| Author |
Previous Topic | Next Topic |
BB
989 Posts |
 Posted - 08/06/2008 : 1:11:31 PM
|
| Starting last week I started getting computer viruses from BO as soon as I log in. It shows up in my Trend Micro Internet Security and begins saying Computer virus found. Is anyone else having the same issues or know what to do about it? Thanks |
|
|
|
racerx
12107 Posts |
Posted - 08/06/2008 : 1:15:10 PM
|
quote:
Originally posted by BB
Starting last week I started getting computer viruses from BO as soon as I log in. It shows up in my Trend Micro Internet Security and begins saying Computer virus found. Is anyone else having the same issues or know what to do about it? Thanks
Yes, someone else mentioned that and I let IB know. They were working on the one thread I knew about. Do you remember what thread? Were you using the search feature?
Keep your virus software up-to-date. |
|
|
downtime
241 Posts |
Posted - 08/06/2008 : 1:18:56 PM
|
i got the state of the art norton. I never get virus's.
|
|
|
BB
989 Posts |
Posted - 08/06/2008 : 1:30:39 PM
|
quote:
Originally posted by racerx
quote:
Originally posted by BB
Starting last week I started getting computer viruses from BO as soon as I log in. It shows up in my Trend Micro Internet Security and begins saying Computer virus found. Is anyone else having the same issues or know what to do about it? Thanks
Yes, someone else mentioned that and I let IB know. They were working on the one thread I knew about. Do you remember what thread? Were you using the search feature?
Keep your virus software up-to-date.
My Virus software is up to date and is catching it as it comes in. The warning starts as soon as I log onto BO and each time I log into a thread another pops up. So each thread shows a new virus and then my state of the art Trend Micro cleans it. One of them it says it can't clean. It just started sometime last week. So what happens is it ends up saying that you have 100's of potential viruses because it ends up saving all of this in a temp folder that I am going in and deleting after each session on BO. Maybe tech support can look into it. |
|
|
Captain Mortgage
2534 Posts |
Posted - 08/06/2008 : 1:33:09 PM
|
| can you post what you saw the error/virus was? you might be having a problem with your browser. Do you use IE? |
|
|
racerx
12107 Posts |
Posted - 08/06/2008 : 1:38:29 PM
|
quote:
Originally posted by BB
My Virus software is up to date and is catching it as it comes in. The warning starts as soon as I log onto BO and each time I log into a thread another pops up. So each thread shows a new virus and then my state of the art Trend Micro cleans it. One of them it says it can't clean. It just started sometime last week. So what happens is it ends up saying that you have 100's of potential viruses because it ends up saving all of this in a temp folder that I am going in and deleting after each session on BO. Maybe tech support can look into it.
I'll pass on the info for you. |
|
|
AK__47
1621 Posts |
Posted - 08/06/2008 : 1:39:55 PM
|
| I had the same thing happen a few time today to when I tried to go into a specific thread. I will find the thread and post the link. |
|
|
BB
989 Posts |
Posted - 08/06/2008 : 1:40:57 PM
|
quote:
Originally posted by racerx
quote:
Originally posted by BB
Starting last week I started getting computer viruses from BO as soon as I log in. It shows up in my Trend Micro Internet Security and begins saying Computer virus found. Is anyone else having the same issues or know what to do about it? Thanks
Yes, someone else mentioned that and I let IB know. They were working on the one thread I knew about. Do you remember what thread? Were you using the search feature?
Keep your virus software up-to-date.
My Virus software is up to date and is catching it as it comes in. The warning starts as soon as I log onto BO and each time I log into a thread another pops up. So each thread shows a new virus and then my state of the art Trend Micro cleans it. One of them it says it can't clean. It just started sometime last week. So what happens is it ends up saying that you have 100's of potential viruses because it ends up saving all of this in a temp folder that I am going in and deleting after each session on BO. Maybe tech support can look into it. |
|
|
racerx
12107 Posts |
Posted - 08/06/2008 : 1:41:39 PM
|
quote:
Originally posted by AK__47
I had the same thing happen a few time today to when I tried to go into a specific thread. I will find the thread and post the link.
Thank you. That is helpful. |
|
|
AK__47
1621 Posts |
Posted - 08/06/2008 : 1:42:21 PM
|
This is the link to the thread.
http://forum.brokeroutpost.com/loans/forum/2/186622.htm
Every time I try to go to it I get a virus warning. Never had that happen before on BO. |
|
|
syndicator
433 Posts |
Posted - 08/06/2008 : 1:43:19 PM
|
Yea, I am having the same problem. Trend Micro shows it as a "possible HiFrm" It is catching it. But not sure what it is.
This is happening on each page I go on. |
|
|
Captain Mortgage
2534 Posts |
Posted - 08/06/2008 : 1:46:07 PM
|
| wierd, my symantic had the Auto-protect pop up when I closed that window, but it didn't have any error's |
|
|
assassin17
7650 Posts |
Posted - 08/06/2008 : 1:47:51 PM
|
It could be something in Javascript. I haven't had any alerts. Could you post which thread gives virus alerts?
It also could depend on your anti-virus and javascript settings. If they are set high, anything resembling virus activity will trigger an alert. That could be set off by something as simple as one of these ads attempting to access your PC for a cookie or tracking.
If you do indeed have actual files that are being quarantined and you are positive they are from BO, then you will continue to get them until the BO server is cleaned. |
|
|
BB
989 Posts |
Posted - 08/06/2008 : 1:52:35 PM
|
quote:
Originally posted by assassin17
It could be something in Javascript. I haven't had any alerts. Could you post which thread gives virus alerts?
It also could depend on your anti-virus and javascript settings. If they are set high, anything resembling virus activity will trigger an alert. That could be set off by something as simple as one of these ads attempting to access your PC for a cookie or tracking.
If you do indeed have actual files that are being quarantined and you are positive they are from BO, then you will continue to get them until the BO server is cleaned.
They are absolutely from BO. I am going to check my settings to see if they can be modified. Thanks |
|
|
assassin17
7650 Posts |
Posted - 08/06/2008 : 1:53:39 PM
|
I guess what I meant was... If BO had a virus, it would probably show up on every single thread.
The fact that it's not is probably because it is coming from one of the random advertisers. That is usually because they constantly set cookies without your knowledge and can also scan your PC, which is unacceptable behavior.
When something from the internet tries to access or alter your PC files, the anti-virus program is working very well if it alerts you to that possible virus behavior. If it recognized the virus, it would tell you the name, but if it doesn't you get the "possible" warning just in case it's a new virus. A lot of times, it is not a virus, but your PC is being accessed! The more likely culprit is that they are using Spyware to get at your browser history so they can target you with ads. Either way, this is unacceptable! |
|
|
racerx
12107 Posts |
Posted - 08/06/2008 : 1:54:31 PM
|
quote:
Originally posted by assassin17
It could be something in Javascript. I haven't had any alerts. Could you post which thread gives virus alerts?
It also could depend on your anti-virus and javascript settings. If they are set high, anything resembling virus activity will trigger an alert. That could be set off by something as simple as one of these ads attempting to access your PC for a cookie or tracking.
If you do indeed have actual files that are being quarantined and you are positive they are from BO, then you will continue to get them until the BO server is cleaned.
This is what was noted on a previous thread:
There are Java script [NGG.JS , 638 bytes] trojans embedded in the post.
If frames are used, it may be contained within one of the frames.
Don't believe it. Maybe you like your backdoor open. ;) I don't.
I am just posting this as a help
and as a responsible person on this forum.
Warning !
Activate your virus software. click links at your own risk.
http://forum.brokeroutpost.com/loans/forum/2/7013.htm
http://forum.brokeroutpost.com/loans/forum/2/139189.htm
|
|
|
syndicator
433 Posts |
Posted - 08/06/2008 : 1:55:00 PM
|
| This warning occurs on every thread that I visit. |
|
|
frank drigotas j
3845 Posts |
Posted - 08/06/2008 : 1:57:29 PM
|
I pointed this stuff out a year ago.
I was chastised for it.
I won't elaborate.
dollar |
|
|
assassin17
7650 Posts |
Posted - 08/06/2008 : 1:57:32 PM
|
quote:
Originally posted by syndicator
This warning occurs on every thread that I visit.
Yep. That's a virus then. But if everyone else doesn't get it also, then it isn't from the BO computer server. It's YOUR computer, which has a virus that is infecting any javascript code created by your browser and planting it's seed.
I'll be doing some checks on my own. Thanks for the info. |
|
|
Captain Mortgage
2534 Posts |
Posted - 08/06/2008 : 2:00:28 PM
|
Discovered: June 8, 2007
Updated: June 11, 2007 3:41:26 PM
Also Known As: TROJ_ASPROX.A [Trend]
Type: Trojan
Infection Length: 40,960 bytes and 61,440 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
When the Trojan is executed, it creates the following files:
%System%\aspimgr.exe
%Windir%\s32.txt
%Windir%\db32.txt
%Windir%\g32.txt
%Windir%\gs32.txt
%Windir%\ws386.ini
%Temp%\_check32.bat
Next, the Trojan creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft
The program then opens a proxy server on one of the following ports:
TCP port 80
TCP port 82
It then sends HTTP requests to the following locations:
[http://]www.yahoo.com
[http://]www.web.de
[http://]ns.uk2.net
[http://]208.109.50.117/foru[REMOVED]
[http://]208.109.51.140/foru[REMOVED]
[http://]216.69.164.173/foru[REMOVED]
[http://]74.52.72.58/foru[REMOVED]
[http://]216.40.204.106/foru[REMOVED]
Here's what Symantic told me |
|
|
assassin17
7650 Posts |
Posted - 08/06/2008 : 2:47:46 PM
|
Joel,
That's on your PC, not on BO. Looks like a spyware virus that passes information, but also since it goes to Yahoo it could be designed to flood servers of places they don't like by making thousands of PCs constantly trying to access their site at once, trying to crash those web sites with a DOS attack.
Doesn't seem to be vicious to your files, but you should remove it ASAP. If you get it back, try to note where you browsed or downloaded before getting it. And stay off p*rn and gambling sites! |
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 3:06:28 PM
|
quote:
Originally posted by frank drigotas jr
I pointed this stuff out a year ago.
I was chastised for it.
I won't elaborate.
dollar
Dollar you pointed out something entirely different and got banned for it. You don't have the skill set (code knowledge) to make any such determination. You made some blatant attacks/accusations and stupid remarks then Darin banned you. You begged to let back in. Don't spoil your 2nd chance. |
|
|
ML
4902 Posts |
Posted - 08/06/2008 : 3:17:01 PM
|
quote:
Originally posted by frank drigotas jr
I pointed this stuff out a year ago.
I was chastised for it.
I won't elaborate.
dollar
That was GREAT Frank, you did your best Jim Cramer meltdown impression, no one's laughing now, at you or Cramer! |
|
|
ML
4902 Posts |
Posted - 08/06/2008 : 3:27:05 PM
|
I use Avast! and Comodo. Avast found it first:
JS:Aspxor-A [Trj]
Also known as: NGG[1].JS
It appears to be some sort of trojan that triggers a "sleeper cell" installed on my HD. It was cleaned and placed in the chest. It was triggered on my server, I think, because a shell of the virus was found? |
|
|
Captain Mortgage
2534 Posts |
Posted - 08/06/2008 : 3:30:23 PM
|
quote:
Originally posted by assassin17
Joel,
That's on your PC, not on BO. Looks like a spyware virus that passes information, but also since it goes to Yahoo it could be designed to flood servers of places they don't like by making thousands of PCs constantly trying to access their site at once, trying to crash those web sites with a DOS attack.
Doesn't seem to be vicious to your files, but you should remove it ASAP. If you get it back, try to note where you browsed or downloaded before getting it. And stay off p*rn and gambling sites!
was from this site http://forum.brokeroutpost.com/loans/forum/2/186622.htm
I'm on my comp at the office. Brand new comp, never go to any questionable sites. First time that has ever popped up is when I clicked on the link that was posted here before.
|
|
|
Ruby2sdae2
511 Posts |
Posted - 08/06/2008 : 3:31:05 PM
|
| Whoever just posted the thread they said they clicked on and got a trojan is correct when I clicked the link my anti-virus software popped up saying a trojan was detected and cleaned. So it is something from BO maybe the little banner ad that was flashing at the top of the new page but something from that thread for sure. |
|
|
AK__47
1621 Posts |
Posted - 08/06/2008 : 4:38:36 PM
|
| Thats the same thread I was having trouble with. |
|
|
mdiclemente
1025 Posts |
Posted - 08/06/2008 : 4:49:41 PM
|
| I am getting it to and I have McAfee. |
|
|
frank drigotas j
3845 Posts |
Posted - 08/06/2008 : 5:51:19 PM
|
"Dollar you pointed out something entirely different and got banned for it"
dnuex2, above
If you recall, I demanded to be taken off BO. I had discovered some new things about the computer side of the site that I did not like. I reconciled myself to those practices long ago. As most can imagine, I don't beg. I did explain to Darin (the then site owner) that my onset prostate cancer was causing me some problems, and I credit the man for understanding.
Now, I have a question: from your profile I see that you signed on to BO very early, actually the same date as Darin's own profile (11/24/04).
Do you have the honor of being the very first?
dollar |
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 6:03:36 PM
|
quote:
Originally posted by frank drigotas jr
"Dollar you pointed out something entirely different and got banned for it"
dnuex2, above
If you recall, I demanded to be taken off BO. I had discovered some new things about the computer side of the site that I did not like. I reconciled myself to those practices long ago. As most can imagine, I don't beg. I did explain to Darin (the then site owner) that my onset prostate cancer was causing me some problems, and I credit the man for understanding.
Now, I have a question: from your profile I see that you signed on to BO very early, actually the same date as Darin's own profile.
Do you have the honor of being the very first?
dollar
It was a fluke, Darin posted an press release on some website that I had an RSS feed. I picked it up that same day. |
|
|
hoangad
3036 Posts |
Posted - 08/06/2008 : 6:06:41 PM
|
| cool |
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 6:09:20 PM
|
| I want to think he may have made an update and every members dates got recast to that date shortly after BO came online. There wasnt very many if I recall. Under 100 people. I remember when 500 was a big deal LOL. |
|
|
frank drigotas j
3845 Posts |
Posted - 08/06/2008 : 6:13:49 PM
|
That is interesting.
The entire BO story is fascinating.
dollar |
|
|
financeone
2305 Posts |
Posted - 08/06/2008 : 6:19:45 PM
|
Nice tag line!
quote:
Originally posted by frank drigotas jr
That is interesting.
The entire BO story is fascinating.
dollar
|
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 6:19:52 PM
|
| There was a brief period where there was scheduled live group chats. It was actually pretty hilarious. |
|
|
assassin17
7650 Posts |
Posted - 08/06/2008 : 6:31:33 PM
|
Ok, that link definitely leads to a virus embedded. Please alter or remove the link to that page, so nobody else clicks it.
Unfortunately, I can't get the page to load and check where the payload is coming from. It shuts you down after infection. I guess only BO can check it out. Hopefully it is limited only to that post. |
|
|
hoangad
3036 Posts |
Posted - 08/06/2008 : 7:37:43 PM
|
quote:
Originally posted by dnuex2
There was a brief period where there was scheduled live group chats. It was actually pretty hilarious.
what happened to midas?
|
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 7:39:30 PM
|
quote:
Originally posted by hoangad
quote:
Originally posted by dnuex2
There was a brief period where there was scheduled live group chats. It was actually pretty hilarious.
what happened to midas?
Midas and Desueler got married by JeffG and lived happily ever after. |
|
|
ritabradley01
4945 Posts |
Posted - 08/06/2008 : 7:40:57 PM
|
Does dnuex2 = THE Darin?
Tell the truth.  |
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 7:43:29 PM
|
quote:
Originally posted by ritabradley01
Does dnuex2 = THE Darin?
Tell the truth.
Nope, im Darrin (proper) not Darin (un-proper). |
|
|
racerx
12107 Posts |
Posted - 08/06/2008 : 7:47:11 PM
|
But are you better looking than Darin?
quote:
Originally posted by dnuex2
quote:
Originally posted by ritabradley01
Does dnuex2 = THE Darin?
Tell the truth.
Nope, im Darrin (proper) not Darin (un-proper).
|
|
|
dnuex2
3019 Posts |
Posted - 08/06/2008 : 7:49:51 PM
|
Yes yes of course naturally.
quote:
Originally posted by racerx
But are you better looking than Darin?
quote:
Originally posted by dnuex2
quote:
Originally posted by ritabradley01
Does dnuex2 = THE Darin?
Tell the truth.
Nope, im Darrin (proper) not Darin (un-proper).
|
|
|
Boulderco
1775 Posts |
Posted - 08/06/2008 : 7:58:52 PM
|
| I got a virus on here about two months ago, and had to re-install my operating system. I got rid of McAfee after that. |
|
|
njbroker
76 Posts |
Posted - 08/06/2008 : 8:11:58 PM
|
| It's not advisable to post links with known viruses because people will click on them out of curriosity. I just spent $400 and hours of time cleaning up my computer (not from BO viruses) Keep your virus registrations up to date (daily if possible) there's a ton of trojans infecting computers (as per conversations with other people and my computer tech guys) |
|
|
ownerop
418 Posts |
Posted - 08/06/2008 : 10:46:34 PM
|
| I use a Mac and don't worry about viruses. |
|
|
hoangad
3036 Posts |
Posted - 08/07/2008 : 08:36:23 AM
|
quote:
Originally posted by dnuex2
quote:
Originally posted by hoangad
quote:
Originally posted by dnuex2
There was a brief period where there was scheduled live group chats. It was actually pretty hilarious.
what happened to midas?
Midas and Desueler got married by JeffG and lived happily ever after.
no seriously, what happened? |
|
|
dnuex2
3019 Posts |
Posted - 08/07/2008 : 08:38:39 AM
|
| Dont know, he faded into history like a fart in the wind after him and Tsnyders epic "Coming Wave" clusterfuc!k |
|
|
mykal5
6130 Posts |
Posted - 08/07/2008 : 08:58:30 AM
|
I too received a virus from this site by using the search feature. When I tried searching for a post the following virus was found:
Trojan:JS/Redirector.N |
|
|
prof9000
105 Posts |
Posted - 08/07/2008 : 09:45:23 AM
|
| I HATE viruses and the nerdy little cyber geeks who write them. I swear they should have their fingers chopped off. |
|
|
WorldWideWayne
3089 Posts |
Posted - 08/07/2008 : 09:57:25 AM
|
quote:
Originally posted by dnuex2
Dont know, he faded into history like a fart in the wind after him and Tsnyders epic "Coming Wave" clusterfuc!k
This should be it's own thread...and I would follow every post...and maybe add a couple.
|
|
|
assassin17
7650 Posts |
Posted - 08/07/2008 : 11:13:04 AM
|
I spent quite a few hours working on this last night. That virus is actually a combination plate worthy of any Mexican restaurant. There are at least 3 viruses packed into it.
One pretends to be a program called 'XP Security Center', which was created in the Ukraine and tricks you into thinking its a Windows alert and paying for the 'cleaner' program. Thats when they steal your credit card info.
Another was passed around recently thru a bogus UPS email. Yet another is a hidden downloader that keeps retrieving the viruses from the internet after you think you have them cleaned.
It took a lot of work with MSCONFIG to see that it was starting up files called 'buritos.exe', 'aspimgr.exe', and 'xpsecuritycenter.exe'. I used REGEDIT and found some other things, noting DLLs and data files. Checking thru files in Windows and Windows/Sytem32, the thing is copied over and over even after being cleaned.
It appeared that the key to the mess was that it replaces the obscure 'BEEP.SYS' file, which usually just makes your computer beep when using old programs with no sound. That old file still gets loaded when Windows starts, and the bogus one appears to go find the hidden files which insert the viruses again if they were cleaned.
This virus package craftily disabled the ability to stop SYSTEM RESTORE, so you couldn't unload the BEEP.SYS file, as System Restore replaces missing system files (Reloading the infected BEEP.SYS from an old infected copy). You can get around that by rebooting in SAFE MODE (With f8 as you boot up) and deleting BEEP.SYS, which isn't a critical file. After that, Spyware Doctor was able to remove the viruses for good, but I did also manually remove other files and folders that I found.
It is a LOT of work for a computer novice to figure out, but I just can't type all of the things I had to do. This one is nasty, folks, and my guess is that it was planted here intentionally by a disgruntled poster because it's more than one virus at a time. Hopefully, they can find out which poster was in common with all of the infected topics and go after them. |
|
|
|
Previous Topic | Next Topic |
|
Search for: 
