The Ads causing virus attacks

[shane]

Thanks that What I need guys

[shane]

lX-LUCIFER-Xl ]

have you thought of taking the ads off the site for now ... make some other test forums and test it out there. At least the computers of the community members would not be at risk unless they went to the test site and wanted to help with the virus testing.

 

That would be a great idea but it would require everyone to go use the test forum... the reason we are able to get this info together is because of the traffic that the UF forums have...

 

It could take a month for us to find this issue if a few of us were testing on a test forum...

 

Now that we know which advertiser is the cause for this, we can disable them until they can get the issue fixed.

[Hellraiser]

io got it again on the third page i tried today...

 

i am sorry directors but im getting really annoyed now!!

 

 

 

 

 

 

this time i was unable to navigate from the page and had to click on my UF bookmark to get here.

 

it's pissing me off!

[shane]

Yes we all are and I have disabled the advertiser it takes about an hour for the change to make its way through the system...

[SgtJoeFriday]

This is after my antivirus quarantined them.

 

[shane]

Very good information Joe... that is exactly what I have been looking for!

[GOAT]

Bga? Did you say a Bga.exe.. doesn’t matter what’s in front of it..

 

That’s a Trojan. It was reported by Sophos on 2009-08-14 that’s only a couple of weeks ago.. It’s a clone of Troj/Bancos-BGA which has several other clones with different names.

The other one is a registry entry.. (probably where it put itself).

 

You can read about it here..

http://www.sophos.com/security/analyses/viruses-and-spyware/trojbancosbga.html?_log_from=rss

 

McAfee is also aware of it.. but this puppy is a brand new Trojan that started getting hits just in the last few days ..

http://vil.nai.com/vil/content/v_214580.htm it’s a back door Trojan..

 

Avast also has a new thread on this..

http://forum.avast.com/index.php?topic=47710.0

 

not sure how this would get in via a pop-up.. that’s really not possible.. its been effecting others by a bogus install that uses fake windows update files and copies itself to a temp folder if you do a manual update…

Wow is all I can say.. looks like UF is on the cutting edge of virus detection. LOL

 

Don’t worry though, it’s a new variant of a old virus “win32.agent.bga†most all anti-virus programs will find it if and it’s a part of their protection list. AVG for example already has it in their immunization list.

Still I’m skeptical that you got this by a pop up ad.. that just doesn’t seem to fit the viruses profile. Interesting none the less.

 

[Chaka]

THERES A BIG BLACK BOX IN THE CENTER OF MY DESKTOP SCRREN THAT SAYS YOUR SYSTEM IS INFECTED IN REALLY BIG RED WORDS AND IT ALSO SAYS. SYSTEM HAS BEEN STOPPED DUE TO A SERIOUS MALFUNCTION . SPYWARE ACTIVITY HAS BEEN DETECETED.IT IS RECOMMENDED TO USE SPYWARE REMOVAL TOOL TO PREVENT DATA LOSS.DO NOT USE COMPUTER TIL ALL SPYWARE REMOVED

[GOAT]

Whatever you guys do.. DO NOT CLICK ON install or use any link that they have to remove anything..

 

Close your browser by another method..

 

Or shut down.. open your browser and use the tools to delete all internet history, cache and cookies.. also all browsers have a setting to do this every time you exit the browser.. enable it.

 

If you have a virus protection program. Run it. and let it clean what ever it finds. If not then first off are you crazy! LOL then get AVG Free or Avast Home from www.filehippo.com. Run the virus protection making sure its fully updated and you have enabled real time protection.

Once that's done install a good spyware protection program. I can't think of anything better then Spybot search and destroy. Make sure you update it and use its immunization setting to immunize your browsers from cookies and sites that have been reported. Switch spybot to advance user and use its tools to add Spybots bad host list to your non allowed list, then go to spybots tool I.E. tweaks and lock your host file. Use its Resident Shield and check the "resident SD Helper box" don't check the "Tea-timer" one. Use its system startup list and make sure none are identified in Red color. Delete the startup registery for any red colored items Spybot finds.. Run spybot. Let it clean whatever it finds.

 

Go back to filehippo and get CCleaner. install it by advanced install and uncheck the add-in Google toolbar. also uncheck the auto update function. after it installs go to options/advanced and uncheck the "only delete files older then 48 hours" option. Run CCleaner and clean your system.

 

Reboot. Run your Virus check again to make sure your system is clean. Don't open your browser yet. Delete all your restore points by unchecking the restore in control panel/system (only if its now totally clean). Reboot again re enable the restore program and create a new restore point.

 

Keep Spybot's immunization file up to date as well as your Virus protection program from now on.

 

This is provided as just sound advice and doesn't mean anything as far as the ads here its just something everyone should already have been doing.. receiving malware from this site is more than likely due to the frequency you visit here.. it happens practically everywhere else too this is just where you visit often.

[shane]

The ads have all been stopped... we have only our fillers in place until we figure this out... as for chaka... unless you actually downloaded anything you should have no issues... but follow goat instructions, you can also use malwarebytes.

[Chili327]

Working great now.!!

I cant get anything to go wrong for the life of me. ;D

[o-BacklasH-o]

CpDude05 ]

I just got this one. 12:20 am.

 

 

http://adeptofmastery.cn/go.php?id=2005-10&key=0e6bfde57&p=1

 

So, since no one else is going to ask.....Who is Katie? ;D

 

Also, I haven't gotten anything in the last 30 minutes of being on the forums.

[CpDude05]

If only i could tell ya.

[o-BacklasH-o]

CpDude05 ]

If only i could tell ya.

 

So it's a shemale? That's all that needed to be said. :-X

[Xx-CHURCHY-xX]

BacklasH ]

CpDude05 ]

If only i could tell ya.

 

So it's a shemale? That's all that needed to be said. :-X

I think that's Chili's personal MSN

[HippieChik]

Goat ]

then get Avast Home

 

Once that's done install a good spyware protection program. I can't think of anything better then Spybot search and destroy.

 

Been using both for 2-3 years now. Work GREAT. BTW, I'm not having any of this pop up trouble.

 

[SnowBud]

I think Chaka installed it on accident. Chaka you need to install Malwarebytes and run it, it will clean it off the pc your on and everything will be fine!

[Outlaw__Rebel]

The teeth are back!

[shane]

I need to know if it is top or bottm werhe u saw it

[Outlaw__Rebel]

OK front page on the right side. As you enter the website not the forums.

[shane]

Thanks