08-01-2008, 10:49 AM
|
#31 (permalink)
|
|
EcoModding Apprentice
Join Date: Dec 2007
Location: mid michigan
Posts: 136
Thanks: 0
Thanked 1 Time in 1 Post
|
I'm not sure if this is related.
I've had 2 high level attack warnings on my work computer, both times I was opening this website. I've never had notices like this until then. Once on the 25th and then again on the 30th of july.
I don't know if this info helps but the Norton details say;"risk level High"
"risk name HTTP fake scan webpage" and "attacking computer 84.16.252.73, 80" "traffic description TCP ,www-http"
the second one was identical except the attacking computer # ended in 138, 80.
hope this helps
__________________
Best tank= 81.23 mpg on 07-01-2008
Longest range= 791 miles on 9.74 gallons
Last edited by jwxr7; 08-01-2008 at 10:58 AM..
|
|
|
|
 Today
|
|
|
|
Other popular topics in this forum...
|
|
|
|
|
08-01-2008, 11:20 AM
|
#32 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
Thanks for posting the IP. The "attacking computer" is not EcoModder's IP address, but the address of the redirect target, which is in Norton's list.
|
|
|
|
|
08-01-2008, 03:44 PM
|
#33 (permalink)
|
|
Pokémoderator
Join Date: Dec 2007
Location: Southern California
Posts: 5,864
Thanks: 439
Thanked 532 Times in 358 Posts
|
MetroMPG -
Quote:
Originally Posted by MetroMPG
Note that the popup does not mean you're infected with anything. It's simply a javascript redirect to a website which causes the alert and displays the fake virus scan progress. Just close the browser window.
I'm sure everyone knows that if you actually download and install the product from that site, you WILL be infected with malware.
Our server admin has checked and assured us the problem isn't on EcoModder, but with one of the advertisers whose ads appear on the site. We've been in touch with the advertisers. Waiting to hear back.
|
I think it happened to me because I had temporarily turned off my third-party pop-up blocker. I had not been to any other websites before this. That it came from the advertiser makes a lot sense.
CarloSW2 |
|
|
|
|
08-01-2008, 04:36 PM
|
#34 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
I've turned off all advertising in the forum and on the index page. It's still active on the blog.
We'll leave it off for 24 hours. Would each of you who has experienced the redirect and the javascript alert (I count 10, including myself... I've seen it twice in the last week) please let me know whether you see the redirect or not in the next 24h?
I fully expect this will clear things up. Then the next task will be determining which ad service is sending the javascript.
Thanks!
|
|
|
|
|
08-02-2008, 05:45 AM
|
#35 (permalink)
|
|
Pokémoderator
Join Date: Dec 2007
Location: Southern California
Posts: 5,864
Thanks: 439
Thanked 532 Times in 358 Posts
|
MetroMPG -
I just tried to recreate the problem but I couldn't.
CarloSW2
|
|
|
|
|
08-02-2008, 04:05 PM
|
#36 (permalink)
|
|
Coasting Down the Peak
Join Date: Jun 2008
Location: M I C H I G A N
Posts: 514
Thanks: 27
Thanked 42 Times in 35 Posts
|
no more problems here, multiple log ins
|
|
|
|
|
08-02-2008, 04:31 PM
|
#37 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
If nobody tells me they got the redirect/popup before tomorrow AM, I'm going to re-enable one of the ad providers and then watch for feedback for another day or so. Currently we've got two providers (just canned the third, and Ben thinks they were the most likely source of the problem).
|
|
|
|
|
08-02-2008, 04:56 PM
|
#38 (permalink)
|
|
Legend in my own mind
Join Date: Apr 2008
Location: Homestead, Fl.
Posts: 927
Thanks: 2
Thanked 14 Times in 13 Posts
|
No problems today .. so far, I have been logged in since 9am est
__________________
Thx NoCO2; "The biggest FE mod you can make is to adjust the nut behind the wheel"
I am a precisional instrument of speed and aeromatics
If your knees bent in the opposite direction......what would a chair look like???
|
|
|
|
|
08-02-2008, 06:13 PM
|
#39 (permalink)
|
|
Master EcoModder
Join Date: Jun 2008
Location: Chicago
Posts: 674
Thanks: 40
Thanked 39 Times in 27 Posts
|
I've been seeing a lot of this lately. A lot of my clients are getting it. No one knew how to get rid of it when it first came out, but aside from the links posted above (I haven't tried any of them), Malwarebytes is the only thing that can *easily* get rid of this trojan. Everyone's virus scanner is missing it because it's not technically a virus - it's malware. People think it's something they need or that it's legit, so they click on it... The best I can do is advise people to use firefox and not to open emails from sources they don't know, but even then, it's difficult to train people (especially OLDER people) to identify false popups. I can smell the bull**** in a split second, but a lot of people just click away happily and let the trojan in.
One guy got it from an actual fedex email, so caution there. It is advisable to install Linux or get an Apple ASAP - You'll never have problems like this again :-P. For now install Firefox and Thunderbird.
I get paid to deal with things like this, and as much as I like making easy money running Malwarebytes and virus scans, the world is a lot better off avoiding these problems to begin with.
__________________
|
|
|
|
|
08-03-2008, 11:01 AM
|
#40 (permalink)
|
|
Batman Junior
Join Date: Nov 2007
Location: 1000 Islands, Ontario, Canada
Posts: 22,530
Thanks: 4,078
Thanked 6,978 Times in 3,613 Posts
|
So? Anyone else seen a redirect/popup since Friday afternoon @ 3:30 ET?
|
|
|
|
|
