trojan/malware warning (merged threads)

hi guys, please be patient with me here. I have been working on this for the past two or so days as much as i can, i have finally found the code that was injected into the website, it was tough and not easy at all to the point were i almost gave up on it, i had to sleep on it for a night and figured it out and i am in the process of removing the code and clearing everything up as i type this. the hackers were smart enough to have had some of the code actually "hidden" in the database so it would be tough to find in the first place.

Thanks...

 

You guys that ride with Moka, buy him a few beers and pizza. I'll contribute to the fund. Thanks MOKA!

tom

 

Sounds like the DB security is compromised. Glad you found it :beer:

 

Moka, thank you. Brewskis! :beer:

I hope STR is payin ya in great heaps o schwag.

 

Moka is the shizzzle........I'm gonna detail his bike for him

 

I am on my blackberry, hard to look through all the posts so sorry if I am asking something thst has already been answered.

I picked up the bug on my computer...it is redirecting IE search results and Norton 360 is going nuts saying it is blocking intrusion attempts. I tried restoring to an earlier date, and that fixed the issue for a bit, but everything started acting up again shortly after.

Does anyone know specifically what bug this is? What is the best way to eliminate completely?

Thanks for the help!

 

is this what you have?

http://www.socaltrailriders.org/forum/pub/47000-dam-computer-virus-4.html#post692196

it's 5 pages long but worth reading the linked page and the first page for screen shots of the issue.

If it looks like this is what you have pm me your email. I'm only using str on my itouch. If I need to I can start up a "virus proof" set up on my pc and pm that way also

 

Hum guess I can come on. I used explorer to open the page instead of firefox. My anti virius did pick up a trojan though. Looks like it cleared it however.

 

Update...

-Moka deserves a HUGE round of applause!
-Moka should consider a career in forensics
-The website has been resubmitted (to Google) 8-[
-Been waiting ALL DAY for Google to remove the warning rotest:
-All we can do is wait!!!

*If the warnings continue, please share that info with our members
*If you no longer see a warning- share that info as well

 

Thanks Moka! Ill buy you some grub next time we ride man.

 

Moka = my hero.

 

:beer:

OK...it looks like I was able to fix the problem. I didn't have any of the major issues described in what you had quoted, but I found an app that fixed the issue. As it turns out I had the TDSS rootkit installed on my computer causing all the issues. The website I found that hd the link to the fix had all kinds of reports of this issue. I am glad to be done with it.


I will look for the Google warning to get cleared. STR is not nearly as nice when browsing on the blackberry.

Thanks to everyone who helped clean the site up!

 

Well, this is the first time I've been on the site in a few days, since first my home computer and then my work comp started blocking it. Ironically, my home laptop died at the same time, which I feared was an STR-induced virus. Nope - dead motherboard! Now I'm n my 10+ year old Mac G4, and let me tell you IE 5.2 in the modern world of web is not fun!

So to quote from Marathon Man..."Is it safe?"

 

All is not fixed. . . . .

First of all, MOKA rules :bang:
=================================
Just an FYI: The social groups section is still FUBAR even worse than it was earlier. Earlier, it was just formatted strangely and would go to the first page from the beginning of the group by default, but it was possible to to go to the 'last page' to get to the most recent posts.

Now, it's just blank :-k

 

Hi guys, i would just like to point out that there will be some slight glitches here and there since the software has been updated. I have already contacted george about all these details and he will be responsible for fixing/updating whatever is broken.

As of now all injected code has been removed and cleaned [-o-], database has been repaired and optimized. Forum has been updated, template needs some work to utilize the update completely. Google has been contacted twice already regarding the removal of the warning with no response yet, hoping i will be getting a response from them about this with in a day or two at most.

my work here is done (I Hope) :lol: . Good Day! :beer:

 

I know you dont want to hear this but mmm its not gone.#-o

I just came on and Kaspersky just denied
6/29/2010 5:59:21 AM Denied: Exploit.JS.Agent.bav higesi.in/x/?src=world&id=crow&o=o//higesi Internet Explorer

FYI I modified the link to people dont click it on accident.

 

NOD 32 also found something it did not like early this AM.

Dean

 

I had a problem too this morning:

 

STR is still sending scripts to my local machine as of right now... I would like nothing more than to wring the necks of the jerks who write these things.

 

bored at work today and decided to check out str with internet explorer rather than firefox.

this looks like a new 'virus' on str. doesn't look the same as the previous stuff