Turn Off Ads?
Page 1 of 6 12345 ... LastLast
Results 1 to 15 of 90

Thread: Spyware/Malware

Hybrid View

  1. #1
    Playoffs Cyclone792's Avatar
    Join Date
    May 2005
    Location
    Cincinnati, OH
    Posts
    6,271

    Spyware/Malware

    Is anybody else getting hit with any Spyware or Malware from RZ? I'm not 100 percent confident this has come from RZ - and I'm far from a computer expert - but I've gotten trojan flags both last night on the home PC and again this morning on the work PC immediately when visiting RZ.

    This is the alert that popped up this morning as soon as RZ loaded:



    Any ideas?
    Barry Larkin - HOF, 2012

    Put an end to the Lost Decade.

  2. #2
    Flash the leather! _Sir_Charles_'s Avatar
    Join Date
    Dec 2007
    Location
    Houston, Texas
    Posts
    8,328

    Re: Spyware/Malware

    I've gotten a few in the last couple days too.

    Mine says "an intrusion attempt was blocked"
    it's a "MSIE Java deployment toolkit input invalidation"

    Seems to occur during a search routine.
    2014 predictions:
    99-63 WS champs (Cards take 2nd WC, Mil 3rd, Pit 4th, Chi 5th)
    Bruce/Votto neck and neck MVP race (neither takes it)
    Bailey CYA winner
    Hamilton ROY & GG

  3. #3
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,074

    Re: Spyware/Malware

    I'll pass this along to our host...thank you.

  4. #4
    Member
    Join Date
    Apr 2004
    Posts
    14

    Re: Spyware/Malware

    Any particular page you're visiting when you get these messages?

    I'm not seeing anything "typical" - but if you can tell me where you were, that would help me track it down.

    Thanks

    Joe

  5. #5
    Playoffs Cyclone792's Avatar
    Join Date
    May 2005
    Location
    Cincinnati, OH
    Posts
    6,271

    Re: Spyware/Malware

    Mine was the main page itself immediately after it loaded: http://www.redszone.com/forums/index.php

    Nothing has popped up in the last few hours though.
    Barry Larkin - HOF, 2012

    Put an end to the Lost Decade.

  6. #6
    Member
    Join Date
    Apr 2004
    Posts
    14

    Re: Spyware/Malware

    I'm wondering if maybe it was an infected google ad, there's nothing to indicate a compromise in the code at all, from what I'm seeing, but I'll keep looking

    The latest version of this software is Latest version available: 4.0.5

    Current version is 3.8.6 - it might be time to upgrade, or evaluate the upgrade options

  7. #7
    Member
    Join Date
    May 2002
    Location
    Cincy
    Posts
    1,006

    Re: Spyware/Malware

    Not much to add, but I got this exact same message the first time I visited the main page today.

  8. #8
    Member
    Join Date
    Apr 2004
    Posts
    14

    Re: Spyware/Malware

    If anyone encounters this again, please do a screen capture if possible, note the page you were on when it happened, and the approximate time (with time zone).

    Email to: mobileterminal@gmail.com

    Thanks

  9. #9
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,074

    Re: Spyware/Malware

    Joe,

    One thing I've noticed when loading any page on redszone.com within the past day or so: it seems to be routing through a numerical IP address: 96.30.16.218. I don't ever remember seeing this before. Did we recently move to a different server or what would account for this?

  10. #10
    Member
    Join Date
    Apr 2004
    Posts
    14

    Re: Spyware/Malware

    Your server IP is 64.128.190.227

    That IP (96.30.16.218) is not even owned by us:

    NameServer: NS2.WIREDTREE.COM
    NameServer: NS1.WIREDTREE.COM
    RegDate: 2008-12-03
    Updated: 2009-10-29
    Ref: http://whois.arin.net/rest/net/NET-96-30-0-0-1

    OrgName: Cogswell Enterprises Inc.
    OrgId: COGSW
    Address: 53 W Jackson Blvd.
    Address: Suite 635
    City: Chicago

    http://www.wiredtree.com/

    Not sure where you'd be seeing that

  11. #11
    CELEBRATION TIME RBA's Avatar
    Join Date
    Apr 2000
    Location
    San Marcos, CA
    Posts
    13,984

    Re: Spyware/Malware

    Quote Originally Posted by nysupport View Post
    Your server IP is 64.128.190.227

    That IP (96.30.16.218) is not even owned by us:

    NameServer: NS2.WIREDTREE.COM
    NameServer: NS1.WIREDTREE.COM
    RegDate: 2008-12-03
    Updated: 2009-10-29
    Ref: http://whois.arin.net/rest/net/NET-96-30-0-0-1

    OrgName: Cogswell Enterprises Inc.
    OrgId: COGSW
    Address: 53 W Jackson Blvd.
    Address: Suite 635
    City: Chicago

    http://www.wiredtree.com/

    Not sure where you'd be seeing that
    Mr Spacely will be mad that Jetson let Cogswell intrude on Spacely Spocket's web server.

  12. #12
    Member
    Join Date
    Apr 2004
    Posts
    14

    Re: Spyware/Malware

    Quote Originally Posted by Boss-Hog View Post
    Joe,

    One thing I've noticed when loading any page on redszone.com within the past day or so: it seems to be routing through a numerical IP address: 96.30.16.218. I don't ever remember seeing this before. Did we recently move to a different server or what would account for this?

    Have you done an adware/malware scan on your computer? I can't imagine where that'd be coming from

  13. #13
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,074

    Re: Spyware/Malware

    Quote Originally Posted by nysupport View Post
    Have you done an adware/malware scan on your computer? I can't imagine where that'd be coming from
    I'll rescan...thanks.

  14. #14
    Administrator Boss-Hog's Avatar
    Join Date
    Apr 2000
    Location
    Cincinnati, OH
    Posts
    6,074

    Re: Spyware/Malware

    Quote Originally Posted by Boss-Hog View Post
    I'll rescan...thanks.
    Well, I ran scans using the latest definitions from several programs and found nothing that accounts for this. I confirmed that it only happens with vBulletin, as other areas of the site and external sites do not call the address I mentioned. I disabled the ads and all other custom vBulletin code and the site is still accessed, at least for me, whenever any vBulletin page loads. Does anyone else have this issue and/or know how to fix it?

  15. #15
    Member
    Join Date
    May 2007
    Location
    All around
    Posts
    7,576

    Re: Spyware/Malware

    I had gotten a Tidserv virus about 10 days ago. I was able to get rid of it with "tdsskiller" (though the computer's now slow and I'm slowly fixing those problems). It's a rootkit virus that attacks anti-virus software at first so that you can't use antivirus software (then it attacks .dll files, the desktop, the registry, and it hides itself so that even if you use an antivirus software on a hard media it won't find it, and it first came around about DEC of 2008, but it's had a huge re-appearance since June. It's really nasty and destroys everything.

    I thought maybe I had gotten it from one of the "forum" sites I visited....Bengals Jungle, this one...or maybe Rotoworld, but I actually believe it came through "Google Images", as Google had just changed their "images" format, and it occurred immediately after I had looked up something there. I figured Google had a hole in it that was discovered by the hackers. The hackers come from China on this particular "tidserv" virus.
    Last edited by Kingspoint; 08-02-2010 at 06:02 PM.


Turn Off Ads?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Board Moderators may, at their discretion and judgment, delete and/or edit any messages that violate any of the following guidelines: 1. Explicit references to alleged illegal or unlawful acts. 2. Graphic sexual descriptions. 3. Racial or ethnic slurs. 4. Use of edgy language (including masked profanity). 5. Direct personal attacks, flames, fights, trolling, baiting, name-calling, general nuisance, excessive player criticism or anything along those lines. 6. Posting spam. 7. Each person may have only one user account. It is fine to be critical here - that's what this board is for. But let's not beat a subject or a player to death, please.

Thank you, and most importantly, enjoy yourselves!


RedsZone.com is a privately owned website and is not affiliated with the Cincinnati Reds or Major League Baseball


Contact us: Boss | GIK | BCubb2003 | dabvu2498 | Gallen5862 | LexRedsFan | Plus Plus | RedlegJake | redsfan1995 | The Operator | Tommyjohn25