http://gamingtrend.com
September 01, 2014, 03:31:12 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Calendar Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Malware warning? 7/14/10  (Read 2027 times)
0 Members and 1 Guest are viewing this topic.
Turtle
Gaming Trend Senior Member

Offline Offline

Posts: 9350



View Profile WWW
« on: July 14, 2010, 07:08:29 PM »

Chrome just put up a malware warning for this site when I first visited today. Would this have anything to do with the update, ads, or should I be worried?
Logged
EngineNo9
Gaming Trend Senior Member

Offline Offline

Posts: 11019


I said good day, sir!


View Profile WWW
« Reply #1 on: July 14, 2010, 07:11:45 PM »

I just got the same thing.  Here's the test for the warning from Chrome:

Quote
Warning: Visiting this site may harm your computer!
The website at www.gamingtrend.com contains elements from the site 194.8.250.221, which appears to host malware software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for 194.8.250.221.
Learn more about how to protect yourself from harmful software online.
Logged

Sandwiches do fix everything.
jersoc
Gaming Trend Senior Member

Offline Offline

Posts: 4812


View Profile
« Reply #2 on: July 14, 2010, 07:22:17 PM »

I got the same and gaming trend kept redirecting back to my homepage. I had to clear all the browsers data first.

Nothing came up in my scanner or in spybot
Logged
Caine
Gaming Trend Senior Member

Offline Offline

Posts: 10004


My cocaine


View Profile WWW
« Reply #3 on: July 14, 2010, 08:24:27 PM »

Got the same in chrome.
Logged

Teggy
Gaming Trend Senior Member

Offline Offline

Posts: 8555


Eat lightsaber, jerks!


View Profile
« Reply #4 on: July 14, 2010, 08:43:50 PM »

OK, then I'm not crazy. I am getting the redirect to my homepage when using Safari for Mac, which is webkit, like Chrome. It doesn't happen on firefox.
Logged

"Is there any chance your jolly Garchomp is female?" - Wonderpug
Destructor
Special Project Group
Gaming Trend Senior Member

Offline Offline

Posts: 15920


▲▲▼▼◄►◄►B A Start


View Profile WWW
« Reply #5 on: July 14, 2010, 08:45:25 PM »

It's happening in Firefox for me. I'm getting a redirect warning via NoScript 90% of the time.

Current fix in Firefox - download the User Agent Switcher addon and change it to iPhone 3.0. Yeah, it's a poor man's fix (and it'll drop you to mobile versions of sites once you leave GT), but it works. Just flip it back to default whenever you intend to leave.

FYI - my virus/malware scanner isn't lighting up (avast!), so it's not that. Personally, I'm guessing it's how TapATalk interacts with the forum or something (sadly, for those who use it).
Logged

"All opinions posted are my own, and not those of my employers, who are appalled."
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #6 on: July 14, 2010, 09:06:07 PM »

I've disabled TapaTalk.   Are you getting the same behavior now? 
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
LoneStarSpur
Gaming Trend Senior Member

Offline Offline

Posts: 1424


Glad to be old!


View Profile
« Reply #7 on: July 14, 2010, 09:08:39 PM »

Kapersky popped this message this morning:

detected: virus HEUR:Exploit.Script.Generic   file: http://194.8.250.221/bomj///194.8.250

Also, the 'go to last post' button now goes to the bottom and then right back to the top.

Haven't seen the Kapersky message this early this morning.

using the latest dev build of Chrome.
Logged

Fallin' feels like flyin'. For a little while. - Bad Blake
You're a funny drunk. - my wife
Mithridates
Gaming Trend Senior Member

Offline Offline

Posts: 631


View Profile
« Reply #8 on: July 14, 2010, 09:10:17 PM »

Norton flipped out this morning about the site too.  Then it later removed a virus.  I would think the two are related although I guess it could be a coincidence. 
Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #9 on: July 14, 2010, 09:15:14 PM »

Any new reports?  My Symantec at work hasn't hit at all...
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Teggy
Gaming Trend Senior Member

Offline Offline

Posts: 8555


Eat lightsaber, jerks!


View Profile
« Reply #10 on: July 14, 2010, 09:26:53 PM »

Safari is still having the redirect issue and I see the "new" button issue on firefox (since I can't actually browse the site using Safari).
Logged

"Is there any chance your jolly Garchomp is female?" - Wonderpug
gellar
Gaming Trend Senior Member

Offline Offline

Posts: 8974


I'm a dolphin!


View Profile
« Reply #11 on: July 14, 2010, 09:48:29 PM »

Ron,

There's definitely something on the site that's causing some hits from that IP, which after doing some research on definitely has some bad stuff going on with it.  It's based in Moldova, registered to a gmail address, and has shown malware at multiple locations on the IP.  It is bad news.

The reason your SEP at work isn't picking it up is it's looking for the actual payload rather than the IP reputation.  You haven't been redirected to the specific malware so you aren't getting lit up.  The endpoint browsers are just throwing warnings based on blacklisted IPs.

Something has been compromised if you don't have any relationship with that IP.

EDIT: Drop me a line if you want some to discuss further.
« Last Edit: July 14, 2010, 09:50:32 PM by gellar » Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #12 on: July 14, 2010, 09:56:12 PM »

Quote from: gellar on July 14, 2010, 09:48:29 PM

Ron,

There's definitely something on the site that's causing some hits from that IP, which after doing some research on definitely has some bad stuff going on with it.  It's based in Moldova, registered to a gmail address, and has shown malware at multiple locations on the IP.  It is bad news.

The reason your SEP at work isn't picking it up is it's looking for the actual payload rather than the IP reputation.  You haven't been redirected to the specific malware so you aren't getting lit up.  The endpoint browsers are just throwing warnings based on blacklisted IPs.

Something has been compromised if you don't have any relationship with that IP.

EDIT: Drop me a line if you want some to discuss further.

Nope, no relation to that IP.  I'm gonna get to work blocking it at the site level and then we'll see if I can't find the culprit.  I needed this right after the failures this weekend.  Sigh.
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #13 on: July 14, 2010, 10:02:41 PM »

I've suspended all ads but it takes time to take effect.  It takes time to take effect, but let's hope it's as simple as that.
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #14 on: July 14, 2010, 10:13:17 PM »

Ok.   Are you seeing any sort of malware / post strangeness now?
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
gellar
Gaming Trend Senior Member

Offline Offline

Posts: 8974


I'm a dolphin!


View Profile
« Reply #15 on: July 14, 2010, 10:13:48 PM »

The site functional oddities seem to have gone away after you disabled ads.
Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #16 on: July 14, 2010, 10:20:28 PM »

Quote from: gellar on July 14, 2010, 10:13:48 PM

The site functional oddities seem to have gone away after you disabled ads.

Yea, we were getting code injection from, of all places, GOOGLE.  I'm somewhat less than happy.  smile
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Teggy
Gaming Trend Senior Member

Offline Offline

Posts: 8555


Eat lightsaber, jerks!


View Profile
« Reply #17 on: July 14, 2010, 10:51:33 PM »

I'm no longer having either problem in Safari for Mac.
Logged

"Is there any chance your jolly Garchomp is female?" - Wonderpug
leo8877
Gaming Trend Senior Member

Online Online

Posts: 12599



View Profile
« Reply #18 on: July 14, 2010, 10:52:26 PM »

Quote from: Teggy on July 14, 2010, 10:51:33 PM

I'm no longer having either problem in Safari for Mac.

Same, it's been fixed for me after whatever you did.
Logged
CeeKay
Gaming Trend Staff
Gaming Trend Senior Member

Offline Offline

Posts: 71766


La-bibbida-bibba-dum! La-bibbida-bibba-do!


View Profile
« Reply #19 on: July 14, 2010, 10:53:48 PM »

NUKE MOLDAVA!
Logged

Because I can,
also because I don't care what you want.
XBL: OriginalCeeKay
Wii U: CeeKay
Huw the Poo
Gaming Trend Senior Member

Offline Offline

Posts: 3162


Please feed dog


View Profile
« Reply #20 on: July 14, 2010, 10:57:16 PM »

I was never getting malware alerts, but since you disabled the ads the #new function is working again.  Hurrah!  A working forum and no ads! \o/
Logged

Resident anti-Steam troll
Steam profile
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #21 on: July 15, 2010, 12:04:53 AM »

Quote from: Huw the Poo on July 14, 2010, 10:57:16 PM

I was never getting malware alerts, but since you disabled the ads the #new function is working again.  Hurrah!  A working forum and no ads! \o/

We are going to be doing some updates and you'll see the GoG and GoGamer ads return, but Google has flat pissed me off at this point.
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Arkon
Gaming Trend Senior Member

Offline Offline

Posts: 6073


View Profile
« Reply #22 on: July 15, 2010, 01:18:07 AM »

I actually got hit hard by it this morning at 7:40 AM.  When I navigated to the front page of GT, Firefox popped up that a plugin was missing and Java tried to run.  I hadn't clicked on anything as I was a bit surprised, and immediately a window popped up with antivir trying to scan my system "claiming" it was infected with numerous threats.  I was unable to launch any exe's, had to power off and then back on into safe mode.  Something had been put into my startup and had numerous registry entries.  Managed to get it all cleaned up, but it almost kept me from being able to deliver training for work as this was on my work laptop.  For some reason I did not have NoScript running which would have likely blocked this.
Logged
YellowKing
Gaming Trend Senior Member

Offline Offline

Posts: 3066



View Profile
« Reply #23 on: July 15, 2010, 01:32:13 AM »

I got hit too. "Antivir Pro" malware that killed my Microsoft Security Essentials, set up a fake proxy so internet wouldn't work, etc. Luckily Malwarebytes was able to clean it in safe mode.
Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #24 on: July 15, 2010, 01:39:24 AM »

Damn guys...I'm really sorry.  frown  I feel like a prick. 
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Arkon
Gaming Trend Senior Member

Offline Offline

Posts: 6073


View Profile
« Reply #25 on: July 15, 2010, 01:44:28 AM »

Quote from: YellowKing on July 15, 2010, 01:32:13 AM

I got hit too. "Antivir Pro" malware that killed my Microsoft Security Essentials, set up a fake proxy so internet wouldn't work, etc. Luckily Malwarebytes was able to clean it in safe mode.

I am going to need to get Malwarebytes, I am still dealing with proxy oddities.  Sadly the internet at my hotel sucks ass.
Logged
gellar
Gaming Trend Senior Member

Offline Offline

Posts: 8974


I'm a dolphin!


View Profile
« Reply #26 on: July 15, 2010, 02:47:56 AM »

Quote from: Knightshade Dragon on July 15, 2010, 01:39:24 AM

Damn guys...I'm really sorry.  frown  I feel like a prick. 

Not much you could have done about it, KD.  Short of running an entirely closed site that has extremely good security procedures, it's not really a matter of if, but when a site gets compromised.

Logged
jersoc
Gaming Trend Senior Member

Offline Offline

Posts: 4812


View Profile
« Reply #27 on: July 15, 2010, 06:36:54 AM »

Nah, google is apparently less than stellar in their ads, which is quite bad since that's how they make so much mountains of money. I read Qt3 sometimes and a month or so ago they got hit with an ad like this too. From what I read google is pretty slow at doing anything about it and short if turning off ads not much you can do.

I didn't get anything just visiting now.
Logged
belfong
Gaming Trend Reader

Offline Offline

Posts: 50



View Profile
« Reply #28 on: July 17, 2010, 04:35:03 AM »

I'm generally very careful about websites I go. I'm using IE8 Win7. Two days ago, out of a sudden, MS Security Essentials reported malware, virus and removed it. I blamed my wife as she was using the PC to surf for recipe. Now that I read about this, I'm relieved in that it could be my fault! I discovered GT two days ago too (I'm not blaming GT, btw). At least I know what happened compared to guessing which program or sites is giving problems.

Since MS Security Essentials removed the virus, it should be no issue right?
Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21054



View Profile WWW
« Reply #29 on: July 17, 2010, 05:11:46 AM »

Correct.  The virus should be toast.  I've also removed the ads and I'm going to have a very terse conversation with the folks at GoG and GoGamer to fix their damned ads....
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
YellowKing
Gaming Trend Senior Member

Offline Offline

Posts: 3066



View Profile
« Reply #30 on: July 18, 2010, 08:02:29 PM »

No worries, KD. I deal with viruses/malware all day long at work; one more at home didn't kill me.  icon_biggrin
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
Valid XHTML 1.0! Valid CSS!
Page created in 0.127 seconds with 84 queries. (Pretty URLs adds 0.031s, 2q)