threat detected, black hole exploit.


Tonysmallz

Recommended Posts

[ATTACH=CONFIG]6405[/ATTACH]says its coming from forum runner.

Interesting as all day yesterday I kept getting popups on our Forum that said this:
Windows Internet ExplorerAre you sure you want to leave this page?Message from webpage: Are you Shure (misspelled btw) ?>  Leave this Page> Stay on this Page

If I clicked on either selection I would be redirected to an advertising webpage. If I did nothing I would also get automatically redirected away from the Forum to another advertising webpage. This was going on all day and night last night.FYI, I'm running 64 Bit Windows 7 operating system, and I have very strong Malware and Antivirus programs running (Active- Norton Security Suite) and passive, (i.e., on -demand), where I'm running SuperAntispyware, Malwarebytes, and I use Ace Utilities for cleanup regularly. I tried cleaning with all these and nothing was found, leading me to believe that there was an infection or security breach on our Forum.Mods?

Link to comment
Share on other sites

fyi I was getting the same message today and yesterday clicking on the glossary sent me to an image site yesterday when I clicked on the glossary page for S1, stopped it in time, and just now that message about such and so threat was poping up just now when running with javascript on when posting on the daytona thread and I have AVG and it was saying exactly the same thing as it did there on the first screen shot, think I may take a break for a couple of days till this is sorted out.

Link to comment
Share on other sites

  • Administrators

I got the same error message yesterday. Don't know why this happens. I'm going to update our forum software to the latest version this evening and will do some research about this.BTW: I deleted all the other posts in this thread.

Link to comment
Share on other sites

I got the same error message yesterday. Don't know why this happens. I'm going to update our forum software to the latest version this evening and will do some research about this.BTW: I deleted all the other posts in this thread.

Thanks for deleting the other posts. After getting redirected to advertising sites the other day, Norton Security Suite now blocks and notifies me of an attempted attack by Blackhole Toolkit Website 27, an apparent RU botnet, each time the page refreshes. Here's what Norton says:Attacker URL: npxsiiwpxqqihmo.ru/runforestrun?sid=botnetAttacking computer: 94.100.27.16, 80Traffic Description: TCP, www-http
Link to comment
Share on other sites

I was never redirected to other sites. My ESET NOD32 Antivirus notifiesThreat: JS/Kryptik.QK trojanInformation: connection terminated - quarantinedI have a total of 62 blocked attacks, the cleanup has just finished and it seems that these attacks have not been found in my computer.

Link to comment
Share on other sites

  • Administrators

I updated our forum software and all our plug-ins to the latest versions.Are there still problems with malware and virus warnings???

Link to comment
Share on other sites

I updated our forum software and all our plug-ins to the latest versions.Are there still problems with malware and virus warnings???

Thank you! I had problems too, but now they're gone, forum is working OK :thumbsup:
Link to comment
Share on other sites

I updated our forum software and all our plug-ins to the latest versions.Are there still problems with malware and virus warnings???

The only "problem" I experienced was not being able to get this site at all last night (it was offline for a while). I tried to get on here, and the site couldn't be found before I went to bed last night, other than that, all is well! :thumbsup:
Link to comment
Share on other sites

  • Administrators
The only "problem" I experienced was not being able to get this site at all last night (it was offline for a while). I tried to get on here' date=' and the site couldn't be found before I went to bed last night, other than that, all is well! :thumbsup:[/quote']Yes, that's right. I had to restart our server this morning (european time).
Link to comment
Share on other sites

  • Administrators

I checked our server and our domain with several tools and anti-malware sites. Everything seems to be ok there are no malware or viruses found. Let's hope everything's all right now.If you notice anything strange or if you get a virus/malware warning, please let me know.

Link to comment
Share on other sites

I got the same error message yesterday. Don't know why this happens. I'm going to update our forum software to the latest version this evening and will do some research about this.BTW: I deleted all the other posts in this thread.
I updated our forum software and all our plug-ins to the latest versions.Are there still problems with malware and virus warnings???
Yes' date=' that's right. I had to restart our server this morning (european time).[/quote']
I checked our server and our domain with several tools and anti-malware sites. Everything seems to be ok there are no malware or viruses found. Let's hope everything's all right now.If you notice anything strange or if you get a virus/malware warning' date=' please let me know.[/quote']Thanks for the updates, Caipi. :thumbsup:I wasn't game enough to venture back in, :eek: until I heard more updates! No problems at my end, either.
Link to comment
Share on other sites

I checked our server and our domain with several tools and anti-malware sites. Everything seems to be ok there are no malware or viruses found. Let's hope everything's all right now.If you notice anything strange or if you get a virus/malware warning' date=' please let me know.[/quote']From the Norton warning I think it was a malicious Botnet that caused the problems. So far now everything is fine here. Thanks, Caipi! :clap:
Link to comment
Share on other sites

Caipi, I'm just now seeing the return of the Norton warning: Web Attack: Blackhole Toolkit Website 27 (RU botnet). :evil:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.