Train sim site Malware warning

R

Robert2d6

Cab Driver
There is another train sim forum that I visit once in awhile, and Chrome is giving me a big Malware warning on it. Anyone else notice this?
 
Can you PM me the address of the site in question, so I can check it? The reason I'm asking to do it that way is to protect other users who may read this thread.

Shane
 
If you're talking about trainsim.com and flightsim.com, confirmed problem with firefox and chrome, not internet explorer. Nels has been informed and he's on it, apparently it's one of the google ads that google is having a problem with. :hehe: The websites themselves are clean so you can safely click the ignore button.

56355705.jpg


Next page;

22453731.jpg


Wouldn't surprise me if google itself has been hacked.
 
Not quite the warning that I saw, which is this one 10 minutes ago. .




Advisory provided by
malware_logo.gif
Safe Browsing

Diagnostic page for trainsim.com


What is the current listing status for trainsim.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 30 pages we tested on the site over the past 90 days, 8 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-25, and the last time suspicious content was found on this site was on 2012-12-25.Malicious software is hosted on 1 domain(s), including penetraterarest.pro/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including flightsim.com/,journaldugeek.com/.
This site was hosted on 3 network(s) including AS32613 (IWEB), AS13335 (CLOUDFLARENET), AS15169 (Google Internet Backbone).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, trainsim.com appeared to function as an intermediary for the infection of 1 site(s) including train-sim.com/.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
 
Last edited:
Which browser? Not getting it now in firefox or chrome.

"Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, trainsim.com appeared to function as an intermediary for the infection of 1 site(s) including train-sim.com/

I'm trying to wrap my head around that one, trainsim is acting as an intermediary to infect itself? Not sure if it's me or giggle, but one of us is fuzzy on the definition of "intermediary".
 
sniper297 said:
Which browser? Not getting it now in firefox or chrome.

"Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, trainsim.com appeared to function as an intermediary for the infection of 1 site(s) including train-sim.com/

I'm trying to wrap my head around that one, trainsim is acting as an intermediary to infect itself? Not sure if it's me or giggle, but one of us is fuzzy on the definition of "intermediary".
Click to expand...

I copied and pasted what is in my above post from Chrome, this afternoon. I just tried it now, and the warning has disappeared.
 
Yeah, I been trying different pages in firefox and chrome for the last hour, seems to be fixed now. Gotta wonder about antivirus sometimes;

552431_477962428914709_1024815567_n.jpg


McAfee doesn't recognize McAfee so I'm supposed to tell McAfee about McAfee? If I did would they understand it? :hehe:
 
Ha ha.

Sometimes I wonder about McAfee. When I got my new computer with McAfee I ran some comparisons between it and my old computer with Norton. I found Sites that Norton said were safe generated a warning with McAfee. OK - so McAfee is better (or more suspcious). About 3 weeks ago McAfee suddenly started red flagging every zip folder I received but would not red flag the contents if sent seperatly (photos as jpgs). Now I know the gent sending them isn't sending me malware. He takes pics of bridges and buldings he would like me to make for a route he is making, puts them into his compter from his camera, and sends to me. His IPO runs them thru Norton before sending. My IPO runs them thru Norton before allowing me to decide if I want to save them or not. Both give a clean bill of health but then McAfee red flags them. The worst thing is I can't for the life of me figure out how to contact McAfee to ask them about this. A gazillion things on thier website but nary a one that sez "contact us" (like send an e-mail).

Ben
 
bendorsey said:
Ha ha.

Sometimes I wonder about McAfee. When I got my new computer with McAfee I ran some comparisons between it and my old computer with Norton. I found Sites that Norton said were safe generated a warning with McAfee. OK - so McAfee is better (or more suspcious). About 3 weeks ago McAfee suddenly started red flagging every zip folder I received but would not red flag the contents if sent seperatly (photos as jpgs). Now I know the gent sending them isn't sending me malware. He takes pics of bridges and buldings he would like me to make for a route he is making, puts them into his computer from his camera, and sends to me. His IPO runs them thru Norton before sending. My IPO runs them thru Norton before allowing me to decide if I want to save them or not. Both give a clean bill of health but then McAfee red flags them. The worst thing is I can't for the life of me figure out how to contact McAfee to ask them about this. A gazillion things on thier website but nary a one that sez "contact us" (like send an e-mail).

Ben
Click to expand...

Ben,

McAfee is at the bottom of the antivirus/antimalware feeding frenzy. That's why it's the one that's given away freely by Comcast, other ISPs, and PC builders. We use the McAfee corporate package where I work and it never, ever, finds anything until after the fact. We'd have a mess up PC brought to us by a user, we'd run a scan on it by Malwarebytes, or Vipre Rescue, and a bunch of Malware would be found. This is after McAfee said the machine was clean. Once the malware was "touched" by the scanning process and quarantined, it would wake up and say that a virus was found. Well doh! The other programs told us that already!

The other thing to remember too is not every antimalware program will always find everything because of the way their engines work. Some of the antivirus engines are what is called heuristic, and look for suspicious patterns in the files with better algorithms. while others are a bit slow, or don't have that level of scanning. Like anything the better the program, the better the engine. Companies such as GFI, are at the forefront of antimalware, while others aren't so great with a big swath right in the middle.

If you're really concerned about an infection, or suspicious false report, run another package from one of the free scanners, and see if it reports the same. In general, if my Vipre says something is suspicious, I'll run Trend's House Call and Malwarebytes. Both of these other packages have a high rating. If these report the system is clean, then I'm getting false alarms. The same goes both ways. 99% of the time, though, Vipre is spot on, which shows that they have a good scanned engine.

John
 
False positives are a problem, procedures are a major part of PC security that are often overlooked. I normally run Firefox 32 bit with noscript without flash that combination is fairly safe, but occasionally I use 64 bit IE if the site doesn't work with Firefox without Java. Running in an account that is user level rather than admin level is safer.

64 bit IE has the advantage of being updated by Microsoft update and happens to be a bit more secure than IE 32 bit.

I suggest you avoid religious sites, they have a tendency to not have the latest security updates applied and their users seem to trust them so they are a very tempting target for Malware.

Cheerio John
 
JCitron said:
Ben,

McAfee is at the bottom of the antivirus/antimalware feeding frenzy. That's why it's the one that's given away freely by Comcast, other ISPs, and PC builders. We use the McAfee corporate package where I work and it never, ever, finds anything until after the fact. We'd have a mess up PC brought to us by a user, we'd run a scan on it by Malwarebytes, or Vipre Rescue, and a bunch of Malware would be found. This is after McAfee said the machine was clean. Once the malware was "touched" by the scanning process and quarantined, it would wake up and say that a virus was found. Well doh! The other programs told us that already!
Click to expand...

This. A big part of the issue is that big companies like Norton or McAfee have no real incentive to improve their product. When all of your budget is oriented towards marketing and virtually nothing towards R&D, this is what you get.
 
RRSignal said:
This. A big part of the issue is that big companies like Norton or McAfee have no real incentive to improve their product. When all of your budget is oriented towards marketing and virtually nothing towards R&D, this is what you get.
Click to expand...

That's absolutely a big part of it. These companies spend more time pushing themselves rather than doing the right thing. McAfee is notorious for this. Where I work, we also use their Endpoint Encryption which is a POS. If you ever look at the support KB for McAfee EPE, you'll see the nightmare we face with this product. As it stands now, if a hard disk is corrupt, we can't recover the data. Period. This is even with a special recovery system I had to setup. This is yet another product, which was actually purchased from another company, that has been sold to the public and forgotten. Their support sucks for this, and I wouldn't go near it if I didn't have to deal with it. There were plenty of better solutions out there, but my company was sold a bill of goods at the executive level.

I remember when Norton Antivirus was the "gold standard" when it came to system protection and utilities. This product went down hill rather quickly once Symantec purchased Norton Software. Back in the late 1990s, when my old company was sold off from Polaroid, we had the opportunity to get away from the Norton fiasco. At that time, we went with Trend Micro. Their corporate product was excellent, and did an excellent job for us. Their OfficeScan was an excellent desktop protection tool, and combined with ServerProtect, and ScanMail for Exchange, we had an excellent package. All the products used the same scan engine technology as well as the same definition files, making the updates easy to track. Their consumer products weren't bad either at the time. I happened to also have been using Norton crapware, and I spoke with a representative at Trend Micro. They gave me a free copy, which I used until the upgrades came out. After that I used their products for another 3 or 4 years, and still recommend them if people want an alternative to Norton or McAfee. Another good one is Vipre from Sunbelt, which I use today.

I ended swapping from Trend Micro eventually. I had installed an antimalware product from Computer Associates. It turned out that Sunbelt Software, whom I had dealt with for technical tools, had actually written the underlying engine for CA's product. When CA discontinued their product, Sunbelt asked me if I wanted to beta test their new antimalware product they were coming out with, and I ended up with their spyware scanner. Eventually they came out with the Vipre Antivirus/Antimalwre Internet Security, which I use today after I beta tested that one.

Vipre has a really, really small memory footprint, unlike Symantec, and I've found the scan engine to be relatively good. The founder of Sunbelt Software is Alex Eckleberry who is one of the top security-experts in the industry. Sunbelt was recently sold to GFI, mostly because due to business reasons. Alex was a great developer, but a poor marketeer and could never promote the company well. Vipre fits in well with GFI's line and is still an excellent product today.

John
 
You must log in or register to reply here.

Similar threads

T
  • Locked
WARNING Trainzland search Russian page
Replies
5
Views
780
oknotsen
O
L
  • Locked
Dovetail - N3V 1 : 0
6 7 8
Replies
157
Views
13K
ZecMurphy
ZecMurphy
P
Some newbie Trainz22 questions
Replies
6
Views
685
paulgul2
P
A
I've been out of the loop a long time... TRS for a UK modeller in 2025.
Replies
1
Views
345
ColPrice2002
C
C
Dealing With Validation Error 33 For Lady From Clay Truck Works
Replies
4
Views
283
JimDep
J
Back
Top