Attn Herm
-
- Posts: 1396
- Joined: Tue Nov 18, 2008 9:32 am
Attn Herm
I subscribe to a listing of websites deemed as blocked by google. This forum is on the list now:
http://www.google.com/safebrowsing/diag ... rum/&hl=en
Just thought you should know. It looks like someone is hijacking the dns routing and infiltrating the packets. I did a malware scan after checking this the first time and I scanned cleanly so it may be someone just trying to grab passwords going back and forth. You oughta look into this Herm, this is some nasty stuff.
http://www.google.com/safebrowsing/diag ... rum/&hl=en
Just thought you should know. It looks like someone is hijacking the dns routing and infiltrating the packets. I did a malware scan after checking this the first time and I scanned cleanly so it may be someone just trying to grab passwords going back and forth. You oughta look into this Herm, this is some nasty stuff.
-
- Posts: 1396
- Joined: Tue Nov 18, 2008 9:32 am
Re: Attn Herm
Well, scratch that. Here is MalWare bytes scan from just now:
Somewhere in the site bounces someone is intercepting and installing a keylogger. If you are accepting any sort of third party ads Herm or running a "server checker" (or anything third-party with embedded code) you oughta kill it. Someone is using your site to access passwords on the client computers. I don't *think* anyone can do it by putting something in their sig, but it wouldn't surprise me if that were the cause. Have you gotten a new member with some script in their sig in the last few days or added something like a web counter? That's the sort of thing to look at. If you are unsure Herm, email me and I'll explain how they did this. I probably will not come back here, I just scanned again after posting this and the infection returned (this is the only window open on my comp).
Anyone here ought to scan with MalwareBytes:
http://www.malwarebytes.org/
It is free, safe, and you should be doing it regularly anyway.
Code: Select all
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4848
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/16/2010 5:43:43 AM
mbam-log-2010-10-16 (05-43-43).txt
Scan type: Quick scan
Objects scanned: 162973
Time elapsed: 8 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
Anyone here ought to scan with MalwareBytes:
http://www.malwarebytes.org/
It is free, safe, and you should be doing it regularly anyway.
- David
- Posts: 1600
- Joined: Sat Oct 18, 2008 11:06 am
- NoMoreSpam: Silver
- Location: Arizona
Re: Attn Herm
I have used Malwarebytes recently, and it did not locate anything, but I will check again. Thanks Gopostal.
Are you going to pull those pistols or whistle Dixie?
- Hermskii
- Site Admin
- Posts: 8514
- Joined: Sun Jul 10, 2005 9:56 pm
- NoMoreSpam: Silver
- Location: Houston, Texas
- Contact:
Re: Attn Herm
I hate this crap! It seems each time I skip a couple of days of coming here, crap happens. I checked my email and saw that my provider had actually already caught it and cleared it before it got out of hand. I have a list of things from them that I have to do myself too but can do it all. I'm about to start all of my scans and such now. I also have not yet looked to see where this started or was detected. I have a feeling though that this will be easy for me to figure out.
Most importantly, Thanks for the heads up and it is good to hear from you!
Most importantly, Thanks for the heads up and it is good to hear from you!
~Peace~
Hermskii
Hermskii
- Sir Mandrake
- Posts: 334
- Joined: Thu Sep 27, 2007 12:05 pm
- NoMoreSpam: Silver
- Location: Central, IL USA
Re: Attn Herm
...and Kudos to your provider for catching and blocking it early, sounds like they are on top of things as well.
- Hermskii
- Site Admin
- Posts: 8514
- Joined: Sun Jul 10, 2005 9:56 pm
- NoMoreSpam: Silver
- Location: Houston, Texas
- Contact:
Re: Attn Herm
Scans are all clean on my PC. I thought my wife had possibly been a part of this but she is cleared now. Work PC is cleared too. Now on towards the site.
Sorry no redirect log-ins work right now. It is a precaution for now and I expect to have them open and usuable again by the weekend.
I am about half done with doing everything I have to do here to clear this forums name of malware with Google and such. There was a delay with how this worked too. The original attack happened at 7:00 AM October 2nd. Might not be the same attach but the forum started getting ping on then and that was when my password was first hacked.
Again, I'm sorry about this folks. there is really not a damn thing I could have done about it but keep this in mind....I have backups of everything and they happen every single day. I can restore this whole thing if I ever need too in a day or two.
Sorry no redirect log-ins work right now. It is a precaution for now and I expect to have them open and usuable again by the weekend.
I am about half done with doing everything I have to do here to clear this forums name of malware with Google and such. There was a delay with how this worked too. The original attack happened at 7:00 AM October 2nd. Might not be the same attach but the forum started getting ping on then and that was when my password was first hacked.
Again, I'm sorry about this folks. there is really not a damn thing I could have done about it but keep this in mind....I have backups of everything and they happen every single day. I can restore this whole thing if I ever need too in a day or two.
~Peace~
Hermskii
Hermskii
- *POTS*
- Posts: 2233
- Joined: Fri Oct 17, 2008 8:50 pm
- Hermskii
- Site Admin
- Posts: 8514
- Joined: Sun Jul 10, 2005 9:56 pm
- NoMoreSpam: Silver
- Location: Houston, Texas
- Contact:
Re: Attn Herm
OKAY. I now have the all clear from Google so all warnings should be gone now in a day or two. They verified we are all clean here again now and as secure as I can make it basically. Everything was easier than I thought it would be.
~Peace~
Hermskii
Hermskii