17 replies to this topic

[bobc]

Went to Cloudeight InfoAve Forum last night from favorites and picked up 9 trojans just opening the site. Closed out and ran Norton and spybot to cleanup.



This morning I went to favorites and opened CloudEight InfoAve and picked up Trojans again.







Deleted everything from Norton and all is clear I assume. Will delete CloudEight from Favorites and Google same and see if I get Trojans again.
Anyone else heard of the problem or have any ideas. Thanks

[Broni]

Do you have "Spywareblaster" on, and updated?

[bobc]

Hi Broni, yes spywareblaster is on and updated. Norton is updated, SpyBot is updated.
After last post I Deleted CloudEight from Favorites and Googled same. Opened in Google and received this again.



Deleted from Norton and Ran scan. Showed no threats on full scan.
Will try SpyBot and see if it finds anything.

[Broni]

Post a HijackThis log as well....

[woodworker]

Bob, did you download or open anything from that site. Did you do anything other than just click on the site?

[woodworker]

Well, I could not leave well enough alone, so I had to click on the site. SURE ENOUGH......picked up all the stuff you did. AVG did not let it through and stopped it, warned and quarantined at once. But, I will do the cleaning. Might want to stay away from that site.

Is that a regular, Favorite, of yours?

[bobc]

Ran SpyBot and no threats found.



WW, all I did was click on site in my Favorite list. Deleted same and Googled the site and got Trojans again right off Google to site. I did not download anything, I did not even log in to the site.

Peggy I already listed the site, but not by url. Anyone can Google it and see what happens.

Broni, that is my next step. I know Dobhar is busy so I will go to the site he posted earlier for assistance.

All other forums I visit are okey. No problems what ever.

Sure is weird. Thanks all for looking and help.

[bobc]

WW, I always went there every night with no problems till last night.

Hope yours cleans up okey. Thanks for the lokk. I think it is now the site and not me.

[dano2]

Buddy of mine told me Thursday he went to the WinZip site and downloaded WinZip for a Win 98 box he's building for his grand daughter and got a trojan. He uses F-Secure and it couldn't remove it. Would only rename it. Yeah, he uses IE.

These things must be flooding the net right now.

[Broni]

Bob...
I'd like to see your HJT log as well....
BTW...I went to that site, and nothing happened to me....Win 2000/Netscape

[Broni]

Dano...

Quote

Would only rename it.

Then, ask him to use "MoveOnBoot" to get a rid of it.

[fairlopgirl]

Boy - am I confused!! They say they don't have any spyware etc. I get their newsletters regularly!!

PS I don't go on the forum - is that the source of the problem?

Edited by fairlopgirl, 07 May 2006 - 12:19 AM.

[dano2]

The forum could have been hacked. Another forum I belong to pertaining to video was hacked a few weeks ago. Seems anytime someone clicked on a certain signature file they were redirected to a Lycos website. And also any others who had clicked on the signatures had their signatures infected. It was a mess for a couple of days until the admins figured out what was going on.

[cybormoron]

just registered without a prob using firefox. i hope invision power boards aren't being attacked.

found this post from there; this quote is from the cloudeight infoave board dated 5may06

Quote

> This Site Has Been Compromised, It appears that this site has been a victim of hackers

Options V

theCaptain 
post Today, 08:16 AM
Post #1





Group: Members
Posts: 2
Joined: Today, 07:56 AM
Member No.: 5758




It appears that this site has been a victim of hackers. Users who visit this site without having their IE browser patched will have SpySheriff (a rogue piece of spyware impersonating anti-spyware) installed through what is know as a WMF exploit. It appears that they have also obtained the listing of registered users because many people are recieving emails with links to a trojan downloader that will also install SpySheriff. DO NOT open any links on emails. Please make sure your browsers are patched with the latest patches from Microsoft. Always run reputable anti-spyware/virus programs.

I've tried to contact the owners of this site without any success beginning yesterday morning. This morning I've asked the hosting company to take this site offline until the owners can be contacted and this problem resolved. It's hard to believe that the owners could leave their site unattended for so long - but there you have it. I don't know if they will take it offline or not, but it needs to be fixed pronto. I don't know how many visitors come to this site, but those without the latest security are having their machines infected with one of the worst spyware applications out there.

theCaptain

[dobhar]

Bob...

Spysheriff is a known nasty and it comes in different flavours. One of the guys in my dept got hit just by visiting a site...it took me about 1 1/2 hrs to clean up his PC. Man was I rusty...have not done a HJT log in a few months. I'm going to have to go back to school (Malware Removal University) and get caught up with all the new stuff. I just PM'd the BOSS over there asking for a refresher...I guess I'll see what happens.

Anyways...There are some good tools out there that the HJT helpers have created and are using so I would definitely go to MWR and post a log for them to look at. Their motto is "We never give up!".

After you post there please post the link to your thread back here so we can check it out.

[bobc]

Thanks dobhar. Will have MWR check out my Hijack log.

Found this a little while ago on Spy Killer forum site.

[Broni]

It seems like all kind of sh** has been going on, lately...
My girfriend's laptop got infected with some "Spyfalcon" crap.
It pretends to be some spyware protection program, but in reality it's a spyware itself.
My girlfriend sweared, she didn't click on anything suspicious....
Anyway, it took me over an hour to kill that thing...