PDA

View Full Version : Malware designation



Cincy
10-21-13, 10:56
I think someone has gone and made a "malware" complaint about the site as the Chrome Malware page came up when I logged on today. I'm guessing someone is being a DB.

FYI,

See.

TwistedBrother
10-21-13, 10:59
I just noticed this, too. Glad it's not "real.


I think someone has gone and made a "malware" complaint about the site as the Chrome Malware page came up when I logged on today. I'm guessing someone is being a DB.

FYI,

See.

Dsprdo
10-21-13, 11:10
I just noticed this, too. Glad it's not "real.Also got a warning using Firefox.

Craps7
10-21-13, 11:34
Also got a warning using Firefox.Me too, but can't get arround the Reported Attach Page banner. Clicking ignore this warning goes no where.

Fortunately my ipad snow bunnie browser does allow passage.

Beady
10-21-13, 11:57
Also got a warning using Firefox.Got the same message, but ignored and came straight through as normal.

Beady.

Peter Revvie
10-21-13, 12:27
I also experienced this problem, but took a deep breath and launched in anyway. I don't know if this has been reported to any of the "Mods" yet but I will do so via this post.

Stay Safe!

PR.


Got the same message, but ignored and came straight through as normal.

Beady.

Rub Addicted
10-21-13, 12:37
Samantics caught something when I opened your web site.

BBFreak
10-22-13, 11:04
Samantics caught something when I opened your web site.I received the same malware alert using Google Chrome and Norton also flags this site as a known security threat.

Admin2
10-22-13, 12:46
If any of you guys are finding anything after scanning please PM me. I use the site all the time and my AV is not blocking anything, nor am I finding anything when I scan.

A2

Bwetfan
10-23-13, 17:46
As of today, my instances of Chrome are no longer complaining about this site. Either the problem fixed itself or Jackson took care of it.

DiscreetiD
10-24-13, 12:28
http://www.theregister.co.uk/2013/10/24/php_site_malware_warning_flap/

Basically, almost ANY PHP website was getting flagged by Google as naughty.

Oddjob
11-01-13, 17:06
Norton will detect but not quarantine most rootkit virus's. Try Avast!, free download and scan and quarantined the virus.

KC Questor
11-02-13, 00:46
From my Anti-Virus:

20131102 044436 Blocked web request to "mooquu.Simplsites.Org/zbjbfevhxtdt" (linked from "www.usasexguide.info/forum/showthread.php for user xxxx. 'Mal/HTMLGen-A' has been found at this website, reference I'd 171554520.

BoloBellgrande
11-04-13, 18:21
Just tried to log in and got a alert from my Kaspersky anti virus. HEUR: Trojan. ScriptG was detected and blocked. I clicked the frequent visitor icon and and got the message, tried it twice and got the same message. Writing this on my phone and just got a wierd message from my phone anti virus telling me it stopped working. Any one else having this problem.

BostonBoy
11-04-13, 19:20
Just tried to log in and got a alert from my Kaspersky anti virus. HEUR: Trojan. ScriptG was detected and blocked. I clicked the frequent visitor icon and and got the message, tried it twice and got the same message. Writing this on my phone and just got a wierd message from my phone anti virus telling me it stopped working. Any one else having this problem.Yes- avast is warnign of malware just about every page on this site.

BoloBellgrande
11-04-13, 19:57
I had this happen last week. The weird thing is the first time I got a message notification for a message in weeks is when it happened.Restarted my phone and ran the Kaspersky anti virus on my phone and nothing was found, I am running the scan on my computer just to be on the safe side. I will restart my laptop and try it again. If I get the same virus warning I will give it a few days a try it again and see if there is any change.

RKirk
11-04-13, 20:24
Avast keeps popping up with 'Threat has been detected'. I cannot check my Private Messages. Is anyone else having this problem also?

Zauber
11-04-13, 21:55
Anyone else have trouble getting on the site. Had to use the phone because the anti-virus program on my laptop is blocking me.

Lugguy 135
11-04-13, 22:18
Anyone else have trouble getting on the site. Had to use the phone because the anti-virus program on my laptop is blocking me.Google warned me that viruses were on this site but I continued on. Will clear out once I leave this site.

Me Tigger
11-04-13, 23:06
You probably have Kaspersky Internet Security / AV? It is flagging site. If you ever need tech help and want it to be hush hush, PM me. I deal with this stuff all day long with all kinds of companies that I monitor to show them where their "model" employees spend their day. I notified a northern city's religious leadership about an issue at the beginning of this year. It surfaced at Edgewater Park just a few weeks ago. I am paid for my discretion and expertise.


Anyone else have trouble getting on the site. Had to use the phone because the anti-virus program on my laptop is blocking me.

DetLurker
11-05-13, 23:47
I use norton 360 and got this when logging on today. If an Admin catches this message please look in to this.

Thanks.

DL.

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

11/5/2013 10:26:49 PM, High, An intrusion attempt by vermoppp. Biz was blocked.,Blocked, No Action Required, Web Attack: Sweet Orange Exploit Kit Website, No Action Required, No Action Required,"vermoppp. Biz (62.109.11.214, 3029)", vermoppp. Biz:3029/ down / sbot / pages / classes. Php? Audit=21.

Network traffic from <be vermoppp. Biz:3029/ down / sbot / pages / classes. Php? Audit=21</ be matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX. EXE. To stop being notified for this type of traffic, in the <be Actions</ be panel, click <be Stop Notifying Me</ be .

Hlthyguy30
11-06-13, 03:18
Just tried to log in and got a alert from my Kaspersky anti virus. HEUR: Trojan. ScriptG was detected and blocked. I clicked the frequent visitor icon and and got the message, tried it twice and got the same message. Writing this on my phone and just got a wierd message from my phone anti virus telling me it stopped working. Any one else having this problem.I use noscript on my browser. A check of the active scripts running indicates a new one running on this board from address www.fattds.info (don't visit the page; it's probably a malware site). After reloading the page, though, the script disappears. It comes and goes; I think the script presence depends on the board advertisement script engine.

Simply use a browser that blocks java / Flash / active scripts from opening and running and you should be fine.

Barry Manilow
11-06-13, 18:28
I use noscript on my browser. A check of the active scripts running indicates a new one running on this board from address www.fattds.info (don't visit the page; it's probably a malware site). After reloading the page, though, the script disappears. It comes and goes; I think the script presence depends on the board advertisement script engine.

Simply use a browser that blocks java / Flash / active scripts from opening and running and you should be fine.Thanks for the info!

Fly Dangler
11-27-13, 10:45
I know we've gone through this before, but Chrome is again designating USASG as a malware site requiring frequent manual over rides to get and stay here. Checking into this further it seems the problem is not the site itself, but rather advertisers. Admin may want to check this out further.

Craven Morehed
11-27-13, 14:00
I know we've gone through this before, but Chrome is again designating USASG as a malware site requiring frequent manual over rides to get and stay here. Checking into this further it seems the problem is not the site itself, but rather advertisers. Admin may want to check this out further.Same thing in Firefox.

Fly Dangler
11-27-13, 16:06
Here's what Chrome's Diagnostics Page has to say:

What is the current listing status for usasexguide.info?

Site is listed as suspicious. Visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 5 time (s) over the past 90 days.

What happened when Google visited this site?

Of the 1300 pages we tested on the site over the past 90 days, 381 page (s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-11-27, and the last time suspicious content was found on this site was on 2013-11-26.

Malicious software includes 9 exploit (s). Successful infection resulted in an average of 2 new process (es) on the target machine.

Malicious software is hosted on 9 domain (s), including ideawatches. Biz /, afamilytreasure.com interloan. Biz /.

1 domain (s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including retsmeno. Biz /.

This site was hosted on 1 network (s) including AS8972 (PLUSSERVER-AS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, usasexguide.info appeared to function as an intermediary for the infection of 1 site (s) including myway.com.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

BrianDvd
11-29-13, 03:07
I had trouble accessing the site. It kept forwarding to some off web page claiming to be some cyber police urging me to send money grab or be arrested (for things I had not done). What happened was the site hacked?

Fly Dangler
11-29-13, 22:36
What happened was the site hacked?Not sure what happened, but (at least for me) everything is back to normal as of mid day today.

BrianDvd
11-30-13, 01:29
Not sure what happened, but (at least for me) everything is back to normal as of mid day today.Did you have problems accessing it though before then?

Seva Lurker
11-30-13, 08:57
I have had a couple of instances where Firefox tells me that the site has been reported a installing malware.

Personally I don't believe THIS site does that, BUT I would question some of the links that take us off of Jackson's site.

I am not sure how the search / antivirus checks validate whether a site is the actual infector or if it is just an intermediary.

My two cents, before you click on an ad or a link to a video posted by a monger, search for the the site address and see what is being said about it. If it is marked as suspicious, I would be careful in opening the link. Many image hosting sites will 'attack' your system when you click on a picture / video on their site.

Being cautious is your best bet and use protection.

BrianDvd
11-30-13, 09:21
I didn't click any links. It just seemed to additionally automatically forward to a site claiming to be. From Cyber police t and that it captured data on computer and wire a money gram or you will be arrested (and that last part pretty much proved it was not legitimate). I couldn't stop the forwarding.. As soon as it got to the site it forwarded even when I tried to hit stop on browser. Tried different browsers did the same thing. All using a phone and not full computer. Was odd.


I have had a couple of instances where Firefox tells me that the site has been reported a installing malware.

Personally I don't believe THIS site does that, BUT I would question some of the links that take us off of Jackson's site.

I am not sure how the search / antivirus checks validate whether a site is the actual infector or if it is just an intermediary.

My two cents, before you click on an ad or a link to a video posted by a monger, search for the the site address and see what is being said about it. If it is marked as suspicious, I would be careful in opening the link. Many image hosting sites will 'attack' your system when you click on a picture / video on their site.

Being cautious is your best bet and use protection.

Fly Dangler
11-30-13, 22:11
Did you have problems accessing it though before then?Yes, just as I described in my previous recent posts in this thread. The Chrome Diagnostics page findings I posted indicated the problem looked like it was actually from advertiser (s) links.

DetLurker
12-27-13, 14:20
Just started getting this today:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/27/2013 1:16:37 PM, High, An intrusion attempt by ujv2 f.explorerexporter. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action are.

Dildo Baggens
12-27-13, 14:55
I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.


Just started getting this today:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/27/2013 1:16:37 PM, High, An intrusion attempt by ujv2 f.explorerexporter. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action are.

Cephlapod Love
12-27-13, 16:00
I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.Here is what it looks like:

293683

Spaceball1
12-27-13, 16:02
I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.I also run AVG and I am getting the same thing. Every page I click on throws up a warning message of a threat that has been blocked.

Cephlapod Love
12-27-13, 16:05
I also run AVG and I am getting the same thing. Every page I click on throws up a warning message of a threat that has been blocked.Well nice to know I'm not the only one with this issue. Let's hope this isn't too big of a fix for the Mod!

OldPerv Oh
12-27-13, 16:33
If your antivirus dosent catch it it will install a fake antivirus program on your computer. I am running an old system with xp and IE8 and the malware installed an exe file in documents and settings / all users / application data. File can be deleted in safe mode.

NC Wanderer
12-29-13, 09:15
The attacks continue:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/29/2013 8:11:38 AM, High, An intrusion attempt by rfdh14 ax. Pawnbrokermechanic. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action Required, No Action Required,"rfdh14 ax. Pawnbrokermechanic. Pw (198.50.139.129, 80)", rfdh14 ax. Pawnbrokermechanic. Pw /4 f5 Qc5 fa-1-e. The-ce-5 O7_3 Hc_7 e_d_1-ddT9 LfX9_3 Y18_eacd-/11/18 f9607831 be1 dc3 c3 e288 cb9 b9 dc19 c.html,"D9 FQLM21-see (10.0.0.3, 2700)",198.50.139.129 (198.50.139.129),"TCP, www. Http".

Network traffic from <be rfdh14 ax. Pawnbrokermechanic. Pw /4 f5 Qc5 fa-1-e. The-ce-5 O7_3 Hc_7 e_d_1-ddT9 LfX9_3 Y18_eacd-/11/18 f9607831 be1 dc3 c3 e288 cb9 b9 dc19 c.html</ be matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE. EXE. To stop being notified for this type of traffic, in the <be Actions</ be panel, click <be Stop Notifying Me</ be .

Google now blocks the site.

NC.

Admin
12-29-13, 18:03
Greetings Everyone,

Google has been erroneously reporting that the USASG forum contains malware.

We subscribe to a virus/malware scanning service that scans the USASG site every hour looking for viruses, malware and/or other security hacks on the forum. This service alerted us of the Google warning within minutes of Google's notice.

Our virus/malware scanning service immediately scanned our entire server and advised us that there is no virus or malware hosted on our website or the server itself.

As per Google's own report, THERE IS NO VIRUS or MALWARE on the UsaSexGuide website.

You may read the Google report at...

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.usasexguide.info/forum/

Please read the text in the middle of the Google report that states...


Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.According to Google, the problem they have is that apparently the forum contains an EXTERNAL LINK to another website that they believe has a virus and/or malware.

My programmer and server admin are both working now to identify and remove the EXTERNAL LINK.

Let me repeat: According to Google's own report, the warning is DUE to a MALWARE ISSUE on ANOTHER WEBSITE.

We expect to have problematic links removed from the forum and functioning normally within a few hours.

Of course, it would be very helpful if fucking Google would tell us what is or where they found the link to the alleged malware website, but they are of no fucking use whatsoever.

The reality is that it's probably a redirected link, so we're only going to find it by clicking on every one of the thousands of links in the forum until we find the link that redirects us to the alleged malware website.

Google is a bunch of complete assholes posting these public warnings when they acknowledge that our website is clean of malware and without telling us what link is the problem.

Why don't they just blacklist the alleged malware website and leave it at that?

Anyway, I appreciate your patience in this regard.

Thanks,

Jackson

===========================================

Speeding Ticke
12-31-13, 19:26
I use Kaspersky and was getting a new warning for every new page load. That tells me that the "bad link" is located in one of the ads that appears on each and every page. As of 12/31 it doesn't seem to be an issue. I would recommend a constant review of your advertisers rotating links.

Fly Dangler
01-01-14, 08:15
I use Kaspersky and was getting a new warning for every new page load. That tells me that the "bad link" is located in one of the ads that appears on each and every page. As of 12/31 it doesn't seem to be an issue. I would recommend a constant review of your advertisers rotating links.Back when we were getting the warnings the ad for "Rub Maps" was appearing on every page the warning was issued for. That's no longer the case and the warnings have disappeared. Coincidence?

Jazak
01-01-14, 08:29
Looks like the problem has been taken care of. No more virus alerts from AVG. Thank you.

OldManInVa
06-04-19, 18:24
I am getting a warning from my Norton Antivirus every time I visit this site saying it is blocking malware. It is indicating I am visiting a malicious site with this IP 67.22. 44.93.

Socialguy
06-05-19, 09:46
I am getting a warning from my Norton Antivirus every time I visit this site saying it is blocking malware. It is indicating I am visiting a malicious site with this IP 67.22. 44.93.Same here.