Malware designation

[Socialguy]

I am getting a warning from my Norton Antivirus every time I visit this site saying it is blocking malware. It is indicating I am visiting a malicious site with this IP 67.22. 44.93.

Same here.

[OldManInVa]

I am getting a warning from my Norton Antivirus every time I visit this site saying it is blocking malware. It is indicating I am visiting a malicious site with this IP 67.22. 44.93.

[Jazak]

Looks like the problem has been taken care of. No more virus alerts from AVG. Thank you.

[Fly Dangler]

I use Kaspersky and was getting a new warning for every new page load. That tells me that the "bad link" is located in one of the ads that appears on each and every page. As of 12/31 it doesn't seem to be an issue. I would recommend a constant review of your advertisers rotating links.

Back when we were getting the warnings the ad for "Rub Maps" was appearing on every page the warning was issued for. That's no longer the case and the warnings have disappeared. Coincidence?

[Speeding Ticke]

I use Kaspersky and was getting a new warning for every new page load. That tells me that the "bad link" is located in one of the ads that appears on each and every page. As of 12/31 it doesn't seem to be an issue. I would recommend a constant review of your advertisers rotating links.

[Admin]

Greetings Everyone,

Google has been erroneously reporting that the USASG forum contains malware.

We subscribe to a virus/malware scanning service that scans the USASG site every hour looking for viruses, malware and/or other security hacks on the forum. This service alerted us of the Google warning within minutes of Google's notice.

Our virus/malware scanning service immediately scanned our entire server and advised us that there is no virus or malware hosted on our website or the server itself.

As per Google's own report, THERE IS NO VIRUS or MALWARE on the UsaSexGuide website.

You may read the Google report at...

http://safebrowsing.clients.google.c...de.info/forum/

Please read the text in the middle of the Google report that states...

Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.

According to Google, the problem they have is that apparently the forum contains an EXTERNAL LINK to another website that they believe has a virus and/or malware.

My programmer and server admin are both working now to identify and remove the EXTERNAL LINK.

Let me repeat: According to Google's own report, the warning is DUE to a MALWARE ISSUE on ANOTHER WEBSITE.

We expect to have problematic links removed from the forum and functioning normally within a few hours.

Of course, it would be very helpful if fucking Google would tell us what is or where they found the link to the alleged malware website, but they are of no fucking use whatsoever.

The reality is that it's probably a redirected link, so we're only going to find it by clicking on every one of the thousands of links in the forum until we find the link that redirects us to the alleged malware website.

Google is a bunch of complete assholes posting these public warnings when they acknowledge that our website is clean of malware and without telling us what link is the problem.

Why don't they just blacklist the alleged malware website and leave it at that?

Anyway, I appreciate your patience in this regard.

Thanks,

Jackson

===========================================

[NC Wanderer]

The attacks continue:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/29/2013 8:11:38 AM, High, An intrusion attempt by rfdh14 ax. Pawnbrokermechanic. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action Required, No Action Required,"rfdh14 ax. Pawnbrokermechanic. Pw (198.50.139.129, 80)", rfdh14 ax. Pawnbrokermechanic. Pw /4 f5 Qc5 fa-1-e. The-ce-5 O7_3 Hc_7 e_d_1-ddT9 LfX9_3 Y18_eacd-/11/18 f9607831 be1 dc3 c3 e288 cb9 b9 dc19 c.html,"D9 FQLM21-see (10.0.0.3, 2700)",198.50.139.129 (198.50.139.129),"TCP, www. Http".

Network traffic from <be rfdh14 ax. Pawnbrokermechanic. Pw /4 f5 Qc5 fa-1-e. The-ce-5 O7_3 Hc_7 e_d_1-ddT9 LfX9_3 Y18_eacd-/11/18 f9607831 be1 dc3 c3 e288 cb9 b9 dc19 c.html</ be matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE. EXE. To stop being notified for this type of traffic, in the <be Actions</ be panel, click <be Stop Notifying Me</ be .

Google now blocks the site.

NC.

[OldPerv Oh]

If your antivirus dosent catch it it will install a fake antivirus program on your computer. I am running an old system with xp and IE8 and the malware installed an exe file in documents and settings / all users / application data. File can be deleted in safe mode.

[Cephlapod Love]

I also run AVG and I am getting the same thing. Every page I click on throws up a warning message of a threat that has been blocked.

Well nice to know I'm not the only one with this issue. Let's hope this isn't too big of a fix for the Mod!

[Spaceball1]

I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.

I also run AVG and I am getting the same thing. Every page I click on throws up a warning message of a threat that has been blocked.

[Cephlapod Love]

I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.

Here is what it looks like:

[Dildo Baggens]

I'm getting similar issues, Here is what AVG says:

JavaScript Obfuscation is a malicious code present on fraudulent websites or illegally injected on legitimate but hacked websites without the knowledge of the administrator. The intention behind these code injections is to detect and exploit vulnerabilities on applications installed on your computer to install malicious and unwated software that compromise the security of all data on the affected PC. JavaScript Obfuscation is currently ranked 50 in the world of online malware, affecting less than 100 users, in 199 countries.

Just started getting this today:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/27/2013 1:16:37 PM, High, An intrusion attempt by ujv2 f.explorerexporter. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action are.

[DetLurker]

Just started getting this today:

Category: Intrusion Prevention.

Date & Time, Risk, Activity, Status, Recommended Action, IPS Alert Name, Default Action, Action Taken, Attacking Computer, Attacker URL, Destination Address, Source Address, Traffic Description.

12/27/2013 1:16:37 PM, High, An intrusion attempt by ujv2 f.explorerexporter. Pw was blocked.,Blocked, No Action Required, Web Attack: Nuclear Exploit Kit Website, No Action are.

[Fly Dangler]

Did you have problems accessing it though before then?

Yes, just as I described in my previous recent posts in this thread. The Chrome Diagnostics page findings I posted indicated the problem looked like it was actually from advertiser (s) links.

[BrianDvd]

I didn't click any links. It just seemed to additionally automatically forward to a site claiming to be. From Cyber police t and that it captured data on computer and wire a money gram or you will be arrested (and that last part pretty much proved it was not legitimate). I couldn't stop the forwarding.. As soon as it got to the site it forwarded even when I tried to hit stop on browser. Tried different browsers did the same thing. All using a phone and not full computer. Was odd.

I have had a couple of instances where Firefox tells me that the site has been reported a installing malware.

Personally I don't believe THIS site does that, BUT I would question some of the links that take us off of Jackson's site.

I am not sure how the search / antivirus checks validate whether a site is the actual infector or if it is just an intermediary.

My two cents, before you click on an ad or a link to a video posted by a monger, search for the the site address and see what is being said about it. If it is marked as suspicious, I would be careful in opening the link. Many image hosting sites will 'attack' your system when you click on a picture / video on their site.

Being cautious is your best bet and use protection.