| Main Menu
Birthdays
Site Info
 members: 10370
 guests online: 41
 members online: 5
 You are an anonymous user. You can register for free by clicking here
Forum Info
| FORUM STATISTICS | | | Total | Daily | | Topics: | 29128 | | 8.00 | | Users: | 9960 | | 2.73 | | Posts: | 359703 | | 98.75 |
| | | | MEMBERS ONLINE | | | | There are 41 unlogged users and 5 registered users online | | You are an anonymous user. You can register for free by clicking here |
|
Login
|
|
| Author |
Message |
5150rob
|
|
Post subject: keep getting malware on this site
 Posted: Jul 13, 2011 - 05:51 PM
|
|
Joined: Jan 03, 2005
Posts: 1069
Location: United States
Status: Offline
|
|
Hey guys,
I am using a different computer this time and all seems ok but has anyone had a problem over the last week picking up malware, worms or anything of the sort when checking the guitar pages of this site? The last 2 times over the last week or so every time I log on to that page my computer locks up and I get infected and have to remove the malware.... It just did it again to me this am at about 0800hrs and its taken me the last few hours to remove the garbage off my computer.
I am not a computer guru but my computer is proteced but by the simple fact that I am doing just fine on this computer shows me that my other computer may not be as protected as I thought it was.
anyone having problems with malware or worms on this site as of late or am I the only one? If anything I just want to give people a heads up that something has been going on and I dont know what it is.
thanks,
Rob |
_________________
ITS NOT HOW HARD YA HIT.... ITS HOW HARD YA CAN GET HIT... AN KEEP MOVIN FORWARD... THATS HOW WINNIN IS DONE!!!
"BALBOA 2006"
|
| |
|
|
|
 |
|
OokraMoO
|
|
|
Post subject: RE: keep getting malware on this site
Posted: Jul 14, 2011 - 12:42 AM
|
|
Joined: Jul 10, 2011
Posts: 82
Status: Offline
|
|
Hey Rob, kraM from Kramer and other VH forum.
You should download Avast, it's a free virus software and one of the best around.
Also download CCleaner, it's also free and gets rid of all crap like malmare/spyware/cookies etc.
Been doing this for years now and never had a single problem. Good luck! |
|
|
| |
|
|
|
|
|
AndreDoles
|
|
|
Post subject: RE: keep getting malware on this site
Posted: Jul 14, 2011 - 02:23 AM
|
|
Site Admin
Joined: Jun 01, 2003
Posts: 6518
Location: California
Status: Offline
|
|
In the past week, we *did* start allowing youtube embedded videos. This has been precisely the reason why we never allowed them in the past... because of extra crap like that coming into the picture by those that abuse the system or find exploits. I'm not sure that it's happened yet because you are the only one reporting it. Can you tell us *how* you know that you got infected? Also, do you have any idea which page *caused* the infection? It would help if I had something to go off of and could back-track your history to try and help figure out where the mishap took place at.
Has anybody else had this problem with our site? Again, it could just be coincidence but it's enough to make me suspicious.
Thanks for reporting it. |
_________________
Quoting one is plagiarism. Quoting many is research. --Anonymous.
There's a difference between being a good musician and having the ability to become a good musician.
http://www.myspace.com/andredoles
http://www.facebook.com/andredoles
http://AndreDoles.com
<a href="http://halen.com/evh/index.php?module=pncPayPal"><img src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif"></a>
|
| |
|
|
|
|
|
|
|
Post subject: RE: keep getting malware on this site
Posted: Jul 14, 2011 - 02:59 AM
|
|
Joined: Feb 10, 2005
Posts: 465
Location: United States
|
|
| Also, what browser are you using? |
|
|
| |
|
|
|
|
|
5150rob
|
|
|
Post subject:
Posted: Jul 15, 2011 - 01:38 PM
|
|
Joined: Jan 03, 2005
Posts: 1069
Location: United States
Status: Offline
|
|
Hi guys,
thanks for the help. Sorry I have not responded in the last 2 days as I was so irritated that my computer got bound up I said, screw it for a few days. But I cant seem to stay away from this site. I am on my Wifes computer now. Yeah I know I got it from this site because it happend to me 3 times in a row in 3 days. The fist time I was not sure if it was this one or vhlinks and then by the 3rd time I knew it was because I got up in the am and was surfing the site and it was the only one I got on that morning and BOOM I was locked up. That is what confirmed it for me. I do have CC cleaner, security essentials and Avast and I am not sure why my computer did not block it. I am using mozzilla firefox too. My Wifes computer seems to block the garbage just fine. My buddy that fixed it for me 3 times told me it was some NASTY malware I keep picking up.
Andre, it happend when I was on the guitar building pages and the swap shop pages checking the for sale items. I am sure of it.
thanks for the help guys and I hope we can call stay safe.
Rob |
_________________
ITS NOT HOW HARD YA HIT.... ITS HOW HARD YA CAN GET HIT... AN KEEP MOVIN FORWARD... THATS HOW WINNIN IS DONE!!!
"BALBOA 2006"
|
| |
|
|
|
|
|
OokraMoO
|
|
|
Post subject:
Posted: Jul 15, 2011 - 04:37 PM
|
|
Joined: Jul 10, 2011
Posts: 82
Status: Offline
|
|
| Also, get Adblock Plus for Firefox, blocks all those malware ad craps completely, best plugin ever. |
|
|
| |
|
|
|
|
|
AndreDoles
|
|
|
Post subject:
Posted: Jul 17, 2011 - 06:42 AM
|
|
Site Admin
Joined: Jun 01, 2003
Posts: 6518
Location: California
Status: Offline
|
|
| After you reported it, I went thru our entire database backup to see if there was anything that could have done it. I did not find a single threat that could have done it. The *only* possibility is that it came from one of our sponsored ads because it's not on our site anywhere. Next time it happens, can you take a screenshot picture of exactly which page you are on when it happens? Strange that you are the only person that has reported this problem. |
_________________
Quoting one is plagiarism. Quoting many is research. --Anonymous.
There's a difference between being a good musician and having the ability to become a good musician.
http://www.myspace.com/andredoles
http://www.facebook.com/andredoles
http://AndreDoles.com
<a href="http://halen.com/evh/index.php?module=pncPayPal"><img src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif"></a>
|
| |
|
|
|
|
|
5150rob
|
|
|
Post subject:
Posted: Jul 30, 2011 - 07:10 PM
|
|
Joined: Jan 03, 2005
Posts: 1069
Location: United States
Status: Offline
|
|
yeah it is very strange. I thought for sure you might find something. However I will say this.... I got bold and have been getting on this site with my computer again normally and "knock on wood" nothing has happend in 5 days. Maybe whatever it was is no longer. I sure hope so.
But thanks Andre for going through everything. I do appreicate it. I know it was either in guitar or swap shop when I got it. Because it happend 3 times back to back within 3 days. But it seems as its gone now.
I will try and get a screenshot next time if it happens again.
thanks again for your help Andre and all the other members.
Rob |
_________________
ITS NOT HOW HARD YA HIT.... ITS HOW HARD YA CAN GET HIT... AN KEEP MOVIN FORWARD... THATS HOW WINNIN IS DONE!!!
"BALBOA 2006"
|
| |
|
|
|
|
|
Anon
|
|
|
Post subject:
Posted: Jul 31, 2011 - 08:18 PM
|
|
Joined: Jun 17, 2011
Posts: 13
Status: Offline
|
|
I had the same thing happen as well.
Happened on 7/20, and again on another day after that.
IE8, Windows 7, Security Essentials and AVAST! installed.
Progression:
- Used "search" feature (can't remember what I was looking for.
- Clicked one of the links, got a warning (malware) from "Anti-Virus 2012"
I knew this was bogus. While the message was still on the screen, I ran an anti-virus scan on my PC, which found nothing.
I kept the infection from spreading by unplugging, and pulling the battery.
Part of my job is cleaning up after malware, so I'm pretty good at diagnosing it. If it happens again I will either collect more info for you, or stop coming to this site.
It did not happen while simply browsing the forum pages, but did happen while only visiting "halen.com". |
|
|
| |
|
|
|
|
|
AndreDoles
|
|
|
Post subject:
Posted: Aug 01, 2011 - 09:06 PM
|
|
Site Admin
Joined: Jun 01, 2003
Posts: 6518
Location: California
Status: Offline
|
|
Thanks for the input. The next time you visit a page on our site that throws you something it shouldn't, PLEASE do a view source and copy/paste the info or save the page so that I can read where it's coming from. I do nightly database backups and have checked the raw database exports and nothing is in there. The *only* possibility is that it's coming from an ad on our site. If they are doing that, I REALLY need to know so that I can inform them which ad is doing it so they can put something in place to prevent stuff like that from happening. But I am 100% confident that it is not originating from our URL or within our web site. An external ad is the only possibility.
A while back we had somebody report something like this and it turns out they were getting it from another VH site (no names mentioned because I dont' bad-mouth other sites). Next time it happens also please take a screen shot of what exactly is on your screen so I can see it as well. But make sure you save the source of the page (MHT is fine or raw .html, your choice).
Anon wrote:
I had the same thing happen as well.
Happened on 7/20, and again on another day after that.
IE8, Windows 7, Security Essentials and AVAST! installed.
Progression:
- Used "search" feature (can't remember what I was looking for.
- Clicked one of the links, got a warning (malware) from "Anti-Virus 2012"
I knew this was bogus. While the message was still on the screen, I ran an anti-virus scan on my PC, which found nothing.
I kept the infection from spreading by unplugging, and pulling the battery.
Part of my job is cleaning up after malware, so I'm pretty good at diagnosing it. If it happens again I will either collect more info for you, or stop coming to this site.
It did not happen while simply browsing the forum pages, but did happen while only visiting "halen.com".
|
_________________
Quoting one is plagiarism. Quoting many is research. --Anonymous.
There's a difference between being a good musician and having the ability to become a good musician.
http://www.myspace.com/andredoles
http://www.facebook.com/andredoles
http://AndreDoles.com
<a href="http://halen.com/evh/index.php?module=pncPayPal"><img src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif"></a>
|
| |
|
|
|
|
|
Chillybeef
|
|
|
Post subject:
Posted: Aug 01, 2011 - 11:48 PM
|
|
Joined: Oct 17, 2010
Posts: 566
Status: Offline
|
|
|
AndreDoles wrote:
Thanks for the input. The next time you visit a page on our site that throws you something it shouldn't, PLEASE do a view source and copy/paste the info or save the page so that I can read where it's coming from.
My norton has blocked an "attempt to attack your computer" a few times on this site, and it tells me that the source is "www.bollemica.com/bohemia4/pro220"
It says the attacking computer's IP is 188.72.198.38, port 80
This may be happening to people who have thier port "80" open.
I know this never happened to me until i opened it up for running a server of mine.
But then again, this may be merely coincidence.
It's also possible that this attack isn't even from your site, but i know for sure that i was scrolling down the main page when it happened
Hope i've helped, and good luck with solving this issue |
|
|
| |
|
|
|
|
|
Anon
|
|
|
Post subject:
Posted: Sep 05, 2011 - 02:53 PM
|
|
Joined: Jun 17, 2011
Posts: 13
Status: Offline
|
|
Happened again... here's the exact progression. No screenshots, as I pulled my battery as soon as I realized the attack was happening.
===========================
Happend around 9:22am Eastern time, 9/5/11. I was visiting from IP address 67.249.64.54.
IE8, Windows 7, Security Essentials and AVAST! installed.
Progression:
- Used "search" feature, Selected "Latest 200 Forum Posts"
- Clicked to open the thread "KNE Frank", and "These new pop-ups....SUCK!!!!!!!!!!!!!!!!!!!!!!!!!" (ironically).
- This threads open, my computer pauses, then I get the warning from Windows "Do you want to allow Ks583nhe2.exe (random exe name created by malware) to make changes to your computer?"
At this point, I assumed what has happened.....
- Opening the link to the thread goes to the thread (this site), but then also brings up the suck-ass-full-page-malware-site [errr.... "sponsor's page, I mean].
- Windows 7 (thankfully) blockes the infected site from running, long enough to make an informed decision.
- I kept the infection from spreading by unplugging, and pulling the battery.
====================================
I have no problems with sites using advertising to pay the bills. I'm all for it. But this site has some of the worst features I've ever seen.
- Full page "fade in" advertising that you might accidentally click as you were about to click the content you were reading (this is not what I did, but I can see where it would be possible.
- Full page advertising with active content.
- Full page advertising with malware.
- AND (maybe worse than malware)... the terribly framed partial-page advertisements that run vertically on the right-hand side of the page [i][b](<Right> <div>). In IE, these obscure the side if the first several posts of a thread, making those posts unreadable. |
|
|
| |
|
|
|
|
|
AndreDoles
|
|
|
Post subject:
Posted: Sep 06, 2011 - 08:54 AM
|
|
Site Admin
Joined: Jun 01, 2003
Posts: 6518
Location: California
Status: Offline
|
|
You can't tell me that none of you have a cell phone that has a camera on it. All I'm asking for is a photo of it happening live so that I can call Adbrite with the name of an Advertizer that was on the screen when the infection occured. Without it, there is no possible way for me to trace down if it is an advertizer or if it is something else. I need a screen shot showing your computer screen with our site and an ad. During an infection, your computer asks if you want to run something. At that very moment, nothing bad can happen without your consent. Please take a picture of your screen before you do anything. The next thing you need to do is verify that there are no other IE windows open from other sites. If you have other windows open, they can very easily be the point of infection and they can lay dormant and then all of a sudden rear their ugly heads when you are not expecting it. I'm guessing that is what is happening. I know that I *always* have multiple different IE browsers open and they are all going to different sites.
Anon, the thing that blows me away more than anything is that you visit this site VERY infrequently, yet every time you seem to visit, you say that you are infected by us. You visited a couple of pages on the 24th of August, then a couple more on 30th of August, then a couple more on 4th of Sept and then on the 5th you state that again you were hit with Malware from this site, yet you only browsed a couple of pages during each of your visits here. I mean, the sheer luck of that ... I guess I'm wondering why everybody else isn't complaining that they are also getting nailed with it. I'm sitting here looking at the logs with your IP address that you reported and you don't even hit that many pages. Next time you visit our site, COMPLETELY close down your browser before and then only open 1 single instance of IE to browse our site. Then, when it happens to you, take a picture of your screen. That's all I'm asking.
I'll tell you what, if you can prove to me that our site is throwing malware ads your way, I'll give you $100. Prove me wrong and earn some money. The only way you'll be able to prove it is through some type of logging via a sniffer or security agent that is logging each URL click that you make and logging the response back. Wireshark will do this for you and it is a free tool. Just sniff your entire session to our site and when you are snared by the malware, send me your session file. If the logs show that you are right, you'll earn $100. I challenge you or anyone else. All I want to do is get to the bottom of it and unfortunately, I cannot do it from my end because it is not happening to me and I can't see your screen when it's happening to you. Sniff your session, send me your session files showing the malware infection and you'll earn $100. It's that simple.
Andre'
Anon wrote:
Happened again... here's the exact progression. No screenshots, as I pulled my battery as soon as I realized the attack was happening.
===========================
Happend around 9:22am Eastern time, 9/5/11. I was visiting from IP address 67.249.64.54.
IE8, Windows 7, Security Essentials and AVAST! installed.
Progression:
- Used "search" feature, Selected "Latest 200 Forum Posts"
- Clicked to open the thread "KNE Frank", and "These new pop-ups....SUCK!!!!!!!!!!!!!!!!!!!!!!!!!" (ironically).
- This threads open, my computer pauses, then I get the warning from Windows "Do you want to allow Ks583nhe2.exe (random exe name created by malware) to make changes to your computer?"
At this point, I assumed what has happened.....
- Opening the link to the thread goes to the thread (this site), but then also brings up the suck-ass-full-page-malware-site [errr.... "sponsor's page, I mean].
- Windows 7 (thankfully) blockes the infected site from running, long enough to make an informed decision.
- I kept the infection from spreading by unplugging, and pulling the battery.
====================================
I have no problems with sites using advertising to pay the bills. I'm all for it. But this site has some of the worst features I've ever seen.
- Full page "fade in" advertising that you might accidentally click as you were about to click the content you were reading (this is not what I did, but I can see where it would be possible.
- Full page advertising with active content.
- Full page advertising with malware.
- AND (maybe worse than malware)... the terribly framed partial-page advertisements that run vertically on the right-hand side of the page [i][b](<Right> <div>). In IE, these obscure the side if the first several posts of a thread, making those posts unreadable.
|
_________________
Quoting one is plagiarism. Quoting many is research. --Anonymous.
There's a difference between being a good musician and having the ability to become a good musician.
http://www.myspace.com/andredoles
http://www.facebook.com/andredoles
http://AndreDoles.com
<a href="http://halen.com/evh/index.php?module=pncPayPal"><img src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif"></a>
|
| |
|
|
|
|
|
Wes
|
|
|
Post subject:
Posted: Sep 07, 2011 - 02:07 AM
|
|
Moderator
Joined: Oct 30, 2003
Posts: 6779
Location: Mesa, Arizona USA
Status: Offline
|
|
A $100 dollar give-away? Cool!! 
Unfortunately, I don't have a shot at winning, because I've NEVER had this problem here.  |
_________________
PLEASE help support Halen.com! Please donate via the Paypal link.
Two burritos and a root beer float!
|
| |
|
|
|
|
|
letch77
|
|
|
Post subject:
Posted: Sep 08, 2011 - 04:39 AM
|
|
Joined: Feb 14, 2008
Posts: 837
Location: Kansas, USA
Status: Offline
|
|
|
|
|
|
|
|
|
|
|
|
Donations
| Last 5 Contributions |
05-16-2013 - 19.84
|
tomwinnipeg
05-07-2013 - 19.84
|
Roy
04-26-2013 - 10.00
|
drummerchick
03-22-2013 - 19.84
|
wolfy
02-23-2013 - 19.84
|
Total |
89.36 |
Halen.com Donations!
Tired of the Ads? Simply donate $19.84 per year and we'll be happy to remove them for you! :-)
|
