 | ||||
| ||||
| | ||||
| ||||
| Welcome to the UltraBB public support forum! Did you know there is an inexpensive totally integrated gallery available for UltraBB? Read more here: Gallery Details |
| Moderated by: Jim |
|
||||||||||||||
| Recent Virus Attack | Rate Topic |
| Author | Post |
|---|
| Posted: Sat Jan 9th, 2010 11:51 pm |
|
1st Post |
|
Jim I work here 
|
It has come to my attention that at least one customer thought that I was fixing every account on the server and was upset that they still were infected. There was a small percentage of overall customers that were infected. The cleaning was done per account on an as reported basis. The only complete cleaning I did was my dedicated server customers.... very few accounts and no infections by the way. If you think your account is still infected PLEASE SAY SOMETHING and I will check. There are only 3 files in Ultra affected so it is easy to clean. However it was on 2 servers and there are enough customers that looking through every single folder would take days and it wasn't necessary. So in recap: Some customers on 2 servers were infected with a virus. It had nothing to do with the software, rather stolen FTP passwords. All that have reported were dealt with as soon as my little fingers could type the commands. I will fix your ultra board even if it is on another company's server but I need to know it is infected. Jim
|
||||||||||||||
| |||||||||||||||
| Posted: Sat Jan 23rd, 2010 11:13 pm |
|
2nd Post |
|
Jim I work here
|
JUST A NOTE I am one of the most careful people about viruses and malware I have ever met. Or so I thought. Tonight I simply visited a members site that I haven't heard from in a while. I was instantly hit with at least 30 viruses, through firefox, with avast running. It literally scrapped my computer. The account had not reported any problems but later checking it was our old friend who constantly was morphing to avoid detection and they have done well. SO if you don't hear from me for a while, I'm going through EVERY FOLDER on all the servers until I'm sure this thing is gone. HOWEVER I feel sorry for other people who from internet searches I see are increasing daily who have been hit by similar things. There is no threat to your sites, this one doesn't jump across folders it simply works hard on what it was allowed to through stolen passwords. We are not safe. It isn't only with us it is with many others. Avast is not a solution any more evidently, it will not stop it on the way in. I don't have any advice. This one was released 2 days ago and I'm not sure if any other virus protection can stop it either. Avast did start going off like a 4th of july fireworks display but only after the worm started working internally. I have all the windows fixes installed, all adobe patches, all of anything I could and it still got in. It was so bad I had to pull the plug after the screen was half full of avast warnings. I have never seen so many infections on one computer in my life. So If I seem a little distant, don't be offended because I have to take care of what I have to take care of.
|
|||||||||||||
| ||||||||||||||
| Posted: Sat Jan 23rd, 2010 11:29 pm |
|
3rd Post |
|
TVDinner Go UCONN! 
|
Trojan Remover 6.8.1 - download evaluation version at http://www.simplysup.com/tremover/download.html Prevx - free version - http://www.prevx.com/
|
||||||||||||||
| |||||||||||||||
| Posted: Sun Jan 24th, 2010 01:27 am |
|
4th Post |
|
Jim I work here
|
I can't take a chance putting it back online for 10 seconds, too many people rely on me and my computer knows too much. It is rootkit to the bone.... several of them along with vundo (at least 2 strains I counted) and a few fake protection scan routines. I had some fun with it after yanking it from the network, these guys are amazingly talented and if they would concentrate their efforts on something short of evil the world would instantly become a better place to live.
|
|||||||||||||
| ||||||||||||||
| Posted: Sun Jan 24th, 2010 02:27 am |
|
5th Post |
|
TVDinner Go UCONN!
|
just download those programs elsewhere and put on thumb drive and then clean. will that work?
|
||||||||||||||
| |||||||||||||||
| Posted: Sun Jan 24th, 2010 04:01 am |
|
6th Post |
|
Jim I work here
|
I had an extra 250G HD so I just formatted that and loaded XP pro. I'll probably go back and try to fix it when I have more time, but I have a server build (#8), a new computer build, a laptop repair, a court case a half a day away in Michigan, along with everyday life. OH and impending major changes in the software, and a restructuring of the hosting company because it is doing well. As of this moment there is no illness or sickness to deal with thank God but there is an hour left in today and things can change.
|
|||||||||||||
| ||||||||||||||
| Posted: Sun Jan 24th, 2010 08:07 am |
|
7th Post |
|
snooze License Holder
|
Odd. As you know, Jim, the server shut me out yesterday because of a perceived attack that we concluded was from attempting to access my CPanel too many times in too short of a time frame. You had changed my password and then I changed it again. When I went to access the CPanel, the new password didn't work, but the old one did. As both my roommate and I were trying to access the site, and I have another forum which apparently is part of the same CPanel (?), I think that the 20 attempts in five minutes scenario was possible. However, right after I regained access (24 hours later  ), I got some email bounces from emails I never sent, so obviously somebody was using my address -- the second time for that this month. I was also flooded with viruses from visiting a website Nov. 25. Like Jim, I'm ridiculously careful, but I either just visited a safe site, was redirected to a not-so-safe site, or I hit the 'x' in a pop-up. (A friend later got the same thing visiting a GOVERNMENT site). I had a paid-for McAfee Plus subscription, although I had been clicking on 'update later' a lot that week. I think initially I was using Chrome and got a weird "IE5" error but it didn't affect Chrome and didn't think anything of it. And I don't recall if I actually switched to IE. But all hell broke loose. Windows kept telling me I was being hit with one virus after another -- dozens and dozens of MS warnings and supposed 'virus' windows opening up on my desktop before I went for the 'off switch' for a breather. It was the old phony software scam, the pop-up window telling you were infected (aside from the Windows program warnings), supposedly running a 'scan' and reiterating that you were infected and telling you to pay to have their software get rid of it. I knew right off the bat it was a scam, but I didn't realize the sucker was so smart. The first thing I did was to start a McAfee scan and the first thing it did was to infect and disable it. Then Task Manager. Same thing, it infected it.  Whatever I opened, it disabled. I finally figured out that I could cnt-alt-del to Task Manager just before the system was loaded and got the offending file deleted, which gave me enough of a breather to run malwarebytes and superantispyware combo -- which btw the virus also infected as soon as it was opened, I had to mess with running it from another computer and renaming it. I since switched to Avast with the idea that if paying big bucks didn't protect me (McAfee wanted an additional $80 to even talk to me about the infection), might as well pay nothing and take my chances. My computer was deemed 'clean' by Avast and the above mentioned anti-mal/spyware programs. Somewhere around Dec. 21, my Data 1-hosted forum was hit with a virus. On Chrome, I barely noticed, but two or three of my members still blame my forum for totally destroying their computers. The initial virus warning I think was Trojan.JS.agent.axl (don't recall if that one was via my own computer or the forum or both), and I had been working on a project involving the word 'axl', so I thought it was specifically targeted. But I was later told no. (Still think that was odd, though). When the perceived 'attack' happened yesterday (or so), I briefly accessed Explorer to see if it made a different (it didn't) and I went back to Chrome. So I'm not sure if either or both had anything to do with the emails sent from my account, but I thought I'd pass on this info. I'm really surprised there's been so little coverage about these safe-site and other mega-attacks. Oh, and I will add that with all the talk about the Data1 problem originating with Flashchat, there is very little talk about it on the Flashchat forum. snz  Last edited on Sun Jan 24th, 2010 08:28 am by snooze |
||||||||||||||
| |||||||||||||||
| Current time is 07:57 pm | |
| UltraBB Forums > Data 1 Systems Hosting > Hosting with Data 1 Systems > Recent Virus Attack | Top |
 |
