|
|
Post by Wyn on Aug 13, 2008 13:54:43 GMT -5
Last night I enter the main board and the virus hit. In a few minutes it had generated over 2400 virus hit. It took out my wallpaper, and I'm unable to install any wallpaper. I don't know what damages to my system. I may need to do a reinstall of the XP program. It took a while but I got the system running again.
I entered the web site today at noon and the virus hit again. This time I stop it before it got too far down the system.
Right now the system is working with out too many problem. Still no wallpaper.
I found a new program to repair the system registry it is 'UniBlue' RegistryBooster.
It found over 500 error in my registry and repaired them. The system is a little faster now, and it repaired allot of the damage done by the virus.
Wyn
|
|
|
|
Post by Wyn on Aug 13, 2008 18:16:21 GMT -5
I went back to the regular Bradley board and right now it seem OK. I don’t know if the problem has been fix on the Bradley site. But I’ve been on the site twice this afternoon and it seams OK.
My system went down twice, once last night and once this morning.
Rob having problem with his system,
Rob had talk to Gary Hammond and his system went down too. Don’t know if he is back up.
Don’t know if any one else had problems.
Wyn
|
|
|
|
Post by robstone on Aug 13, 2008 19:14:36 GMT -5
My computer was really freaking out on the Bradley site last night.
Here is what popped up.
index.php_cmp_bradley-gt010_vbtn[1].gif
It appears that there were two trojans buried in the above gif on the Bradley site.
JS_AGENT.PCG
TROJ_IFRAME.CP
I had Trend Micro pop these up and quarantine them. My computer appears to be ok, but I don't trust it yet. Am I the only one who had their firewall ID the problem? Let's hear from some folks.
|
|
doug
Junior Member
Posts: 90
|
Post by doug on Aug 13, 2008 23:20:45 GMT -5
I haven't been on the site from home in a while but I could not get on at work so I knew there must be a problem.
doug.
|
|
|
|
Post by robstone on Aug 14, 2008 17:18:47 GMT -5
|
|
|
|
Post by Kyle Murdock on Aug 14, 2008 17:30:09 GMT -5
I've had the message board lock up on me twice while trying to access it. I did notice on the bottom of the browser that it was accessing pinoc.org while loading the page. Maybe some of you that are a little more up on this stuff can research that a little. It does seem to be off and on as I noticed it slow to load yesterday, but didn't think anything of it. Then it was acting fine last night. Today it blanked out my browser. I seem to have no computer problems now.
Problem still is that I have no access to the site. I dropped aline to Greg to let him know what's up. I can create a whole new site without needing access to the old server, BUT all the info on the message board will be lost as soon as I change the domain name to a new server. Well, not lost, but not able to see it anymore. Sounds like it may just be time to say screw it and start over. I really hate to lose all that great data on the message board.
|
|
|
|
Post by Kyle Murdock on Aug 14, 2008 17:54:57 GMT -5
The site is also accessing google-analyze.org and pinoc.org. I did find online that for those of you running Mozilla Firefox, you can add the NoScript add-on. This automatically blocks all scripts and allows you to choose which to allow. I added it, when to the site, and it loaded no problem and told me it blocked both of the above. I choose to make them "Untrusted" from now on. The info on NoScript specifically says it works against this type of attack.
This isn't a fix, but it will let you on. I'm going to post the link to this board again and poke around the admin on the board. I've read this may be an img file.
|
|
|
|
Post by Gary Hammond on Aug 14, 2008 22:56:45 GMT -5
I tried the better part of the last two days trying to get the x@#$%^&* virus off my wife's computer. I wounded it, but wasn't smart enough to figure it out by myself.  So an IT guy whose wife works with my wife came out tonight, and had it cleared out in about 45min or so!! ;D It's back up and running good now.  But my wife forbid my going back on the regular Bradley site!  Hope to get started on Rob's project tomorrow. Gary Hammond,  |
|
|
|
Post by brianboggs on Aug 15, 2008 13:24:58 GMT -5
HOW DO everyone? I guess I'll stay at this site until I hear its completly safe on the other site. My Norton antivirus caught the worm on my home computer before any damage and I've just stayed off the site from here at work. Keep us informed
|
|
|
|
Post by Wyn on Aug 15, 2008 20:18:15 GMT -5
Hey Rob my system is up and running pretty good. That blue screen of death was a fake screen, part of the virus. Just before I pressed the reset button the system came back to life and the Trend Micro house call took off running again. I ran Spybot search & Destroy, and it fixed the loss of the wallpaper and repaired the option to select new wallpaper and a few other minor problems. If anyone comes up with the Antivirus XP 2008, or Antivirus 2008 Get rid of it, they are fakes.
A year ago I started a new Web site for my class reunion. It cost $107 for the year to setup a domain name and web space. Shortly after setting up the site I started getting hit by Spambots. That an automated programs that searches out web sites that use generic web programs. I would get 2 or 3 new members with smut links in their profiles. I did some research through the PHP boards and found that these Spambots can bypass the graphic entry code and place their links without admin approval. One site admin user found out what they did and found how to fix it. By changing one term name to two different control program it would block the spambots. I also made the same changes and it worked, I have not had a spambot hit in the last 8 months. I see GregR at the Texas Manx Club Forums still has this problem.
So apparently they have found a new way of hitting these PHP web boards and placing these viruses with in the site such as our Bradley board.
Wyn
|
|
|
|
Post by pappawoody on Aug 16, 2008 18:12:51 GMT -5
Wyn
The anti virus I use is Anti vir and it is a free down load only thing I dont like about it is that every day during the update download it gives me an ad to upgrade to the pro version. more pesky than anything but it did catch the problem before I got infected . I use to use avg but had a virus problem about a year ago or so and a freind suggest this program and its better . sorry this took so long to get back to you but the temp board wouldnt send an activation code to yahoo. had to use a different email address.
|
|
|
|
Post by centralvalleygter on Aug 16, 2008 19:07:34 GMT -5
Hi All,
I signed into this board a few days ago. As of 5:00pm PST on Saturday, August 16, the virus is still on the main board. So, I guess we'll be here for a while. Take care...
Steven
|
|
|
|
Post by mj on Aug 17, 2008 9:29:00 GMT -5
My PC is immune so I poked around. Yup, as described. The hack simply appended a single line to the default file. Today (Sunday) the hack did not show up but that does not mean it will not. One thing you can do is to block certain addresses. Modify your hosts file (C:\WINDOWS\system32\drivers\etc\hosts) to look like the below. You can open it with notepad. Or just copy and paste the below. # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 www.google-analytics.com # I block google-analytics.com just because it sometimes slows web page openings 127.0.0.1 google-analytics.com # I block google-analytics.com just because it sometimes slows web page openings 127.0.0.1 google-analyze.org 127.0.0.1 pinoc.org |
|
|
|
Post by Wyn on Aug 17, 2008 11:02:49 GMT -5
Hey MJ
I thought my system was immune also So I keep hitting the Bradley site after Rob said he had a virus from it. In my mine I thought it might have been his web server he works from. I had hit the site about 8 time and no virus. Then the 9th time all hell broke loose. I just picked up about 7 viruses and the Antivirus XP 2008 which demanded money to clear the viruses. The troj BHO.FFE could not be remove by any AV’s, it was linked to the Antivirus XP 2008 program which came up and I have never loaded it, so it was in the way of clearing the system. Trend Micro housecall would not clear it also. Every time I tried to manualy remove it, it would pop back in with in a second. I had to remove the links manually from the registry, and then I could remove it from the system.
That virus link opened a can of worms.
The only way I can go back to the regular site is with my PocketPC and I know it is immune to the viruses.
Wyn
|
|
|
|
Post by billie82288 on Aug 17, 2008 21:22:52 GMT -5
wow..... havent been on in a couple two or three weeks and this is what i come back to..... this is Chad Peters by the way.
when i first joined the site a little over a year ago, this was my user name on this temporary board because the regular site was having issues when i first came around.
been doing alot of work on the bradley.... decided to enclose the back windshield and make a custom window... hard to explain what it looks like, ill post pics when the reg site is back up.
also working on the paint job... just fixing tons of imperfections. its curently in primer. just have to watersand it, fix more imperfections, then hopefully get ready to shoot it.
gonna do a black pearl with silver flames going down the front and sides along with the custom windshield. it will look trick.
cant wait for the board to be back to normal.
chad peters
|
|
gregb
New Member
Posts: 1
|
Post by gregb on Aug 18, 2008 0:02:59 GMT -5
Want to apologize to any and all that have been hit with this virus. I have cleaned all the virus code off the server and have scripted a way to do it quickly but do not know where this thing got in. I have found out that it comes from sql injection so the server has not been totally breached (thank you God). I am checking that my scripting is secure and so far have not found a way in. This leads me to believe that it may be in one of the installed web apps (like - but not pointing a finger at - the board). Will be upgrading everything to latest versions asap. Whoever did this... well... some people in this world deserve to be dragged out in the street and shot.
This thing added that code to every html and php page on my server (lots and lots) and while I may not be able to find where it got in - I have taken and am taking steps to make it harder for this to happen again.
Greg
|
|
|
|
Post by brianboggs on Aug 18, 2008 5:07:23 GMT -5
So does this mean its safe to return to the main board? Thanks so much gregb.
|
|
|
|
Post by ttyner on Aug 18, 2008 12:33:09 GMT -5
The Virus hit my computer a couple days ago while I was trying to post. Its a very active worm. It ate into my hard drive so much I had to replace it. I had the geek squad take a look at it and was told even with a complete wipe out of all my programs and a reinstall it could be code burried and become active again. They pulled this from my quarantine. TROJ_IFrame.auto_Bradley-g-t-II.cp. I was told This trojan virus was most likely targeted at the Bradley site and coded for the bradley user. It seems this was placed directly to damage the site and the users. Why anyone would do this is beyond me. Any simular problems with any of the other users???
|
|
|
|
Post by robstone on Aug 18, 2008 12:55:22 GMT -5
Hey Greg, I noticed that when I posted the link to the GTE web site, that the site locked up. Please take a look at that link to the GTE site with the bulid up of the red GTE. If that is the culprit, I sicerely apologize. If that site was infected, it did not show up on my antivirus software when I originally visted it to copy the link to it. Please let me know. Glad you are back Greg! |
|
|
|
Post by Kyle Murdock on Aug 18, 2008 13:31:30 GMT -5
Thanks for looking into it Greg, I was hoping it didn't cause to many problems on your server. I was getting a message that the "upgrade.php" had not been removed and that was a security risk.
Research I've done online look like this is a recent attack on YABB coded boards. Sounded like computers that searched out the boards that were not protected well enough and had at them.
|
|
|
|
Post by Gary Hammond on Aug 18, 2008 16:15:14 GMT -5
Hi All, We got my wife's computer all back to normal now, and mine in the shop was unaffected. I thought this site was acting up a couple of days ago, but must have just been a server somewhere not making connection. It seems to be OK now. Gary Hammond, |
|
|
|
Post by mj on Aug 18, 2008 21:55:48 GMT -5
I use a laptop from our lab. It really is seasoned and has not been hit by a virus yet. For one, many sites are blocked, blocks are updated, it runs Forefront, and some other 'magic' the IT guys worked out. I don't recall a virus on one of these in years.
|
|
|
|
Post by Wyn on May 26, 2009 13:49:09 GMT -5
Just checking out the Temp Board to make sure it is operational. |
|
|
|
Post by Kyle Murdock on May 26, 2009 17:53:46 GMT -5
Got to love the free stuff, you can always count on it LOL
|
|
But my wife forbid my going back on the regular Bradley site! 
