Discussion Topic |
|
This thread has been locked |
Dr.Sprock
Boulder climber
I'm James Brown, Bi-atch!
|
|
could be that somebody has a pic in their avatar that is being hosted by a site that triggers the warning, probably LEB
|
|
kunlun_shan
Mountain climber
SF, CA
|
|
Fritz, here's a lookup of the IP address shown in your 2nd Norton info post. Does not look good, that this is coming from Russia. As mentioned upthread, the attack is probably coming from a compromised ad.
You could also check the location of msn.exe and try determine if the file is legitimate, or if its a trojan, etc. (http://www.file.net/process/msn.exe.html);
inetnum: 5.199.175.160 - 5.199.175.183
netname: LoyaltyServers-net
descr: VPS’s
country: RU
admin-c: AG-RU
tech-c: AG-RU
status: ASSIGNED PA
mnt-by: DUOMENUCENTRAS-MNT
source: RIPE # Filtered
person: Alexey Govoruhin
address: Russian Federation, Tula, New str., 74, 456321
phone: +79226542278
abuse-mailbox: loyaltyservers@gmail.com
nic-hdl: AG-RU
mnt-by: DUOMENUCENTRAS-MNT
source: RIPE # Filtered
|
|
Fritz
Trad climber
Choss Creek, ID
|
|
kunlun! Thanks for the legwork.
MSN.EXE is legit on my computers. I did put an email into ChrisMac to alert him to this thread.
|
|
Fritz
Trad climber
Choss Creek, ID
|
|
I did another ST login-----and kick-off this afternoon, from my anti-internet evil program.
Per previous posts: Those logging into the ST forum, without anti-virus software, may be downloading internet evil.
This warning only happened twice today, out of multiple ST logins, but those of you not getting this warning, or a similar one are: "whistling in the dark on ST."
Per warnings upthread.
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
I logged on from me Mum's puter and it said sumpin about a trojan. I closed the tab and tried again and got no warning. Maybe the AV figures one warning should suffice?
|
|
froodish
Social climber
Portland, Oregon
|
|
I logged on from me Mum's puter and it said sumpin about a trojan. I closed the tab and tried again and got no warning. Maybe the AV figures one warning should suffice?
More likely that the ad that triggered it (as noted above, a compromised ad seems the most likely candidate) wasn't present on the next load.
Might be useful to see a screenshot (or even better, the rendered HTML source) of the page when this gets triggered. Might be able to identify the offending ad from that.
|
|
Fritz
Trad climber
Choss Creek, ID
|
|
I have not got a warning yet today from my anti-evil program, when visiting ST, but per the screenshots I posted yesterday & what kunlun_shan found: the ULR that is on my screenshots was Malware.
Here's my last screenshot:
And here's what the Virus Total website had to say about the ULR in the screenshot.
|
|
Salamanizer
Trad climber
The land of Fruits & Nuts!
|
|
I picked up a Trojan virus and some kind of adware as soon as I clicked on the main page this morning. My Kaspersky internet security didn't alert me and I only noticed when I got a fake pop-up telling me my computer is infected and I need to click on this fake ad right away to get rid of it. Did something similar the other day but noticed it right away.
A quick scan took care of it.
If you're not having any problems, maybe you should update and run a scan just for the hell of it and see if something pops up.
|
|
survival
Big Wall climber
Terrapin Station
|
|
|
Topic Author's Reply - Jan 5, 2014 - 10:17pm PT
|
I just got another one coming to supertopo.
This is all it gives me for info, without "upgrading"
THANKS FOR THE DON'T CLICK IT WARNING!!
|
|
survival
Big Wall climber
Terrapin Station
|
|
|
Topic Author's Reply - Jan 6, 2014 - 02:32pm PT
|
Are Fritz and I the only ones that have notified CMac?
The squeaky wheel gets the grease you know!
Didn't get it this morning BTW. Maybe it's been officially dealt with?
|
|
Brandon-
climber
The Granite State.
|
|
I'd say get a Mac and your problems would disappear, but if everyone got one the d-bags would start targeting Macs and then I'd have a problem.
Good luck! :)
|
|
survival
Big Wall climber
Terrapin Station
|
|
|
Topic Author's Reply - Jan 6, 2014 - 02:55pm PT
|
Yeah, then the world would be run by McD-Mac-Exx-Wal-TargetHaliburton, is that what you want????
:0)
|
|
WhiskeyToast
Social climber
Hawaii
|
|
I got it this morning and once last week. The associated URL for the fake alert was:
webantivirussupport.pl
Vipre Internet Security didn't pick up anything. I went into Taskmanager and closed the web page. Then I ran a scan with Malewarebytes, which found nothing.
Greg
|
|
survival
Big Wall climber
Terrapin Station
|
|
|
Topic Author's Reply - Jan 10, 2014 - 01:17pm PT
|
Just got another one!!
Myself and at least one other member have brought this directly to CMac's attention.
Anybody else?
Surely we shouldn't just ignore this, even if our filters are catching it?
Cmac?
|
|
WhiskeyToast
Social climber
Hawaii
|
|
|
Jan 10, 2014 - 02:25pm PT
|
I am still getting them once a day. Just got it a few minutes ago.
|
|
SteveW
Trad climber
The state of confusion
|
|
|
Jan 10, 2014 - 04:41pm PT
|
I'm still getting the message, and in addition to it a weird spaceship
game flies across my computer, sort of superimposed over the
screen (website), shooting little thingies . . .
I know my computer is clean because I just had Avast Tech support clean
my system up. . . so there's 'something out there,' as Mulder would
say. . .
Only happens when I use Firefox, not Internet Explorer or Google Chrome.
|
|
Abend
Social climber
|
|
|
Jan 13, 2014 - 01:22pm PT
|
I got it when I opened ST today.
Requested URL:
http ://akam.iqpolo.info/g.php?
s=RIWpQb/nRKAA1KhbwADbVqudwt/zG4ssdMeNsxC4KQ==
Categorized as:
Malicious Sources/Malnets
|
|
|
SuperTopo on the Web
|
Let us know!