ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

This is a discussion on ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; Okay, I thought of one more thing that might help. I refreshed the forum cache, reset the cookie path and dumped all contents of our ...

Page 11 of 11 FirstFirst ... 7891011
Results 151 to 161 of 161

Thread: ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

  1. #151
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Okay, I thought of one more thing that might help. I refreshed the forum cache, reset the cookie path and dumped all contents of our cookie cache. Follow the procedure to dump your cookies one more time and see if that clears up your problems. Beyond that, I don't have much advice to offer to resolve it at this point....
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  2. Remove Ads

  3. #152
    Member Array TBob's Avatar
    Join Date
    Jul 2006
    Location
    N. Virginia
    Posts
    204
    Still works fine in Linux with Firefox. No issues at all during this whole episode. But thanks, Bumper, for your perseverance throughout this unfortunate attack on Windows-based systems.
    "To disarm the people is the best and most effectual way to enslave them"
    - George Mason, American Statesman (1725-92)

  4. #153
    VIP Member Array NC Bullseye's Avatar
    Join Date
    Apr 2009
    Location
    NC Foothills
    Posts
    2,353
    Quote Originally Posted by Bumper View Post
    Okay, I thought of one more thing that might help. I refreshed the forum cache, reset the cookie path and dumped all contents of our cookie cache. Follow the procedure to dump your cookies one more time and see if that clears up your problems. Beyond that, I don't have much advice to offer to resolve it at this point....
    Just an FYI, no workie yet.

  5. #154
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Quote Originally Posted by NC Bullseye View Post
    Just an FYI, no workie yet.
    Okay, I tried something else. Try it one more time and let me know if it works....
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  6. #155
    VIP Member Array NC Bullseye's Avatar
    Join Date
    Apr 2009
    Location
    NC Foothills
    Posts
    2,353
    Quote Originally Posted by Bumper View Post
    Okay, I tried something else. Try it one more time and let me know if it works....
    Tried it again on different machines. Still no joy.

  7. #156
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Quote Originally Posted by NC Bullseye View Post
    Tried it again on different machines. Still no joy.
    Unfortunately, I'm going out of town for a week early in the morning and will not be able to work on it until I get back. Not that I would be able to figure it out even if I was here, but the problem is going to have to sit for awhile. I may have to completely remove vBulletin and all of the modifications and reinstall to get rid of it. That will take awhile, requiring us to be completely offline. I'll try that next week.....
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  8. #157
    Senior Member Array highvoltage's Avatar
    Join Date
    Nov 2008
    Location
    NH
    Posts
    1,121
    Quote Originally Posted by NC Bullseye View Post
    I don't know if highvoltage tried it but I did multiple times and it still is giving the same security token error.
    I've done it multiple times on two machines, one at work and one at home. Running IE at work, FireFox at home. Same message on both.

    Cleared history, cache, all cookies, still no joy.

    It's not a big issue so it can be resolved whenever.

  9. #158
    VIP Member Array NC Bullseye's Avatar
    Join Date
    Apr 2009
    Location
    NC Foothills
    Posts
    2,353
    Quote Originally Posted by Bumper View Post
    Unfortunately, I'm going out of town for a week early in the morning and will not be able to work on it until I get back. Not that I would be able to figure it out even if I was here, but the problem is going to have to sit for awhile. I may have to completely remove vBulletin and all of the modifications and reinstall to get rid of it. That will take awhile, requiring us to be completely offline. I'll try that next week.....
    No problem, I appreciate the great forum! Safe trip and I'll help with any new thoughts when you return.

    Quote Originally Posted by highvoltage View Post
    I've done it multiple times on two machines, one at work and one at home. Running IE at work, FireFox at home. Same message on both.

    Cleared history, cache, all cookies, still no joy.

    It's not a big issue so it can be resolved whenever.
    This is a strange one eh?

  10. #159
    Distinguished Member Array tcox4freedom's Avatar
    Join Date
    Mar 2009
    Location
    South Carolina USA
    Posts
    1,461
    Quote Originally Posted by Bumper View Post
    By the way. If you are getting an error message regarding a missing security token, please go to this thread for the resolution. I expect that the problems corrupted a lot of people's cookie from the forum.....

    http://www.defensivecarry.com/vbulle...en-errors.html
    Just want to let you know that I've followed the instructions in the above thread "several" times to no avail. (It's still happening.)

  11. #160
    VIP Member Array Sticks's Avatar
    Join Date
    Nov 2007
    Location
    Colorado
    Posts
    3,407
    Not sure if this has been posted as I have not read all 150 odd posts.

    I ran a McAfee search on PWS:WIN32/Zbot.gen!y from post #10 (if it is related to the problem)

    Risk Assessment: Home Low-Profiled | Corporate Low-Profiled
    Date Discovered: 4/29/2008
    Date Added: 4/29/2008
    Origin: N/A
    Length: Varies
    Type: Trojan
    Subtype: Generic
    DAT Required: 5284


    Description
    -- Update September 28, 2009 --
    The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
    IRS scam now world's biggest e-mail virus problem - Computerworld

    --

    This detection is for a spy trojan which upon running on the victim’s machine, may be used to upload stolen information to a pre-configured website.

    The characteristics of this trojan with regards to file names, sites accessed, files downloaded, etc. can differ from one version to another, depending on the way in which the attacker had configured it. Therefore, this is a general description.
    Indication of Infection

    * Presence of files and registry entries mentioned
    * Network activity with servers mentioned above

    Methods of Infection

    Trojans are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

    Many of these are mass spammed by the author to entice people into double-clicking on them.

    Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Password Stealer onto the user's system with no user interaction.
    Aliases
    Infostealer.Banker.C [Symantec], PWS:Win32/Zbot.gen!R [Microsoft], Trojan.Generic.2436384 [BitDefender], TSPY_ZBOT.SMC [TrendMicro]

    When executed, some samples of this trojan drops the following files:

    * %System%\sdra64.exe [Copy of Trojan]
    * %System%\lowsec\local.ds [Data File]
    * %System%\lowsec\user.ds [Data File]
    * %System%\lowsec\user.ds.lll [Data File]

    (note: %System% refers to the System folder. In a Windows XP machine, this should by default refer to the "C:\Windows\System32" folder.)

    The trojan also modifies the following registry values to run at windows startup:

    * [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    Userinit = "%System%\userinit.exe,%System%\sdra64.exe,"

    It injects malicious codes to several processes and hooks several API to hide itself and monitor users activity.

    It connects to remote server to update itself and send gathered information such as banking transactions.

    Attempts to connect to the domain:

    * kievsk.com

    At the time of writing the said domain is not available.
    I am running Win 7 Ultimate, Firefox and hit the forum every morning. I did get a Java update, but my last scan (Sat morn) didn't find anything.

    McAfee removal instructions.
    Sticks

    Grasseater // Grass~eat~er noun, often attributive \ˈgras-ē-tər\
    A person who is incapable of independent thought; a person who is herd animal-like in behavior; one who cannot distinguish between right and wrong; a foolish person.
    See also Sheep

  12. #161
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,158

    re: sticks Win32/zbot.gen!.y

    Quote Originally Posted by Sticks View Post
    Not sure if this has been posted as I have not read all 150 odd posts.

    I ran a McAfee search on PWS:WIN32/Zbot.gen!y from post #10 (if it is related to the problem)
    I posted about this too in #22 (I think), and again in yet another post.

    Just judging by the behavior of my computer at the time my anti-virus software detected this, and the fact that I was on DC at the time two were detected, and that I had run a scan of my drives the previous evening, my suspicion is that it is somehow related. FWIW I am always up to date with Microsoft's malicous software removal tools, run Threat Fire in the background 100% (PC Tools ) and run Microsoft's Live One Care 100% of the time. I too was using Chrome, as was the poster of #10---- so it could be a Chrome issue rather than a DC issue.

Page 11 of 11 FirstFirst ... 7891011

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Loudoun malicious wounding suspect possibly caught...
    By packinnova in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: January 11th, 2011, 12:10 AM
  2. I'm always suspicious...
    By ctsketch in forum Home (And Away From Home) Defense Discussion
    Replies: 27
    Last Post: May 27th, 2010, 10:37 PM
  3. Charged with burglary and malicious wounding and still on the street???
    By DaveH in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: August 26th, 2009, 10:46 AM
  4. William Steele Jr: guilty of aggravated malicious wounding
    By DaveH in forum Law Enforcement, Military & Homeland Security Discussion
    Replies: 8
    Last Post: February 9th, 2009, 06:41 PM
  5. Suspicious Character!
    By Phil Elmore in forum Off Topic & Humor Discussion
    Replies: 11
    Last Post: March 26th, 2006, 09:44 PM

Search tags for this page

73.102.216.1

,
a website with suspicious or malicious content
,
hacked webmaster at bersa.com
,
malicious or suspicious user agents
,
marion lawyer jav
,

suspicious mozilla user-agent typo

,

tapatalk vbseo .htaccess

,

tracert 73.102.216.1

Click on a term to search for related topics.