AA main page...Trojan?

The friendliest place on the web for anyone with an interest in aquariums or fish keeping!
If you have answers, please help by responding to the unanswered posts.
See posts with no answers
Hi,

I'm on from home for the first time in ages.

No virus warning.

Did notice during the loading of the page a google counter addy flicked up for a mili second just before the page loaded, but didnt trigger my anti virus software.

My anti spy ware stuff may have blocked it doing anything.

Well done so far.

Ill get posting those piccys now. :D

Best Regards,

John
 
I noticed for the first time that I no longer get the warning from my security suite about being redirected to a spyware-related web site. It looks like the problem may be fixed.
 
Nothing. I do not believe these are any more than false alarms. Code that looks simular to bad code that is triggering the alarm.
 
I received the virus warning for the first time today using MacAfee and IE 6 at work on a Win2000 machine. Crashed the browser. Tried again and no probelm.
 
It's back, I think.

While I didn't get a warning from my firewall/antivirus, last night when I came to the site, my computer really started going berzerk. In trying to narrow it down, it seems like there was some bad code somewhere here trying to direct my browser to "trufelsite.com". Researching that, it looks like the site is implicated with a bunch of malware/spyware and is currently not online.

Everything seems fine this morning though.
 
All day yesterday this was happening to me too. I wrote down the site incase it will help.

http://dontclickonthislink.trufelsite.com/check/n1404-7.htm

My browser crashed twice, once at work and once at home using IE7. Had to restart the computer and a funky little thing came up when the computer was shutting down. One of those "trying to end this program" boxes came up with a bunch of weird characters as the title of the program. I ran virus scan and spyware/malware scan and nothing popped up.
 
I have edited the link so it wont work even if they do click on it. I did see that just tonight and my browser crashed. I will have to look at the code although I was looking at a search results page not the home page. Given that it showed up on the search results page its very odd so it must be code that loads on any page view and there is very little code that does that.
 
In looking at the trufel thing again, the site is alive. The webpage that appears just makes it looks like it's inactive, but the source code appears to be a script to try and force a buffer overrun? I think the offending call to that site is still imbedded somewhere because every once in a while my browser (Firefox) hangs when I first come on to the site. It's not crashing like it did before, but it's definitely crunching away for about 30 seconds or so. Not getting any virus warnings... just a high RAM usage for a brief period.
 
When I use IE7, my entire browser just locks up. Also the high ram usage and the computer is useless for about 4-5 minutes. It seems like I can get the trufel site link a few days in a row, then go a week or two without seeing it again, then it pops back up.
 
This site had been good for the last month or so, but ..... Getting the Trufel thing today ..... Even though AVG caught it, still crashed the browser & locked up the entire computer, only recourse is hard reboot.

I still think there is something in this site that is lurking. It is intermittent so much harder to deal with. I am noticing that for the last while, there will be random slow down when I first try to load an AA page. May be I am paranoid, but I will now shut down the browser if AA doesn't load within a second or 2. .... and never visit AA with anything open (& unsaved).

Hope somone can find the problem .... this is too good a site to have to avoid. :(
 
Here's another piece... (I'm guessing fishfreek is reading?)

The main forum occasionally loads something from "googlerank.info" but I've never seen it give any problems. I never thought about it since I assumed it was some Google performance tracker. If you go to the domain, it even looks like a Google site, with their logo and everything. But if you do a whois on that domain, you get a guy in Romania. Not good.

The trufelsite domain resolves to "smoothdns.net", which just happens to have the same text on it's homepage as the trufelsite domain, so I'm thinking they're one in the same. And it looks like smoothdns.net is a privately hosted site, so there's no hosting company to file an abuse case with.

This thing is becoming more persistent. Can the folks that did all the pbpBB hacks help you on this?
 
I'm no professional web guru, but you've got an iframe call to googlerank.info still on your index.php page. I can't see it in the source code through the browser (Firefox), but using Firebug (http://www.getfirebug.com/) I can see it plain as day. Not sure if it's related to the trufelsite thing though. Shoot me a PM fishfreek if you want me to email you a screenshot of what I'm seeing.
 
More info - another episode of browser lockup at AA. This time I managed to shut down IE & got a bit of a trail ....

lock up appears to be an attempt to redirect the web page (main forum page) to the Trufelsite, which tried to load several htm pages (or elements of page), one has a virus, the other a loader script.

Thus, the virus or loader does not appear to be in this site, but there is a redirect somewhere, which comes on intermittantly. The redirect seemed to happen after the entire page is loaded, so would be something loaded late in the process. This is just my observations .... I have no real web page expertise, so I can't take this further.
 
I've been having problems with trojans on this site for about 5-6 months now and sadly I had stopped visiting for a while, but I really miss coming here. It all started when the google rank thing appeared.

The only way I can avoid it is to hit the stop button in IE right after the page loads. It gets old real fast doing it to every page though. I hope someone can get the problem corrected soon, I miss you guys.
 
You must log in or register to reply here.

Similar threads

J
Has anyone kept Australian Red Snails?
Replies
14
Views
2K
Laeris
Laeris
MonkeyMonk86
VHS (viral hemorrhagic septicemia)
2
Replies
39
Views
5K
Matt68005
Matt68005
K
Need help identifying these Cichlids and their compatibility/care.
Replies
8
Views
2K
Brookster123
Brookster123
Janet H
Chat Room Login Help
Replies
1
Views
1K
dmolavi
dmolavi
mfdrookie516
  • Locked
iOS Tapatalk App Help
Replies
0
Views
12K
mfdrookie516
mfdrookie516

Latest posts

Back
Top Bottom