View Full Version : all members, HEADS UP!! VK HAS A VIRUS!!!


stereorob
12-09-2011, 01:05 AM
someone really needs to fix this before someones computer gets nailed!

i was looking at the main screen when this popped up!
************************************************** *
avast! blocked you from visiting an infected webpage


Infection Details
URL: http://w5e3ir.com/news ***************************DO NOT CLICK ON THIS LINK!!!!!!!!!!!!!
Process: file://C:\Program Files\Internet Explore...
Infection: js:Downloader-gen@bhv [Expl]
************************************************** ***
seems like theres no safe place from this crap anymore. hell, even the real estate site trulia.com is full of trojan horses.
i would do a screen shot, but idk how to do that.
just doing my duty as a active fourm member.
thought you guys should know!

Rob Beaumont aka stereorob

AUdubon5425
12-09-2011, 01:44 AM
It's something on your computer - this was talked about a few months ago.

stereorob
12-09-2011, 03:04 AM
oh. didnt know that. i just began posting here abt a week ago

Dude111
12-10-2011, 12:46 AM
I hope you get things straightend out soon my friend :)

miniman82
12-10-2011, 09:20 PM
Actually, I just received a Symantec warning from this site as well:

[SID: 24443] Web Attack: Suspicious Browser Fingerprinting 3 detected.
Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe


My AV is up to date, and there are no viruses on my system. I think possibly one of the banner ads is trying to run malicious code or something, might want to check that out.

ctc17
12-11-2011, 07:44 AM
I wondered why my explorer EXE was always infected. It never gets executed though because I don't IE. Yea they have gotten real good and getting this crap into good sites

jwharris
12-11-2011, 12:16 PM
Use Firefox web browser instead of Internet Explorer and you will never have this problem again.

miniman82
12-11-2011, 01:35 PM
Yep, FF with No Script. Blocks all the swarf.

ctc17
12-11-2011, 03:10 PM
I just got nailed. I usually post from my phone but I zoned it now my computer is infected. I use FF but don't have scripts blocked.

stereorob
12-12-2011, 03:04 AM
Love the site but i came on here last night and the virus got me again! 3 diffrent ones, it totally crashed my computer and i lost my entire music archive and had to do a full harddrive wipe to get rid of it!!!!!!!!!!!!!!!!

Mods, please do something about this terrible problem!!!!!!!!
Im leaving the site and im not comming back till whatever the hell this thing is is gone!!!!!!!!!!!!!!!!!!!!!

Its just too risky
im out!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Good bye!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!

Kamakiri
12-12-2011, 08:45 AM
The offending site listed (w5e3ir.com) is not listed in any template that makes the site. I would need specifics as to the thread, page or posts to try and narrow it down.

Eric H
12-12-2011, 09:28 AM
Not having any problems here, I suspect your Computer already has a Virus and it's trying to redirect you to an infected Site.

Possibly the banner ads trigger it somehow.
Is your Flash player up to date?

ctc17
12-12-2011, 10:20 AM
The one I got was called XP Security 2012. It was malware ant it was difficult to get rid of.

ctc17
12-12-2011, 10:26 PM
When I went to check my PMs. And it tried to load rootkit.kryptic Trojan
This is the 3rd time today, Ill try and get more screen shots.

http://boxcarcabin.com/vk1.jpg

Ed in Tx
12-13-2011, 09:54 AM
The one I got was called XP Security 2012. It was malware ant it was difficult to get rid of. I got one like that two years ago, was called" XP Security 2010" at the time. AVG let it on my computer. I had clicked on a picture someone had posted from Flickr, which seemed to launch the virus. It had placed two exe files in the root directory and a red icon in the task bar, accompanied by a sound every 90 seconds reminding me to click on the red icon. I tried AVG online live support and all seemed well after their technician worked on it for 2 hours. Then when all was supposedly done and we disconnected I tried to run a program and it wouldn't launch, so I tried to restart the computer, and it wouldn't boot, just a blinking "-" . Finally resorted to a week old backup I had done using Acronis, loaded it to a new HDD, and all was OK again.

ChrisW6ATV
12-14-2011, 12:36 AM
Use Firefox web browser instead of Internet Explorer and you will never have this problem again.
This is the second step of owning a computer. The first step is "buy a computer". :)

Wardsweb
12-14-2011, 05:04 PM
Has anyone had any issues this afternoon?

miniman82
12-16-2011, 06:00 PM
Just got this one again:

[SID: 24443] Web Attack: Suspicious Browser Fingerprinting 3 detected.

The IP address from the offending attack is 188.72.214.151

Geoff Bourquin
12-16-2011, 09:19 PM
Just got this one again:

[SID: 24443] Web Attack: Suspicious Browser Fingerprinting 3 detected.

The IP address from the offending attack is 188.72.214.151


That address is in Hong Kong

miniman82
12-16-2011, 11:23 PM
I tried having Symantec backtrace it, but it didn't work. Thanks for the info.

stereorob
12-19-2011, 02:08 AM
nothing today. seems safe again.

jstout66
12-20-2011, 01:26 PM
I picked up a NASTY virus while on AK last week.
I'm even an I.T nerd, and have gone 7 years on this desktop system without a virus...EVER.
The one that got me, and about wiped my system out is the "XP 2010 Virus".
I am staying off both sites for awhile, but just wanted to give a heads up. The virus has many monikers depending on your operating system, but it's the one that looks like it is from Windows and says you have about a zillion infected files. If you get it... do a HARD SHUT-DOWN of your system and for god-sakes.. don't be tricked and download anything from it.
How it got me.... I left the page up, and went away from my computer. By the time I got back.. the virus was fully installed.

dewdude
12-20-2011, 01:37 PM
I've said this before....I've said it a thousand times.

Its these frickin ad networks. I know site owners need to make money...and ad networks are in the business of selling ads and ad space...but the problem is these people are already being dishonest...so they're even more dishonest...purchase legit looking ad-space, but use it to distribute scamware.

I know several people who have broken all ties with every ad network they used on websites because of their inability/unwillingness to scan ads before putting them out there...knowing full well there's a chance its going to infect lots of people with these fake spyware scams.

Sent from my Samsung Intercept with Tapatalk

Celt
12-20-2011, 04:31 PM
I'm running Firefox and No Script which along with Avast! is doing a great job of keeping the nasties at bay.

Findm-Keepm
12-20-2011, 10:58 PM
I picked up a NASTY virus while on AK last week.
I'm even an I.T nerd, and have gone 7 years on this desktop system without a virus...EVER.
The one that got me, and about wiped my system out is the "XP 2010 Virus".
I am staying off both sites for awhile, but just wanted to give a heads up. The virus has many monikers depending on your operating system, but it's the one that looks like it is from Windows and says you have about a zillion infected files. If you get it... do a HARD SHUT-DOWN of your system and for god-sakes.. don't be tricked and download anything from it.
How it got me.... I left the page up, and went away from my computer. By the time I got back.. the virus was fully installed.

....and you were not alone. Immunization from Spybot, Full-AVG protection, and an at-start-up Malwarebytes run did nothing for me. Funny thing is, I didn't open anything, or click on anything - just brought up VK from my Favorites link. I was reading thread titles when AVG alerted me to the problem. No other software running, no other sites being browsed. A quick run of AVG and Malwarebytes, and I was back up. Two hours later, I braved VK again, and bam - another threat detected. Cleaned up things, made a call to my brother-in-law. He's a writer/tech geek/IT expert for a media service. He checked out VK with his computer and he said it's all "server side" scripts placed there to infect. VK mods, you might check with the hosting service - the script hackers are making things unpleasant for some of us. We know VK isn't the problem, just the servers hosting VK.

My solution for now is Google Chrome with a couple of mods (placed there by my B-I-L) and lo and behold, I now just get the warning that a script is being blocked. Most prevalent is the one mentioned above - the "XP2010.exe" script. I'm on a Win 7 machine, and this happens only on VK (I haven't ventured over to AK).

Cheers,

ctc17
12-21-2011, 12:55 AM
I moved into Ubuntu and set up a dual boot. Im done with Windows for web stuff. Just to risky.
So Im back to annoy all!

Jeffhs
12-21-2011, 07:42 PM
I'm running Firefox and No Script which along with Avast! is doing a great job of keeping the nasties at bay.

That's almost identical to what I have. Just upgraded to Firefox 9 and have used NoScript for quite a while, not sure exactly how long anymore, with AVG AntiVirus, but it works. Haven't had problems with viruses, etc. for quite a while now -- in fact, I don't honestly remember the last time I had a virus on my system. AVG AV is absolutely great, keeping a watchful eye on my entire system and letting me know the second it detects anything out of the ordinary as far as viruses, Trojans, worms, etc. are concerned.

holmesuser01
12-22-2011, 08:44 AM
That XP security 2012 is what I got week before last, too. I lost alot of stuff before I got rid of it. The "top rated" anti-virus couldn't get rid of it, and it was here (and updated) before the virus got me!!!

I wondered where it came from...

miniman82
12-22-2011, 11:51 PM
Luckily for me, Symantec Endpoint Protection is good enough to stop these attacks. Just got another one a couple minutes ago:

[SID: 24089] Web Attack: Malicious Toolkit Website 9 detected.
Traffic has been blocked from this application: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Traffic from IP address 178.17.163.189 is blocked from 12/22/2011 10:43:22 PM to 12/22/2011 10:53:22 PM.



Apparently whatever script is running wild out there, it's got the same MO: attempting to download and install malicious programs on our PC's. Good thing most of us have decent AV software, those things fool a lot of people.

Note to admin: is there any way possible to stop the forum from loading those scripts that are known to be harmful, or do we have no choice because of the sever?

ctc17
12-25-2011, 05:23 AM
NOD32 did not stop it. It got to where I could remove XP2012 in 2 minutes but after getting nailed 5 times networking was so screwed up the computer would no longer acquire an IP. That's when I gave up and re installed XP and Ubuntu as a dual boot.
I wonder why the host hasn't detected this and deleted the entire site from the server.

miniman82
12-27-2011, 08:32 PM
Got a different one this time, as I was logging off.


[SID: 24089] Web Attack: Malicious Toolkit Website 9 detected.
Traffic has been blocked from this application: C:\Program Files\Internet Explorer\iexplore.exe

Traffic from IP address 178.18.243.189 is blocked from 12/27/2011 7:30:12 PM to 12/27/2011 7:40:12 PM.

earlyfilm
12-28-2011, 06:03 AM
At 5:37:53 AM Kaspersky warned me of a malicious URL E93C8155766427F from http://www.fegirex.com/lifeo/o.htm

This happened as I opened the last page on the thread "Photo finish: my solution" and the only posts on that page with automatic opening pictures were the three with miniman82's pictures. I got the impression that this blocked nasty rode in from the picture hosting site, but I could be totally wrong.

James

miniman82
12-28-2011, 04:10 PM
All my pics are hosted here...

kc8adu
03-05-2012, 09:29 AM
its not fom vk its the ad networks as was stated above.another reason i run adblock plus,noscript,and have a huge hosts file of banned domains.
oh and dump internet explorer already!
chrome or firefox.
another nasty trick this malware does is cache itself when you hit an infected ad and then waits a while to pop up.so where ever you were prior to coming to vk could have dropped it on you.when it rears its ugly head you say oh shit vk is infected!