Virus issues--possibly from this site or its advertisers-- AGAIN

This is a discussion on Virus issues--possibly from this site or its advertisers-- AGAIN within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; Originally Posted by Lotus222 $100.00 for a diagnostic and scan??? Personally, I would have backed up my data files, wiped my drive, installed this OS, ...

Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 62
Like Tree26Likes

Thread: Virus issues--possibly from this site or its advertisers-- AGAIN

  1. #46
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,658
    Quote Originally Posted by Lotus222 View Post
    $100.00 for a diagnostic and scan??? Personally, I would have backed up my data files, wiped my drive, installed this OS, and re-installed my programs.

    Newegg.com - Microsoft Windows 7 Home Premium Upgrade $110.00 10% off and free shipping.


    Sure, its a little work, but it is worth it in the end. You would be up to date with securities, have the best OS to ever hit the market from Microsoft, and be future proof for programs that will no longer support XP.
    My XP machine is ancient. The one time I looked into upgrading to Vista, and another time to Win7 it didn't make sense to even try; not that paying Microsoft to clear stuff their
    antivirus program didn't prevent makes sense.

    This iMac I'm on now will be the main workhorse around here and the old machine ---not sure yet what I will do with it.

    As for disappointment that I don't take it to the range, that is not an option open to me. Indoor range. I'd have to ask a rancher friend to let me on his
    property. Swinging a sledge hammer is also a pretty good way to relieve frustration.
    DontTreadOnI likes this.
    If the Union is once severed, the line of separation will grow wider and wider, and the controversies which are now debated and settled in the halls of legislation will then be tried in fields of battle and determined by the sword.
    Andrew Jackson

  2. Remove Ads

  3. #47
    Senior Member Array Chad Rogers's Avatar
    Join Date
    Jan 2011
    Location
    Metro DC
    Posts
    958
    I have had the attached pop up twice in the past 10-minutes while surfing Defensive Carry. Not 100% sure what this means but it doesn't sound especially good:

    From Symantec Web Site:
    Web Attack: Malicious Toolkit Website 13

    Severity: High - This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

    Description: This signature detect attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.

    Additional Information: Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.

    Affected: Various Browsers.
    Attached Images
    Hopyard likes this.
    "People who take an Internet handle of a great warrior, are usually the first to go fetal when crunch time comes." - Me

  4. #48
    New Member Array flybye43's Avatar
    Join Date
    Sep 2011
    Location
    usa
    Posts
    6
    Defiantly didn't come from this site. You hight look more closely at your surfing habbits
    United By Individuality

  5. #49
    Senior Member Array Chad Rogers's Avatar
    Join Date
    Jan 2011
    Location
    Metro DC
    Posts
    958
    In my case when the two pop-ups happened this morning the only web page that was open in my browser was Defensive Carry. There was no other surfing activity or other web pages open.

    I presented my observation only to demonstrate that the original poster might be onto something.
    Hopyard likes this.
    "People who take an Internet handle of a great warrior, are usually the first to go fetal when crunch time comes." - Me

  6. #50
    Senior Member Array RemMod597's Avatar
    Join Date
    Sep 2008
    Location
    Snohomish County, WA
    Posts
    728
    It had it, too, but don't think it came from here. Avast removed it easily.


    The maximum effective range of an excuse is zero meters.

  7. #51
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,658
    Quote Originally Posted by flybye43 View Post
    Defiantly didn't come from this site. You hight look more closely at your surfing habbits
    I am wondering why you say that with certainty? How do you know? I've lived with my XP machine for 9 years, updated all the malware removal tools, programs, etc.
    Used Firefox and Chrome mostly but not exclusively.

    I am 100% that the two incidents I experienced while browsing here after the recent redo of the site did not happen while on IE.

    Generally, my surfing is fairly restricted in scope to the major sites, our local tv station's site, to one forum I moderate and administrate --but with a professional company really doing the behind the scenes stuff. In both incidents I had been on here immediately before things went haywire.

    So, my index of suspicion for here is pretty high right now; here or the advertisers, or the adware crap one of the advertisers is using.

    I have no suspicion that the owners of this site have knowingly done anything malicious, if I did I'd disappear from here.
    If the Union is once severed, the line of separation will grow wider and wider, and the controversies which are now debated and settled in the halls of legislation will then be tried in fields of battle and determined by the sword.
    Andrew Jackson

  8. #52
    Senior Member Array adric22's Avatar
    Join Date
    May 2011
    Location
    Fort Worth, TX
    Posts
    1,146
    Keep in mind that when you initially get infected with malware, it is not the "Antivirus 2012" or whatever scare-ware that you can visibly see. Usually you are infected with a small trojan of some kind, which will download the larger application over time and install it. Sometimes minutes or hours will pass between the time of initial infection and when the user will actually see some visible symptom. So, sometimes it is hard to place blame on a particular website without further investigation.
    "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." -Plato

  9. #53
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,658
    Quote Originally Posted by adric22 View Post
    Keep in mind that when you initially get infected with malware, it is not the "Antivirus 2012" or whatever scare-ware that you can visibly see. Usually you are infected with a small trojan of some kind, which will download the larger application over time and install it. Sometimes minutes or hours will pass between the time of initial infection and when the user will actually see some visible symptom. So, sometimes it is hard to place blame on a particular website without further investigation.
    Yes, Trojan's were downloaded immediately prior to the scare ware. Threat Fire quarantined several in quick succession, but somehow one got ignored by Threat Fire and got marked "allowed" in ME. I don't think much time elapsed (2-5 seconds). I do understand what you are saying but Threat Fire had been really good at picking them up and giving me the
    chance to kill and quarantine.

    What really messed me up was that I could not remove one of the Trojans, and I am quite certain-- from watching the Network Activity monitor in Task Manager-- that there was unauthorized activity going on which I could only stop by either closing the DSL or turning the machine off. I could not download Malwarebytes. Hence the call for help to Microsoft. Also, my printer control panel was shut down. That was messed up by something inserted into a tmp file that I could not find.

    Since Microsoft eventually used Malwarebytes, I guess I will need to install it. Microsoft claimed (not sure I am buying it) that Threat Fire's activity prevented ME from stopping the Trojan.

    Anyway, except for the aggravation, money, and present risk of identity theft--it is getting time for the sledge hammer.

    Hope this thread is a heads up to all --whether it came from here or elsewhere-- and that everyone stays alert and takes appropriate prevention measures.
    If the Union is once severed, the line of separation will grow wider and wider, and the controversies which are now debated and settled in the halls of legislation will then be tried in fields of battle and determined by the sword.
    Andrew Jackson

  10. #54
    Distinguished Member Array noway2's Avatar
    Join Date
    Jul 2011
    Location
    North Carolina
    Posts
    1,875
    If you look at the information in the screen shot, you can see that Chad Roger's machine is behind a router/firewall and has been assigned the adress of 192.168.1.5, a typical RFC1918, aka, private address. A high number port, 59651, was used to attempt to connect to the IP address 216.157.99.240 on port 80. Port 80 is standard web (HTTP) traffic. In other words, this would have been browser activity attempting to connect to this web server. You can see the URL that was requested, which contains a stream of unintelligible characters. This could be either an advertisement or malware. It is probably a script of some sort on the web page that was being viewed. A whois report for who owns this site is contained below. It is apparently a hosting provider, and the contact information to file a complaint is contained in the report. Being located in the US, there is a good possibility that if you file a complaint with them, it will be taken seriously.

    Note to Hopyard: one thing I recall about Antivir is that it will try to prevent you from downloading malware bytes. What you have to do is download it from another machine onto removable media, like a USB stick. You also have to give it a file different name. Rename it something like dummy.exe and then move it to the infected PC, then run it.

    Code:
    bash-4.1$ whois 216.157.99.240
    #
    # Query terms are ambiguous.  The query is assumed to be:
    #     "n 216.157.99.240"
    #
    # Use "?" to get help.
    #
    
    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=216.157.99.240?showDetails=true&showARIN=false&ext=netref2
    #
    
    NetRange:       216.157.0.0 - 216.157.111.255
    CIDR:           216.157.0.0/18, 216.157.96.0/20, 216.157.64.0/19
    OriginAS:       AS13601
    NetName:        216-157-0-0-NET
    NetHandle:      NET-216-157-0-0-1
    Parent:         NET-216-0-0-0-0
    NetType:        Direct Allocation
    Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate:        1998-12-16
    Updated:        2008-08-01
    Ref:            http://whois.arin.net/rest/net/NET-216-157-0-0-1
    
    OrgName:        Peer 1 Dedicated Hosting
    OrgId:          P1DH-1
    Address:        101 Marietta Street
    Address:        Suite 500
    City:           Atlanta
    StateProv:      GA
    PostalCode:     30303
    Country:        US
    RegDate:        2007-08-03
    Updated:        2010-12-22
    Ref:            http://whois.arin.net/rest/org/P1DH-1
    
    OrgAbuseHandle: ABUSE2465-ARIN
    OrgAbuseName:   Abuse Department
    OrgAbusePhone:  +1-678-365-2835 
    OrgAbuseEmail:  abuse-mh@peer1.com
    OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE2465-ARIN
    
    OrgTechHandle: DCOPE2-ARIN
    OrgTechName:   DC Operations
    OrgTechPhone:  +1-678-365-2835 
    OrgTechEmail:  dhswip@peer1.com
    OrgTechRef:    http://whois.arin.net/rest/poc/DCOPE2-ARIN
    
    RTechHandle: DCOPE2-ARIN
    RTechName:   DC Operations
    RTechPhone:  +1-678-365-2835 
    RTechEmail:  dhswip@peer1.com
    RTechRef:    http://whois.arin.net/rest/poc/DCOPE2-ARIN
    
    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
    Hopyard and gasmitty like this.

  11. #55
    Senior Member
    Array bigdog44's Avatar
    Join Date
    Feb 2010
    Location
    SW Ohio
    Posts
    570
    Windows is out, MAC is in. For now. Have not had a virus in over 7 years.
    It's not a problem til they make it one!

  12. #56
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,658
    Quote Originally Posted by noway2 View Post
    If you look at the information in the screen shot, you can see that Chad Roger's machine is behind a router/firewall and has been assigned the adress of 192.168.1.5, a typical RFC1918, aka, private address. A high number port, 59651, was used to attempt to connect to the IP address 216.157.99.240 on port 80. Port 80 is standard web (HTTP) traffic. In other words, this would have been browser activity attempting to connect to this web server. You can see the URL that was requested, which contains a stream of unintelligible characters. This could be either an advertisement or malware. It is probably a script of some sort on the web page that was being viewed. A whois report for who owns this site is contained below. It is apparently a hosting provider, and the contact information to file a complaint is contained in the report. Being located in the US, there is a good possibility that if you file a complaint with them, it will be taken seriously.

    Note to Hopyard: one thing I recall about Antivir is that it will try to prevent you from downloading malware bytes. What you have to do is download it from another machine onto removable media, like a USB stick. You also have to give it a file different name. Rename it something like dummy.exe and then move it to the infected PC, then run it.

    Code:
    bash-4.1$ whois 216.157.99.240
    #
    # Query terms are ambiguous.  The query is assumed to be:
    #     "n 216.157.99.240"
    #
    # Use "?" to get help.
    #
    
    #
    # The following results may also be obtained via:
    # http://whois.arin.net/rest/nets;q=216.157.99.240?showDetails=true&showARIN=false&ext=netref2
    #
    
    NetRange:       216.157.0.0 - 216.157.111.255
    CIDR:           216.157.0.0/18, 216.157.96.0/20, 216.157.64.0/19
    OriginAS:       AS13601
    NetName:        216-157-0-0-NET
    NetHandle:      NET-216-157-0-0-1
    Parent:         NET-216-0-0-0-0
    NetType:        Direct Allocation
    Comment:        ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate:        1998-12-16
    Updated:        2008-08-01
    Ref:            http://whois.arin.net/rest/net/NET-216-157-0-0-1
    
    OrgName:        Peer 1 Dedicated Hosting
    OrgId:          P1DH-1
    Address:        101 Marietta Street
    Address:        Suite 500
    City:           Atlanta
    StateProv:      GA
    PostalCode:     30303
    Country:        US
    RegDate:        2007-08-03
    Updated:        2010-12-22
    Ref:            http://whois.arin.net/rest/org/P1DH-1
    
    OrgAbuseHandle: ABUSE2465-ARIN
    OrgAbuseName:   Abuse Department
    OrgAbusePhone:  +1-678-365-2835 
    OrgAbuseEmail:  abuse-mh@peer1.com
    OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE2465-ARIN
    
    OrgTechHandle: DCOPE2-ARIN
    OrgTechName:   DC Operations
    OrgTechPhone:  +1-678-365-2835 
    OrgTechEmail:  dhswip@peer1.com
    OrgTechRef:    http://whois.arin.net/rest/poc/DCOPE2-ARIN
    
    RTechHandle: DCOPE2-ARIN
    RTechName:   DC Operations
    RTechPhone:  +1-678-365-2835 
    RTechEmail:  dhswip@peer1.com
    RTechRef:    http://whois.arin.net/rest/poc/DCOPE2-ARIN
    
    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
    NICE WORK!!!

    I don't exactly understand what that all means but I have been able to purchase and install Malwarebytes and hopefully it is now OK to keep viewing DC on the XP machine, which I am doing now.

    I hope a senior moderator takes your post and gets the owner and admin to take a look at it.
    If the Union is once severed, the line of separation will grow wider and wider, and the controversies which are now debated and settled in the halls of legislation will then be tried in fields of battle and determined by the sword.
    Andrew Jackson

  13. #57
    Senior Member Array Chad Rogers's Avatar
    Join Date
    Jan 2011
    Location
    Metro DC
    Posts
    958
    I did the IP address check thing yesterday and noticed the Atlanta location.

    However, I wasn't sure what the 196 IP address was because that's not my IP address. Interesting.

    I have noticed that Norton, which is free with my Internet provider's service, seems to cause the computer to run slower and I do get perhaps at least one pop-up a day from them advising of this or that. But if it helps keep the computer virus-free, then it's a small price to pay.

    I did the AVG scan yesterday after reading somebody's post. Zero "threats" issues. It did say, as does something else called PC Tools, that I have "registry" issues. And AVG, like PC Tools, wants me to subscribe to their service to get those taken care of (whatever they are).
    "People who take an Internet handle of a great warrior, are usually the first to go fetal when crunch time comes." - Me

  14. #58
    VIP Member
    Array 64zebra's Avatar
    Join Date
    May 2006
    Location
    Panhandle of Texas
    Posts
    6,445
    I worked in IT for 10 years before going into LE.

    I had to clean infected computers about 5-10 times a week when working for a repair shop (in addition to doing network stuff with my clients), and I was one of 5 to 6 techs.

    Norton and McAfee were the worst AV programs we had to deal with. They install so much fluff that its next to impossible to get rid of if you want to go to a different program later. Both use a lot of memory/CPU compared to others. I will never recommend either of these to anyone.

    I've used AVG free edition and monthly ran free anti-spyware utilities to keep my machines running fine. I've never had a virus or spyware issue on any of my computers.

    Hopyard, this virus you have is allowed onto an infected machine by clicking on one of the windows it pops up, including the X in the upper right corner to supposedly close it. Then the floodgates open. I cleaned many a machine with this beast. It continues to be released with new versions.

    Everyone....for future reference....when you get a suspected window pop up, hit control+W and do not click anywhere on the popup. If that doesn't close it, hit control/alt/del and get into task manager so you can chose to close that particular window (should show up as a program running separate from IE/firefox)

    To clean junk off your computer in Windows, boot into safe mode, first empty out your temporary internet files, then empty your windows temporary files, then run AV and AS scans in safe mode if possible. Run more than one, such as super antispyware, adaware, spybot, and malware bytes....all free.

    Just because you are on a particular web page and then get alerts that you have a virus does not mean that site is putting it on your 'puter. Some spyware will rear its ugly head whenever it gets around to it, and then it allows other junk in. It easily gives the impression that whatever web site is being visited is the cause of the problem when the problem was already on the computer.
    LEO/CHL
    Certified Glock Armorer

    "I got a touch of hangover bureaucrat, don't push me"
    --G.W. McClintock

    Independence is declared; it must be maintained. Sam Houston-3/2/1836
    If loose gun laws are good for criminals why do criminals support gun control?

  15. #59
    Member Array mkphillips's Avatar
    Join Date
    Dec 2009
    Location
    Knoxville, TN
    Posts
    121
    Malwarebytes is what I use to remove junk off of computer. I also use Avast Pro which I consider to be one of the best.

    I just surfed every AD on here and didn't get a hit. I will tell you what I have seen about 90+% of the time, when an infected computer had been brought in for me to clean is yahoo toolbar has been installed, or some other toolbar. Searchaid or something like htat and some coupon toolbar run second and third place. While I have no proof, I do think yahoo toolbar has some security issues, the other toolbars are the issue.

  16. #60
    VIP Member
    Array Hopyard's Avatar
    Join Date
    Jun 2006
    Location
    Disappeared
    Posts
    11,658
    Update--- My ancient XP machine is back up; with Malwarebytes monitoring it and with ME monitoring it. I need to look into the other anti-virus programs folks have mentioned.

    I've done quite a bit of surfing here at DC since getting the garbage off the machine, and so far no additional alerts. I have not checked the ads.

    Something different from what we have now needs development-- yesterday. There's no going back to the age of wired telephone and snail mail. But there is too much mischief possible with our present arrangement.
    If the Union is once severed, the line of separation will grow wider and wider, and the controversies which are now debated and settled in the halls of legislation will then be tried in fields of battle and determined by the sword.
    Andrew Jackson

Page 4 of 5 FirstFirst 12345 LastLast

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

216.157.99.240

,
chive website virus
,
kel tec virus
,
kel-tec virus
,
problems malware with thechive.com
,
system check virus kel tec
,

thechive infected with malware

,

thechive malware

,

thechive virus

,
thechive viruses
,
thechive website virus
,
thechive.com virus
Click on a term to search for related topics.