Virus warning on SH
- Thread starter shooter65
- Start date
Re: Virus warning on SH
10/17/2010 8:32:45 AM Detected: HEUR:Exploit.Script.Generic Internet Explorer C:\Users\ I took this part out as it is computers name \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7H382VA0\af2de23c98a[1].htm
10/17/2010 8:32:55 AM Cannot be quarantined: HEUR:Exploit.Script.Generic Internet Explorer C:\Users\ Same reason as about \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7H382VA0\af2de23c98a[1].htm
10/17/2010 8:32:45 AM Detected: HEUR:Exploit.Script.Generic Internet Explorer C:\Users\ I took this part out as it is computers name \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7H382VA0\af2de23c98a[1].htm
10/17/2010 8:32:55 AM Cannot be quarantined: HEUR:Exploit.Script.Generic Internet Explorer C:\Users\ Same reason as about \AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7H382VA0\af2de23c98a[1].htm
Re: Virus warning on SH
Warning: Visiting this site may harm your computer!
The website at www.snipershide.com contains elements from the site lebistes.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for lebistes.com.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer.
Thats the box I get in google Chrome.
It now looks like I need to do some cleaning... Glad to hear I'm not the only diseased one. Sharing is caring lol
Warning: Visiting this site may harm your computer!
The website at www.snipershide.com contains elements from the site lebistes.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for lebistes.com.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer.
Thats the box I get in google Chrome.
It now looks like I need to do some cleaning... Glad to hear I'm not the only diseased one. Sharing is caring lol
Re: Virus warning on SH
my computer is just fine now, I didn't do anything, it's whatever Frank did on his end that fixed it for me.
my computer is just fine now, I didn't do anything, it's whatever Frank did on his end that fixed it for me.
Re: Virus warning on SH
Same hacker from the night before... he is dropping in code in the middle of the night infecting the site.
it was removed again, same as yesterday each line, now I am looking for a script he may have inserted to override the repair.
Sorry, this guys is not stopping so i have asked the server guys to help find any code he left behind. I pulled every <iFrame> he inserted manually and removed it, but he may have created an account someone or inserted an automated script that runs overnight. --
I'm working the problem as best I can. -- needless to say the current script is gone.
Same hacker from the night before... he is dropping in code in the middle of the night infecting the site.
it was removed again, same as yesterday each line, now I am looking for a script he may have inserted to override the repair.
Sorry, this guys is not stopping so i have asked the server guys to help find any code he left behind. I pulled every <iFrame> he inserted manually and removed it, but he may have created an account someone or inserted an automated script that runs overnight. --
I'm working the problem as best I can. -- needless to say the current script is gone.
Re: Virus warning on SH
Just a heads up ran Malwarebytes, and NOD32 by ESET, and found nothing on my machine.
Just a heads up ran Malwarebytes, and NOD32 by ESET, and found nothing on my machine.
Re: Virus warning on SH
Good time to remind folks to get good malware protection. Malwarebytes has protected me thru this whole thing, no issues on my end. And its cheap software and it works.
Wonder if the dork that is doing this has a name that rhymes with laser?
Good time to remind folks to get good malware protection. Malwarebytes has protected me thru this whole thing, no issues on my end. And its cheap software and it works.
Wonder if the dork that is doing this has a name that rhymes with laser?
Re: Virus warning on SH
I still haven't had a problem at all. Running Firefox with Adblock Plus, on two different computers with different antivirus software. I know Chrome is usually better for virus prevention, but maybe for now until this jackass knocks it off it would be better for folks to run the same.
I am going to look into the other antivirus suggestions made here though. I'm running AVG Free (I'm cheap), and Spybot SD. Time to call my brother the programmer for the latest and greatest. My computer knowledge level is only the latest info I get from him.
I still haven't had a problem at all. Running Firefox with Adblock Plus, on two different computers with different antivirus software. I know Chrome is usually better for virus prevention, but maybe for now until this jackass knocks it off it would be better for folks to run the same.
I am going to look into the other antivirus suggestions made here though. I'm running AVG Free (I'm cheap), and Spybot SD. Time to call my brother the programmer for the latest and greatest. My computer knowledge level is only the latest info I get from him.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mudcat-NC</div><div class="ubbcode-body">Good time to remind folks to get good malware protection. Malwarebytes has protected me thru this whole thing, no issues on my end. And its cheap software and it works.
Wonder if the dork that is doing this has a name that rhymes with laser? </div></div>
Please this is way beyond his pay grade and you guys with a Mazer fixation need to get a life and ignore him and his...
Most of these hacks come from overseas... and it is pretty deep rooted. The last attempt before this weekend came from Brazil
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mudcat-NC</div><div class="ubbcode-body">Good time to remind folks to get good malware protection. Malwarebytes has protected me thru this whole thing, no issues on my end. And its cheap software and it works.
Wonder if the dork that is doing this has a name that rhymes with laser? </div></div>
Please this is way beyond his pay grade and you guys with a Mazer fixation need to get a life and ignore him and his...
Most of these hacks come from overseas... and it is pretty deep rooted. The last attempt before this weekend came from Brazil
Re: Virus warning on SH
I just spent most of the day getting the virus off my computer. That sucked! I'd love to remove some flesh from the asshole that put it there.
I just spent most of the day getting the virus off my computer. That sucked! I'd love to remove some flesh from the asshole that put it there.
Re: Virus warning on SH
Well I just finished talking with the server guys looking to close any possible exploit -- basically I have been scouring the system since 9AM -- it's now 2PM as well the Geovario guys have their people going file by file looking and patching.
We found a couple of potential exploits and closed them. We know the malware is off the system now, it's free of it. But the question will be if the hacker put in a back door we don't know about, that we didn't plug and he does it again. We are 90% sure we found his entrance and shut it, but...
To be safe, tomorrow morning have your blockers up and running, I am going to check early in the AM to make sure it's not there again, and we'll see. if it is good tomorrow I figure we closed it.
I seriously apologize to everyone who was infected -- it sucks these guys will do this, and we take this very seriously to prevent this kind of thing. But I can tell you they try every week to do this to the site. Most of the time we catch them, this time they got us.
Well I just finished talking with the server guys looking to close any possible exploit -- basically I have been scouring the system since 9AM -- it's now 2PM as well the Geovario guys have their people going file by file looking and patching.
We found a couple of potential exploits and closed them. We know the malware is off the system now, it's free of it. But the question will be if the hacker put in a back door we don't know about, that we didn't plug and he does it again. We are 90% sure we found his entrance and shut it, but...
To be safe, tomorrow morning have your blockers up and running, I am going to check early in the AM to make sure it's not there again, and we'll see. if it is good tomorrow I figure we closed it.
I seriously apologize to everyone who was infected -- it sucks these guys will do this, and we take this very seriously to prevent this kind of thing. But I can tell you they try every week to do this to the site. Most of the time we catch them, this time they got us.
Re: Virus warning on SH
I just got a video that attempted to open, A VIDEO??
I closed it however...
I just got a video that attempted to open, A VIDEO??
I closed it however...
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">I just got a video that attempted to open, A VIDEO??
I closed it however...</div></div>
from where ?
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">I just got a video that attempted to open, A VIDEO??
I closed it however...</div></div>
from where ?
Re: Virus warning on SH
since we are on the second page of this I thought I would repost this suggestion to all members.
Use this app to surf any and all websites and you will be safe from all current and future attacks.
www.sandboxie.com
PM with any questions
since we are on the second page of this I thought I would repost this suggestion to all members.
Use this app to surf any and all websites and you will be safe from all current and future attacks.
www.sandboxie.com
PM with any questions
Re: Virus warning on SH
We found it... or them.
Hostname: mail.ikiweb.it
ISP: Intereasy Italy SPA
Not much we can do but block their access and remove the files they used to attack the site.
fingers crossed. I am sure this is not the last time, as it certainly wasn't the first.
We found it... or them.
Hostname: mail.ikiweb.it
ISP: Intereasy Italy SPA
Not much we can do but block their access and remove the files they used to attack the site.
fingers crossed. I am sure this is not the last time, as it certainly wasn't the first.
G
Guest
Guest
Re: Virus warning on SH
Open DNS does a decent job of blocking access to known bad sites.
It's free and relatively easy to set up.
http://www.opendns.com/
This is for the users of the site, not the admins.
Open DNS does a decent job of blocking access to known bad sites.
It's free and relatively easy to set up.
http://www.opendns.com/
This is for the users of the site, not the admins.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Lowlight</div><div class="ubbcode-body"><div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mudcat-NC</div><div class="ubbcode-body"> Wonder if the dork that is doing this has a name that rhymes with laser? </div></div>
Please this is way beyond his pay grade and you guys with a Mazer fixation need to get a life and ignore him and his...
</div></div>
Yep, it was a joke. Actually, I never found him to be an annoyance, mainly cause I just ignored him.
According to my malwarebytes, the IP that was trying to get in was something like 70.70.204.26 I think, but cant recall for sure. Not sure that means anything though....as this too is above my paygrade.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Lowlight</div><div class="ubbcode-body"><div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mudcat-NC</div><div class="ubbcode-body"> Wonder if the dork that is doing this has a name that rhymes with laser? </div></div>
Please this is way beyond his pay grade and you guys with a Mazer fixation need to get a life and ignore him and his...
</div></div>
Yep, it was a joke. Actually, I never found him to be an annoyance, mainly cause I just ignored him.
According to my malwarebytes, the IP that was trying to get in was something like 70.70.204.26 I think, but cant recall for sure. Not sure that means anything though....as this too is above my paygrade.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: tucker301</div><div class="ubbcode-body">Open DNS does a decent job of blocking access to known bad sites.
It's free and relatively easy to set up.
http://www.opendns.com/
This is for the users of the site, not the admins. </div></div>
As a side note to this suggestion when you follow the steps on how to set your computer or router to OpenDNS you do NOT need to create an account which is the final step. All you need to do is set your DNS settings on your PC or router to Open DNS so if you know how to do that just enter the following:
208.67.222.222
208.67.222.220
The link is good if you don't know how to go about doing this because it gives specific instructions based on the PC or router you have after you tell it what model you're rocking.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: tucker301</div><div class="ubbcode-body">Open DNS does a decent job of blocking access to known bad sites.
It's free and relatively easy to set up.
http://www.opendns.com/
This is for the users of the site, not the admins. </div></div>
As a side note to this suggestion when you follow the steps on how to set your computer or router to OpenDNS you do NOT need to create an account which is the final step. All you need to do is set your DNS settings on your PC or router to Open DNS so if you know how to do that just enter the following:
208.67.222.222
208.67.222.220
The link is good if you don't know how to go about doing this because it gives specific instructions based on the PC or router you have after you tell it what model you're rocking.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">I just got a video that attempted to open, A VIDEO??
I closed it however... </div></div>
Same here, and for at least 4 days. I got all bolloxed up on Thursday and took SnafuBar's advice and loaded MalwareBytes. Found several trojans and corrupt objects.
I then took Tucker's advice and loaded MSE. My system never went down but Norton was struggling with the attack.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">I just got a video that attempted to open, A VIDEO??
I closed it however... </div></div>
Same here, and for at least 4 days. I got all bolloxed up on Thursday and took SnafuBar's advice and loaded MalwareBytes. Found several trojans and corrupt objects.
I then took Tucker's advice and loaded MSE. My system never went down but Norton was struggling with the attack.
Re: Virus warning on SH
I opened in safe mode, down loaded Malwarebytes and MSE. I tried to run each one and my system won't allow it. I am pretty much screwed. I will probably have to take my laptop to a shop and have them run their diagnostics and fix the problem. Bad weekend
I opened in safe mode, down loaded Malwarebytes and MSE. I tried to run each one and my system won't allow it. I am pretty much screwed. I will probably have to take my laptop to a shop and have them run their diagnostics and fix the problem. Bad weekend
Re: Virus warning on SH
Dave, If it is possible for you. Download the iso file bitdefender.com/rescue_cd at this web site and burn the CD. Put the burned CD into your machine and get into the BIOS and then into the boot order and have the CD boot first. This will load the Linux CD and let it update and run. Then remove the viruses on th system and reboot. This "should" take care of the problem. Any time you run into a problem give it a shot.
http://download.bitdefender.com/rescue_cd/
Dave, If it is possible for you. Download the iso file bitdefender.com/rescue_cd at this web site and burn the CD. Put the burned CD into your machine and get into the BIOS and then into the boot order and have the CD boot first. This will load the Linux CD and let it update and run. Then remove the viruses on th system and reboot. This "should" take care of the problem. Any time you run into a problem give it a shot.
http://download.bitdefender.com/rescue_cd/
Re: Virus warning on SH
try renaming the malwarebytes.exe something like friend.exe then try to run it. You will need to do it to the one called mbam.exe in the malwarebytes folder.
try renaming the malwarebytes.exe something like friend.exe then try to run it. You will need to do it to the one called mbam.exe in the malwarebytes folder.
Re: Virus warning on SH
before you do that. Do this
click start - My Computer - click on the C: icon- then click on program files - find the folder malware bytes click on it. -
right click on the file called MBAM in the dropdown menue click rename. Then call it friend. Hit enter. then double click that file. Malware bytes should open.
before you do that. Do this
click start - My Computer - click on the C: icon- then click on program files - find the folder malware bytes click on it. -
right click on the file called MBAM in the dropdown menue click rename. Then call it friend. Hit enter. then double click that file. Malware bytes should open.
Re: Virus warning on SH
somehow I got something called "Security Tool" it is a fake antivirus program that tries to trick people into paying $79.95 for protection. Then they hit your credit card multiple times. The pop ups for it were driving me crazy. Took the better part of two hours to remove it.
somehow I got something called "Security Tool" it is a fake antivirus program that tries to trick people into paying $79.95 for protection. Then they hit your credit card multiple times. The pop ups for it were driving me crazy. Took the better part of two hours to remove it.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mute</div><div class="ubbcode-body">I got a Java script screen and next thing I know, something called Security Tools is on my system and running a scan (a program I've never installed on my system). </div></div>
I got this as well but luckily my security software blocked it.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Mute</div><div class="ubbcode-body">I got a Java script screen and next thing I know, something called Security Tools is on my system and running a scan (a program I've never installed on my system). </div></div>
I got this as well but luckily my security software blocked it.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Dave_</div><div class="ubbcode-body">I opened in safe mode, down loaded Malwarebytes and MSE. I tried to run each one and my system won't allow it. I am pretty much screwed. I will probably have to take my laptop to a shop and have them run their diagnostics and fix the problem. Bad weekend
</div></div>
I did the same thing and it didn't work. I found out the location of the virus in regular mode (right click and look at properties) and then went into safe mode. In safemode it is not activated so it is not protecting itself. Just delete the virus and immediately remove it from your recycle bin. It is really easy once I figured it out.
By they way the crap that I got was the Security Tools virus.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: Dave_</div><div class="ubbcode-body">I opened in safe mode, down loaded Malwarebytes and MSE. I tried to run each one and my system won't allow it. I am pretty much screwed. I will probably have to take my laptop to a shop and have them run their diagnostics and fix the problem. Bad weekend
I did the same thing and it didn't work. I found out the location of the virus in regular mode (right click and look at properties) and then went into safe mode. In safemode it is not activated so it is not protecting itself. Just delete the virus and immediately remove it from your recycle bin. It is really easy once I figured it out.
By they way the crap that I got was the Security Tools virus.
G
Guest
Guest
Re: Virus warning on SH
Here's the strong medicine, boys.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Here's the strong medicine, boys.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
G
Guest
Guest
Re: Virus warning on SH
Also, you can go back to the comprehensive thread on virus and malware removal here.
http://www.snipershide.com/forum/ubbthreads.php?ubb=showflat&Number=1891860#Post1891860
Also, you can go back to the comprehensive thread on virus and malware removal here.
http://www.snipershide.com/forum/ubbthreads.php?ubb=showflat&Number=1891860#Post1891860
Re: Virus warning on SH
my way was easy and seemed to work.
Just create a new user profile on your computer and give it administrative rights.
Go into the new profile and you can download, run and remove with the Malewarebytes. Then go back in your old user profile.
my way was easy and seemed to work.
Just create a new user profile on your computer and give it administrative rights.
Go into the new profile and you can download, run and remove with the Malewarebytes. Then go back in your old user profile.
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: tucker301</div><div class="ubbcode-body">Here's the strong medicine, boys.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix </div></div>
Tucker I ran combofix on my computer and it was denied when it tried to run doing nothing also. I have it fixed now after spending about two hours trying to remove the damn thing but it is gone and I am happy about that. I have gotten malware before but nothing as strong as this one was.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: tucker301</div><div class="ubbcode-body">Here's the strong medicine, boys.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix </div></div>
Tucker I ran combofix on my computer and it was denied when it tried to run doing nothing also. I have it fixed now after spending about two hours trying to remove the damn thing but it is gone and I am happy about that. I have gotten malware before but nothing as strong as this one was.
Re: Virus warning on SH
Or if you are in the PNW you can call me, I'm unemployed and will be happy to fix it for you.
Or if you are in the PNW you can call me, I'm unemployed and will be happy to fix it for you.
G
Guest
Guest
Re: Virus warning on SH
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">Or if you are in the PNW you can call me, I'm unemployed and will be happy to fix it for you.
</div></div>
Hmmmm.... Now we have a suspect!
Just kidding.
<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: ArcticLight</div><div class="ubbcode-body">Or if you are in the PNW you can call me, I'm unemployed and will be happy to fix it for you.
Hmmmm.... Now we have a suspect!
Just kidding.
Re: Virus warning on SH
my suggestion, is to download www.ccleaner.com and clear your temporary internet cache. you can also google search on disabling system restore.
download www.superantispyware.com (the portable version is great)
malwarebytes as already instructed
and combofix. (www.combofix.org) (if you can't download them to your computer use a working computer and put the files on a cd or thumb drive)
boot your computer into safe mode with networking support. Install, update and run quick scans of all the programs listed above and remove anything found. if its a rootkit, it will ask you to restart your computer, do that and it will continue the scan for combofix.
there are plenty of bootable scanners out there but they can only do so much. the programs above will clean about 99% of the computers out there.
my suggestion, is to download www.ccleaner.com and clear your temporary internet cache. you can also google search on disabling system restore.
download www.superantispyware.com (the portable version is great)
malwarebytes as already instructed
and combofix. (www.combofix.org) (if you can't download them to your computer use a working computer and put the files on a cd or thumb drive)
boot your computer into safe mode with networking support. Install, update and run quick scans of all the programs listed above and remove anything found. if its a rootkit, it will ask you to restart your computer, do that and it will continue the scan for combofix.
there are plenty of bootable scanners out there but they can only do so much. the programs above will clean about 99% of the computers out there.
Re: Virus warning on SH
I know I will be singing a different tune once they start going after MAC users. Until then, I am digging that glowing apple symbol on my computer. Hope everyone gets it cleared up. Lastly, for the MAC guys...I am using Intego to protect my MAC. It is a nice, tight, all-in-one package.
Josh
I know I will be singing a different tune once they start going after MAC users. Until then, I am digging that glowing apple symbol on my computer. Hope everyone gets it cleared up. Lastly, for the MAC guys...I am using Intego to protect my MAC. It is a nice, tight, all-in-one package.
Josh
G
Guest
Guest
Re: Virus warning on SH
Ubuntu is equally nice.
It's not a bad idea to setup a PC as dual-boot with Windows/Ubuntu and use Ubuntu for surfing and Windows for business, etc.
http://www.ubuntu.com/desktop/get-ubuntu/windows-installer
Ubuntu is equally nice.
It's not a bad idea to setup a PC as dual-boot with Windows/Ubuntu and use Ubuntu for surfing and Windows for business, etc.
http://www.ubuntu.com/desktop/get-ubuntu/windows-installer
Re: Virus warning on SH
OK - that took some effort to get rid of.
<span style="font-weight: bold">Tucker</span> - big thank you.
Good luck
OK - that took some effort to get rid of.
<span style="font-weight: bold">Tucker</span> - big thank you.
Good luck
Re: Virus warning on SH
If it makes you guys feel any better, it took me and the web guys over 6 hours straight to find and remove the problem from the server.
I had a team of guys, it was 3 phones one lasting an hour, plus a whole lot of downloading, reinstalling and scanning to find the file.
If it makes you guys feel any better, it took me and the web guys over 6 hours straight to find and remove the problem from the server.
I had a team of guys, it was 3 phones one lasting an hour, plus a whole lot of downloading, reinstalling and scanning to find the file.
Similar threads
