Jim_Gunn

I just refreshed a page and got infected by one of those Windows security alert viruses. Remember that from a few months ago? I was only surfing GFY and on DroidDoes.com
a Verizon site I assume.

Nikki_Licks

Wonderful! I went through this last time...what a pain in the arse.

Thanks for the heads up

__________________

GetSCORECash

Thanks jim, luckly I'm not on IE.

__________________

DBS.US

Next time, think Mac

__________________
Make a Free Chaturbate White Label site in 34 minutes and be making money tonight

erooup

For all those of you that want to see what is going on on the different sites you visit, I can highly recommend you try Fiddler
http://msdn.microsoft.com/en-us/libr...46(VS.85).aspx

It's also a great tool to track where and how the dodgy affiliates redirect their traffic. This tool have saved me hours of work, when catching and investigating fraud amont affilates.

Jim_Gunn

No one else got infected yet? I use FireFox and this is the second time assuming I did pick that up here today. Thinking about switching to Chrome next to see if that is safer.

area51 - BANNED FOR LIFE

you were more than likely already infected.

bolsex

Avira detected and deleted it too when I opened a thread!

2MuchMark

__________________

Custom Coding | Videochat Solutions | Age Verification | IT Help & Support
www.2Much.net

Nikki_Licks

Fire fox here and don't have any problems ;)
I also run Nod32....

__________________

Jim_Gunn

Thanks for the confirmation. I use AVG but will switch to Avira next if that is the case. I am too entrenched in Windows to go MAC. But switching anti-virus and browsers after I clean this up is definitely in order.

kektex

Adblock + Noscript.
I know an affiliate webmaster shouldn't be recommending this but unfortunately it's the safest way to surf.

Jim_Gunn

What is Nod32?

HAPPYPEEKERS

My micro trend picked it up as well.

__________________
Please Read All Of My Posts In A Sarcastic Tone So You Get The Full Effect!!



HappyPeekers - April

signupdamnit

What specifically is it detecting -- what does it call it -- as much info as possible please including filename and/or registry key if present.

I recommend (in order of preference):

1. Linux (http://linux.org, http://ubuntu.com)
2. Mac
3. Firefox with NoScript (Ad block plus optional) + Microsoft Security Essentials + MalwareBytes Anti-Malware (to scan when infected)

Tjeezers

http://www.eset.com/
that will answer it

__________________
Enroll in the SWAG Affiliate Asian Live Cam Program and get 9 free quality linkbacks from my network!
Wanna see how old school I am? Look at this! All my Cam Review Sites are here.

Jim_Gunn

Mods: Please take note of this thread with two confirmations. I wish that I could give more details about the infection. But I have anti-spyware running in safe mode now including Mal-Ware Bytes. It pops up the fake critical stop messages saying your pc is infected. Similar to the last banner exploit. I am real annoyed with FireFox and AVG for not catching this!

suesheboy

I just lost 2 days fixing the same damn virus with Avast, Avira, Spybot and super antispyware running.

Was only able to fix it booted of a repair disk from Avira. Every other repair never got to the root of the problem.

2 fucking days lost. I want to kill whoever did this.

Why the fuck can't this board scan and kill any issues before we get infected?

__________________
Adult Web Site Domain Names For Sale
Adult Sex Toy Domain Names For Sale
Tantric Delights, Sex Toys Blog, Tantric Sex Toys

SallyRand

Hate to write it but I told you so! And was promptly pilloried as a idiot by "certain" GFY members.

I posted a thread on this very matter here:

https://gfy.com/showthread.php?t=980103

which thread includes the domain, the host and the IP of the attacking source as well as several threads on which the attack was occurring.

Sally.

suesheboy

Interesting read.

If they don't get this fixed fast they can color me gone.

__________________
Adult Web Site Domain Names For Sale
Adult Sex Toy Domain Names For Sale
Tantric Delights, Sex Toys Blog, Tantric Sex Toys

2012

what happened ?

pornpf69

that is why I only come to GFY when I am on UBUNTU...

__________________

Cash X | OK Pay | Pukka Ropes | Pukka Fetish | STRAPED BLOG | Male Bound and Fucked

Ron Bennett

Still no real details of the actual exploit ... is it really a serious threat? ... is it really coming through GFY's ad server?... or maybe is coming through from an embedded image in some posts / user signatures - that has been documented happening numerous times in the past.

Ron

__________________
Domagon - Website Management and Domain Name Sales

Jim_Gunn

I am accessing GFY from a different pc now using No Script & Adblock Plus in FF for protection while I try and get rid of the "Windows Security" malware on my laptop. I do recall what thread I was reading however. It was 'Best Android Phone". maybe some one else can check that one and see if any more alerts pop up on your secured browser.

Nathan

Wonder why so many including myself have no problems....

Then again, I have never used anti virus apps and never had a problem... Makes you wonder....

__________________
"Think about it a little more and you'll agree with me, because you're smart and I'm right."
- Charlie Munger

Nikki_Licks

Thanks, apologies for the late reply, Jim ;)

http://www.eset.com/search-brand?CMP...FcZh2godlm4chg

__________________

BarryP

So far I am unable to duplicate this. What browser/version and AV are you guys running?

__________________

GoFuckYourself.com
Have a Suggestion? Issue? Interested in Advertising? Contact me!
Barryp AT adult.com | icq 559539603

Roald

I blame tubes!

oh wait ;)))

__________________

Jim_Gunn

Thanks for looking into it. I don't know how the hell so many others are not affected by this instead of just three or four of us Windows users. It was something in the "Best Android Phone' thread this time. I got an immediate infection like I had no protection at all. I use Win XP SP3, FF 3.6.3 and AVG antivirus. Plus I run Windows Defender and Ad-Aware too.

candyflip

I have blocked all ads and scripts while surfing GFY. Sucks for people paying to advertise, but the last exploit that loaded here cost me two days of fucking around to get my PC back.

__________________

Spend you some brain.
Email Me

Jim_Gunn

Same here! On a business board like this I actually like to see the ads and banners so I can see who is spending money, and doing business and what they are promoting. I just finally removed (I hope) the exploit after a half dozen scans & reboots later and wasting the better part fo two days using a few tools including Malware Bytes, AVG anti-virus, TDSS rootkit killer,& Spybot Search & Destroy as well as manually going through my Windows/System 32 folder to remove all the newer .exe & dlls that had a date created yesterday. I am now using FF with No Script & Adblock Plus. I really have no idea why my system is so easily infected when I run an updated Win XP SP3, updated AVG anti-virus, Spybot-SD resident real time protection, Windows Defender and Ad-Aware.

SallyRand

I am running Firefox 3.6.8, which is the latest version, Adaware, Spybot, AVG, Malwarebytes, Windows Defender, Zone Alarm and frequently run Windows Security Essentials. I update frequently, some daily. Using Windows Vista Home Premium With SP on this box. Same programs on my laptops.

There are some recent updates to Adobe which close some holes well-known to attackers. I also keep my firewall settings way up there.

I never use IE.

I think perhaps if you take a look at my first thread on the matter, to which I linked in this thread and then compare it to the threads mentioned by other users, you might be able to pin down the source of the attacks or at least get close to the perp.

'den when you find him/her we keel 'dem an' we don' need no stinking badges!

LOL!

Sally.

DirtyJs

they need to host the ads locally so that people can't change them out on the fly.

Jim_Gunn

Wow, this malware is really insidious. I thought I had caught it all since the notifications that lock up your screen and task manager are gone. But now hours later it tried launching an installer out of system restore and luckily AVG caught it. I also saw that it had added custom proxy settings to FF & IE/Chrome. Plus there were several suspicious scheduled tasks added to the windows scheduler that most people don't even pay attention to. The malware itself is not active yet sending me messages and locking up my screen but a scan with malware bytes just caught new infections I am deleting all restore points & temp files and running the anti- virus, spyware and & rootkit apps again before I reboot my laptop.

SallyRand

occurred on this thread:

https://gfy.com/showthread.php?t=981873

Info on IP and associated site and hosting:

67.220.140.58

67.220.140.58 - Geo Information
IP Address 67.220.140.58
Host 67.220.140.58
Location US US, United States
City Stockton, CA 95219
Organization DENIRO MARKETING, LLC.
ISP WBS CONNECT, LLC
AS Number AS14576
Latitude 38°01'99" North
Longitude 121°38'06" West
Distance 10357.98 km (6436.15 miles)

I KEEL DEEZ MOTHYFUCKER AN I DON' NEED NO STEENKEENG BADGES!

Figure it out people!

Sally.

erooup

ALWAYS disable your system restore as step #1, when removing malware.

rogueteens

I had a virus warning from GFY last night too, unfortunately i didnt keep the details.

__________________
Free traffic and backlinks from one of the fastest growing adult pinsites on the net - SAUCY PICTURES!
Easily my best performing webcam sponsor - CLICK HERE!!

Nicky

I got this shit yesterday, took a nice 2-3 hours of my time to go safe mode and delete everything in registry etc and then run nod32 and spyware doctor.

__________________