Jump to content


Photo

Security warnings concerning LSP


  • Please log in to reply
95 replies to this topic

#31 Jeff Herne

Jeff Herne

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 1,444 posts
  • Gender:Male
  • Location:Somewhere in Wisconsin

Posted 12 May 2010 - 03:19 PM

Just got an AVG security warning that a file was accessed and is infected...

It won't allow me to copy and paste the filename and it froze my screen until I closed the window. I'll try to get the message again, and copy it here.

Jeff (10:18AM CST)

#32 JohnB

JohnB

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 6,526 posts
  • Gender:Male
  • Location:USA

Posted 12 May 2010 - 03:58 PM

Well, it seems my worst fears have come true. All our files are already infected, again. <_<

Kev



Yep, I'm again getting the "malware notice" on our home page and getting knocked off the site (as before). It was okay this morning around 7:30 but now fouled up again. Someone must be mad at us!

John

Be careful of the toes that you step on today for they may be connected to the ass you have to kiss tomorrow.


#33 Dave 0

Dave 0

    LSP Junkie

  • LSP_Members
  • PipPipPipPip
  • 95 posts
  • Gender:Male
  • Location:Loganville, GA (East metro-Atlanta)

Posted 12 May 2010 - 07:23 PM

Well, it seems my worst fears have come true. All our files are already infected, again. :thumbsup:

Kev


Kev

You probably already have this but...Kaspersky says that the it redirects to "holasionweb(dot)com".

Don't know about you, but at times like this I know that I would pay a lot if someone could get a .45 slug too travel down a phone line! :notworking:

Dave P
Dave P

#34 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 12 May 2010 - 08:15 PM

Thanks for your input guys. I'm working on re-cleaning the files. I found a blog post on a security site (which Dave 0 also pointed me to) that says this is a mass infection, with the primary target being GoDaddy sites (of which we are one). I know exactly what the code is, and how to remove it. It's just a PITA to do when we're talking about thousands of files. Should be there soon though.

Kev

#35 Kagemusha

Kagemusha

    Senior Member

  • LSP Moderator
  • 9,683 posts
  • Gender:Male
  • Location:Mancunia

Posted 12 May 2010 - 08:57 PM

I just got another Kaspersky trojan warning when visiting the home page, really appreciate the work you're doing Kev, must be a real pain in the proverbial!

#36 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 12 May 2010 - 09:36 PM

I just got another Kaspersky trojan warning when visiting the home page, really appreciate the work you're doing Kev, must be a real pain in the proverbial!


Indeed it is. I've spent countless hours on this over the last few days, hours I can ill afford to spend. Nevertheless, I'm hoping it's clean (again) now! Let's hope GoDaddy steps in and puts a stop to the rot, and we don't get hit a third time.

Kev

#37 blackbetty

blackbetty

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 4,429 posts
  • Gender:Male
  • Location:Austria

Posted 18 May 2010 - 10:01 AM

hate to say this, but i get a virus warning everytime i hit the site
tell me if i can be of any help

back after 20 years

DUE TO A HOSTING PROBLEM A LOT OF PICS OF MY BUILDTHREADS ARE GONE. ANYONE INTERESTED CAN REQUEST THESE VIA PM FROM ME


#38 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 18 May 2010 - 10:40 AM

hate to say this, but i get a virus warning everytime i hit the site
tell me if i can be of any help


The forums Karl, or just the main website? What anti-virus software are you using?

Kev

#39 blackbetty

blackbetty

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 4,429 posts
  • Gender:Male
  • Location:Austria

Posted 18 May 2010 - 11:00 AM

i am using ikarus virus utilities (dont know squat, i´m at work and or computer department takes care of everything)
think its only the forum, but i log on from the main site

back after 20 years

DUE TO A HOSTING PROBLEM A LOT OF PICS OF MY BUILDTHREADS ARE GONE. ANYONE INTERESTED CAN REQUEST THESE VIA PM FROM ME


#40 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 18 May 2010 - 11:20 AM

i am using ikarus virus utilities (dont know squat, i´m at work and or computer department takes care of everything)
think its only the forum, but i log on from the main site


Interesting. As far as I can tell the recent problems have now gone, so you're either seeing something new that I'm not, or your malware protection hasn't caught up with the fact that we're clean now. If you can transcribe whatever warnings or errors you're seeing Karl, or send me some screen shots, I'll have a better idea.

Kev

#41 blackbetty

blackbetty

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 4,429 posts
  • Gender:Male
  • Location:Austria

Posted 18 May 2010 - 11:34 AM

this is german, but i think you can get vthe idea

Datum/Zeit: 18.05.2010 11:57:51
Dateiname: 73206F9Ed01
Ursprungspfad: c:\Dokumente und Einstellungen\Holubar\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\p2jm8xe3.default\Cache\
Dateigröße: 21,71 KB
Virusname: Trojan-Clicker.HTML.IFrame
Empfehlung: gelöscht
SignaturId: 1370073

hth
karl

back after 20 years

DUE TO A HOSTING PROBLEM A LOT OF PICS OF MY BUILDTHREADS ARE GONE. ANYONE INTERESTED CAN REQUEST THESE VIA PM FROM ME


#42 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 18 May 2010 - 11:41 AM

this is german, but i think you can get vthe idea

Datum/Zeit: 18.05.2010 11:57:51
Dateiname: 73206F9Ed01
Ursprungspfad: c:\Dokumente und Einstellungen\Holubar\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\p2jm8xe3.default\Cache\
Dateigröße: 21,71 KB
Virusname: Trojan-Clicker.HTML.IFrame
Empfehlung: gelöscht
SignaturId: 1370073

hth
karl


Thanks Karl. Try emptying your cache in Firefox. I suspect that it's hanging on to the JavaScript redirect code I cleaned out last week. Let me know if you're not sure what to do.

Kev

#43 blackbetty

blackbetty

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 4,429 posts
  • Gender:Male
  • Location:Austria

Posted 18 May 2010 - 12:02 PM

i emptied my cache yesterday, has occured again today

back after 20 years

DUE TO A HOSTING PROBLEM A LOT OF PICS OF MY BUILDTHREADS ARE GONE. ANYONE INTERESTED CAN REQUEST THESE VIA PM FROM ME


#44 LSP_Kevin

LSP_Kevin

    Senior Member

  • Administrator
  • 39,710 posts
  • Gender:Male
  • Location:Melbourne, Australia

Posted 18 May 2010 - 12:37 PM

i emptied my cache yesterday, has occured again today


Karl, if you know how to view source with your browser, check to see if the following line of code is anywhere near the bottom of any page that's being flagged as a problem:

<script src="http://holasionweb.com/oo.php"></script>

If so, let me know which page you're on if it's the main website, or else what part of the forums. I can't see any issues with the site at the moment, so I'm hoping you're seeing problems in error, but I'm not prepared to be cavalier about it!

Kev

#45 blackbetty

blackbetty

    Senior Member

  • LSP_Members
  • PipPipPipPipPipPip
  • 4,429 posts
  • Gender:Male
  • Location:Austria

Posted 18 May 2010 - 01:30 PM

will do, but at the moment nothing is going on (last time in the morning)

back after 20 years

DUE TO A HOSTING PROBLEM A LOT OF PICS OF MY BUILDTHREADS ARE GONE. ANYONE INTERESTED CAN REQUEST THESE VIA PM FROM ME





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users