Announcement

Collapse
No announcement yet.

Virus????? What happened?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus????? What happened?

    I've used this site for Years. Just came in here on my pc and norton went nuts. Some temp68.exe along with something that shut my entire pc down. All folders and files are Mia. This is not a troll or a fake post. It was DEFINITLY from something here. Maybe script in a post idk. Has this hit anyone else? And how am I able to fix it? Safe mode on windows is down and everything

  • #2
    It looks like I have it fixed. With a combination of unhackme and unhide. It seems to have restored everything. Symptoms were all files and folders hidden. And massive hdd warnings. All fake positives btw. It must have been a random ad on the site that triggered it. This was the only site I was on in the last 4 hours and the files were triggered the second I loaded it. Comparing the uptime of the bad files
    Via virus scanners it DEFINITLY was something here . Still love this site. And
    Like I said this isn't a fake
    Message.

    Comment


    • #3
      My Norton has blocked two attacks in the last couple weeks when visiting the main section of the forums. My guess is that it was in an ad as I hadn't yet clicked into any sub-forums.
      Last edited by Egat Bearskinner; 04-07-2012, 07:38 PM.
      Egat the Dedicated Artisan
      Imperator of Phoenix Ascending, Erollisi Marr
      The Orc Pawn - My EverQuest Blog

      Comment


      • #4
        We're seeing inconsistent virus warnings with the forums for both games ... as in sometimes Avast says there's something infected on the page, and sometimes it is fine. We're beating our heads against the wall on this one. It may be one of the ads, which will make it even harder to track down and block. (Not to mention destroy our income from the site if we have to turn off the ads ... guh). We're looking into it, and crossing fingers, toes and eyes.

        Comment


        • #5
          Google is reporting as an attack site. I had to turn it off in my browser to post.
          Zuklaak - 62 Shadow Knight

          Measure with a micrometer, Mark with chalk, Cut with an axe

          Comment


          • #6
            I got hit hard yesterday too - had to resort to turning off ads in order to come back.
            Aanuvane Bristlecone - Druid - Povar via Quellious via Rodcet Nife
            AKA Muertenie, Melodee, Orelinde, Nounie, Gnomess, Cininea Ashryn, Mairede or a host of additional alts. Maybe also be found on Rabon, Kynsh or Atracker.

            Comment


            • #7
              The absolutely ironic part of google reporting it as an attack site is it looks like google adsense ads might be the culprit.

              Comment


              • #8
                I have had to add this to a list of restricted sites in my permissions to keep from getting hit every single time I come here now
                Aanuvane Bristlecone - Druid - Povar via Quellious via Rodcet Nife
                AKA Muertenie, Melodee, Orelinde, Nounie, Gnomess, Cininea Ashryn, Mairede or a host of additional alts. Maybe also be found on Rabon, Kynsh or Atracker.

                Comment


                • #9
                  Originally posted by Aanuvane View Post
                  I have had to add this to a list of restricted sites in my permissions to keep from getting hit every single time I come here now
                  Which site did you add to restricted sites? I also had to ignore a warning to get to the boards.

                  Safe Browsing
                  Diagnostic page for mboards.eqtraders.com

                  What is the current listing status for mboards.eqtraders.com?

                  Site is listed as suspicious - visiting this web site may harm your computer.

                  Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

                  What happened when Google visited this site?

                  Of the 303 pages we tested on the site over the past 90 days, 13 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-23, and the last time suspicious content was found on this site was on 2012-04-21.

                  Malicious software includes 100 scripting exploit(s), 9 trojan(s), 8 exploit(s). Successful infection resulted in an average of 11 new process(es) on the target machine.

                  Malicious software is hosted on 9 domain(s), including biznesstroika.be/, iklmango.org/, klmpoint.org/.

                  6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including netabuzam.org/, hornyenglandgrannies.com/, forstats.nl-web.com/.

                  This site was hosted on 3 network(s) including AS11175 (DISTRIBUTEL), AS11814 (DISTRIBUTEL), AS15169 (Google Internet Backbone).

                  Next steps:

                  Return to the previous page.
                  If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
                  Will those specifics be of any use? I have long frequented EQTraders and the boards, and would hate to not have that option!

                  Comment


                  • #10
                    http://mboards.eqtraders.com is what I put on restricted site. I can still get here, but lots of the page is disabled - no ads, no active x, etc. I just can't do any admin any more - like deleting and blocking spammers. Also I haven't had any problems with www.eqtraders.com - it's just the boards that bring me down
                    Aanuvane Bristlecone - Druid - Povar via Quellious via Rodcet Nife
                    AKA Muertenie, Melodee, Orelinde, Nounie, Gnomess, Cininea Ashryn, Mairede or a host of additional alts. Maybe also be found on Rabon, Kynsh or Atracker.

                    Comment


                    • #11
                      I use Google Chrome with AVG Free. I have gotten a warning on a couple of occasions, but once I'm at the site I've been good to go. I deleted spammers the first two days, but Niami has blocked registrations at this time, so no new offenders have shown up.



                      Unfortunately, it also means that there are no new members that truly contribute to the site.
                      Mikaal Drazzminius
                      Tier'Dal Necromancer
                      Rodcet Nife by Birth / Quellious by Merger / Povar by Re-Merger


                      Master Artisan
                      Necrotalk Admin
                      EQ Traders Super Moderator
                      EQ Magelo Advisor/Moderator

                      Comment


                      • #12
                        I've been hit twice with it too coming here - my AV has caught it. We had the same problem on our guild boards and ended up having to do some major work - we received random attacks from Israel, Germany, the Far East and all over. Had to put a lot of protection in place and in some instances, outright ban certain IPs. It took our people several weeks to fix it all.

                        We believe they are randomly hitting weaknessess in the software itself, not targeting specific sites.
                        Silmare - Fu World Order - Bristlebane
                        Master Artisan ~ Master Researcher (Hybrid)
                        Master Tinker ~ Master Alchemist ~ Master Researcher(Caster) ~ Master Poisoncrafter

                        Comment


                        • #13
                          Wonderful that we're getting all these warnings but none of the warnings tell us exactly WHAT the issue is.
                          Draggar De'Vir
                          92 Assassin - Povar




                          Xzorsh
                          57 Druid of Tunare - Povar
                          47 Druid of Tunare - Lockjaw

                          Hark! Who is that, prowling along the fields! It is Draggar De'VIr, hands clutching two hardened pitas! He cries gutterally: "In the name of Thor the Mighty, I hereby void your warranty, and send you back to God!!!"

                          "No one can predict the future, so we all should eat our desserts first!" - Gaye from 'The Maelstorm's Eye" (Cloakmaster's Cycle book 3)

                          Comment

                          Working...
                          X