Everytime I open this site, I get attacked with Trojan.   

Here you post everything that is not related to other forum areas.
stuff like how you like this forum for example ;)

Everytime I open this site, I get attacked with Trojan.

Postby naviboy » Sat Apr 02, 2011 4:29 pm

Every time I open this site I get attacked with a trojan "Exploit.JS.Pdfka.dhu " or similar and pop-ups with a windows format asking if I want to download a program from various people for this website.

Sometimes it tells me my system is infected and a harddrive failure etc.

But my antivirus/firewall picks them up and placed in quarantined.

Is this a major problem or just a passing cyber attack. ??????
TomTom One XL - 5.5128 BL - 9.541 SE NC - UK + ROI 1105_11755 & Canada-Alaska_1130_12304 4GB SD Card
naviboy offline


Member



 
Joined: Wed Jun 16, 2010 5:57 pm
Posts: 235
Location: UK
Has thanked: 25 times
Been thanked: 2 times

Postby nabi » Sat Apr 02, 2011 5:04 pm

You posted before in an other thread about malware. Why open a new thread?

As you know we had some complaints about malware and about advertising popping up. All was linked to our advertising partner - the way we pay for our server. But trojans?
Navitotal does exist for longer than one year now and frankly, you are the only one who links trojans to our website lately.

Are you sure your browser has only one tabpage open and you are only visiting one URL - navitotal?
Are you sure your PC is not infected before? Because this is not the first time you - And only you! - are telling us this.
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Postby yahooeu » Sat Apr 02, 2011 6:12 pm

Use Firefox +
yahooeu offline


User avatar Junior Member



 
Joined: Sun Mar 27, 2011 9:04 pm
Posts: 1
Has thanked: 0 time
Been thanked: 0 time

Postby naviboy » Sat Apr 02, 2011 7:49 pm

Yes, I opened a thread previously, no answer.

No, i don't get this problem with any other site.

No, infections are found by the leading searchers Trend, Kaspersky, Combofix etc.

And yes, this is the only page opened and all pop ups are blocked.

Sorry but it is the only site I have trouble with, maybe others don't have their security set as high as I do.

Although I very much appreciate all the help given over the years, but a pain when these things come up.

thanks
TomTom One XL - 5.5128 BL - 9.541 SE NC - UK + ROI 1105_11755 & Canada-Alaska_1130_12304 4GB SD Card
naviboy offline


Member



 
Joined: Wed Jun 16, 2010 5:57 pm
Posts: 235
Location: UK
Has thanked: 25 times
Been thanked: 2 times

Postby nabi » Sat Apr 02, 2011 9:15 pm

Well, I wonder 75000 registered members, 15000 visitors a day, and only one with security set high? :confused:
Scroll down to the very bottom of this webpage or any other on this forum, what do you see?
We are doing everything for this forum being safe for everyone visiting, do you really think we risk our reputation? Which is very good, by the way.


You say all pop ups are blocked? Yet the only problems with malware was every time connected either to the ads provider or to the relink site, again by the ads there. So I repeat the answer you was given before - yes, you were given an answer ! - :
to confirm malware and locate the offending ads we need:
- IP address of the user
- Date/time/zone of the viewing (you local date, time and timezone at the time you got an offending ad)
- Ad URL of the problematic ad (the url that came up with the ad)
- Refer URL of the page that the ad was viewed on.

There is NO malware on this site !
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Postby chas521 » Sat Apr 02, 2011 9:30 pm

FWIW, I completely agree with Nabi!
If it ain't broke don't fix it!
ALWAYS BACK-UP YOUR FILES/FOLDERS BEFORE MAKING EDITING CHANGES!

Please do NOT post any thanks. Simply press the hand icon with the "thumb up" which is the thank you button.
chas521 offline


User avatar Ex Moderator



 
Joined: Sat May 15, 2010 8:50 pm
Posts: 4549
Location: Long Island, NY
Has thanked: 64 times
Been thanked: 1380 times

Postby core_imact » Sun Apr 03, 2011 4:11 pm

Well, you can argue all what you want whose responsibility it is. I dont even want to go there. Let me just shed some lights on what needs to be done, if you have been infected with malware (which seem to be a frequent occurance after I visit this site, just too frequent to be a concidence).

Ok first things first. Almost all the malware installed THROUGH this site seem to be fake Antivirus products that seisez control of your computer and try to extort money. This is what you need to do to get rid of them.

1. Reboot the computer and when its restarting press F8 and select "Safe Mode with Networking".

2. Start Internet Explorer (Yes you can run this in safe mode), Goto Tools>Internet Options>Connections>Lan Settings. Check if a proxy server is enabled. If a proxy server is enabled, uncheck the box, Apply and say OK.

3. Goto Malware bytes Antimalware website, download and install free version.

[Please Register or Login to download file]

4. Update the scanner and run a complete scan. Might take about 40mins to 2 hours to complete the scan depending the configuration of your machine. But do not, I repeat Do not cancel the scan before it runs to its completion.

5. Once it identifies all the malware installed, select remove malware option to clean the infection.

6. Reboot your machine once again, just let it boot into normal mode this time.


This site is far too great to stay away from even it has few issues :). Even if it means I have to clean the menacing Malware every time after I visit this site :)
core_imact offline


Junior Member



 
Joined: Fri Dec 10, 2010 4:28 pm
Posts: 4
Has thanked: 0 time
Been thanked: 0 time

Postby murty » Sun Apr 03, 2011 4:45 pm

I own a full licensed copy of Malwarebytes and i have all the shields on and website blocking and i never have any issues with this site, i also use Webroot Antivirus + spy sweeper and if there was an issue with this site it would pop up and tell me what what the problem was what the virus/worm/male-ware was, i'm sure its just you with the issue mate....
murty offline


Junior Member



 
Joined: Sat Mar 12, 2011 12:58 am
Posts: 41
Location: United Kingdom
Has thanked: 0 time
Been thanked: 0 time

Postby nabi » Sun Apr 03, 2011 4:58 pm

We are doing all we can to keep this forum malware free and every complaint is taken serious!
No malware has been found in our forum database.
Any malware found must therefor be linked to a 3rd party, either ads or relinks. Or to other websites visited simultaneously or previously (thus the computer was infected before visiting NT).
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Postby justlearning22 » Sun Apr 03, 2011 8:00 pm

im getting them aswell eset nod 32 is picking them up.it was when i clicked on new posts they appeared
justlearning22 offline


Junior Member



 
Joined: Mon Mar 28, 2011 8:18 pm
Posts: 9
Has thanked: 0 time
Been thanked: 0 time

Postby nabi » Sun Apr 03, 2011 8:09 pm

justlearning22 wrote:im getting them aswell eset nod 32 is picking them up.it was when i clicked on new posts they appeared



And what is them?
Did you read post#5 where it says what information you should give? We are not clairvoyant.
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Postby core_imact » Sun Apr 03, 2011 8:15 pm

I'm using Nod32 as well. It picks up some .pdf and js exploits. But some managed to still come through despite nod32. A little warning to AVG useres. AVG doesnt catch this at all. I still cant see the point why AV products dont wanna keep spyware seperate from viruses. Seriously AV product should be able to catch virus/spyware/malware whatever you wanna call it. Mind you by having AV products, Antispyware products all what you can do is to minimize the risk. You cannot 100% be sure that you will not get infected.
core_imact offline


Junior Member



 
Joined: Fri Dec 10, 2010 4:28 pm
Posts: 4
Has thanked: 0 time
Been thanked: 0 time

Postby nabi » Sun Apr 03, 2011 8:20 pm

Thanks. We are taking this very seriously.
Can you be more specific on what page you pick up that malware? How, by clicking a link? Just visiting the page? ...
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Postby core_imact » Sun Apr 03, 2011 8:41 pm

Hi Nabi, Seems you are really concerned in steering in the right direction which I really appreciate. Ill try to give some additional information that might be helpful in tackling this issue. I get viruses/exploits etc. mainly from the main page. Type http://www.navitotal.com, choose UK site when as you log in you are bombarded with multiple threats. They are definitely coming from ads. And answering your question, No you do not need to clink any link. You get them just by visiting. They are malware written to exploit a vulnerabilities in acrobad plugin and others AND could spread without the intervention of the user (i.e. even if you dont click anything, it could still infect your computer). I use Nod32 and it seem to pickup most of the threats. As I mentioned earlier in my post most difficult to tackle is fake Antivirus products. Once they infect your computer, they give you fake warnings about your computer being infected and doesnt let you run any exe file in your computer. It's a nasty pice of work and really difficult to get rid of. They wont let you Rest In Piece, till you pay the website and pay for the fake product. I hav etried to compile few steps that could be useful to anyone that has got infected with this. And if anyone needs further assistance I'd be glad to help. Bottom line is that they come from the ads. And it seem to be little too frequent (I would say I get these 9/10 times when I log in) to think that adserver guys are unaware of this issue.
core_imact offline


Junior Member



 
Joined: Fri Dec 10, 2010 4:28 pm
Posts: 4
Has thanked: 0 time
Been thanked: 0 time

Postby nabi » Sun Apr 03, 2011 9:19 pm

Many thanks for your clarification. At least it proves my point that malware on this site is 3rd party related. There is no harmful code on the Navitotal website.

Unfortunately, ads is how the server gets paid. Know that the team don't like this malware issue either. Be assured. We work too hard in our free time and malware issues spoil our hard work.

Again, we will contact the ads provider and will post here as soon as we get a reply. Since our ad provider is in use by more forums/websites we can assume that more than us have this problem.

One remark : ads are sometimes country specific, so if you use a proxy please try one from a different country to check if you still get warnings (or attacks).

To every user who meets malware and reads this, let me repeat once more the info we need to locate the offending ads :
- be sure that ONLY NaviTotal is open in your browser when you have the malware problem!
- Your IP address: [b][Please Register or Login to download file] [/b]
- Date/time/zone of the viewing (you local date, time and timezone at the time you got an offending ad)
- URL of the problematic ad (the url that came up with the ad)
- Refer URL of the page that the ad was viewed on.

Only if we can get these infos it will be possible to check if, and where the offending ads are coming from.



Know that our server is checked several times a day and is clean!


We will do our best to loose all malware problems !
________________________________________________________________________
When I do good, no one remembers, when I do wrong, no one forgets
.
I am in a permanent state of inactivity
I won't answer to any PM, so don't send me any
nabi offline


Ex Super Mod



 
Joined: Mon Dec 28, 2009 5:22 pm
Posts: 2429
Location: somewhere unknown
Has thanked: 39 times
Been thanked: 233 times

Next

Return to Chit-Chat

 


  • Related topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: No registered users and 7 guests