TPR forum hacked again?

[Kennilworth]

Hi

I've just tried to access the TPR forum and it seems that the site has been hacked again. It first brought up a page of garbage and then brought up a box advising me to that my computer was probably infected by a virus. A page opened up telling me that I had a number of viruses on my computer. It then brought up a box inviting me to download a program from a website that I didn't recognise. I closed everything down and ran a scan with my virus checker which showed no infections.

If anyone tries to access the forum I would advise them to ignore this warning message which seems to be either someone advertising a virus checker or an attempt to get you to run a program which will presumably infect your computer.

Regards

Brian

 

[realm]

If anyone tries to access the forum I would advise them to ignore this warning message which seems to be either someone advertising a virus checker or an attempt to get you to run a program which will presumably infect your computer.

I vote for option 2... :hehe:

 

[RRSignal]

Yes, that scamware is everywhere now, unfortunately.

 

[meridious]

I have no clue as to how they are getting in. I have it fixed now though.

I've also implemented a new type of security that I found. From my testing so far, it works very well.

If anyone has personal sites or forums that have been hacked or would like to try to prevent it from happening, I will gladly send you the files.

 

[UP5521]

Not again!

ugh,don't these people ever quit,it has been hacked the first time,fixed at that time and now,look what happens,that makes me angry,no trainz site deserves that and even though I don't have a personal site,thanks for the warning!:n:

 

[JCitron]

These IFRAME and JavaScript code injection infections are getting out of hand.

If anyone has been infected with one of those viruses that request that you put in your credit number to remove the infections that it put there, DO NOT put in your credit card number!

You'll only be giving your C/C number to the Russian mob.

If you are infected and want to remove it, download the following program and run it. It is small enough to fit on a thumb drive if you need to do that.

http://live.sunbeltsoftware.com/

I've repair 3 infections so far at work, and all machines are now clean. VipreRescue beat the infection on all 3 occasions.

John

 

[cascaderailroad]

The best way to get out of a webpage that comes up with any strange notice: "You are needing us to get rid of a virus", is to press Ctr+Alt+Del. Sometimes they deceive you with "leave the webpage press"-"OK" BUT it instead "OK" and any other button starts a process that you can't escape.

Some fraudulent notices even immitate a fake but very realistic looking "Norton Antivirus Notice" ... don't fall for them ... get out of it ... and run your own scans.

I have one question: If Norton Antivirus and Malwarebytes say I have no infections ... Is my PC really truely free and clean ?

 

[hert]

Ya opened up my web with a tab opened to the site. and it attacked:hehe: my comp. Immediatley I run a free program named Spybot Search and Destroy very good and removing the spyware and malware.

hert:wave:

 

[Yownanymous]

Having had experience with this type of rogue, I'd advise that pressing OK or Cancel makes no difference with the program being installed either way. The only way to prevent an infection that late on would be to disconnect from the internet and close your internet browser from the task manager (Ctrl+Alt+Del). If you're a firefox user, to prevent this from happening in the future, I'd advise using the plugin noscript, possibly in conjunction with Adblock Plus, which usually has malware domains in its blacklists.

Edit: If you've been infected, try using Malwarebytes and/or Spybot. They're both free and designed for getting rid of "tough" malware.

 

[Yownanymous]

I have one question: If Norton Antivirus and Malwarebytes say I have no infections ... Is my PC really truely free and clean ?

Not necessarily, a lot of malware can infect antivirus components nowadays and tell them everything's clean. Spybot usually works.

 

[skidmark22]

I would advise using Avast! antivirus. It is free, works great, and doesn't have a lot of unwanted crap running in the background. It seems to me that Norton and the other AV giants software takes over your computer and you don't have much control over it. I have been using Avast! for about 3 years with absolutely no problems.

 

[Gandalf0444]

I would advise using Avast! antivirus. It is free, works great, and doesn't have a lot of unwanted crap running in the background. It seems to me that Norton and the other AV giants software takes over your computer and you don't have much control over it. I have been using Avast! for about 3 years with absolutely no problems.

Avast! Is good. However is limited in what it can do and find because it is free afterall. As far as free goes it is excellent. But if you upgraded to the version you have to buy then it is good and is up there with the "big guys" such as Norton and McAfee without your computer being basically hijacked by those programs.

 

[meridious]

Relating to my post above, we have had two attempts from hackers since I installed the security software. Once from Philadelphia and one from the Czech Republic according to an ip address lookup.

So far so good.

 

[Yownanymous]

However is limited in what it can do and find because it is free afterall.

Rubbish. What a stupid thing to say. Just because something's free doesn't mean it isn't powerful or can't contend with commercial rubbish with over-inflated prices because of a name. Look at Spybot and even Microsoft Security Essentials. They're both free programs and easily more powerful than Norton or McAfee.

 

[bendorsey]

Hi Meridious:

I just finished uploading 6 items to the TPR site. The first 2 acted normally but the next 4 acted a bit odd and so far I've only gotten 2 "Thank you for your upload" e-mails. They were 14th Street Bridge 2 thru 7 if you'd like to check.

Thanks,

Ben

 

[on30gn15]

"Threatfire", anyone?

CNET's description of it in their product review, they gave it 5 stars out of 5 stars.

CNET editors' review

Reviewed by: Seth Rosenblatt on November 23, 2009
ThreatFire offers real-time prevention of virus and malware infections by identifying suspicious behavior ("zero-day" events) as it happens, before malicious code installs itself on your PC. Formerly known as CyberHawk, ThreatFire has made some dramatic and noticeable feature improvements since it was bought by PC Tools.
ThreatFire seeks out rootkits, heuristics-based threats, viruses, worms, Trojans, spyware, adware, keyloggers, and buffer overflows. The software real-time protection didn't noticeably slow down our computer, and the customizable advanced settings were excellent. Users can pick and choose their preferred trusted processes and create rules for detection, such as scanning for SCR files created by an e-mail client. You can also avail yourself of the scheduler, and create a system restore point before moving threats into quarantine. The IntelliScan took about 15 minutes on our machine, but it didn't lock us into scanning mode. We were still able to check out other panes in the ThreatFire interface.
The only problem encountered was that occasionally, threats would be detected but without a name label. This made it hard to determine if they were genuine or false positives. ThreatFire has improved markedly, though, and working as a complement to your currently-installed antivirus it should be considered a serious protection tool.

 

[HiBaller]

Interesting, but Threatfire's web site is "unavailable" with a DNS failure. Not very promising.

www.threatfire.com

Bill

 

[JCitron]

In addition to putting the fake antivirus on your system, some of these programs disable the CTRL-ALT-DEL, and the Task Manager.

The only way to fix this is to either edit the registry and add back the appropriate key, and or add the values back into the Group Policy settings. I had to do the former on one machine that got hit.

@Meridious - This sounds very promising.

John