Jump to content

Click Here!

Virus threat

Aysha c.c.

By Aysha c.c.
in Archive Tech Support

 Share

Recommended Posts

Aysha c.c. Newbie

Aysha c.c.

Posted
Posted

Twice today. My antivirus software reported a threat to me when I accessed the archives website. I think something is going on and you might want to check into it.

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Aysha c.c. Newbie

Aysha c.c.

Posted
  • Author
Posted (edited)

My browser is Internet Explorer 9 and my antivirus is webroot secureanywhere

Edited by Aysha c.c.
DemonGoddess Collaborator

DemonGoddess

Posted
Posted

I just checked each and every subdomain with Firefox 13.x. I use Kaspersky, and it kicked nothing at all. I also have a code embedded in all index pages, for google indexing. It's tied in to the virus warnings from google as well in the webmaster tools, and I've received nothing there either.

Aysha c.c. Newbie

Aysha c.c.

Posted
  • Author
Posted

It just happened to me again the moment I opened my web browser to the forms. This is a copy of the threat that popped up. Minus my name for privacy reasons c:\users\\appdata\local\temp\8.02638896970827e8.exe

Aysha c.c. Newbie

Aysha c.c.

Posted
  • Author
Posted

It was something that your website put into my temporary files. Basically my cookies



It only happens when I accessed this website and my antivirus immediately catches it and eliminates it

DemonGoddess Collaborator

DemonGoddess

Posted
Posted

Temp files are cookies, flash files which will download partially to a computer to run, ActiveX controls, and a host of other things besides. I'm not saying that your antivirus didn't find anything. What I AM saying though, is that it's possible you had a tab open to a different site which had the actual infection, or the file itself picked something to spoof from your own history.

Looking further in to the software being used, I'm seeing reviews saying that for phishing/malware it doesn't work as well as it should. This is actually COMMON in antivirus software, which is why you'll often see people installing something in addition to the AV software to run scans solely to eliminate phishing/malware.

If it was here, as I said, we would have been notified by the webmaster tools from google itself. Chrome would've kicked and not allowed acces at ALL. This link will give you the google diagnostics information.

Aysha c.c. Newbie

Aysha c.c.

Posted
  • Author
Posted (edited)

Okay, since I can't seem to convince you this will be my last time saying anything about this. Before I opened my Internet browser. I deleted all of my temporary files and before I came to your site I went to five different sites that I know to be secure, and I had no problems. Just to be on the safe side, I deleted my temporary files again and then opened a link directly to the adult fanfiction forums and as soon as the webpage opened my antivirus caught this (ywr4atg.exe in c:\users\Aysha c.c.\appdata\temp W32.Rogue.Gen)

No. Choose to believe that it's your site or not, it's up to you . It's not getting through my antivirus , so I'm not overly concerned about it I just thought you would like to look into it and be absolutely certain that someone hasn't put a virus on your site.

Edited by Aysha c.c.
boo Newbie

boo

Posted
Posted

I too got a serious virus warning two days ago that between MSSE and MalwareBytes, I was able to clean off my computer, but it left junk behind in my registry that’s still giving me problems, and it definitely came from here, because everything was fine until about two seconds after coming here that day. It happened in connection to the appearance of this fake security warning popup (lower right hand corner):

th_983985360_NewBitmapImage_122_21lo.jpg

Which was the first time I ever saw it here, is most definitely not coming from my machine, and is still occurring as of a few minutes prior to my post here. I’d bet money that since it only happens sporadically, you’ve got a virus-riddled ad in your ad rotation.

XP Professional 5.1.2600 SP3 Build 2600 with IE 8.0.6001.18702 (128-bit)

DemonGoddess Collaborator

DemonGoddess

Posted
Posted

I have gone through each and every ad insert in the database.

I have gone through the file directories looking for anything at all suspicious or newly added

I've also limited access to the ad program itself, to where it's only accessible to users when I give access.

To satisfy everyone, I have done this again, just now.

I'm still finding absolutely nothing at all.

Yes, I am aware that OpenX had vulnerabilities in the past. I've not heard anything as of yet regarding the latest version. However, that doesn't mean the vulnerabilities aren't still there.

BECAUSE we went through this before where we had an insert of malicious code via a robot hack in this program, if anyone says anything, I check.

DemonGoddess Collaborator

DemonGoddess

Posted
Posted

...and an update.

Now, the warning is showing up. However, it's only showing up for the final fantasy subdomain.

Kaspersky safe browsing is kicking up nothing at all in that subdomain.

I even used the google link to test, and this is what it says. Pay close attention to the highlights please

post-5266-0-20448600-1362028731_thumb.png

I will keep searching and see what I can find so I can fix it. But I have to FIND it first.

In the meantime, it's late and I have work in the morning. So, I won't be looking until after work tomorrow.

Guest JustS

Guest JustS

Posted
Posted

Chrome is giving me a Malware warning when I try to go into pretty much any archive :(

DemonGoddess Collaborator

DemonGoddess

Posted
Posted

I'm in the process of fixing all of this. I've subscribed the site to a service which specifically kills these kinds of intrusions. As we've had 3 subdomains listed within the last 2 days, I expected the rest of the site to start being listed as well.

It's going to take up to 24 hours for the scan and possible repairs to be done, as well as removal from the google blacklist as an attack site.

Mind you, this is what the google diagnostics page says

Of the 1 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-15, and suspicious content was never found on this site within the past 90 days.

That tells me there's actually nothing there, but that the domain itself will be listed like this until the steps I have in progress are finished.

Guest breezies

Guest breezies

Posted
Posted

I don't know if this convo is over or not, but I keep getting "Reported Attack Page!" whenever I go to any pages, including the forum. The toolbar is all screwed up on all of the pages too.

post-0-0-32034600-1362110294_thumb.jpg

post-0-0-58078400-1362110300_thumb.jpg

Guest akyn

Guest akyn

Posted
Posted

I just wanted to update you with the malware alert I'm getting. I'm using a chromebook and here are some screenshots.

sA7m8V5.pngzk9PIxy.png

RogueMudblood Newbie

RogueMudblood

Posted
Posted (edited)

Please read this:

It's going to take up to 24 hours for the scan and possible repairs to be done, as well as removal from the google blacklist as an attack site.

You'll notice I've bolded it. It takes time for Google to remove the site from its blacklist.

Edited by RogueMudblood
Guest Wonko The Sane

Guest Wonko The Sane

Posted
Posted

Could the site have been falsely reported to Google by some misguided member of the Moral Moronity?

Guest Birdymain

Guest Birdymain

Posted
Posted

I was looking at the report google put up 8 hours ago.
In any case I hope this gets solved. And I suggest everyone scan their computer just incase.

Safe Browsing Diagnostic page for adult-fanfiction.org

What is the current listing status for adult-fanfiction.org?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 21 time(s) over the past 90 days.

What happened when Google visited this site?

Of

the 324 pages we tested on the site over the past 90 days, 117 page(s)

resulted in malicious software being downloaded and installed without

user consent. The last time Google visited this site was on 2013-02-28,

and the last time suspicious content was found on this site was on

2013-02-28.

Malicious software is hosted on 2 domain(s), including
,
.

This site was hosted on 1 network(s) including
.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, adult-fanfiction.org appeared to function as an intermediary for the infection of 9 site(s) including
,
,
.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Updated 8 hours ago

©2008 Google - Google Home

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...