See you another day

The friendliest place on the web for anyone with an interest in aquariums or fish keeping!
If you have answers, please help by responding to the unanswered posts.
See posts with no answers
ellisz said:
My question is, is it really a virus, trojan etc. or just an annoyance? What are the effects other than slow down and or lock up?
Click to expand...

To answer your question ellisz, it's a trojan at worst, and an annoyance at best. Currently the thing seems to be targeting MS Internet Explorer. But that doesn't mean it can't target Firefox either. It also seems to target Windows XP, but not Vista. I'm guessing Vista patched the bug it's trying to exploit.
 
ellisz said:
I use firefox and keep my PC on all the time. It does get rebooted on occasion but not much. I have never had this issue at home. I never understood it.

My question is, is it really a virus, trojan etc. or just an annoyance? What are the effects other than slow down and or lock up?

There seem to be plenty of mods and it is being monitored. We mentors on the site as well.
Click to expand...
 
My Windows Vista is affected, so I don't use the computer with that operating system to visit AA. My Windows XP-Firefox is not affected, and my Linux operating system is not affected either. I have no idea why my XP has not had the slightest problem while a lot of you have. I do make sure I do my updates regularly.
 
My computer is up to date with both IE and Windows and I still have the issue.

From what I have read, people with FF are also having problems so it's not just IE. And some people using IE are not having problems.
 
Kurt_Nelson said:
ellisz said:
My question is, is it really a virus, trojan etc. or just an annoyance? What are the effects other than slow down and or lock up?
Click to expand...

To answer your question ellisz, it's a trojan at worst, and an annoyance at best. Currently the thing seems to be targeting MS Internet Explorer. But that doesn't mean it can't target Firefox either. It also seems to target Windows XP, but not Vista. I'm guessing Vista patched the bug it's trying to exploit.
Click to expand...

I would say it is a re-direct. Any malware/virus/trojans are not hosted on this site. We are continually looking for the source of this re-direct, to the point that we as admins are not participating in the forums. Getting rid of the bad script is our priority. We have employed outside help to try and locate the bad script, we are not ignoring the problem. At one point we thought we had located and eradicated the problem, but it cropped up again. We wish it were as easy as just dumping the software and starting with a fresh copy, unfortunately we would lose quite a bit of data. This software we are using is highly customized, if we were to simply dump it for a fresh out of the box copy we would lose MANY hours of work. Even so, this is not being ruled out, and may actually be what we have to do, we are just not ready to scrap all that yet. This issue will be gone, one way or the other, soon.

If anyone has any valid ideas as to where this script is located.....please feel free to PM me.

And change the photo contest pictures....
Click to expand...

Be happy to, just as soon as we have some submissions to have a new contest. It has been like pulling teeth to get members to submit photos for the contest, ever since we started having them, I have been through begging for submissions for some time.
 
From what I have read, people with FF are also having problems so it's not just IE. And some people using IE are not having problems.
Click to expand...

I think whether you experience the issue and how badly it manifests are going to be determined by a couple of things. What OS your running, what anti-virus/anti-malware program your running in addition to what browser your running as well as any conflicts you might have between those programs.

I run windows XP sp2, firefox and Nod32 and rarely have an issue. I agree with Kurt, it seems to only run once per IP, so if you have a static IP, you might experience the issue once and be done with it, if your IP only renews every 24 hours you might experience a lock up once per day etc... If your on dial up and get a new IP each time you sign on and sometimes even have your IP switched on you during your session...you might experience the issue everytime you visit the site.
 
reefrunner69 said:
If anyone has any valid ideas as to where this script is located.....please feel free to PM me.
Click to expand...

Maybe the admins should talk to each other. Talk to fishfreek... I emailed him multiple screenshots I took when using Firebug to track the script months ago.

Agree that the trojan isn't being hosted on AA... but the redirect is. And without any websites pointing browsers to a script page, a trojan is pretty much useless by itself.

This thing just "appears" to go away because the domain the "googlerank.info" redirects to changes from time to time. The googlerank domain isn't where the trojan is. The googlerank domain is just a secondary script that then redirects yet again to the site the trojan/buffer overrun script lives. And that secondary site changes it's domain from time to time. It's actually pretty smart, if you think about it. The bad guys just have to inject the googlerank.info/counter call in your website, and then can change where that redirects to whenever they want.

Get rid of the googlerank.info/counter call and you rid yourself of it. Most likely, one of your php scripts that runs the board has been hacked and that script is putting the call into the AA pages. That's how it appears to be working on other boards.

But talk to fishfreek - I emailed all this stuff to him long ago.
 
reefrunner69 said:
If anyone has any valid ideas as to where this script is located.....please feel free to PM me.
Click to expand...

OK... fine. How's this for specifics:

Look at lines 215 through 221 of your code in your mw3.js javascript file, in your templates subdirectory. Look specifically at line 220. I think you'll find after the "String.fromCharCode" command, all that stuff in the parenthesis is the unicode translation of the iframe call to the googlerank.info domain.

Oh... and I think you should get your money back from that "outside help" to rid yourself of it. I'm not an IT guy and found it pretty quick once I got ticked off enough to really start sniffing around.

Oh... and PM sent also, but if you're not frequenting the site, not sure when you'll ever see it. :roll:
 
Reefrunner said he corrected the file you showed him kurt. See if you see anything now ...

Hopefully not :)
 
Kurt has already forced an IP change and has noted in a thread in the mentor forum that it's gone. I'm going to be a bit more conservative and wait a day or so, but here's hoping it's fixed ;)
 
Is Kurt_Nelson's suggestion what fixed it?
Click to expand...

I think "suggestion" is not exactly the right term, Kurt drew me a map and I followed it. If Kurt had admin acess to the server, it would have been fixed a while ago.

Can someone let Sparky know it's safe to ret urn?
Click to expand...

Absolutely.
 
Thanks to whomever helped. I know it must have took it's toll on both you and Aaron during this period.

Obviously, thanks to Kurt as well.

It takes a genuine person to be able to accept help and then to acknowledge those who fixed it after trying to fix it for soo long.

Your a standup guy Kevin.

BTW, does this get me any brownie points? ROLF
 
Thanks, Kevin and Aaron for troubleshooting and fixing this problem. It seemed as if AA has been slowly bleeding to death the last few weeks. Hopefully, with this problem fixed, things will return to normal again.

Many thanks to Kurt for pinpointing the problem. I have great awe and respect for people who understand programming and networking hardware. Other than MS Office and Photoshop, my knowledge of computers is limited to hooking up USB devices and turning the darn thing on and off.
 
You must log in or register to reply here.

Similar threads

Janet H
  • Sticky
Forum Update - We're back! Ask your questions here.
Replies
5
Views
1K
Autumnsky
Autumnsky
Y
40gallon breeder filter
Replies
6
Views
328
Andy Sager
Andy Sager
F
Leaking Penn Plax Cascade 500 Problem
Replies
3
Views
379
Andy Sager
Andy Sager
bluepandas
Heater started melting...?
Replies
4
Views
229
bluepandas
bluepandas
M
The Unexpected Breeder
Replies
13
Views
723
Andy Sager
Andy Sager

Latest posts

Back
Top Bottom