 | ||||
| ||||
| | ||||
| ||||
| Welcome to the UltraBB public support forum! Did you know there is an inexpensive totally integrated gallery available for UltraBB? Read more here: Gallery Details |
| Moderated by: Fake Mod | Page: 1 2   |
|
|||||||||||||
| Tired | Rate Topic |
| Author | Post |
|---|
| Posted: Thu Dec 24th, 2009 02:43 am |
|
1st Post |
|
Jim I work here 
|
I have been going through all the servers account by account. I know a lot of you have been helpful and have been listening well. A few of you have not changed password after the warning If I find an infection on your site I will change your password without warning. It is the only way I can battle this. There are a lot of customers now. I can't remember every single ones handle here per the account name. If you all of the sudden can't get in to FTP or cpanel PM me here and I'll give you the new password. Please don't change it and log in to your FTP without making sure your computer is clean. Please.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 03:29 am |
|
2nd Post |
|
Devans License Holder 
|
I was one of the bad boys...Actually I ever caught the thread until tonight, but mine is changed now 
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 10:26 am |
|
3rd Post |
|
martin_wynne Licence Holder 
|
Jim wrote: Please don't change it and log in to your FTP without making sure your computer is clean. Please. Hi Jim, "Making sure your computer is clean" is easier said than done. My expensive ESET NOD32 anti-virus says it's clean, but of course I have no way of knowing if it is checking for the right virus signature. Installing multiple AV products at the same time is a sure recipe for grief as each is likely to detect the other as a virus -- so no Avast for me. I would prefer to check it myself. Can you provide some details of where and how this virus hides itself and which files it modifies? I've been trying to find this information on the various online databases, but as every virus has several names and many variants, it's impossible to be sure you are referring to the right one. As I understand it, the original infection was via a flaw in Adobe Reader and infected PDF files. Adobe say they will be releasing a fix on 12th January, but in the meantime it is advisable to disable Javascript in Adobe Reader -- how to do that and more details at: http://www.adobe.com/support/security/advisories/apsa09-07.html regards, Martin. Last edited on Thu Dec 24th, 2009 10:28 am by martin_wynne |
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 11:25 am |
|
4th Post |
|
Di Administrator 
|
Thanks for that bit of information, Martin
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 11:40 am |
|
5th Post |
|
Jim I work here
|
Thanks for the tip Martin, I have disabled javascript in mine now. Funny the date on that article corresponds within 3 days of our outbreak. How were we to know? As for the exact affected files on the computer.... I couldn't tell you and be correct. Everything I read seem to point in different directions. I know specifically where it puts the code on the web files it alters and that is different from exactly what the internet says, making me guess this is a variant or mutation and not the original gumblar. The file names it affects are an identical list though. If you need to know the exact location on the web files I can do that via screenshot, since attaching a sample of the code makes a topic unreadable if you have avast. The code changes too, the base 64 encoded URL's are different per infected site but have been the same per particular site.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 01:51 pm |
|
6th Post |
|
martin_wynne Licence Holder
|
Jim wrote: Thanks for the tip Martin, I have disabled javascript in mine now. You're welcome. If you haven't tried it, an excellent alternative to Adobe Reader is the Foxit PDF Reader, free from: http://www.foxitsoftware.com/pdf/reader/ although for all we know that has its own flaws, of course. regards, Martin.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 02:32 pm |
|
7th Post |
|
Mag License Holder
|
Thanks Martin I have disabled javascript in that as well.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 03:01 pm |
|
8th Post |
|
TVDinner Go UCONN! 
|
Jim - can you please check my site that is hosted by you again. I know you said it was clean when you looked the other day, but I am running Mawaregytes today and it is finding some stuff (and removing it). But I wanted to make sure the forum files were ok. Thank you sir.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 03:10 pm |
|
9th Post |
|
Jim I work here
|
Good to go James, no trace.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 03:21 pm |
|
10th Post |
|
TVDinner Go UCONN!
|
thanks - weird. i wonder what Mawarebytes is finding because they have been finding some stuff. I also just turned off the java in adobe as recommended (thanks for that)
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 03:35 pm |
|
11th Post |
|
TVDinner Go UCONN!
|
Jim - just sent you a PM - believe my other site TBB is infected. I PM's you what I did so far. thanks!
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 04:45 pm |
|
12th Post |
|
Jim I work here
|
James, ***poke poke*** If those sites were hosted with me I would have cleaned them already Hope we can get it worked out.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 08:38 pm |
|
13th Post |
|
§issie License Holder /Paul's blonde 
|
Jim i know y'all have been so busy.. BUT ...Can i just say ' Thank You ' for all you and Di do for ALL of us Try and relax over Christmas and New Years.. You and Di deserve it... Hug and kiss your boys and enjoy them 
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 10:15 pm |
|
14th Post |
|
bhyder License holder 
|
§issie wrote:Jim i know y'all have been so busy.. yes i agree 100% family 1st. life is short and kids grow up so fast, enjoy them while ya can. i wanted to add thanks for the tip MARTIN i did as suggested and disabled javascript ran avast and found 5 infected files. question why would avast not find the infected files until javascript was disabled ? thanks again to everyone for all ur help the last few days well over the last soon to be year with ultrabb, id been lost without you guys leading the way for me. i owe you all so much, if in anyway i can ever help anyone just holler at me. johnny/jj
|
|||||||||||||
| ||||||||||||||
| Posted: Fri Dec 25th, 2009 09:56 pm |
|
15th Post |
|
wingnutter Forever Learning 
|
Can you check mine as well Jim please, as I just don't know what I am looking for there. My PC is showing no infections with Avast but I'd like to be sure about the site before I change password again. I already change it about once a month and don't save it in the FTP program.
|
||||||||||||||
| |||||||||||||||
| Posted: Sat Dec 26th, 2009 02:00 am |
|
16th Post |
|
Jim I work here
|
I had already checked yours Steve, there are no signs of infection at all. Yes I just re checked
|
|||||||||||||
| ||||||||||||||
| Posted: Sat Dec 26th, 2009 11:00 am |
|
17th Post |
|
wingnutter Forever Learning
|
Thanks very much Jim.
|
||||||||||||||
| |||||||||||||||
| Posted: Sat Dec 26th, 2009 02:01 pm |
|
18th Post |
|
TVDinner Go UCONN!
|
Thank you again Jim
|
|||||||||||||
| ||||||||||||||
| Posted: Sat Dec 26th, 2009 04:10 pm |
|
19th Post |
|
Robert Member 
|
What can I say. My forum is trouble free for all members and it's all thanks to Jim's tireless efforts.
|
||||||||||||||
| |||||||||||||||
| Posted: Mon Dec 28th, 2009 01:19 am |
|
20th Post |
|
snooze License Holder
|
Well now that its the 27th, is Christmas over?  People have been complaining about virus activity on my site again. The Chatbox people are saying it ain't them, which makes sense to me because the viruses I've been seeing elsewhere just seem to attach themselves to any active program, script or whatever, it's not like the application comes with a virus. But I really don't know tech stuff like this. <sigh> There is java code on my Recent Posts side menu, but that's all I'm seeing.
|
|||||||||||||
| ||||||||||||||
| Current time is 08:43 pm | Page: 1 2 |
| UltraBB Forums > UltraBB > Troubleshooting > Tired | Top |
 |
