• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Fred: VIRUS ALERT

Fred Weiss

Merchant Member
Fred,

It is still roaming Signs101, just selected the "Merchant Directory", and Norton blocked an intrusion attempt.

Malicious Toolkit Website 9

November 12, 2011 11:00 pm CT

See attachment lower right corner.

:omg:

I'm not getting the alert. Check it after you clear your cache and delete all temp files.
 

Custom_Grafx

New Member
I keep getting a pop up when I try to open the site about the site needing java and to click for more info at which point I shut down IE. I don't get this popup on my iPhone so am typing this from it.
 

Fred Weiss

Merchant Member
I keep getting a pop up when I try to open the site about the site needing java and to click for more info at which point I shut down IE. I don't get this popup on my iPhone so am typing this from it.
I would appreciate it if you could get a screen capture of that and either post it or email it to me. You definitely need JavaScript enabled for Signs 101 to work properly for you. I don't think you need Java though but don't hold me to it.
 

Custom_Grafx

New Member
Thanks Fred,

I just came back and didn't get it, then when I clicked on "post reply" it came up again and I got it.

Here you are.

I am uncertain whether or not it's a genuine pop up from IE, or part of this "virus", so don't want to click anything to find out the hard way.

If I try to close the popup by clicking on "X", it comes up again once or twice, then goes away and I can use the site...

I had never seen this popup till now.
 

Attachments

  • PopUp.jpg
    PopUp.jpg
    63.4 KB · Views: 79

Fred Weiss

Merchant Member
Thanks Fred,

I just came back and didn't get it, then when I clicked on "post reply" it came up again and I got it.

Here you are.

I am uncertain whether or not it's a genuine pop up from IE, or part of this "virus", so don't want to click anything to find out the hard way.

If I try to close the popup by clicking on "X", it comes up again once or twice, then goes away and I can use the site...

I had never seen this popup till now.

I can't say where it's coming from but i think I would just use the X to close the window.
 

Custom_Grafx

New Member
Thanks Fred,

Will do.

I wonder if it was something I deleted in temp/settings. It seems to have gone away now. Might have fixed itself up.
 

Fred Weiss

Merchant Member
fred- have you considered the utility that i posted?

Yes Nick. It is currently under consideration. Our server has the ConfigServer Security & Firewall software installed on it but not the CSX.

In reading the various descriptions at their site, I was left a bit confused between add CSX or buying their entire [/SIZE][/FONT]cPanel Service Package since we already have the firewall. So I have put in an inquiry with both them and our server management contractor. We have had numerous problems in the past with server configurations and permissions. Evidently a lot of permission changing comes into play with ConfigServer's software so whatever I do needs to be coordinated with the management contractor to whom I turn when any server issue goes beyond my ability to handle.
 

phototec

New Member
Fred,

I just logged onto Signs 101, and again Norton blocked an intrusion attempt....

I'm NOT getting this from any other site, just Signs101.

I was going to clean my temp intenet files using Internet Explorer Tools, however it said it would also clean internet passwords, so I didn't want to loose my passwords?

I then selected VIEW FILES and noticed a cookie file, "a1interclick" which shows up at the same time as Signs 101, searched Google and found this information:

http://www.computing.net/answers/security/google-redirect-i-tried-everythinghelp/26684.html


Do you think this could be the culprit?

:help
 

Techman

New Member
Internet Explorer Tools,

Will not clean your entire system. All temp folders must be cleaned..

Also, if there are redirects going on,,, You have to look into the HOST file. and clean it too.
 

Fred Weiss

Merchant Member
Current report on this virus ...

Our server management contractor checked all logs and did a virus scan of all files. Nothing was found. There is no evidence of a hacker intrusion. At the same time, I performed various actions and found and removed a few instances of the script by searching our database files for keywords that are part of the malicious script.

After that, I was still getting warnings so I cleaned my workstation of all temp files using the Temp File Cleaner utility and rebooted. That action totally cleared my system of any warnings since then using FireFox, Internet Explorer and Safari to check.

The conclusion both I and our contractor have reached is that an "insecure" script was uploaded, probably inadvertently, by a member to either a post or a PM. We are looking into adding a virus and malicious script scanner to cover this vulnerability in the future.

The CSX scanner recommended by Shorty states on their website that it is not a 100% solution. Rather it is intended to add protection thus reducing risk ... but not totally eliminating it.

Evidently most members were unaffected by this incident because they received warnings through their browsers. To anyone who was actually infected, we offer our apologies but suggest that you look into acquiring adequate virus protection including online website and link scanning.
 

Fred Weiss

Merchant Member
Fred,

I just logged onto Signs 101, and again Norton blocked an intrusion attempt....

I'm NOT getting this from any other site, just Signs101.

I was going to clean my temp intenet files using Internet Explorer Tools, however it said it would also clean internet passwords, so I didn't want to loose my passwords?

I then selected VIEW FILES and noticed a cookie file, "a1interclick" which shows up at the same time as Signs 101, searched Google and found this information:

http://www.computing.net/answers/security/google-redirect-i-tried-everythinghelp/26684.html


Do you think this could be the culprit?

:help

Might be part of it. If it's a temp internet file or a cookie, you can delete it to see.

Again, use the alternate link I provided to cnet to download the Temp File Cleaner utility. Run it using the default settings and it will do the job and speed up your computer at the same time. You won't lose your saved passwords.
 

David Wright

New Member
Mine was fixed as Fred suggested, malwarebytes in safe mode. It only happened with an old unsecure computer I used.
Quick fix.
 

phototec

New Member
Our server management contractor checked all logs and did a virus scan of all files. Nothing was found. There is no evidence of a hacker intrusion. At the same time, I performed various actions and found and removed a few instances of the script by searching our database files for keywords that are part of the malicious script.

After that, I was still getting warnings so I cleaned my workstation of all temp files using the Temp File Cleaner utility and rebooted. That action totally cleared my system of any warnings since then using FireFox, Internet Explorer and Safari to check.

Fred, ok I ran the Temp File Cleaner, removed 2.5 Gb of temp files.

So far, no Norton blocks, I hope the issue has been fixed....

Can't really tell if my computer is running faster, but maybe at the next startup..

:thankyou:
 

phototec

New Member
Well I spoke to soon, even after running the Temp File Cleanner, Norton is still blocking an intrusion attemp when selecting different pages on Signs101...

What should I try NOW?

:help
 
Top