GFY Installing Malware - Post If You've Got Hit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • candyflip
    Carpe Visio
    • Jul 2002
    • 43069

    #1

    GFY Installing Malware - Post If You've Got Hit

    Seems like a bunch of people are getting hit and the one thing is common is GFY and that Malware Warning people are seeing.

    If you've gotten hit, post here and maybe it'll get fixed when the ICS crew gets into the office today.

    I got hit and was able to get rid of it using Malwarebyte's Anti-Malware app.

    Spend you some brain.
    Email Me
  • Tom_PM
    Porn Meister
    • Feb 2005
    • 16443

    #2
    IE (6.0 believe it or not) warned me that it'd blocked a download this morning and I saw Java started running. This was on the log-in page itself, pre-password.

    I closed everything and retried and it didnt attempt it the second time.
    43-922-863 Shut up and play your guitar.

    Comment

    • candyflip
      Carpe Visio
      • Jul 2002
      • 43069

      #3
      I just had another attempt.

      Spend you some brain.
      Email Me

      Comment

      • David!
        By the wrath of Agamemnon
        • Apr 2004
        • 6501

        #4
        On Windows 7 and Firefox, it launches Adobe Acrobat Reader and give some kind of 3D error?
        .

        Comment

        • candyflip
          Carpe Visio
          • Jul 2002
          • 43069

          #5
          Yep...definitely has something to do with Adobe, PDF and Reader.

          Spend you some brain.
          Email Me

          Comment

          • seeandsee
            Check SIG!
            • Mar 2006
            • 50945

            #6
            fucking exploits
            BUY MY SIG - 50$/Year

            Contact here

            Comment

            • sextoyking
              Confirmed User
              • Dec 2001
              • 6034

              #7
              Originally posted by MCO_David
              On Windows 7 and Firefox, it launches Adobe Acrobat Reader and give some kind of 3D error?

              On Winxp pro and FF, same error.....
              ICQ: 52344098
              --------------------------------------
              50% Commissions on all Product Sales. http://www.wishing.com/money

              Comment

              • jerryb
                Confirmed User
                • Feb 2005
                • 588

                #8
                Norton caught it as a Trojan for me. Thank you Norton. :-))
                - -

                Comment

                • Jim_Gunn
                  Confirmed User
                  • Feb 2003
                  • 5702

                  #9
                  I just opened up GoFuckYourself.com in FF on my Win XP Laptop and immediately got infected by one of those fake anti virus apps telling me I am infected. It would not even let me ctrl-alt-delete to open up the task manager. I did a hard reboot and opened up the task manager and keep it open before the exploit was able to launch. I am trying to use Malwarebytes to fix now and posting from my cell phone.

                  Comment

                  • Amputate Your Head
                    There can be only one
                    • Aug 2001
                    • 39075

                    #10
                    No trouble here on the Macs.
                    SIG TOO BIG

                    Comment

                    • candyflip
                      Carpe Visio
                      • Jul 2002
                      • 43069

                      #11
                      Originally posted by Amputate Your Head
                      No trouble here on the Macs.
                      Yep...No issues on any of the Mac boxes. Just a Windows issue as usual.

                      Spend you some brain.
                      Email Me

                      Comment

                      • bloggerz
                        Too lazy to set a custom title
                        • Dec 2006
                        • 16255

                        #12
                        yup got it and removed it
                        I SELL ADULT BACKLINKS! Email: eroticweb>gmail SKYPE: gfybloggerz

                        $$$$$ MAKE HUGE MONEY IN CAMS - CLICK HERE $$$$$

                        Comment

                        • Raf1
                          Too lazy to set a custom title
                          • Oct 2003
                          • 12117

                          #13
                          no trouble here yet
                          80% Revshare or 30$ PPS on $1 trials: 200 Niches = Vidz.com Galleries / FLVs / Embeds
                          3 & 5mins FLVs | RSS & Tube Feeds | Matching Thumbs | FLV Browser & Exporter | No Prechecked Xsales
                          >> Mobile Redirection Script: mobile.vidz.com also paying 80% net Lifetime << ICQ: 198-394-557

                          Comment

                          • Va2k
                            I’m still alive barley.
                            • Oct 2001
                            • 10060

                            #14
                            Originally posted by MCO_David
                            On Windows 7 and Firefox, it launches Adobe Acrobat Reader and give some kind of 3D error?
                            Same here on win xp 64

                            Comment

                            • Barefootsies
                              Choice is an Illusion
                              • Feb 2005
                              • 42635

                              #15
                              Originally posted by Jim_Gunn
                              I did a hard reboot and opened up the task manager and keep it open before the exploit was able to launch. I am trying to use Malwarebytes to fix now and posting from my cell phone.
                              Yep. Same here.

                              It was a dead give away when JAVA/Adobe both launched. It's not the first time this has happened from GFY with this trojan. However, Malwarebytes typically will handle it. Had it handy from the last time.

                              Still, annoying all the same.
                              Should You Email Your Members?

                              Link1 | Link2 | Link3

                              Enough Said.

                              "Would you rather live like a king for a year or like a prince forever?"

                              Comment

                              • Fabien
                                Confirmed User
                                • Jul 2003
                                • 4789

                                #16
                                See this also guys

                                http://gofuckyourself.com/showthread.php?t=967903

                                Comment

                                • kristin
                                  GOO!
                                  • Sep 2002
                                  • 9768

                                  #17
                                  Glad I'm on my Mac. =)
                                  Vacares rules.

                                  "Usually only fat guys have the kind of knowledge and ability that Kristin has."

                                  Comment

                                  • LickMyBalls
                                    So Fucking Banned
                                    • Oct 2009
                                    • 756

                                    #18
                                    atwleoqtssd.exe detected by SONAR
                                    atwleoqtssd.exe accessed your network resources
                                    whlu.exe detected by SONAR
                                    whlu.exe modified your System Configuration

                                    Comment

                                    • candyflip
                                      Carpe Visio
                                      • Jul 2002
                                      • 43069

                                      #19
                                      Originally posted by kristin
                                      Glad I'm on my Mac. =)
                                      No shit, right? I've spent about 2 hours booted into Windows this week and 1/2 of it was spent trying to remove this shit.

                                      Spend you some brain.
                                      Email Me

                                      Comment

                                      • Yngwie
                                        I am an Alien from space
                                        • May 2003
                                        • 11118

                                        #20
                                        No problems here on either FF or IE and Windows 7
                                        ICQ: 16544251 - Skype: gator37 @ eastlink.ca - email: yngwie @ isys.ca

                                        Comment

                                        • CPimp
                                          Confirmed User
                                          • Aug 2009
                                          • 2346

                                          #21
                                          Adobe Flash crashed for me just now... there was a strange white box up by the mojohost banner.

                                          Not saying anything at all, just posting my observations. Maybe it's getting installed that way by chance?
                                          three 997 three 55 three 1 ← That's my ICQ. Contact me there. Thanks.

                                          Comment

                                          • FilthyRob
                                            Confirmed User
                                            • Feb 2004
                                            • 6741

                                            #22
                                            I got hit, but I think I stopped it from exploiting. Explorer 6.0, I am old school I guess..lol
                                            AKA - Clubsexy

                                            Comment

                                            • Klen
                                              • Aug 2006
                                              • 32235

                                              #23
                                              This doesn't happen to me,but again i have adblock installed and no banners visible here.

                                              Comment

                                              • garce
                                                Confirmed User
                                                • Oct 2001
                                                • 7103

                                                #24
                                                Avast blocked this:

                                                11/05/2010 12:22:49 PM h**p://91.216.3.108/ca1/main.php [L] JS:Pdfka-AET [Expl] (0)

                                                Comment

                                                • Barefootsies
                                                  Choice is an Illusion
                                                  • Feb 2005
                                                  • 42635

                                                  #25
                                                  Originally posted by KlenTelaris
                                                  This doesn't happen to me,but again i have adblock installed and no banners visible here.
                                                  Yeah, I figured it must be in the banners somewhere.

                                                  Two machines were hit by it. However, a third was not.

                                                  Part of it, apparently, is because of the firewall. Adobe and Java are not auto approved to do anything. So when they pop up asking for permisson via firewall pop up, I hit deny. So it prevented the infection on the one machine. The others had different configurations where Adobe and Java can auto run/update.

                                                  Just an observation.
                                                  Should You Email Your Members?

                                                  Link1 | Link2 | Link3

                                                  Enough Said.

                                                  "Would you rather live like a king for a year or like a prince forever?"

                                                  Comment

                                                  • onwebcam
                                                    Fake Nick 1.0
                                                    • Oct 2005
                                                    • 27689

                                                    #26
                                                    yep same here yesterday..
                                                    PLEASE WAIT WHILE BIDEN ADMIN UNINSTALLS ITSELF.....
                                                    ██████████████████▒ 99.5% complete.

                                                    Comment

                                                    • BIGTYMER
                                                      Junior Achiever
                                                      • Nov 2004
                                                      • 17066

                                                      #27
                                                      The Fix:

                                                      Reboot in Safe Mode
                                                      Run Malwarebytes
                                                      Restart normal
                                                      Open your browser (IE/Chrome/FF/Opera) and change the proxy settings. Remove: IP: 127.0.0.1 Port: 5555

                                                      Comment

                                                      • BIGTYMER
                                                        Junior Achiever
                                                        • Nov 2004
                                                        • 17066

                                                        #28
                                                        Originally posted by tube2k
                                                        Adobe Flash crashed for me just now... there was a strange white box up by the mojohost banner.
                                                        I saw that little white box too. I'm trying to refresh so I can view the source but I'm not seeing it anymore.

                                                        Comment

                                                        • BIGTYMER
                                                          Junior Achiever
                                                          • Nov 2004
                                                          • 17066

                                                          #29
                                                          Apple was onto something?

                                                          Comment

                                                          • woj
                                                            <&(©¿©)&>
                                                            • Jul 2002
                                                            • 47882

                                                            #30
                                                            does gfy host the banners themselves? or are they hotlinked from the advertiser's sites?
                                                            Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                                                            Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                                                            Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                                                            Comment

                                                            • BIGTYMER
                                                              Junior Achiever
                                                              • Nov 2004
                                                              • 17066

                                                              #31
                                                              Originally posted by woj
                                                              does gfy host the banners themselves? or are they hotlinked from the advertiser's sites?
                                                              Can we use flash banners in our sigs? If so maybe it was a users sig.

                                                              Comment

                                                              • Paul Markham
                                                                Too old to care
                                                                • Jun 2001
                                                                • 52942

                                                                #32
                                                                Alright here on Firefox.



                                                                Blowout deal. 880 videos, 2,400 image sets, plus many RAW videos. $500.
                                                                PM me for a deal. Skype Paulmarkham70

                                                                Comment

                                                                • JA$ON
                                                                  Confirmed User
                                                                  • Aug 2007
                                                                  • 1329

                                                                  #33
                                                                  +++++++++++1

                                                                  Comment

                                                                  • sextoyking
                                                                    Confirmed User
                                                                    • Dec 2001
                                                                    • 6034

                                                                    #34
                                                                    I had norton on and ran Malwarebytes - didn't find anything..

                                                                    Should I use another program to check or?
                                                                    ICQ: 52344098
                                                                    --------------------------------------
                                                                    50% Commissions on all Product Sales. http://www.wishing.com/money

                                                                    Comment

                                                                    • selena
                                                                      Confirmed User
                                                                      • Aug 2004
                                                                      • 7995

                                                                      #35
                                                                      Got it on my laptop. Can't say for sure that it was from here, as I had a few windows open.
                                                                      ~
                                                                      Doer of Things at
                                                                      MetArtMoney
                                                                      Where Flawless Beauty Meets Art
                                                                      ~The MetArt Network ~
                                                                      selena.delgado9

                                                                      Comment

                                                                      • Tom_PM
                                                                        Porn Meister
                                                                        • Feb 2005
                                                                        • 16443

                                                                        #36
                                                                        Originally posted by BIGTYMER
                                                                        Can we use flash banners in our sigs? If so maybe it was a users sig.
                                                                        No, not a sig. My first attempt was on the gofuckyourself.com page itself. I was not even logged in yet.
                                                                        43-922-863 Shut up and play your guitar.

                                                                        Comment

                                                                        • Davy
                                                                          Confirmed User
                                                                          • Apr 2006
                                                                          • 4323

                                                                          #37
                                                                          The page just refreshed itself, without me doing anything?
                                                                          Other than that, I have not noticed anything, yet.
                                                                          Had an error message earlier that Adobe Acrobat crashed in the browser. Maybe that was it...
                                                                          ---
                                                                          ICQ 14-76-98 <-- I don't use this at all

                                                                          Comment

                                                                          • MaximX
                                                                            Confirmed User
                                                                            • May 2009
                                                                            • 250

                                                                            #38
                                                                            I had a software that was installed last night called Antivirus Soft. I have norton, but that didn't help so I ran Spyware doctor and everything seem to be working fine now.

                                                                            Comment

                                                                            • CyberHustler
                                                                              Masterbaiter
                                                                              • Feb 2006
                                                                              • 28736

                                                                              #39
                                                                              Nothing for me.. I browse this site under the GFY.com though, not GoFuckYourself.com.
                                                                              “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                                              Comment

                                                                              • CyberHustler
                                                                                Masterbaiter
                                                                                • Feb 2006
                                                                                • 28736

                                                                                #40
                                                                                And I'm on chrome...
                                                                                “If you can convince the lowest white man he’s better than the best colored man, he won’t notice you’re picking his pocket. Hell, give him somebody to look down on, and he’ll empty his pockets for you.”

                                                                                Comment

                                                                                • Barefootsies
                                                                                  Choice is an Illusion
                                                                                  • Feb 2005
                                                                                  • 42635

                                                                                  #41
                                                                                  This last part is important...

                                                                                  Originally posted by BIGTYMER
                                                                                  Open your browser (IE/Chrome/FF/Opera) and change the proxy settings. Remove: IP: 127.0.0.1 Port: 5555
                                                                                  ... Even after you remove the scumware, if you do not do it. I.E. and some sites will not work. You have to switch your I.E. settings back to, 'detect automatic settings' or whatever.
                                                                                  Should You Email Your Members?

                                                                                  Link1 | Link2 | Link3

                                                                                  Enough Said.

                                                                                  "Would you rather live like a king for a year or like a prince forever?"

                                                                                  Comment

                                                                                  • Serge Litehead
                                                                                    Confirmed User
                                                                                    • Dec 2002
                                                                                    • 5190

                                                                                    #42
                                                                                    happens with chrome on gfy.com
                                                                                    top banner duke dollars has some white square on the left of it
                                                                                    in chrome it tries to load adobe acrobat, then plugin crashes, html source looks clean.. didn't look into js

                                                                                    Comment

                                                                                    • SmokeyTheBear
                                                                                      ►SouthOfHeaven
                                                                                      • Jun 2004
                                                                                      • 28609

                                                                                      #43
                                                                                      Originally posted by woj
                                                                                      does gfy host the banners themselves? or are they hotlinked from the advertiser's sites?
                                                                                      last i checked they let sponsors host them , which is ridiculous as you let one bad apple advertise and they can infect everyone else.
                                                                                      hatisblack at yahoo.com

                                                                                      Comment

                                                                                      • Icy
                                                                                        Confirmed User
                                                                                        • Mar 2002
                                                                                        • 864

                                                                                        #44
                                                                                        I posted this screenshoot in the thread i created, it showed up just when loading gofuckyourself, so it's not a sig but a banner, as it doesn't always pop, just from time to time (i guess when the banner enters in the rotation).

                                                                                        Microsoft security essentials gave me an alert about Exploit:Win32/Pdfjsc.FG trying to infect my computer and blocked it, so yes, seems related to that acrobat error some of you saw.

                                                                                        Kimia: Make money with mobile traffic, both adult and mainstream
                                                                                        Skype: sinlords - ICQ: 83-235-881 email: ivan at kimia.mobi

                                                                                        Comment

                                                                                        • candyflip
                                                                                          Carpe Visio
                                                                                          • Jul 2002
                                                                                          • 43069

                                                                                          #45
                                                                                          Originally posted by NanoBot
                                                                                          Nothing for me.. I browse this site under the GFY.com though, not GoFuckYourself.com.
                                                                                          Originally posted by NanoBot
                                                                                          And I'm on chrome...
                                                                                          I do both of these as well AND somehow got infected. So don't think you're safe

                                                                                          I got it again, while I got up from the computer for a few minutes. Came back and the "Adobe Acrobat crashed in the browser" error.

                                                                                          Spend you some brain.
                                                                                          Email Me

                                                                                          Comment

                                                                                          • SmokeyTheBear
                                                                                            ►SouthOfHeaven
                                                                                            • Jun 2004
                                                                                            • 28609

                                                                                            #46
                                                                                            heres the exploit in a pdf file
                                                                                            Code:
                                                                                            Removed.
                                                                                            Last edited by BarryP; 05-11-2010, 12:11 PM.
                                                                                            hatisblack at yahoo.com

                                                                                            Comment

                                                                                            • candyflip
                                                                                              Carpe Visio
                                                                                              • Jul 2002
                                                                                              • 43069

                                                                                              #47
                                                                                              How are they loading it through GFY?

                                                                                              Spend you some brain.
                                                                                              Email Me

                                                                                              Comment

                                                                                              • Barefootsies
                                                                                                Choice is an Illusion
                                                                                                • Feb 2005
                                                                                                • 42635

                                                                                                #48
                                                                                                Originally posted by SmokeyTheBear
                                                                                                last i checked they let sponsors host them , which is ridiculous as you let one bad apple advertise and they can infect everyone else.
                                                                                                Completely agree!
                                                                                                Should You Email Your Members?

                                                                                                Link1 | Link2 | Link3

                                                                                                Enough Said.

                                                                                                "Would you rather live like a king for a year or like a prince forever?"

                                                                                                Comment

                                                                                                • candyflip
                                                                                                  Carpe Visio
                                                                                                  • Jul 2002
                                                                                                  • 43069

                                                                                                  #49
                                                                                                  Which scummy paid advertiser is it?

                                                                                                  Spend you some brain.
                                                                                                  Email Me

                                                                                                  Comment

                                                                                                  • SmokeyTheBear
                                                                                                    ►SouthOfHeaven
                                                                                                    • Jun 2004
                                                                                                    • 28609

                                                                                                    #50
                                                                                                    so now jademason has a giant botnet of gfy users .. ouch
                                                                                                    hatisblack at yahoo.com

                                                                                                    Comment

                                                                                                    Working...