|
guest1
Mycena
Registered: 05/25/09
Posts: 852
Last seen: 1 year, 4 months
|
Html/Framer VIRUS detected/removed (mycosupply) on 8/4/2009 - 8/15/2009
#10795169 - 08/03/09 09:26 PM (14 years, 7 months ago) |
|
|
The virus seems to have been removed. 8/16/2009 HTML/Framer virus detected from going to MycoSupply.com on 8/4/2009 However it now appears to be removed and is safe once again.http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://www.mycosupply.com/http://www.google.com/interstitial?url=http://www.mycosupply.com/What is the current listing status for mycosupply.com? Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 4 time(s) over the past 90 days. What happened when Google visited this site? Of the 99 pages we tested on the site over the past 90 days, 6 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-03, and the last time suspicious content was found on this site was on 2009-07-31. Malicious software includes 3 trojan(s), 2 scripting exploit(s), 2 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 4 domain(s), including chura.pl/, cqodezuz.cn/, x6r.ru/. 2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including send29931.cn/, drocuwil.cn/. -------------------------------- ------------------------------------- Of the 93 pages we tested on the site over the past 90 days, 6 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-08-15, and the last time suspicious content was found on this site was on 2009-08-08.
--------------------------------------------------------------------- My virus detector picked up on the file and I removed it, so there was more than 1 application that was warning me about a virus on the website. AVG Antivirus, Google and possibly Malwarebytes Antimalware picked up on it. ---------------------------------------------------------------------
Lucky for the sponsor, I was not planning on buying anything, so there was no sale lost and no sale diverted to another site. I just wanted to browse to be familiar with the site.
Edited by guest1 (05/17/10 10:14 PM)
|
guest1
Mycena
Registered: 05/25/09
Posts: 852
Last seen: 1 year, 4 months
|
Re: HTML/Framer virus detected (mycosupply) [Re: guest1]
#10796034 - 08/04/09 12:15 AM (14 years, 7 months ago) |
|
|
Someone else confirmed that their protection notified them and blocked them access to the website.
Lana seems to be an impersonator of a company which should get banned for unless Google is wrong and my browser is wrong.
The user Lana says they removed the virus on "08/04/09 08:11 AM" However it was not removed until 8/8/2009 which the user was trying to lure people into getting infected for the next 4 days by pretending to be the website owner. Either that, or the person was mis-informed about the virus and thought it was something as simple as "clearing their cookies and temporary internet files" or perhaps just mis-communication.
Edited by guest1 (08/16/09 12:35 AM)
|
Lana
Head Banana
Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 [Re: guest1]
#10797219 - 08/04/09 08:11 AM (14 years, 7 months ago) |
|
|
Hi Everyone! Yes, our site got attacked! It's just some spammers malware.
Needless to say the bad code was removed and google is now reviewing the site.
These junk emailers are getting pretty creative. The site is now fine, fresh and clean.
If anyone has any questions of concerns, please don't be afraid to ask.
Sincerely, Lana
-------------------- Myco Supply - Distributors of Mycological Products http://www.MycoSupply.com The Premiere Source for Mushroom Growing Supplies. Visit us online or call us toll free
|
Ferris
PsychedelicJourneyman
Registered: 03/12/06
Posts: 11,529
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 [Re: Lana]
#10797411 - 08/04/09 09:20 AM (14 years, 7 months ago) |
|
|
-------------------- Discuss Politics
|
FreedomForAll
One Step Ahead
Registered: 11/30/08
Posts: 2,105
Last seen: 10 years, 9 months
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 [Re: Lana]
#10797424 - 08/04/09 09:24 AM (14 years, 7 months ago) |
|
|
Quote:
Lana said: Hi Everyone! Yes, our site got attacked! It's just some spammers malware.
Needless to say the bad code was removed and google is now reviewing the site.
These junk emailers are getting pretty creative. The site is now fine, fresh and clean.
If anyone has any questions of concerns, please don't be afraid to ask.
Sincerely, Lana
You seem happy the site got attacked.
|
Ferris
PsychedelicJourneyman
Registered: 03/12/06
Posts: 11,529
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 [Re: FreedomForAll]
#10797436 - 08/04/09 09:27 AM (14 years, 7 months ago) |
|
|
Quote:
You seem happy the site got attacked.
It's called customer service
-------------------- Discuss Politics
|
guest1
Mycena
Registered: 05/25/09
Posts: 852
Last seen: 1 year, 4 months
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 and removed [Re: Ferris] 1
#10801997 - 08/04/09 10:12 PM (14 years, 7 months ago) |
|
|
Lana (someone who posted) says "the site is now clean" however, I went there tonight on 8/4/2009 and the virus is still there, or at least all my apps still detect it and won't let me access the site.
I was told the banner was temporarily removed from rotation until they remove the infection. I recommend not going to the site unless you have Firefox with NoScript and good anti-virus/anti-malware/security/firewall applications.
I recommend against downloading and/or installing copies of software to get rid of a virus/malware that cost money but are available for free download which breaks copyright laws. If you want a virus/malware remover, I recommend either paying for it, or using a free version or free alternative. Why: If the application is used to get rid of a virus, and the user wants to infect the downloader, they are likely also able to throw in a virus and modify the code so that the same application is unable to detect the embedded virus. Therefore, I recommend these FREEWARE apps, however, ALWAYS google the software and also google it with words like "is malware" or "virus" and such to MAKE SURE that me or anyone else, isn't trying to get you infected:
(Always update these programs when you download it, and keep checking for new updates until it says there isn't any updates, or else when you scan, you can be wasting your time, because your malware/virus may have come out after they released the version. They can't keep re-compiling their program every single day, so that's why you must update.)
http://www.elitekiller.com/malware.htm check this out, how to get rid of virus/malware.
Sandboxie This lets you run your browser so that all files it modifies and writes, are all guarded and temporary and you can wipe them out when you exit. This means you could even use this on your browser, do download a virus, run the virus, get the message boxes and shortcuts and browser re-directs and everything, they just close the browser and discard changes and it will be like you never got a virus in the first place. I HIGHLY recommend this program, you can use it on any app/game too, not just browsers.
(1>> SpywareBlaster - Automatically blocks known websites that their sole purpose is to distribute spyware and nothing else. Free version requires manual updating every 2-4 weeks, but even if you only update it when you install it, you will be protected more than if you never did, and not updating it will not open you to more risks than if you never installed it and activated protections.
(2>> AVG Antivirus free (Grisoft) - although I liked them 2 years ago more than I do now. You can try Avast Antivirus instead
(3>> Malwarebytes AntiMalware - New to me, but helped me get rid of malware.
(4>> SUPERAntiSpyware Free Edition (be sure to update as soon as you install it.)
(5>> Zone Alarm free firewall - blocks incoming malware attempts through the internet and helps you decide if you want to allow outgoing traffic of applications, which can help for various things. If you get an unfamiliar program asking to connect to the internet, google it. If it's named like k2hj34kt2j3htk23jht.exe it is likely a virus. you can block applications too or always allow.
(6>> PeerGuardian 2 - This is an application which can cause the average user a lot of problems, however, if you learn to use it correctly, and can help keep your computer safer. It can block websites or hosts that you require to connect to in order to do normal things, such as STEAM for gaming, Second Life game, and other gaming websites. You can simply WhiteList those IP's or temporarily disable the service. The way I see it, the more of the internet you have blocked, the safer you are. This blocks near 1,000,000 IP's. If you have problems, try deleting "history.db" and "cache.p2b" because sometimes these cause problems with updating and deleting these files will only delete log files which you do not need and there is a 0.01% chance you will ever look at them anyway. There is also "pgfix.exe" which has a link in the start menu called "Recover PeerGuardian" which will unload the driver, then re-run "pg2.exe" which will load the program back up.
(7>> HOSTS - your HOSTS file allows you to add more blocking. You can make a VIRUS WEBSITE not be able to be gone to on your browser. Here is what my HOSTS file contains which are VIRUS WEBSITES and should be avoided at ALL COSTS! The file is located at "C:\WINDOWS\system32\drivers\etc\" or similar. Make a backup copy of the original and Open it in Notepad to edit.
127.0.0.1 localhost
127.0.0.1 antivirsystem.com 127.0.0.1 inetavirus.com 127.0.0.1 antivirwin2009.com 127.0.0.1 antivir2009pro.com 127.0.0.1 antivirussys2009.com 127.0.0.1 aware-protect.com 127.0.0.1 209.44.111.62 127.0.0.1 94.232.248.54 127.0.0.1 cabkyykbbg.com 127.0.0.1 daiemzuops.net 127.0.0.1 squatead.com 127.0.0.1 wxtr812.com 127.0.0.1 dvdserv.com 127.0.0.1 mnghelp.cn 127.0.0.1 chkwl.com 127.0.0.1 dvdserv.com 127.0.0.1 securitystronghold.com
Again, these are VIRUS WEBSITES that i resolve to 127.0.0.1 which will not allow these sites to be accessed. DO NOT GO TO THOSE WEBSITES EVER!...... EVER!!!!!!!!!!!!
just for fun I added these: 127.0.0.1 fbi.gov 127.0.0.1 ss.gov 127.0.0.1 whitehouse.gov 127.0.0.1 police.gov 127.0.0.1 DEA.gov
Edited by guest1 (05/17/10 10:05 PM)
|
upinthetrees
.Ease through your Mind.
Registered: 09/30/08
Posts: 2,663
Loc: P/N/W
Last seen: 1 year, 1 month
|
Re: Html/Framer VIRUS detected (mycosupply) on 8/4/2009 [Re: guest1]
#10802032 - 08/04/09 10:18 PM (14 years, 7 months ago) |
|
|
damn, guest. one hell of a post. thanks for the information!
-------------------- I want to show you life for what it's worth, from beginning to end from when your life was first launched 'till when it descends back to earth. From pyramiding at it's peak 'till when it turns back into dirt..
|
guest1
Mycena
Registered: 05/25/09
Posts: 852
Last seen: 1 year, 4 months
|
|
The virus appears to have been successfully removed from the website and it appears to be safe once again. I won't say it is gone, only because I don't want to be held liable if I am wrong of the situation changes after i posted this. However the HTML I examined looked normal and google didn't red flag it any more and no virus detectors were triggered when i went, and was able to access the whole website with ease.
Edited by guest1 (08/16/09 12:37 AM)
|
|