Spyware/Malware

[Cyclone792]

Is anybody else getting hit with any Spyware or Malware from RZ? I'm not 100 percent confident this has come from RZ - and I'm far from a computer expert - but I've gotten trojan flags both last night on the home PC and again this morning on the work PC immediately when visiting RZ.

This is the alert that popped up this morning as soon as RZ loaded:



Any ideas?

[_Sir_Charles_]

I've gotten a few in the last couple days too.

Mine says "an intrusion attempt was blocked"
it's a "MSIE Java deployment toolkit input invalidation"

Seems to occur during a search routine.

[Boss-Hog]

I'll pass this along to our host...thank you.

[nysupport]

Any particular page you're visiting when you get these messages?

I'm not seeing anything "typical" - but if you can tell me where you were, that would help me track it down.

Thanks

Joe

[Cyclone792]

Mine was the main page itself immediately after it loaded: http://www.redszone.com/forums/index.php

Nothing has popped up in the last few hours though.

[nysupport]

I'm wondering if maybe it was an infected google ad, there's nothing to indicate a compromise in the code at all, from what I'm seeing, but I'll keep looking

The latest version of this software is Latest version available: 4.0.5

Current version is 3.8.6 - it might be time to upgrade, or evaluate the upgrade options

[swaisuc]

Not much to add, but I got this exact same message the first time I visited the main page today.

[nysupport]

If anyone encounters this again, please do a screen capture if possible, note the page you were on when it happened, and the approximate time (with time zone).

Email to: mobileterminal@gmail.com

Thanks

[Boss-Hog]

Joe,

One thing I've noticed when loading any page on redszone.com within the past day or so: it seems to be routing through a numerical IP address: 96.30.16.218. I don't ever remember seeing this before. Did we recently move to a different server or what would account for this?

[nysupport]

Your server IP is 64.128.190.227

That IP (96.30.16.218) is not even owned by us:

NameServer: NS2.WIREDTREE.COM
NameServer: NS1.WIREDTREE.COM
RegDate: 2008-12-03
Updated: 2009-10-29
Ref: http://whois.arin.net/rest/net/NET-96-30-0-0-1

OrgName: Cogswell Enterprises Inc.
OrgId: COGSW
Address: 53 W Jackson Blvd.
Address: Suite 635
City: Chicago

http://www.wiredtree.com/

Not sure where you'd be seeing that

[nysupport]

Quote:

Originally Posted by Boss-Hog

Joe,

One thing I've noticed when loading any page on redszone.com within the past day or so: it seems to be routing through a numerical IP address: 96.30.16.218. I don't ever remember seeing this before. Did we recently move to a different server or what would account for this?

Have you done an adware/malware scan on your computer? I can't imagine where that'd be coming from

[Boss-Hog]

Quote:

Originally Posted by nysupport

Have you done an adware/malware scan on your computer? I can't imagine where that'd be coming from

I'll rescan...thanks.

[Kingspoint]

I had gotten a Tidserv virus about 10 days ago. I was able to get rid of it with "tdsskiller" (though the computer's now slow and I'm slowly fixing those problems). It's a rootkit virus that attacks anti-virus software at first so that you can't use antivirus software (then it attacks .dll files, the desktop, the registry, and it hides itself so that even if you use an antivirus software on a hard media it won't find it, and it first came around about DEC of 2008, but it's had a huge re-appearance since June. It's really nasty and destroys everything.

I thought maybe I had gotten it from one of the "forum" sites I visited....Bengals Jungle, this one...or maybe Rotoworld, but I actually believe it came through "Google Images", as Google had just changed their "images" format, and it occurred immediately after I had looked up something there. I figured Google had a hole in it that was discovered by the hackers. The hackers come from China on this particular "tidserv" virus.

[KoryMac5]

Got a virus message on the wife's laptop as well. I will try and screen save it the next time it pops up. Usually happens when I enter via the main page. The laptop has come across it three times in the past few days.

[Boss-Hog]

All,

Based on a recommendation from vBulletin, I've temporarily disabled all Google ads. Please reply to this thread immediately if you receive another virus/malware alert.