PDA

View Full Version : Virus



hair jig
08-31-2010, 10:43 AM
My Computer Keeps Telling Me This Site Is Risky To Be On Because Of Alot Of Viruses Any Bodyelse Having This Problem?

skiptomylu
08-31-2010, 10:49 AM
My Computer Keeps Telling Me This Site Is Risky To Be On Because Of Alot Of Viruses Any Bodyelse Having This Problem?

http://www.crappie.com/crappie/main-crappie-fishing-forum/145976-problem-site-using-firefox.html

DrJohn
08-31-2010, 10:55 AM
No...

jaxsprat
08-31-2010, 10:59 AM
Yes keep getting blocked

slabs101
08-31-2010, 11:06 AM
My Computer Keeps Telling Me This Site Is Risky To Be On Because Of Alot Of Viruses Any Bodyelse Having This Problem?

just started today with me

Slab
08-31-2010, 11:15 AM
I see the problem, but don't know yet what is going on. I may shut the site down for a bit. wish me luck

Slab
08-31-2010, 12:29 PM
I'm fixing the issue. Yes, crappie.com was injected with malware. I've removed all the offending files, and have requested that google rerun their detection software to get me off their list. Their software that sends you that error message seems to communicate with Firefox only, so IE users don't get that error.

From what I've found so far, you all don't have anything to worry about. The attack hit a folder deep withing the Crappie Directory. You would have had to look at an entries downloaded documents to actually even get to this infected file, and even if you did view it, we don't know that it could have caused any issues for your computer. Besides, it likely was from a user that was not even yet approved by me in the directory, so you never even could have viewed those documents. It likely was a spambot that registered automatically in the Crappie Directory, and just downloaded files where it could. I'll put the Crappie Business directory back online later, after I figure out some more details.

frank lawhead
08-31-2010, 12:45 PM
I,m using windows7 and it shut me down--OK now

shipahoy41
08-31-2010, 01:10 PM
Thank you Ed. My computer has been shutting down every day for about 5 days. Does anyone know of free cleaners or spyware you are using and recommend? I have been using crapcleaner.com (http://www.crapcleaner.com)

Thanks

gabowman
08-31-2010, 01:19 PM
I saw the threats too today, for the first time. (happened twice.) Glad you found it and got it fixed. Ship, I use Malwarebytes' Anti Malware, Ad Aware, and AVG 9.0. All of these are free off the internet and seem to do a great job.;)

Wiskers
08-31-2010, 01:38 PM
Thank you Ed. My computer has been shutting down every day for about 5 days. Does anyone know of free cleaners or spyware you are using and recommend? I have been using crapcleaner.com (http://www.crapcleaner.com)

Thanks

I use AVG Anti virus & Spybot. They are the best I've found!

STUMP HUNTER
08-31-2010, 02:24 PM
I had some trouble logging onto the site but now everything is working great!! :):)

skiptomylu
08-31-2010, 02:46 PM
Only way mine works is to take the check out of the little block that is for attack site, then I can see the web site so not all is well yet.

Skip

Jerry Blake
08-31-2010, 02:58 PM
I'm still getting the warning on Chrome but not IE.

STUMP HUNTER
08-31-2010, 03:14 PM
I'm still having a few tell me they are getting warnings.

shipahoy41
08-31-2010, 04:27 PM
Thank you Gabowman and Whiskers. I will look into them. My computer is running waaaaaaaaaaaaaaaaaay sloooooooooooooooow today. I am going to try to restore it to an earlier date or just defrag it this evening too.

Chill
08-31-2010, 05:38 PM
I use AVG Anti virus & Spybot. They are the best I've found!

I use the free AVG & free Spybot too. They do work good.

I'm still gettin' the red page warning from chrome' but I don't care. Slab says it's cool, so I'm here.


:cool:

skiptomylu
08-31-2010, 05:51 PM
You may have to look just a little for the free version of AVG, but it's worth it.

Minus 1
08-31-2010, 06:11 PM
I'm using firefox ..still having trouble navigating CDC.....:confused...Norm

Fatman
08-31-2010, 06:57 PM
Yeah I use Malwarebytes' Anti Malware, and AVG 9.0. I got the AVG right from their main site.

Fatman

ReelfootYankee
08-31-2010, 07:02 PM
Thanks Ed, Geek sguad's got me loaded, as good is not cheap and cheap is not good?
The bill is large to one very large but i would rather have them program me for cituations,as iam not too computer savie.
I'd rather fish!

jaxsprat
08-31-2010, 07:10 PM
Still getting the virus block with firefox system. tried bypassing by clicking box in message, got to site 2x tried to send several messages asking for info after clicking on submitt message icon get the block back and nothing happens, no message sent??? Will see if this goes thru as I switched to internet explorer????

Charger
08-31-2010, 07:36 PM
I just received a Malware Alert @ 8:36pm.

jusanothajoe
08-31-2010, 07:56 PM
my computer blocked and removed 12 viruses/trojans yesterday, 6 today @
6:30 pm central there must still be a problem!!!!

GRIZZ
08-31-2010, 08:40 PM
I just logged in for the first time today and got messages using both Firefox and Chrome, but not Opera. I didn't even try IE. I never use it anymore. I use AVG and Malwarebytes as well.

Here is the description.

Safe Browsing
Diagnostic page for crappie.com

What is the current listing status for crappie.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 162 pages we tested on the site over the past 90 days, 6 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-31, and the last time suspicious content was found on this site was on 2010-08-31.

Malicious software includes 1 scripting exploit(s), 1 trojan(s), 1 exploit(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

Malicious software is hosted on 4 domain(s), including intrust.cc/, vicereader.in/, dedata.in/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including delecatos.co.cc/.

This site was hosted on 1 network(s) including AS46475 (LIMESTONENETWORKS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, crappie.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

LBM
08-31-2010, 08:55 PM
From you experienced FireFox users is there a way in FF to turn the blocker off for a specific site. As I see it if I turn the blocker off it turns off for all sites. I don't want to turn it off for all but would like to turn it off for C.C only so I could still get on C.C with FF and not have to return to IE for C.C.

Thanks

GRIZZ
08-31-2010, 10:05 PM
Just download chrome and use that for CC. It's easier to get by the warnings. From what I can see it's on or off.

Slab
08-31-2010, 10:49 PM
It should all be better in the morning. Essentially I deleted the old site, and reinstalled a newer safer version. It did not affect the message board in any way, only the home page software. I upgraded that software to a more secure version. I also have requests in to Google to stop the blacklisting through Firefox, and that is supposed to take up to 24 hours. I submitted that request early afternoon if I remember correctly. My eyes have been going crossed from all the computer work to get this going again.

Sorry for all the troubles guys, but it happens. Really this is only the second attack like this in 14 years, so that not bad!

jeepguyjames
08-31-2010, 11:04 PM
I currently have a virus on my computer that showed up yesterday, wanting me to buy some kinda fake virus scan for 80 bucks, tells me I got all these viruses and won't stop poping up, don't know if its from here or not, but its a pain in the rear....I'm not good w/computers so anyone who has any advice feel free to pm me, I'm using my blackberry right now and not the affected computer. God bless all.

GRIZZ
09-01-2010, 01:54 AM
You have malware, not a virus. Download this, install, and run a full system scan. It should get it.

Malwarebytes Anti-Malware 1.46 - TechSpot Downloads (http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html)

Also, if you don't have a good anti-virus program, download this, install, run a full system scan. It always surprises me how many people don't run an antivirus prog.

http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html

jeepguyjames
09-01-2010, 02:16 AM
Will give it a whirl and see what happens. I do have an anti virus that's done well for 3 years now, this one just slipped it some how. I honestly don't even know the diff between virus and malware. Thanks again, God bless.

GRIZZ
09-01-2010, 02:25 AM
Be sure to uninstall your old antivirus if you install avg.

Slab
09-01-2010, 02:49 AM
IP Address 67.195.115.248
Host Name b3090853.crawl.yahoo.net

"2010-09-01 01:41:04 Page" not found "(404) 67.195.115.248 b3090853.crawl.yahoo.net Mozilla/5.0" (compatible; Yahoo! Slurp/3.0; "http://help.yahoo.com/help/us/ysearch/slurp) GET /crappiedirectory/listing.php?id=2"

This is the attackers IP address. Now I just have to figure out how to report him. Wasted my whole day, and night!

RangerZ21
09-01-2010, 03:39 AM
Still having the problem if I try to Google it so I found a way around it.

skiptomylu
09-01-2010, 08:18 AM
Slab I have not done this for ages so does ARIN help? If so maybe this site can be helpful...
https://www.arin.net/

Like I said it's been a while, but we use to be able to find out the ISP of someone and report them to that ISP. Not sure it's still like that or what, but at any rate there is the web site to look up IP addresses.

Got to leave here in a minute or would help more, but here are some ways to fine people through their IP all using Whois.

http://www.networksolutions.com/whois/index.jsp

http://www.who.is/

http://www.whois.net/

http://cqcounter.com/whois/

Skip


IP Address 67.195.115.248
Host Name b3090853.crawl.yahoo.net

"2010-09-01 01:41:04 Page" not found "(404) 67.195.115.248 b3090853.crawl.yahoo.net Mozilla/5.0" (compatible; Yahoo! Slurp/3.0; "http://help.yahoo.com/help/us/ysearch/slurp) GET /crappiedirectory/listing.php?id=2"

This is the attackers IP address. Now I just have to figure out how to report him. Wasted my whole day, and night!

FishinGeek
09-01-2010, 09:45 AM
Finding an IP address usually doesn't do any good. Most of the viruses, etc, are sent either through bot computers (an infected computer that the owner doesn't realize is infected), or from a spoofed (faked) IP address. You can report it to the FCC I believe, but I seriously doubt anything will come of it. It's best to make sure you keep up to date on security updates and routinely backup your data!

Slab
09-01-2010, 10:05 AM
No, this is an attack from a specific IP address. It's not just a PC virus, they are trying to inject iframes into the index.html file on my web server. It's all traceable.

And yes Skip, Arin tracked down the isp of the hacker, and I've notified them of this attacker, and I've also blocked his IP.

Now all I have to do is get Google to take me off their blacklist, and I don't see that happening yet. I've sent in yet another request to them this morning.

Thanks for hanging in there with me guys. Crappie.com is clean as a whistle now, and also has nice shiney new security software installed.


Finding an IP address usually doesn't do any good. Most of the viruses, etc, are sent either through bot computers (an infected computer that the owner doesn't realize is infected), or from a spoofed (faked) IP address. You can report it to the FCC I believe, but I seriously doubt anything will come of it. It's best to make sure you keep up to date on security updates and routinely backup your data!

skiptomylu
09-01-2010, 10:19 AM
Good for you Slab! I sure hope they treat this kind of problem better then my little problem.

The one thing I know is Google on some things just can't seem to change things. It may be completely different, but my home address changed like 4 or 5 years back when 911 came in. So most map services have changed it to what it really is now, but not Google. I even searched out the people that do their map service for them and did this 6/25/2009 and all it still says is they received my report, LOL!

You see even our street name changed so if anyone uses any maps that come from Google it will not find me at all, but if they use say Rand McNally then they have it right.

I am not saying this will be treated the same as my little deal, but I am far from impressed with Google after this little thing.

Skip

FishinGeek
09-01-2010, 10:31 AM
No, this is an attack from a specific IP address. It's not just a PC virus, they are trying to inject iframes into the index.html file on my web server. It's all traceable.

And yes Skip, Arin tracked down the isp of the hacker, and I've notified them of this attacker, and I've also blocked his IP.

Now all I have to do is get Google to take me off their blacklist, and I don't see that happening yet. I've sent in yet another request to them this morning.

Thanks for hanging in there with me guys. Crappie.com is clean as a whistle now, and also has nice shiney new security software installed.

Trust me when I say that unless the attacker is an idiot (granted, there are many idiots out there), that they will not be traceable using that specific IP address. It's very easy to spoof an IP address so that your logs show the attack as being sent from one address, while in reality, it's coming from another. It's harder to spoof a MAC address (hardware layer), but even that can be done.

A bot computer is a compromised computer that the attacker can remotely take over to send an attack. Any tracing of the IP address that attacked you will just lead you to the bot computer and not the actual attackers computer.

Regardless, you did the right thing in updating your security software. You should be safe... at least until the next exploit becomes available! I was in the military and dealt with the security of USMC and Navy computer systems, so I do know what I'm talking about. Just keep an eye on updates for your software and keep it up to date and you should keep your problems to a minimum.

jaxsprat
09-01-2010, 11:13 AM
Well if slab says all is clean & safe I will just keep logging in thru IE(pain in butt it is& slow) til Goog cleans up their act & let's us FF users back in. Heck I have seen many other sites hit over the years as well & CC has been of the of cleanest as far as hits and as far as clean language also, never been afraid to let grandkids look over my shoulder. stuff happens to all, some take care of it & some keep on sleeping:D:D

Slab
09-01-2010, 11:27 AM
I'm sure you're right, but maybe they can at least stop this particular bot. Or maybe it'll help them lead to the culprit somehow. Anyway, it makes me feel better to complain to someone, as opposed to doing nothing. Yeah, I got some software installed now that tells me of all the security breach attempts, and it's scary, there are a lot.


Trust me when I say that unless the attacker is an idiot (granted, there are many idiots out there), that they will not be traceable using that specific IP address. It's very easy to spoof an IP address so that your logs show the attack as being sent from one address, while in reality, it's coming from another. It's harder to spoof a MAC address (hardware layer), but even that can be done.

A bot computer is a compromised computer that the attacker can remotely take over to send an attack. Any tracing of the IP address that attacked you will just lead you to the bot computer and not the actual attackers computer.

Regardless, you did the right thing in updating your security software. You should be safe... at least until the next exploit becomes available! I was in the military and dealt with the security of USMC and Navy computer systems, so I do know what I'm talking about. Just keep an eye on updates for your software and keep it up to date and you should keep your problems to a minimum.

RangerZ21
09-01-2010, 11:37 AM
Still having the problem with both Mozilla Firefox and Internet Explorer.

duckhunter
09-01-2010, 11:58 AM
thanks for your efforts, slab..................it was rough yesterday, trojan almost shut my computer down. finally got rid of it, lol.

tommyboyrn
09-01-2010, 02:02 PM
mozilla still showing as reported attack site.
what can I do, if anything.......

skiptomylu
09-01-2010, 02:08 PM
mozilla still showing as reported attack site.
what can I do, if anything.......

Go to tools then options then security and clear the box that says stop attack sites.

Then it will work as normal and then if you want for other sites can go back in and check that box again for safety??

Skip

tommyboyrn
09-01-2010, 03:08 PM
will it be like this for a while, or is this temporary

Woody1940
09-01-2010, 04:05 PM
I got a trojan from here, I had real problems.

Slab
09-01-2010, 04:55 PM
I am sorry about the infections some of you got. It was a malicious attack on my server that I reacted to very fast, and cleaned up within a couple hours. I actually found out within a half hour of the infestation, and started working on it immediatly, once I knew.

Everything is cleaned up, even if you look at the google messages you'll see the following:
"The last time Google visited this site was on 2010-09-01, and the last time suspicious content was found on this site was on 2010-08-31."

But in my google webmasters toolkit, it states that they are reviewing it now. So we're just waiting for Google to take crappie.com off the backlist.

And also, just so you know, to prevent this from occuring again, I'm upgraded some base software to the most current release, I installed additional software to make the site more secure (I can now see a log of attacks, and I can also blacklist IP's), and lastly, I've disabled the Crappie Buisness Directory entirely, at least untill I can find a fix to prevent attacks through it. It's that software that I believe let the bad guys in.

So we are good to go, safe and sound. Just waiting for google to update their blacklist to remove us.

ScottV
09-01-2010, 06:31 PM
Thanks for getting it fixed so quickly Slab. This virus, malware, trojan stuff is way over my head, but I know it can do lots of damage. Just like the recent credit card fraud cases. These people doing this have to be pretty smart. If they could put those efforts to doing good, the world would be a better place.

shipahoy41
09-01-2010, 07:14 PM
Thank you Ed for all you do and to others who shared their computer knowledge with us. My computer has been at a crawl the last three days instead of high speed. I ordered the Malware program that was recommended. Snail mail should be here in a few weeks. I do not put my credit card info out on strange or new sites. I also downloaded the spybot program. I hope I will have high speed on my computer again soon.

GCD
09-01-2010, 07:28 PM
The best thing to do is to have a good and up to date AV-malware program that you pay for... free stuff is good, but you get what you pay for!!!

I got a nasty y.exy trojan last year and had to do a complete system restore on my puter, took about 2 weeks to get everything up to date after that. Lesson learned the hard way, now I have a paid for AV/malware program that updates itself regularly and have had no other problems. It notifies me when nasty programs are removed, and I just laugh as the bullets bounce off!!!:D

Surfing the web or any part of it without "protection" is asking for trouble, you may get away with it for a while, but sooner or later it will catch up to you... and the next thing you know, you have cyber AIDS!:mad:

jeepguyjames
09-01-2010, 08:02 PM
You have malware, not a virus. Download this, install, and run a full system scan. It should get it.

Malwarebytes Anti-Malware 1.46 - TechSpot Downloads (http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html)

Also, if you don't have a good anti-virus program, download this, install, run a full system scan. It always surprises me how many people don't run an antivirus prog.

AVG Anti-Virus Free Edition - Free software downloads and software reviews - CNET Download.com (http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html)

in good shape now, THANK YOU SO MUCH GRIZZ!!!!!!! running good now....

ledouxmike
09-01-2010, 09:37 PM
Warning is gone using Google Chrome.

GRIZZ
09-01-2010, 10:35 PM
Yes, if your having trouble using Firefox then download chrome and use it to access CC. GDC is wrong. The free security solutions for the average user are every bit as good as the paid for versions and in some ways better. If your having trouble with malware or viruses there are 3 programs almost anyone can use to resolve your problems. 2 of them I have already mentioned in a previous post in this thread, and for the most part they should handle everything. If after that your still having trouble, download HijackThis, and post your log on their website and manually remove the programs they suggest using the program. Besides AVG, Avira and Avast are also very good free antivirus programs.

Trend Micro HijackThis - Free software downloads and software reviews - CNET Download.com (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html)

Redy2Fish
09-02-2010, 06:38 AM
Here's a program I've been using to keep my PC relatively clutter/junk free and enhance the operating speed. Advanced System Care by IObit:

IObit - Speed Up Slow Computer, Keep PC and Internet Secure, Freeware Download (http://www.iobit.com)


It's a small program and I use the free version that updates periodically. Has anyone else any experience with this program?

tacklebox2tn
09-02-2010, 07:09 AM
I got the malware from here also. Got rid of it following the instructions on you-tube. see address below:
hope this helps.

YouTube - Remove Security Tool Removal Video (http://www.youtube.com/watch?v=9UoV1C4NbfU)

tholmes
09-02-2010, 07:36 AM
Here's a program I've been using to keep my PC relatively clutter/junk free and enhance the operating speed. Advanced System Care by IObit:

IObit - Speed Up Slow Computer, Keep PC and Internet Secure, Freeware Download (http://www.iobit.com)


It's a small program and I use the free version that updates periodically. Has anyone else any experience with this program?

I've been using Advanced System Care for a couple of years now and I really like it. It's fast, and it catches things that Ccleaner doesn't. Used along with AVG and Malwarebytes, I don't have any problems.

A point to remember - most of these freeware anti-junk programs won't provide real-time protection (Spybot S&D being one exception). You have to tell them to run a scan. This should be done at least once a week.

Tom

shipahoy41
09-02-2010, 04:34 PM
Computer is still slow as a turtle today. I ordered Malware program others suggested but it won't get here for a week. I have gone to Internet options and deleted cookies. I have run the spybot scan. I have run the crap cleaner programs. Only other thing I can think of is to defrag the computer overnight. This really has been a mess for my computer as I am usually on this site five times daily. Sheeskalambooska !!!!

Slab
09-02-2010, 06:10 PM
AVG and Malwarebytes, download from Internet and scan. This is all you need in my opinion. I see lots of other opinions, and they are all valid, but this freeware, readily available on the net, is all you really need.

smoothlures
09-02-2010, 06:40 PM
Malware Bytes Anti-Malware, AVG, Ad-Aware are all on my machine. You can get safe virus tested copies from download.com.

shipahoy41
09-02-2010, 07:50 PM
Thank you Slab and Smooth. The Malware I downloaded two days ago found googobs of stuff then they wanted $39.00 for their program. I would not give my credit card info but I did send a check by reg mail for the program. Is that the same as malwarebytes?

Anyway I will download as you recommend in the morning. Hope it really works. Thank you my friends.

GCD
09-02-2010, 08:50 PM
Download the free version tomorrow and run a full scan Ship.

Malwarebytes (http://www.malwarebytes.org/)

It should get rid of all the nastyness on your puter. A full scan will take 2-3 hours.

The difference between the free and pay for is the free only works when you manually run a scan and after something has already gotten on your puter. The version you pay for runs full time and automatically removes anything as soon as it shows up. It also updates itself automatically.

CrappiePappy
09-03-2010, 03:02 AM
(my system)
Dell E521 Desktop
140GB HD
3G RAM
Vista Home Premium/SP2
IE8


I have the following freeware programs installed:

CCleaner
Malwarebytes Anti-malware
SUPERantispyware
Avast Antivirus
Belarc Advisor (home version)

I use CCleaner to remove cookies, clear history, clean up broken aps/registry, and uninstall programs that I no longer need.
Malwarebytes has removed trojans, fake adware removal programs, and fake/rogue error programs.
SUPERantispyware has removed some of the same, or similar, programs as has Malwarebytes, plus malignant tracking programs.
Avast Antivirus is my current choice for anti-virus protection. The free version does auto-updates, and has protected my system from countless attacks by virus/hijacker programs.
Belarc Advisor is a snapshot of all the programs, software, & hardware on my system.

All of them are "free" to download & use .... you just need to manually update them (which I do about twice a week), with the exception of Avast, which automatically updates (daily).

If you look on CNET.com ... at the most downloaded free programs list ... you'll find that 5 out of the top 6 downloaded programs are some of the ones mentioned in this thread. ;)

... cp :cool:

shipahoy41
09-03-2010, 07:41 AM
Download the free version tomorrow and run a full scan Ship.

Malwarebytes (http://www.malwarebytes.org/)

It should get rid of all the nastyness on
puter. A full scan will take 2-3 hours.

The difference between the free and pay for is the free only works when you manually run a scan and after something has already gotten on your puter. The version you pay for runs full time and automatically removes anything as soon as it shows up. It also updates itself automatically.

Thank you GCD. It is scanning now and should take about three hours. I have also bought the program and it should get here in a week.

Thank you Pappy. You always give thoughtful advice and insights on this forum. I am sure that many more besides me have been well informed by your comments and suggestions.

Ed, again thank you for all you do to help make this site the best.

GRIZZ
09-03-2010, 03:43 PM
CP that's a good point I was going to mention earlier and forgot to. CNET's website that has any program that is anything is Download.com. If you can't find it there, find something better that they have. It's the most reliable sources of programs online.