 

I have been running IE8 and XP, and accessing the site without any problems that I know of. Of course, that's about all I use this PC for and I've blocked most of the advanced browser features AND all the really fascist malware protection code because of the number of false positives. IMO, both Norton and Computer Associates are more of pain than they're worth.

I too will be glad to contribute some $$ to the effort since this site is as much a part of my riding as are the brakes and wheelset I might be using. I'd also gladly give up a day or two of access if that's part of upgrading.

 

Did it give you any details?

Also, even IF the site is now clean (unsure of that, but possible) it'll still be on some blacklists and such until it gets reviewed. I'm wondering if things like Norton just go off of the blacklists? Regardless, I would be very careful if you're on a Windows machine...

 

Norton says all clear...

• About
• Safety & Threats
• Community Buzz

Search


div#rating_icon_and_text { background: transparent url(/images/icons/large_shopping_sphere/large-green.png) no-repeat; background-position: center 15px; width: 160px; padding-top: 135px; } div#rating_icon_and_text h1 { color: #00CC00; font-size: 17px; text-align: center; width: 133px; } Norton Rating
SAFE

Site Owner? Click here ​

socaltrailriders.org
Summary
Norton Safe Web found no issues with this site.
•Computer Threats:
0 •Identity Threats:
0 •Ecommerce safety threats:
0 •Annoyance factors:
0


Total threats on this site:
0
•Community Reviews:
0

The Norton rating is a result of Symantec's automated analysis system. Learn more.
The opinions of our users are reflected separately in the community rating on the right.


Ecommerce Safety Information
(what's this?) More Info
Less Info
Transaction Protection Privacy Protection
Ecommerce Safety Threats Found: 0

Transaction Protection Certified SSL is used to encrypt transactions.
Privacy Protection This site has a privacy policy.

Data provided by

General Info
Web Site Location United States of America

Norton Safe Web has analyzed socaltrailriders.org for safety and security problems.



Threat Report

Total threats found: 0
Viruses (what's this?) Threats found: 0
Drive-By Downloads (what's this?) Threats found: 0
Malicious Downloads (what's this?) Threats found: 0
Worms (what's this?) Threats found: 0
Suspicious Applications (what's this?) Threats found: 0
Suspicious Browser Changes (what's this?) Threats found: 0
Security Risks (what's this?) Threats found: 0
Heuristic Viruses (what's this?) Threats found: 0
Adware (what's this?) Threats found: 0
Trojans (what's this?) Threats found: 0
Phishing Attacks (what's this?) Threats found: 0
Spyware (what's this?) Threats found: 0
Backdoors (what's this?) Threats found: 0
Remote Access Software (what's this?) Threats found: 0
Information Stealers (what's this?) Threats found: 0
Dialers (what's this?) Threats found: 0
Downloaders (what's this?) Threats found: 0
Embedded Link To Malicious Site (what's this?) Threats found: 0

 

Unbelievably sad social commentary...

Twelve different ways criminals use to attack our computers!

It's not sad... It's depressing!