Malware Attack

[Chris_Sav]

Some bright spark has suceeded in adding malware popups to all of my sites, including the AEBBA site. I have disinfected it and will monitor until I hear from the hosting company tomorrow.

Thank God I operate a good back-up regime!!

There may, however, be the odd broken link, please post here if you spot one.

Sav

[Carls421]

Hi Sav, I did click the "AEBBA Website" link earlier, my Kaspersky blocked me going on to it earlier today saying it has been reported to be an attack site or something? Is that what you mean?

[Chris_Sav]

Yes,

Lots of the files had bits of applet code addded to the bottom of them on Friday and Saturday. This would have given pop-ups and tracking cookies, more annoying than serious.

I have uploaded the gold copy of the source from my PC and will monitor changed by dates until I hear from the hosting companu tomorrow.

Sav

[Chris_Sav]

My hosting company have gone in with their size twelves and closed the site after I had repaired it >:( >:(

Emails are being exchanged! ::)

Sav

I tried to visit hours earlier but neither Google Chrome nor Firefox would allow me access. :o

[Chris_Sav]

There was another attack overnight, I've now changed every password in sight, so if it happens again I can be certain its the hosting company's fault.

Sorry for the interruption.

Sav

[enzo]

How annoying for you Sav, lets hope the footprint of this gets fully erased or you could have knock-on effects for weeks!

Even this forum is flagged as suspicious as it links to the aebba site a lot.

Sounds like a server side breach from the host to me.

[Chris_Sav]

The AEBBA site has been initialised and reloaded again, passwords have been changed.

You may still get warnings until Google update their records, I will prod them.

Anyone concerned from visitng the site, I recommend

SuperAntiSpyware free edition, if you have not used this sort of thing before it will find dozens of tracking cookies on your PC

also

MalWareBytes free version

It is good practice to update and run these periodically.

Sav

[daveuk1]

Well I spent a good hour last night removing a Police Scam Virus, lol they wanted me to pay £100 to them via Ukash before they would unblock my pc, said I was breaking copyright laws, I was only listening to some music in the background on youtube while being thrashed by my comp at chess

[Chris_Sav]

Apr 1, 2013 12:01:31 GMT daveuk1 said:

Well I spent a good hour last night removing a Police Scam Virus, lol they wanted me to pay £100 to them via Ukash before they would unblock my pc, said I was breaking copyright laws, I was only listening to some music in the background on youtube while being thrashed by my comp at chess

That can be an absolute bugger to remove, I have dealt with it once. It kept reinstalling itself. I had to create another account in safe mode and boot into that in safe mode, only then did I get rid of it completely. I suggest you check you can access Windows Firewall without getting a 'You are not using defaukt settings' screen.

I was using AVG at the time and it got past AVG. I now use Microsoft Security Essentials.

BTW it's nothing to do with the AEBBA incursion.

Sav

[beefy]

I had that as well. Had to reboot in safe mode run a full virus scan in safemode then once finished resoted the system to a previous version using a windows file. Key was I got the computer off the internet asap to limit damage. Rebooting doesnt stop it. If you are on wifi kill your router first, if a lead just unplug. Like you I also picked mine up via a you tube file running in the back groud.

[beefy]

i have mcafee on mine and it got past that as well but Mcafee did kill the files once I got the computer into safe mode using the command promp and then opening windows explorer.

[Chris_Sav]

Apr 1, 2013 16:19:51 GMT beefy said:

i have mcafee on mine and it got past that as well but Mcafee did kill the files once I got the computer into safe mode using the command promp and then opening windows explorer.

You were luckier than me!! The version of the virus I got disabled safe mode in my normal account. It was only because of my spare account that I got out of it!

Sav

[daveuk1]

I have avast free virus software on my pc and it got past that no problem and I couldn't even start my pc in safe mode, had to reboot my pc from a memory stick loaded with some software I found on the net using one of my sons PC's.

I wonder if the people who write these dam virus also have shares in the virus software

I had loads of problems at the end of 2001 and the start of the following year with both my mobile and PC being hacked almost daily, even the Police were involved but no one was ever caught

[beefy]

Sav do you mean you created a second user profile on the PC ?

[Chris_Sav]

Yup. fortunately I had set up two. Every time I tried to get in on my normal account it went straight back to the virus screen wanting money for visiting dodgy sites (now would I? ;D) would not even boot in safe mode which I have never encountered before.

Booting in safe mode with my other account enabled me to run malwarebytes which found and removed it.

I had had no indication that I had been infected apart from my Windows Firewall had shut down and would not activate. After much scratching of head cos I could not find the cause, the virus popped up. When I had removed the virus Windoze Firewall started working as well, so I believe the two were connected.

A very worrying day!! as the pop-up screen that says you have been discovered and fined would be very intimidating for the less experienced PC user.

It may have been the cause of the AEBBA attack as that password is (or was) stored in my web files. No other passwords are stored on my PC.

Do you have a problem?

Sav