More viruses

Forum: Covers Help Page 3 of 3  1 2 3  
Author: [Covers Help] Topic: More viruses
aggieaccountant PM aggieaccountant
Joined: Sep 2009
Posts: 3488
 
aggieaccountant
Participation Meter
Veteran
Posted: 12/26/2011 12:07:45 AM
Not sure if this helps, but I just got the Win 7 Home Security 2012 virus for the second time while on this site.  I don't recall what I was doing the first time, but this time I was on Shark_Areza's (or something like that) bowl thread. 
Mr.Win PM Mr.Win
Joined: Jan 2004
Posts: 4116
 
Mr.Win
Participation Meter
Banned
Posted: 12/26/2011 2:08:34 AM
QUOTE Originally Posted by philo99:

My brother said to stop using IE, so I am using chrome now.  what a differance.  Much faster and so far no attacks on here. are you using chrome or firefox?  maybe that is why nothing set off your norton.

 


I've used Chrome since it came out...excellent browser. I used FF before that....never used IE...that stuff is just horrible.
Mr.Win PM Mr.Win
Joined: Jan 2004
Posts: 4116
 
Mr.Win
Participation Meter
Banned
Posted: 12/26/2011 2:10:00 AM
Chrome has an excellent ad blocker as well..I never see an ad.

Europa PM Europa
Joined: Dec 2003
Posts: 35449
 
Europa
Participation Meter
Legend
Posted: 12/26/2011 2:18:14 AM

Exploit:Java/CVE-2011-3544.E was detected by MME and successfully deleted last night. My computer only browsed few web sites, CBS Sportline, Yahoo news, Covers.com and my local book. One way to find it out is, i will NOT go to Covers.com for a couple of days and have Microsoft Security Essentials (MME) scanning everday when my PC is off from Covers.com, and see MME still pick ups viruses in the days without browsing Covers.com.

Thanks for your attention, Lou!

Ok, after i have stopped browsing Covers.com since 12-22-11, my computer picked up NO virus by scanning Microsoft Security Essentials everyday. i suspect that Covers' ads have carried or inbedded with malwares.

Lou PM Lou
Joined: May 2001
Posts: 4487
 
Lou
Participation Meter
Covers Referee
Posted: 12/26/2011 9:53:40 AM
Europa,

That's the closest thing to a possibility we can find, but unless we are watching every single ad there's not way to be certain.

We are generally working with high-end networks, and when these reports start we throttle it down to just Google AdSense, which is obviously clean.

While we did suspect one of the networks back in early November, we haven't had it on the site since.

This is why it's important for us to know what ads are showing when people get a report... that way we can know which network might be showing a bad ad. Also, quite often the ads being shown are not even ours, which means the PC has already been hijacked.

The only way to know is to know which ads are causing the problem, if any.


pa_picks - I'm not sure from your posts whether or not you have figured out how wrong you were about the situation, so I won't comment.

tinfoils PM tinfoils
Joined: Jun 2002
Posts: 51108
 
tinfoils
Participation Meter
Legend
Posted: 12/28/2011 3:17:18 PM

Just had an attack. Did not cilck on an ad just a college football thread.

Gorrasco.com/LMASTAN/763956043

212.95.55.198

Don't know if this helps.

Lou PM Lou
Joined: May 2001
Posts: 4487
 
Lou
Participation Meter
Covers Referee
Posted: 12/29/2011 8:22:07 AM
tinfoils,

Everything helps, but if you could let us know at least which anti-virus software you are using, it would be great too.

aggieaccountant PM aggieaccountant
Joined: Sep 2009
Posts: 3488
 
aggieaccountant
Participation Meter
Veteran
Posted: 12/29/2011 11:30:09 AM
Lou, the virus I got (which is mentioned on page 2), was one I got with malware bytes and spy bot.
Posted using a mobile device.
Europa PM Europa
Joined: Dec 2003
Posts: 35449
 
Europa
Participation Meter
Legend
Posted: 12/29/2011 7:23:59 PM

Microsoft Security Essentials just detected Exploit:Java/CVE-2011-3544.E and successfully removed it from my computer three minutes ago.

My computer only browsed, CBS Sportsline and Covers three minutes ago!!

tinfoils PM tinfoils
Joined: Jun 2002
Posts: 51108
 
tinfoils
Participation Meter
Legend
Posted: 12/30/2011 12:51:02 PM
QUOTE Originally Posted by Lou:

tinfoils,

Everything helps, but if you could let us know at least which anti-virus software you are using, it would be great too.

Norton. If this helps, there are at least two more that always seems to pop up regularly. I'll note them down next time.

kaponofor3 PM kaponofor3
Joined: Nov 2007
Posts: 35340
 
kaponofor3
Participation Meter
Legend
Posted: 12/30/2011 1:16:18 PM
QUOTE Originally Posted by Lou:



We are generally working with high-end networks, and when these reports start we throttle it down to just Google AdSense, which is obviously clean.

While we did suspect one of the networks back in early November, we haven't had it on the site since.



Hey Lou, I just saw this and I'm a little confused... I thought that you guys checked out all of the ad networks after the original complaints in early November and found that they were all clean? Did your guys' investigation reveal that one of the ad networks did contain some malicious code?
tinfoils PM tinfoils
Joined: Jun 2002
Posts: 51108
 
tinfoils
Participation Meter
Legend
Posted: 12/30/2011 7:10:09 PM
No ad clicked on. Only Covers open.
 
Malicious java download
 
Nomdeze.com/domexplorer/7636956043
 
188.72.198.37
Lou PM Lou
Joined: May 2001
Posts: 4487
 
Lou
Participation Meter
Covers Referee
Posted: 1/3/2012 8:58:30 AM
kapono/tinfoils,

Here is the latest theory from the techies...

As usual, the virus is already present on the users' computers. We know it's not on our servers as a drive-by virus - if it was coming from us, we would have infected hundreds of thousands of people by now, not just a few dozen. And - yes, of course - we have scanned and analyzed all code and servers.

Also, since 99% of infections come from people installing infected software themselves - and we don't offer downloads - is another reason why we are absolutely certain it is not coming from us.

However... one question we have is "Why do some people only claim to receive these warnings when they are on our site?"

We have a theory about that...

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.

Yes, I will repeat this for clarification... if you are getting these warnings, then you probably already have a virus. You are not getting protected, you are getting tricked.

Note that this is not the fault of the ad networks either. If anything, it's a sign of success that these viruses are targeting those networks.

So our only option to help people in this case would be to completely remove all ad networks from our site - effectively cutting off one of our major sources of revenue, while punishing innocent ad networks - because some of our users got infected by a virus somewhere else.

That doesn't seem fair to me.

Now, some of you are going to complain that you have a completely clean computer that was wiped two weeks ago by a technician.

Fine.

Did you install all the necessary Windows updates and have a half-decent firewall? Without these, you can get infected simply by leaving your computer on overnight.

Do you have a real anti-virus program? If you ever downloaded one of those AV programs that have ads promoting "your computer might be infected, scan it now"... those are NOT bonafide AV programs. In fact, they are probably causing the problem.

Did you install ANY third-party software? Because the cleanest computer gets immediately re-infected once you re-install that infected program you downloaded somewhere.



BTW tinfoils, see above regarding Europa's problems... we don't have any java on our site. What this means is that you probably have a virus, ad it's throwing out fake warnings, which is a common symptom.
pa_picks PM pa_picks
Joined: Aug 2003
Posts: 1263
 
pa_picks
Participation Meter
Veteran
Posted: 1/4/2012 3:44:47 PM
QUOTE Originally Posted by Lou:

kapono/tinfoils,

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.




It would seem then that we have a very simple way of testing that theory.  Just direct the users who are getting the virus hits to any other website that uses the same ad network(s) you are referring to and see if the same thing happens.  
borgata13 PM borgata13
Joined: Dec 2011
Posts: 44
 
borgata13
Participation Meter
Banned
Posted: 1/4/2012 5:59:49 PM

Try using Microsoft security essentials

Free and the best

tinfoils PM tinfoils
Joined: Jun 2002
Posts: 51108
 
tinfoils
Participation Meter
Legend
Posted: 1/5/2012 7:27:08 PM
QUOTE Originally Posted by Lou:

kapono/tinfoils,

Here is the latest theory from the techies...

As usual, the virus is already present on the users' computers. We know it's not on our servers as a drive-by virus - if it was coming from us, we would have infected hundreds of thousands of people by now, not just a few dozen. And - yes, of course - we have scanned and analyzed all code and servers.

Also, since 99% of infections come from people installing infected software themselves - and we don't offer downloads - is another reason why we are absolutely certain it is not coming from us.

However... one question we have is "Why do some people only claim to receive these warnings when they are on our site?"

We have a theory about that...

One of the main symptoms of this virus is that it often shows it's own ads while on websites. And from some of the reports, it seems to do that for some users when they are on Covers.

What we believe is happening is that the already-present virus sniffs the ad-serving domains coming from certain ad networks (these are not hard to figure out), and replaces those ads with it's own ads.

In other words, the virus is already present on the computer, but it only becomes "active" when it senses certain ad-serving domains - at least one of which we use. This activity triggers your AV/malware software to toss up a warning.

Yes, I will repeat this for clarification... if you are getting these warnings, then you probably already have a virus. You are not getting protected, you are getting tricked.

Note that this is not the fault of the ad networks either. If anything, it's a sign of success that these viruses are targeting those networks.

So our only option to help people in this case would be to completely remove all ad networks from our site - effectively cutting off one of our major sources of revenue, while punishing innocent ad networks - because some of our users got infected by a virus somewhere else.

That doesn't seem fair to me.

Now, some of you are going to complain that you have a completely clean computer that was wiped two weeks ago by a technician.

Fine.

Did you install all the necessary Windows updates and have a half-decent firewall? Without these, you can get infected simply by leaving your computer on overnight.

Do you have a real anti-virus program? If you ever downloaded one of those AV programs that have ads promoting "your computer might be infected, scan it now"... those are NOT bonafide AV programs. In fact, they are probably causing the problem.

Did you install ANY third-party software? Because the cleanest computer gets immediately re-infected once you re-install that infected program you downloaded somewhere.



BTW tinfoils, see above regarding Europa's problems... we don't have any java on our site. What this means is that you probably have a virus, ad it's throwing out fake warnings, which is a common symptom.

 

By reading the first line of your post, it is only a theory. Not trying to start anything but I'm interpreting this as you wrote it.

I've been on your site  before you guys became Covers.com by acquiring wagerline and never had any problem until approximately two months ago. The date joined says 2002 but I did not immediately reregister after you became Covers as we know it today 

Regarding the second posting of a virus, that Java download is the title of the virus (?) that was detected. If you look at my post  #54, I did not put in the title because it was exactly the same as Garrasco.com. I also neglected to put in the #13 in my second virus post so it should have read java download #13.If someone was to "plant" a virus on your site, they should just title it "java download" because you will say it's not from Covers and pass it off as nothing to worry about.  I'm just pointing out that the title could be just that, a title. There was a third virus that was titled Website toolkit #9 (sorry I have not seen it since I started posting the first two Viruses). So I  do not  believe it's the same as Europa's problem. I may be wrong, I don't know. 

Yes, I did have the new computer cleaned two weeks ago. No, I have not used an AV downloaded from a website other than Norton. Unless you're telling me Norton's product and website are no good, then I don't know where the virus on my computer came from.  I shut down my computer 2-5 times a day and all Microsoft updates are automatically updated before the computer shuts off. I don't leave my computer on 24/7, ever. I'm not looking for compensation either as alluded to by  Mr. Win.

Here's an update as of today, I have not seen any of the three aforementioned warnings since posting the first two here. In fact, I've not seen the first virus since it was posted. Neither have I seen the second virus since it was posted. If your techies did something, a great big THANK YOU from me is in order. If they did'nt do anything, then I can't figure out why I have not seen any of those warnings.

Europa PM Europa
Joined: Dec 2003
Posts: 35449
 
Europa
Participation Meter
Legend
Posted: 1/5/2012 7:34:04 PM
QUOTE Originally Posted by borgata13:

Try using Microsoft security essentials

Free and the best

My Microsoft Security Essentials detected four Exploit:Java/CVE-2011-3544 virues last night and able to remove again. My computer was only browsing CBS Sports line and Covers.com last night.  

dbuc1 PM dbuc1
Joined: Dec 2011
Posts: 173
 
dbuc1
Participation Meter
Prospect
Posted: 1/6/2012 3:07:18 AM
This virus also destroyed my computer "windows 7 security 2012" The guy at the computer store said that my hard drive was ruined. I've never heard of a virus being able to destroy a hard drive but this one it did. Computer was only one year old and I know that it came from this site.
Forum: Covers Help Page 3 of 3  1 2 3  
You have entered the forum as a GUEST. 
You must login/register to post or reply.