Fred Weiss
Merchant Member
Download and use Temp File Cleaner from http://software.addpcs.com/tfc/.Ok, where might I find ALL TEMP FOLDER?
Suggestions please.
-
I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...
Fred: VIRUS ALERT
- Thread starter cdiesel
- Start date
Fred Weiss
Merchant Member
Fred,
It is still roaming Signs101, just selected the "Merchant Directory", and Norton blocked an intrusion attempt.
Malicious Toolkit Website 9
November 12, 2011 11:00 pm CT
See attachment lower right corner.
I'm not getting the alert. Check it after you clear your cache and delete all temp files.
Custom_Grafx
New Member
I keep getting a pop up when I try to open the site about the site needing java and to click for more info at which point I shut down IE. I don't get this popup on my iPhone so am typing this from it.
Fred Weiss
Merchant Member
I would appreciate it if you could get a screen capture of that and either post it or email it to me. You definitely need JavaScript enabled for Signs 101 to work properly for you. I don't think you need Java though but don't hold me to it.
Custom_Grafx
New Member
Thanks Fred,
I just came back and didn't get it, then when I clicked on "post reply" it came up again and I got it.
Here you are.
I am uncertain whether or not it's a genuine pop up from IE, or part of this "virus", so don't want to click anything to find out the hard way.
If I try to close the popup by clicking on "X", it comes up again once or twice, then goes away and I can use the site...
I had never seen this popup till now.
I just came back and didn't get it, then when I clicked on "post reply" it came up again and I got it.
Here you are.
I am uncertain whether or not it's a genuine pop up from IE, or part of this "virus", so don't want to click anything to find out the hard way.
If I try to close the popup by clicking on "X", it comes up again once or twice, then goes away and I can use the site...
I had never seen this popup till now.
Attachments
Fred Weiss
Merchant Member
I can't say where it's coming from but i think I would just use the X to close the window.
Custom_Grafx
New Member
Thanks Fred,
Will do.
I wonder if it was something I deleted in temp/settings. It seems to have gone away now. Might have fixed itself up.
Will do.
I wonder if it was something I deleted in temp/settings. It seems to have gone away now. Might have fixed itself up.
Fred Weiss
Merchant Member
Not sure ... still waiting for a report from our server management contractor.
FrankenSigns.biz
New Member
No problem here. But then I NEVER have to concern myself with viruses.
phototec
New Member
Fred Weiss
Merchant Member
Fred, this link is NOT working!
It works for me. Here's a different link to it from cnet. The one caveat with it is ... use the custom install. Do not use the express install. Doing so will change your browser home page and will install a search bar you may not want. Otherwise, it works just fine.
Fred Weiss
Merchant Member
Yes Nick. It is currently under consideration. Our server has the ConfigServer Security & Firewall software installed on it but not the CSX.
In reading the various descriptions at their site, I was left a bit confused between add CSX or buying their entire [/SIZE][/FONT]cPanel Service Package since we already have the firewall. So I have put in an inquiry with both them and our server management contractor. We have had numerous problems in the past with server configurations and permissions. Evidently a lot of permission changing comes into play with ConfigServer's software so whatever I do needs to be coordinated with the management contractor to whom I turn when any server issue goes beyond my ability to handle.
phototec
New Member
Fred,
I just logged onto Signs 101, and again Norton blocked an intrusion attempt....
I'm NOT getting this from any other site, just Signs101.
I was going to clean my temp intenet files using Internet Explorer Tools, however it said it would also clean internet passwords, so I didn't want to loose my passwords?
I then selected VIEW FILES and noticed a cookie file, "a1interclick" which shows up at the same time as Signs 101, searched Google and found this information:
http://www.computing.net/answers/security/google-redirect-i-tried-everythinghelp/26684.html
Do you think this could be the culprit?
I just logged onto Signs 101, and again Norton blocked an intrusion attempt....
I'm NOT getting this from any other site, just Signs101.
I was going to clean my temp intenet files using Internet Explorer Tools, however it said it would also clean internet passwords, so I didn't want to loose my passwords?
I then selected VIEW FILES and noticed a cookie file, "a1interclick" which shows up at the same time as Signs 101, searched Google and found this information:
http://www.computing.net/answers/security/google-redirect-i-tried-everythinghelp/26684.html
Do you think this could be the culprit?
Fred Weiss
Merchant Member
Current report on this virus ...
Our server management contractor checked all logs and did a virus scan of all files. Nothing was found. There is no evidence of a hacker intrusion. At the same time, I performed various actions and found and removed a few instances of the script by searching our database files for keywords that are part of the malicious script.
After that, I was still getting warnings so I cleaned my workstation of all temp files using the Temp File Cleaner utility and rebooted. That action totally cleared my system of any warnings since then using FireFox, Internet Explorer and Safari to check.
The conclusion both I and our contractor have reached is that an "insecure" script was uploaded, probably inadvertently, by a member to either a post or a PM. We are looking into adding a virus and malicious script scanner to cover this vulnerability in the future.
The CSX scanner recommended by Shorty states on their website that it is not a 100% solution. Rather it is intended to add protection thus reducing risk ... but not totally eliminating it.
Evidently most members were unaffected by this incident because they received warnings through their browsers. To anyone who was actually infected, we offer our apologies but suggest that you look into acquiring adequate virus protection including online website and link scanning.
Our server management contractor checked all logs and did a virus scan of all files. Nothing was found. There is no evidence of a hacker intrusion. At the same time, I performed various actions and found and removed a few instances of the script by searching our database files for keywords that are part of the malicious script.
After that, I was still getting warnings so I cleaned my workstation of all temp files using the Temp File Cleaner utility and rebooted. That action totally cleared my system of any warnings since then using FireFox, Internet Explorer and Safari to check.
The conclusion both I and our contractor have reached is that an "insecure" script was uploaded, probably inadvertently, by a member to either a post or a PM. We are looking into adding a virus and malicious script scanner to cover this vulnerability in the future.
The CSX scanner recommended by Shorty states on their website that it is not a 100% solution. Rather it is intended to add protection thus reducing risk ... but not totally eliminating it.
Evidently most members were unaffected by this incident because they received warnings through their browsers. To anyone who was actually infected, we offer our apologies but suggest that you look into acquiring adequate virus protection including online website and link scanning.
Fred Weiss
Merchant Member
Fred,
I just logged onto Signs 101, and again Norton blocked an intrusion attempt....
I'm NOT getting this from any other site, just Signs101.
I was going to clean my temp intenet files using Internet Explorer Tools, however it said it would also clean internet passwords, so I didn't want to loose my passwords?
I then selected VIEW FILES and noticed a cookie file, "a1interclick" which shows up at the same time as Signs 101, searched Google and found this information:
http://www.computing.net/answers/security/google-redirect-i-tried-everythinghelp/26684.html
Do you think this could be the culprit?
Might be part of it. If it's a temp internet file or a cookie, you can delete it to see.
Again, use the alternate link I provided to cnet to download the Temp File Cleaner utility. Run it using the default settings and it will do the job and speed up your computer at the same time. You won't lose your saved passwords.
David Wright
New Member
Mine was fixed as Fred suggested, malwarebytes in safe mode. It only happened with an old unsecure computer I used.
Quick fix.
Quick fix.
phototec
New Member
Fred, ok I ran the Temp File Cleaner, removed 2.5 Gb of temp files.
So far, no Norton blocks, I hope the issue has been fixed....
Can't really tell if my computer is running faster, but maybe at the next startup..