anyone else keep getting a virus from the forum?

[oak1971]

I got hit again while on this forum. AGV stopped it....I hope.

 

[paul@paul-fisher.com]

I got hit again while on this forum. AGV stopped it....I hope.

What do the logs say?

 

[Citizen]

My Malwarebytes real-time scanner stopped and flagged the IP in the log above a few times last week while I was on this forum.

 

[paul@paul-fisher.com]

My Malwarebytes real-time scanner stopped and flagged the IP in the log above a few times last week while I was on this forum.

OK.

That IP address has nothing to do with this forum. You are infected by something.

That is a Netherland based IP.

NetRange: 178.0.0.0 - 178.255.255.255
CIDR: 178.0.0.0/8
OriginAS:
NetName: 178-RIPE
NetHandle: NET-178-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2009-01-30
Updated: 2009-05-18
Ref: http://whois.arin.net/rest/net/NET-178-0-0-0-1

OrgName: RIPE Network Coordination Centre
OrgId: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
RegDate:
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/RIPE

ReferralServer: whois://whois.ripe.net:43

OrgTechHandle: RNO29-ARIN
OrgTechName: RIPE NCC Operations
OrgTechPhone: +31 20 535 4444
OrgTechEmail: hostmaster@ripe.net
OrgTechRef: http://whois.arin.net/rest/poc/RNO29-ARIN

OrgAbuseHandle: RNO29-ARIN
OrgAbuseName: RIPE NCC Operations
OrgAbusePhone: +31 20 535 4444
OrgAbuseEmail: hostmaster@ripe.net
OrgAbuseRef: http://whois.arin.net/rest/poc/RNO29-ARIN​

In addition, that IP address is on at least 3 black lists, once again, no relation to opencarry.org.

 

[oak1971]

What do the logs say?

Something about JAB.exe

 

[Citizen]

OK.

That IP address has nothing to do with this forum. You are infected by something.

That is a Netherland based IP.

In addition, that IP address is on at least 3 black lists, once again, no relation to opencarry.org.

No, I'm not infected. When I read your comment, I updated both AVG and Malwarebytes and sent both on a hunt. Results: nothing.

I disagree about "no relation" to opencarry.org.

1. I got the flags while on OCDO, repeatedly, while having no other tabs or browsers open, and while not having visited any other websites during the browser session.

2. Lots of others are having problems.


I would really like to hear from John or Mike about what is going on. I've PMd John twice. No word for a week or so now. You'd think somebody, somewhere, either John, Mike, or the host server admins would say something definitive. Even a "we're working on it" would be better than silence.

3. Never, never in the history of OCDO has this happened--this being multiple reports from forum users of security alarms going off.

While it may not be John's forum software, I see no reason to exclude the ads or something on the forum's host server. All of which are related to OCDO, while not being OCDO directly.

 

[paul@paul-fisher.com]

No, I'm not infected. When I read your comment, I updated both AVG and Malwarebytes and sent both on a hunt. Results: nothing.

I disagree about "no relation" to opencarry.org.

1. I got the flags while on OCDO, repeatedly, while having no other tabs or browsers open, and while not having visited any other websites during the browser session.

2. Lots of others are having problems.


I would really like to hear from John or Mike about what is going on. I've PMd John twice. No word for a week or so now. You'd think somebody, somewhere, either John, Mike, or the host server admins would say something definitive. Even a "we're working on it" would be better than silence.

3. Never, never in the history of OCDO has this happened--this being multiple reports from forum users of security alarms going off.

While it may not be John's forum software, I see no reason to exclude the ads or something on the forum's host server. All of which are related to OCDO, while not being OCDO directly.

OK. then it must be unique ads that some people and not me are seeing. I have visited this forum with XP, Vista and Windows 7, IE 7, 8 and 9, Firefox and Chrome, with Symantec Endpoint Protection, ESET, Avast and AVG, never a hint of malware.

 

[carsontech]

Many of us have already hinted that it is probably the Ad service that is ran on here, like on many other sites, to generate money to keep the site up. It's not just the Google Ad service, many other ad services have this problem.

Lots of admins and webmasters are reporting problems with Google's Ad service similar to this:

http://www.google.com/support/forum/p/AdSense/thread?tid=7ed370b56aa12099&hl=en

http://www.theadminzone.com/forums/showthread.php?p=623785

http://www.google.ca/support/forum/p/Webmasters/thread?tid=7f42b25efc93e71a&hl=en


BTW, this happens often:

http://www.btsecurethinking.com/2011/10/when-good-ads-turn-bad-the-new-threat-from-malvertising/

http://www.theregister.co.uk/2009/09/24/malware_ads_google_yahoo/

http://blogs.wsj.com/digits/2010/09/24/malware-served-through-ads-is-expanding-group-says/

http://blog.zedo.com/wordpress/blog/2011/08/01/managing-malware-risk-in-advertising/

 

[Nutczak]

Spybot tea timer has been popping warnings for me about security fraud malware, so update your spybot program, imunize, and check for updates a few times a week.

MSE catches things, but it is typically after the malware blows its load all over my computer, that is like putting on a condom after sex IMO, this is the only instance that MSE has not worked wonderfully for me in the last few years.

So, if you are a spybit user, update, imunize, and keep tea timer running and you're golden with the rogue anti-spyware crap that many are getting.