My XP machine is ancient. The one time I looked into upgrading to Vista, and another time to Win7 it didn't make sense to even try; not that paying Microsoft to clear stuff their
Originally Posted by Lotus222
antivirus program didn't prevent makes sense.
This iMac I'm on now will be the main workhorse around here and the old machine ---not sure yet what I will do with it.
As for disappointment that I don't take it to the range, that is not an option open to me. Indoor range. I'd have to ask a rancher friend to let me on his
property. Swinging a sledge hammer is also a pretty good way to relieve frustration.
I have had the attached pop up twice in the past 10-minutes while surfing Defensive Carry. Not 100% sure what this means but it doesn't sound especially good:
From Symantec Web Site:
Web Attack: Malicious Toolkit Website 13
Severity: High - This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description: This signature detect attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.
Additional Information: Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.
Affected: Various Browsers.
Defiantly didn't come from this site. You hight look more closely at your surfing habbits
In my case when the two pop-ups happened this morning the only web page that was open in my browser was Defensive Carry. There was no other surfing activity or other web pages open.
I presented my observation only to demonstrate that the original poster might be onto something.
It had it, too, but don't think it came from here. Avast removed it easily.
I am wondering why you say that with certainty? How do you know? I've lived with my XP machine for 9 years, updated all the malware removal tools, programs, etc.
Originally Posted by flybye43
Used Firefox and Chrome mostly but not exclusively.
I am 100% that the two incidents I experienced while browsing here after the recent redo of the site did not happen while on IE.
Generally, my surfing is fairly restricted in scope to the major sites, our local tv station's site, to one forum I moderate and administrate --but with a professional company really doing the behind the scenes stuff. In both incidents I had been on here immediately before things went haywire.
So, my index of suspicion for here is pretty high right now; here or the advertisers, or the adware crap one of the advertisers is using.
I have no suspicion that the owners of this site have knowingly done anything malicious, if I did I'd disappear from here.
Keep in mind that when you initially get infected with malware, it is not the "Antivirus 2012" or whatever scare-ware that you can visibly see. Usually you are infected with a small trojan of some kind, which will download the larger application over time and install it. Sometimes minutes or hours will pass between the time of initial infection and when the user will actually see some visible symptom. So, sometimes it is hard to place blame on a particular website without further investigation.
Yes, Trojan's were downloaded immediately prior to the scare ware. Threat Fire quarantined several in quick succession, but somehow one got ignored by Threat Fire and got marked "allowed" in ME. I don't think much time elapsed (2-5 seconds). I do understand what you are saying but Threat Fire had been really good at picking them up and giving me the
Originally Posted by adric22
chance to kill and quarantine.
What really messed me up was that I could not remove one of the Trojans, and I am quite certain-- from watching the Network Activity monitor in Task Manager-- that there was unauthorized activity going on which I could only stop by either closing the DSL or turning the machine off. I could not download Malwarebytes. Hence the call for help to Microsoft. Also, my printer control panel was shut down. That was messed up by something inserted into a tmp file that I could not find.
Since Microsoft eventually used Malwarebytes, I guess I will need to install it. Microsoft claimed (not sure I am buying it) that Threat Fire's activity prevented ME from stopping the Trojan.
Anyway, except for the aggravation, money, and present risk of identity theft--it is getting time for the sledge hammer.
Hope this thread is a heads up to all --whether it came from here or elsewhere-- and that everyone stays alert and takes appropriate prevention measures.
If you look at the information in the screen shot, you can see that Chad Roger's machine is behind a router/firewall and has been assigned the adress of 192.168.1.5, a typical RFC1918, aka, private address. A high number port, 59651, was used to attempt to connect to the IP address 184.108.40.206 on port 80. Port 80 is standard web (HTTP) traffic. In other words, this would have been browser activity attempting to connect to this web server. You can see the URL that was requested, which contains a stream of unintelligible characters. This could be either an advertisement or malware. It is probably a script of some sort on the web page that was being viewed. A whois report for who owns this site is contained below. It is apparently a hosting provider, and the contact information to file a complaint is contained in the report. Being located in the US, there is a good possibility that if you file a complaint with them, it will be taken seriously.
Note to Hopyard: one thing I recall about Antivir is that it will try to prevent you from downloading malware bytes. What you have to do is download it from another machine onto removable media, like a USB stick. You also have to give it a file different name. Rename it something like dummy.exe and then move it to the infected PC, then run it.
bash-4.1$ whois 220.127.116.11
# Query terms are ambiguous. The query is assumed to be:
# "n 18.104.22.168"
# Use "?" to get help.
# The following results may also be obtained via:
NetRange: 22.214.171.124 - 126.96.36.199
CIDR: 188.8.131.52/18, 184.108.40.206/20, 220.127.116.11/19
NetType: Direct Allocation
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
OrgName: Peer 1 Dedicated Hosting
Address: 101 Marietta Street
Address: Suite 500
OrgAbuseName: Abuse Department
OrgTechName: DC Operations
RTechName: DC Operations
# available at: https://www.arin.net/whois_tou.html
Windows is out, MAC is in. For now. Have not had a virus in over 7 years. :danceban:
Originally Posted by noway2
I don't exactly understand what that all means but I have been able to purchase and install Malwarebytes and hopefully it is now OK to keep viewing DC on the XP machine, which I am doing now.
I hope a senior moderator takes your post and gets the owner and admin to take a look at it.
I did the IP address check thing yesterday and noticed the Atlanta location.
However, I wasn't sure what the 196 IP address was because that's not my IP address. Interesting.
I have noticed that Norton, which is free with my Internet provider's service, seems to cause the computer to run slower and I do get perhaps at least one pop-up a day from them advising of this or that. But if it helps keep the computer virus-free, then it's a small price to pay.
I did the AVG scan yesterday after reading somebody's post. Zero "threats" issues. It did say, as does something else called PC Tools, that I have "registry" issues. And AVG, like PC Tools, wants me to subscribe to their service to get those taken care of (whatever they are).
I worked in IT for 10 years before going into LE.
I had to clean infected computers about 5-10 times a week when working for a repair shop (in addition to doing network stuff with my clients), and I was one of 5 to 6 techs.
Norton and McAfee were the worst AV programs we had to deal with. They install so much fluff that its next to impossible to get rid of if you want to go to a different program later. Both use a lot of memory/CPU compared to others. I will never recommend either of these to anyone.
I've used AVG free edition and monthly ran free anti-spyware utilities to keep my machines running fine. I've never had a virus or spyware issue on any of my computers.
Hopyard, this virus you have is allowed onto an infected machine by clicking on one of the windows it pops up, including the X in the upper right corner to supposedly close it. Then the floodgates open. I cleaned many a machine with this beast. It continues to be released with new versions.
Everyone....for future reference....when you get a suspected window pop up, hit control+W and do not click anywhere on the popup. If that doesn't close it, hit control/alt/del and get into task manager so you can chose to close that particular window (should show up as a program running separate from IE/firefox)
To clean junk off your computer in Windows, boot into safe mode, first empty out your temporary internet files, then empty your windows temporary files, then run AV and AS scans in safe mode if possible. Run more than one, such as super antispyware, adaware, spybot, and malware bytes....all free.
Just because you are on a particular web page and then get alerts that you have a virus does not mean that site is putting it on your 'puter. Some spyware will rear its ugly head whenever it gets around to it, and then it allows other junk in. It easily gives the impression that whatever web site is being visited is the cause of the problem when the problem was already on the computer.
Malwarebytes is what I use to remove junk off of computer. I also use Avast Pro which I consider to be one of the best.
I just surfed every AD on here and didn't get a hit. I will tell you what I have seen about 90+% of the time, when an infected computer had been brought in for me to clean is yahoo toolbar has been installed, or some other toolbar. Searchaid or something like htat and some coupon toolbar run second and third place. While I have no proof, I do think yahoo toolbar has some security issues, the other toolbars are the issue.
Update--- My ancient XP machine is back up; with Malwarebytes monitoring it and with ME monitoring it. I need to look into the other anti-virus programs folks have mentioned.
I've done quite a bit of surfing here at DC since getting the garbage off the machine, and so far no additional alerts. I have not checked the ads.
Something different from what we have now needs development-- yesterday. There's no going back to the age of wired telephone and snail mail. But there is too much mischief possible with our present arrangement.