Jump to content
Sign in to follow this  
Ben Vincent

Web Admin - Virus

Recommended Posts

We are currently investigating this with the highest priority. We’ve completed a full anti virus scan across all web servers, and there are no infected files on the servers. Further to this, we are in the process of verifiing that all necessary security hotfixes are installed to protect against remote exploits.

These incidents seem to be localised to user’s computers, which would suggest that they have been compromised, not the webservers.
For people having virus problems, we suggest you visit http://windowsupdate.microsoft.com/ although if you are running XP + SP2 the patches should already be there.

Share this post


Link to post
Share on other sites
To the best of our ability, all webservers are 100% clear of anything nasty. Full virus scans have been run with the latest DAT files, and all current security patches are installed (and verified). As this doesn''t seem to be affecting everyone using this site, the problems are probably down to something on your computer. If one of the webservers was infected, everyone would be seeing the same alerts for the same virus.Can you please update your computer''s anti virus software to the latest definitions, and run a full scan. Also, downloading and installing Microsoft''s new anti-spyware tool would be useful to clean out anything you may have unknowingly collected while browsing the web.We take this and any possible breech of our security very seriously, and will continue investigating to try and idenfity the source of the problems.Regards

Share this post


Link to post
Share on other sites

[quote]We are currently investigating this with the highest priority. We’ve completed a full anti virus scan across all web servers, and there are no infected files on the servers. Further to this, we are in...[/quote]

Did it to me too.  It suggests to me that it''s your problem.

Sorry and all that!

Share this post


Link to post
Share on other sites

For me it happens on any URL I go to on the site. So these forums, the main www.pinkun.co.uk etc....

It seems to have stopped now anyway

If it helps - it was detected as "Exploit-MhtRedir.gen" - in the file adv173(1).htm (which I guess is a temporary file?) and in loaderadv173(1).jar

Could it be in an advert or something?

Ben

Share this post


Link to post
Share on other sites

I''m running the same version of McAfee, current DATs, latest engine etc. So far, nothing spotted. Following the initial reports I ran all the webservers through the MS checks recommended if someone reports this sort of virus on a webserver. All came up clean, and were subsequently rebooted (to flush out anything resident in memory). So all in all, the cause of these seems to be a mystery at the moment as the content and server OS''s are all clean. Will keep monitoring the situation though, so if anyone else gets the error can you please do the following1) Update your anti virus software with the latest released DAT or AV library files.2) Run a full virus scan on your computer, scanning all files.3) Go to Windows Update and install all critical fixes and updates for your computer.4) Ideally also install and run MS''s new AntiSpyware tools.5) Clear your webbrowser''s cache6) Return to the site, and let me know what happens!

Share this post


Link to post
Share on other sites

[quote]For me it happens on any URL I go to on the site. So these forums, the main www.pinkun.co.uk etc.... It seems to have stopped now anyway If it helps - it was detected as "Exploit-MhtRedir.gen" ...[/quote]

Here''s something about loadadv - it seems fairly new:http://www.google.co.uk/search?hl=en&q=loaderadv&btnG=Search&meta=http://www.securitytrap.com/mail/bugtraq/2004/Dec/0382.html(I suggest you don''t follow the links or download the zip attachment unless you have a degree in virus investigation.)

Like Tim, I''ve yet to get any of virus messages, either at work (WinNT, IE6) or at home (Win98se, IE6/Firefox 1, AVG6, virus db 571 19/01/05). I''m now updating to AVG v7 to see if that makes a difference, although I don''t think it will.

Follow Tim''s advice and clear your cache - in IE: Tools menu > Internet Options > [General] > Temporary Internet Files: Delete Files > YES!In the same menu, also look under > [General] > Temporary Internet Files: Settings > View Objects to see if there''s anything you think looks unusual.

Share this post


Link to post
Share on other sites
Still getting virus alerts on any www.new.pinkun.com page (6:10 p.m.). I''m on Windows XP Home SP2, with Computer Associates eTrust EZ antivirus. It won''t delete all the instances, so I have to clear the temporary files after each visit. Also, sometimes can''t go back a page, and get a different URL in the bar at the bottom of the page.

Share this post


Link to post
Share on other sites

I have win xp pro and had installed AVG .... it did no good ! ... I was plagued  with pop ups from " messenger services " ..... in the end I formatted the pc ,  and STILL the pop ups came up !      but this  stopped  as I downloaded  MS  service packs  on a regular basis .......... it seems to me that a lot of the  anti virus software being flogged around INSTALS   virii !!

Share this post


Link to post
Share on other sites
I''m getting different results when i search on google and yahoo as a result on the pop ups any idea how to get rid of them? trying to get if off my work computer, do really want to call IT they may see how much i look at NCFC websites!!

Share this post


Link to post
Share on other sites

[quote]I have win xp pro and had installed AVG .... it did no good ! ... I was plagued with pop ups from " messenger services " ..... in the end I formatted the pc , and STILL the pop ups came up ! b...[/quote]

Geek:

That business with popups aren''t viruses but are adware that gets installed via Microsoft Internet Explorer. If you went back to the same site tht loaded it to your machine once, it would do it again. The Firefox browser and and also the Google toolbar for IE blocked them, and after so many complaints, Microsoft added blocking to their browser after XP service pack 2.

Microsoft have an adware/spyware removal tool but by all accounts, it''s still not as good as the free one ''adaware se'' from lavasoftusa.com

Share this post


Link to post
Share on other sites

Flecko   ......... I don`t doubt what you say is true ...  all I know is that I`n now free of popups !   ....and thats all that matters as far as I`m concerned

Share this post


Link to post
Share on other sites

[quote]Avoid all these problems! Buy a Mac! Hope it all gets sorted.[/quote]

kent

oh how i wish i could still afford to buy another one!!

maybe one day .............

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...