Virus
Go to page 1, 2  Next  :| |:
-> Important Announcements!
#1: Virus Author: DallanCLocation: Utah PostPosted: Tue May 28, 2013 9:23 pm
    ----
I am getting reports from users about a virus when they attempt to access HuntingNut. I am talking to my webhost to see if this is valid, or it its a false positive.

Details to follow as I learn more.


-DallanC

Last edited by DallanC on Tue Dec 03, 2013 5:30 pm; edited 1 time in total
#2: Re: Virus Author: DallanCLocation: Utah PostPosted: Tue May 28, 2013 9:48 pm
    ----
From my host:

Quote::
Hi,

I am sorry, but it look like a cached or false positive alarm on AVG. I have performed a full scan on your account and the result is just positive;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
scan completed on /home/hunting/public_html: files 27482, malware hits 0, cleaned hits 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Also, checked the domain with other antivirus site like McAfee, Norton etc and those results showing there is no infections on your account.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huntingnut.com

We tested this site and didn't find any significant problems.
Are you the owner of this site? Leave a comment
Contact information: Country Popularity

United States

Some users
Automated Web Safety Testing Results for huntingnut.com
E-MAIL TESTS FOR HUNTINGNUT.COM:
DOWNLOAD TESTS FOR HUNTINGNUT.COM:
Downloads we found on this site:
Download Analysis
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
6 total downloads. See more.
6 green downloads
In our tests, we found downloads on this site were free of adware, spyware, and other potentially unwanted programs.
View detailed analysis
Submit a download for analysis
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Thank you.
Regards,
--
Alex Spaford
Level 2 System Administrator
TotalChoiceHosting INC.


Still digging, into this!


-DallanC
#3: Re: Virus Author: DallanCLocation: Utah PostPosted: Wed May 29, 2013 11:20 am
    ----
Ok I was able to track down the infection, it does indeed seem we got accessed somehow. I will continue to investigate how this happened, meanwhile the site appears "clean".

If anyone happens to notice any pages that trigger wierd behavior let me know. Apologies for the inconvience!


-DallanC
#4: Re: Virus Author: shrpshtrjoeLocation: Maryland PostPosted: Wed May 29, 2013 1:36 pm
    ----
Cool Very Happy Thanks for your efforts Dallan...
#5: Re: Virus Author: DawgdadLocation: On the Prairie PostPosted: Wed May 29, 2013 1:56 pm
    ----
I had posted a link to a photo hosted on Coppermine and some people said they got a "hack attempt has been recorded" alert when they tried to open it.
#6: Re: Virus Author: DallanCLocation: Utah PostPosted: Wed May 29, 2013 1:57 pm
    ----
Dawgdad wrote:
I had posted a link to a photo hosted on Coppermine and some people said they got a "hack attempt has been recorded" alert when they tried to open it.

Email me the link you used, I will look into it.


-DallanC
#7: Re: Virus Author: DallanCLocation: Utah PostPosted: Wed May 29, 2013 2:00 pm
    ----
shrpshtrjoe wrote:
Cool Very Happy Thanks for your efforts Dallan...

Heh no problem. I had a site wide backup made on the 13th of this month, so I made a new backup with the virus, then ran some software I have that does file comparisons to show what changed from one version to the next. It quickly showed the 70'ish files that got modified. I manually restored them all and it seems fine.

As annoying as it is, it seems we are "big enough" that hackers feel we are worth the effort to access.


-DallanC
#8: Re: Virus Author: DallanCLocation: Utah PostPosted: Wed May 29, 2013 2:02 pm
    ----
PS: the trojan really only seemed to affect the newest version of Internet Explorer (version 10), it would just try to redirect the user from HuntingNut to some silly dating site.


-DallanC
#9: Re: Virus Author: shrpshtrjoeLocation: Maryland PostPosted: Wed May 29, 2013 2:27 pm
    ----
DallanC wrote:
PS: the trojan really only seemed to affect the newest version of Internet Explorer (version 10), it would just try to redirect the user from HuntingNut to some silly dating site.


-DallanC

That's what I have . No problems logging in now Very Happy .. My Norton antivirus wouldn't even let me log in earlier I guess it works Smile
#10: Re: Virus Author: Ominivision1Location: Iowa PostPosted: Wed May 29, 2013 2:54 pm
    ----
One other thing to watch for is rogue certificates being installed on your web browser(s). If you get redirected to another website, shut down the browser and lock the firewall and open up FF or whatever you use) and go to advance settings (encryption, view certificates) and I found found a rogue sever security certificate installed who knows when (date).
#11: Re: Virus Author: gelandanganLocation: Sydney Australia PostPosted: Wed May 29, 2013 3:10 pm
    ----
Good on you Dallan!
Thanks for the hard work, I am glad we are back.
#12: Re: Virus Author: PumpkinslingerLocation: NC foothills PostPosted: Wed May 29, 2013 4:19 pm
    ----
Yep, I was going through HuntingNut withdrawal! Norton blocked it at home and whatever they use at work did the same.
#13: Re: Virus Author: PumpkinslingerLocation: NC foothills PostPosted: Wed May 29, 2013 10:58 pm
    ----
Hmmm, when I went to the photos here to put some in a post I got that same warning from Norton that I was getting on Tuesday. Here is some of the Norton information.

Category: Intrusion Prevention
An intrusion attempt by www.huntingnut.com was blocked.
Web Attack: Mass Injection Website 5, ,"www.huntingnut.com (208.76.80.141,80) ",www.huntingnut.com/modules/coppermine/scripts.js," Network traffic from www.huntingnut.com/mod...scripts.js matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE.
#14: Re: Virus Author: VinceLocation: Brisbane AUSTRALIA PostPosted: Wed May 29, 2013 11:36 pm
    ----
Well done Dallan. Once again your hard work saves our hunting community from a withdrawal meltdown and subsequent depression, anxiety and other psychological maladies mate.

I bow to your superior knowledge and abilities. Bow Bow
#15: Re: Virus Author: ElvisLocation: south island New Zealand PostPosted: Thu May 30, 2013 12:26 am
    ----
good on you DallanC
YOU THE MAN
-> Important Announcements!

All times are GMT - 7 Hours

Go to page 1, 2  Next  :| |:
Page 1 of 2