getting a virus warning as I log in to BF.
- Thread starter knarfeng
- Start date
- Status
- Joined
- Sep 1, 2006
- Messages
- 2,035
Getting the following message on Camino 2.1 on Mac OS X 10.6.8.
When I try to report this malware blockage as an error, I get the following:
When I try to report this malware blockage as an error, I get the following:
I couldn't post the entire report (too long).
But it's a rogue (fake) antivirus.
It changes the proxy settings in Internet explorer and redirects, etc.
A real pain.
Usually doesn't cause problems until after the next re-boot.
If the admin scans his site he can determine if any exploits are present.
Anubis doesn't rely on virus signatures. It runs executables (or visits sites) and notes the behaviour in real time.
But it's a rogue (fake) antivirus.
It changes the proxy settings in Internet explorer and redirects, etc.
A real pain.
Usually doesn't cause problems until after the next re-boot.
If the admin scans his site he can determine if any exploits are present.
Anubis doesn't rely on virus signatures. It runs executables (or visits sites) and notes the behaviour in real time.
here's the full report.
http://anubis.iseclab.org/?action=result&task_id=1e1d7dae9b8e2149425ec863a85716888&format=txt
Logging off.
admin - if you think that I might be of any help, email me and I'll login on in the a.m.
later,
mike
http://anubis.iseclab.org/?action=result&task_id=1e1d7dae9b8e2149425ec863a85716888&format=txt
Logging off.
admin - if you think that I might be of any help, email me and I'll login on in the a.m.
later,
mike
- Joined
- May 18, 2005
- Messages
- 22,965
I had to click to ignore this warning http://safebrowsing.clients.google....adeforums.com/forums/forums/784-Pirate-s-Cove to get on the site.
- Joined
- Oct 2, 1998
- Messages
- 15,054
I ran the anubis report and it's not reporting anything infected. The response you are getting seems to be coming from the yui interface for the quick reply bar - the presence of a mutex doesn't neccessarily ggggmean that it's infected, right?
What worries me about the report is that it seems to be changing proxies.
What worries me about the report is that it seems to be changing proxies.
- Joined
- Nov 13, 2005
- Messages
- 34,704
I just checked with IE8 , no warnings , no infection, no banners .
Firefox have had a hard time connecting to the site , had to shut it down manually & retry twice today,
also had a couple of Firefox crashes yesterday when trying to connect.
1234,,,,,,,,
Firefox have had a hard time connecting to the site , had to shut it down manually & retry twice today,
also had a couple of Firefox crashes yesterday when trying to connect.
1234,,,,,,,,
- Joined
- Aug 13, 2002
- Messages
- 5,703
I still get the warning with Firefox. When I click on "ignore this" and "This is not an attack site" a webpage opens up, http://www.stopbadware.org.
- Joined
- Apr 1, 2007
- Messages
- 6,254
I am platinum and when I tried to log in this morning I got the warning maleware alertas well. Ran full scans both on AVG and Maleware and no infections!!! So I'm not sure what's going on here but I stayed off all day, logged in tonight and now I didn't get a warning. 
Modoc ED
Gold Member
- Joined
- Mar 28, 2010
- Messages
- 12,917
Don't know if this info helps but every Sunday night at 10:30PM I clear my cache and at 11:00PM I run a full system scan. When I was done tonight, I brought up Blade Forums, logged in, and here I am -- no problems. Norton showed no problems when I ran the scan.
- Joined
- Jul 2, 2011
- Messages
- 128
Well, Bottom line is it's ether a vBulletin setting [That I doubt] or the forum has been hacked and someones waiting to launch a real virus .
Like I said [lied] the first time .. I'm not coming back till something gets detected and fixed !
Good luck !
Like I said [lied] the first time .. I'm not coming back till something gets detected and fixed !
Good luck !
grunt soldier
Gold Member
- Joined
- Dec 4, 2009
- Messages
- 4,537
I'm still getting it on google and safari. Not sure what's happening but it makes me nervous
- Joined
- Dec 24, 2007
- Messages
- 181
for firefox users go to Tool/options/security and uncheck the box that says block reported attack sites
that will get you back to normal untill the site owner straitens out things with google
in a couple of days go back and recheck the box.
that will get you back to normal untill the site owner straitens out things with google
in a couple of days go back and recheck the box.
- Joined
- Dec 13, 2005
- Messages
- 6,410
Safari > Preferences > Security > Un-check the "Warn when visiting a fraudulent website" box.
Spark
I ran the anubis report and it's not reporting anything infected. The response you are getting seems to be coming from the yui interface for the quick reply bar - the presence of a mutex doesn't neccessarily ggggmean that it's infected, right?
What worries me about the report is that it seems to be changing proxies.
..
Here's the latest - 4:30 this morning
http://anubis.iseclab.org/?action=result&task_id=10b2ef976db7c6b2431ac21427a3a55b9&format=txt
Dec 19 4:32 am (central)
Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.
- Performs File Modification and Destruction:
The executable modifiesand destructs files which are not temporary.
- Performs Registry Activities:
The executable creates and/or modifies registry entries.
....
Not sure what you mean by "The response you are getting seems to be coming from the yui interface for the quick reply bar"
The report indicates that anubis detects the mutex within the code/scripts found at BF or a banner ad, etc.
It has nothing to do with anyones machine but the one used by Anubis when it scans Bladeforums.
Spark:
the presence of a mutex doesn't neccessarily mean that it's infected, right?
It means that Anubis is finding a script that will infect unprotected browsers. It changes security settings in Internet explorer (among other things).
The "drive-by" infections (usually banner ads) run a script, and will add a proxy to the security settings in IE.
Usually, once you re-boot all internet activity will be through the proxy set up by the individual that coded the ad. Most antivirus pages (Norton, AVG, etc) will be blocked. The real payload will begin downloading. Task manager, Cntrl/alt/delete, will be disabled, usually any searches will be re-directed, and the fake antivirus warnings will continually appear -falsely warning of infected files and prompting for payment.
If you do follow the links in the pop-ups and pay them, they then ding your card 4-5 times.
Anubis is finding this script NOW. As of 4:32 this morning.
As these 0day exploits are found, they're entered into the database of Google,Malwarebytes, Norton, etc and warnings will begin blocking BF in Internet explorer, firefox, etc.
Turning the warnings off (while the exploit is still found by Anubis) is not a good idea.
Here's an example of what's being done:
http://www.bleepingcomputer.com/forums/topic212841.html
here's a list of current 0day threats:
http://www.bleepingcomputer.com/forums/forum55.html
You can expect to continue getting warning from the various cloud based warning services - even after BF is no longer a danger.
But Anubis found an exploit at 4:32am. This is NOT residual. According to Anubis the code is currently present.
I ran the anubis report and it's not reporting anything infected. The response you are getting seems to be coming from the yui interface for the quick reply bar - the presence of a mutex doesn't neccessarily ggggmean that it's infected, right?
What worries me about the report is that it seems to be changing proxies.
..
Here's the latest - 4:30 this morning
http://anubis.iseclab.org/?action=result&task_id=10b2ef976db7c6b2431ac21427a3a55b9&format=txt
Dec 19 4:32 am (central)
Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.
- Performs File Modification and Destruction:
The executable modifiesand destructs files which are not temporary.
- Performs Registry Activities:
The executable creates and/or modifies registry entries.
....
Not sure what you mean by "The response you are getting seems to be coming from the yui interface for the quick reply bar"
The report indicates that anubis detects the mutex within the code/scripts found at BF or a banner ad, etc.
It has nothing to do with anyones machine but the one used by Anubis when it scans Bladeforums.
Spark:
the presence of a mutex doesn't neccessarily mean that it's infected, right?
It means that Anubis is finding a script that will infect unprotected browsers. It changes security settings in Internet explorer (among other things).
The "drive-by" infections (usually banner ads) run a script, and will add a proxy to the security settings in IE.
Usually, once you re-boot all internet activity will be through the proxy set up by the individual that coded the ad. Most antivirus pages (Norton, AVG, etc) will be blocked. The real payload will begin downloading. Task manager, Cntrl/alt/delete, will be disabled, usually any searches will be re-directed, and the fake antivirus warnings will continually appear -falsely warning of infected files and prompting for payment.
If you do follow the links in the pop-ups and pay them, they then ding your card 4-5 times.
Anubis is finding this script NOW. As of 4:32 this morning.
As these 0day exploits are found, they're entered into the database of Google,Malwarebytes, Norton, etc and warnings will begin blocking BF in Internet explorer, firefox, etc.
Turning the warnings off (while the exploit is still found by Anubis) is not a good idea.
Here's an example of what's being done:
http://www.bleepingcomputer.com/forums/topic212841.html
here's a list of current 0day threats:
http://www.bleepingcomputer.com/forums/forum55.html
You can expect to continue getting warning from the various cloud based warning services - even after BF is no longer a danger.
But Anubis found an exploit at 4:32am. This is NOT residual. According to Anubis the code is currently present.
This help?:
4. Check in Google Webmastertools to know malware infection
Google webmaster tools shows the details about the infection in your website. If your website is infected, right after login to Google webmaster account itself you can see the following alert.
Where to check your website is infected
You can find which pages are infected in your website by clicking More Details link. You can take this information to remove infection from your website. It is recommended to check Google webmastertools every time to check any possible malware infection in your website.
http://www.corenetworkz.com/2010/09/how-to-check-virus-infection-in-my.html
4. Check in Google Webmastertools to know malware infection
Google webmaster tools shows the details about the infection in your website. If your website is infected, right after login to Google webmaster account itself you can see the following alert.
Where to check your website is infected
You can find which pages are infected in your website by clicking More Details link. You can take this information to remove infection from your website. It is recommended to check Google webmastertools every time to check any possible malware infection in your website.
http://www.corenetworkz.com/2010/09/how-to-check-virus-infection-in-my.html
- Status