Virus affecting forums.
Moderators: Balthagor, Legend, Empier4552, Moderators
-
- Colonel
- Posts: 284
- Joined: Jul 21 2008
Virus affecting forums.
I noticed there was a virus warning from AVG today when I connected to http://www.bgforums.com/ using Firefox. It informed me it was redirect to this IP: 58.65.232.33. Please investigate.
A whois on the domain provided this result:
WHOIS information for: bgforums.net:
[whois.psi-usa.info]
%
% =============
% PSI-USA, Inc.
% =============
%
% This is the PSI-USA, Inc. WHOIS server.
%
% All requests are logged.
%
% Requesting IP: 128.121.95.55
% Requesting URL: http://whois.psi-usa.info
% Requesting Object: domain bgforums.net
% Timestamp: 2008-08-13 22:57:04
%
% You can see the policy that you agree by submitting a query to this server:
% whois -h whois.psi-usa.info POLICY
domain: bgforums.net
status: ACTIVE
owner-c: LULU-9776177
admin-c: LULU-9776177
tech-c: LULU-9776177
zone-c: LULU-9776177
nserver: ns1.fastpark.net
nserver: ns2.fastpark.net
created: 2008-01-28 12:05:20
expire: 2009-01-28 00:00:00 (registry time)
changed: 2008-06-11 17:21:13
[owner-c] handle: 9776177
[owner-c] type: ORG
[owner-c] title: CEO
[owner-c] fname: Andrea
[owner-c] lname: Ralli
[owner-c] org: RevenueDriver srl
[owner-c] address: Via sestriere, 25
[owner-c] city: rome
[owner-c] pcode: 00135
[owner-c] country: IT
[owner-c] state: Roma
[owner-c] phone: +39-333-1849516
[owner-c] fax: +39-333-1849516
[owner-c] email: revenuedriver@gmail.com
[owner-c] protection: B
Couretsy Whois.net. Please verify and check for viruses infecting the forum.
[owner-c] updated: 2008-07-11 15:31:27
Appears it may be the work of Russian Hackers:
http://www.trentmueller.com/blog/htmlfr ... press.html
http://www.precisesecurity.com/blogs/20 ... mlframerz/
Please clean this website IMMEDIATELY.
A whois on the domain provided this result:
WHOIS information for: bgforums.net:
[whois.psi-usa.info]
%
% =============
% PSI-USA, Inc.
% =============
%
% This is the PSI-USA, Inc. WHOIS server.
%
% All requests are logged.
%
% Requesting IP: 128.121.95.55
% Requesting URL: http://whois.psi-usa.info
% Requesting Object: domain bgforums.net
% Timestamp: 2008-08-13 22:57:04
%
% You can see the policy that you agree by submitting a query to this server:
% whois -h whois.psi-usa.info POLICY
domain: bgforums.net
status: ACTIVE
owner-c: LULU-9776177
admin-c: LULU-9776177
tech-c: LULU-9776177
zone-c: LULU-9776177
nserver: ns1.fastpark.net
nserver: ns2.fastpark.net
created: 2008-01-28 12:05:20
expire: 2009-01-28 00:00:00 (registry time)
changed: 2008-06-11 17:21:13
[owner-c] handle: 9776177
[owner-c] type: ORG
[owner-c] title: CEO
[owner-c] fname: Andrea
[owner-c] lname: Ralli
[owner-c] org: RevenueDriver srl
[owner-c] address: Via sestriere, 25
[owner-c] city: rome
[owner-c] pcode: 00135
[owner-c] country: IT
[owner-c] state: Roma
[owner-c] phone: +39-333-1849516
[owner-c] fax: +39-333-1849516
[owner-c] email: revenuedriver@gmail.com
[owner-c] protection: B
Couretsy Whois.net. Please verify and check for viruses infecting the forum.
[owner-c] updated: 2008-07-11 15:31:27
Appears it may be the work of Russian Hackers:
http://www.trentmueller.com/blog/htmlfr ... press.html
http://www.precisesecurity.com/blogs/20 ... mlframerz/
Please clean this website IMMEDIATELY.
- George Geczy
- General
- Posts: 2688
- Joined: Jun 04 2002
- Location: BattleGoat Studios
- Contact:
Re: Virus affecting forums.
As mentioned in the other thread, they were persistently annoying, but hopefully we've cleaned up whatever crack they crawled through.
-- George.
-- George.
- Xbwalker
- Brigadier Gen.
- Posts: 529
- Joined: Jun 28 2008
- Location: Las Vegas NV USA
- Contact:
Re: Virus affecting forums.
Thanks. Yeah avast also caught it and I was feeling sad.
-
- Colonel
- Posts: 482
- Joined: May 29 2005
Re: Virus affecting forums.
My avast still freak out whenever IE browser is redirected.
I ran another scan but didn't find anything.
I ran another scan but didn't find anything.
-
- Lieutenant
- Posts: 83
- Joined: Jul 27 2005
- Location: Behind you
Re: Virus affecting forums.
Get a decent AV? Not those jumpy kids.
Symantec Endpoint Protection has native x64 and x86 support, doesn't cry wolf every time it sniffs a poodle, annihilates the wannabe wolfs 100%. Footprint is small, settings are a bit tougher if you are an amateour but, works great.
It just sits there in the tray, all quiet, no pop-ups nothing just slaughters any virus/malware/trojan there is.
Downside is, It is a bit pricey compared to CA eTrust, Norton AV, kaspersky etc.
Look at it this way, we protect whole enterprise networks and server rooms with it! Try to find a single datacenter that uses AVG/Avast or Kaspersky
Symantec Endpoint Protection has native x64 and x86 support, doesn't cry wolf every time it sniffs a poodle, annihilates the wannabe wolfs 100%. Footprint is small, settings are a bit tougher if you are an amateour but, works great.
It just sits there in the tray, all quiet, no pop-ups nothing just slaughters any virus/malware/trojan there is.
Downside is, It is a bit pricey compared to CA eTrust, Norton AV, kaspersky etc.
Look at it this way, we protect whole enterprise networks and server rooms with it! Try to find a single datacenter that uses AVG/Avast or Kaspersky
-
- Colonel
- Posts: 284
- Joined: Jul 21 2008
Re: Virus affecting forums.
Don't need to. Used avg for over 5 years, it is free, it has never failed me. I use it in tandem with other freeware which combined makes it as effective as any of the above packages. Why waste my cash?
Besides, I like the alerts. I like to make people aware when their sites may be hijacked in order to attack other users who might be my friends.
Thank you BG in your rapid response to fix this issue.
Besides, I like the alerts. I like to make people aware when their sites may be hijacked in order to attack other users who might be my friends.
Thank you BG in your rapid response to fix this issue.
- haenkie
- Brigadier Gen.
- Posts: 596
- Joined: May 27 2005
- Location: Netherlands
Re: Virus affecting forums.
Problem with symantec is you need a seperate server or computer just to handle the program, it is THAT cpu consuming!
-
- Lieutenant
- Posts: 83
- Joined: Jul 27 2005
- Location: Behind you
Re: Virus affecting forums.
That is a bit inaccurate tbh...haenkie wrote:Problem with symantec is you need a seperate server or computer just to handle the program, it is THAT cpu consuming!
You will get 2 discs 1 is the management console that requires IIS service running. That is an absolute resource or more processor hog! It is supposed to be, it is designed to keep track of and manage all clients in an enterprise environment.
If you install workstation version (fancy name to unmanaged client) it uses about 2500K memory on normal operation but can go upto 20-30MB's if scanning emails, extracted archives etc all together (It is also native x64...).
We keep creating and signing petitions to symantec to reduce this massive resource wastage but they keep telling us to get bent or piss off depending on their mood.
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
Re: Virus affecting forums.
Hence why my home system uses Avast, my favorite AV softwareLamb Chop wrote:...We keep creating and signing petitions to symantec to reduce this massive resource wastage but they keep telling us to get bent or piss off depending on their mood.
-
- General
- Posts: 2548
- Joined: Dec 08 2007
- Location: Tipton, UK
Re: Virus affecting forums.
Do not trust Macaffe, mine turned itself off and windows firewall. My comp has had to go in to be sorted, and has cost me £100, lucky i got it off a freind..........
USe spybot and it will work well..
USe spybot and it will work well..
My SR:U Model Project, get the latest and post suggestions here:
http://www.bgforums.com/forums/viewtopi ... 79&t=28040
http://www.bgforums.com/forums/viewtopi ... 79&t=28040
-
- Corporal
- Posts: 8
- Joined: Jun 21 2013
- Human: Yes
Re: Virus affecting forums.
Well ! I got the following results :vortex79 wrote:I noticed there was a virus warning from AVG today when I connected to http://www.bgforums.com/ using Firefox. It informed me it was redirect to this IP: 58.65.232.33. Please investigate.
A whois on the domain provided this result:
WHOIS information for: bgforums.net:
[whois.psi-usa.info]
%
% =============
% PSI-USA, Inc.
% =============
%
% This is the PSI-USA, Inc. WHOIS server.
%
% All requests are logged.
%
% Requesting IP: 128.121.95.55
% Requesting URL: http://whois.psi-usa.info
% Requesting Object: domain bgforums.net
% Timestamp: 2008-08-13 22:57:04
%
% You can see the policy that you agree by submitting a query to this server:
% whois -h whois.psi-usa.info POLICY
domain: bgforums.net
status: ACTIVE
owner-c: LULU-9776177
admin-c: LULU-9776177
tech-c: LULU-9776177
zone-c: LULU-9776177
nserver: ns1.fastpark.net
nserver: ns2.fastpark.net
created: 2008-01-28 12:05:20
expire: 2009-01-28 00:00:00 (registry time)
changed: 2008-06-11 17:21:13
[owner-c] handle: 9776177
[owner-c] type: ORG
[owner-c] title: CEO
[owner-c] fname: Andrea
[owner-c] lname: Ralli
[owner-c] org: RevenueDriver srl
[owner-c] address: Via sestriere, 25
[owner-c] city: rome
[owner-c] pcode: 00135
[owner-c] country: IT
[owner-c] state: Roma
[owner-c] phone: +39-333-1849516
[owner-c] fax: +39-333-1849516
[owner-c] email: revenuedriver@gmail.com
[owner-c] protection: B
Couretsy Whois.net. Please verify and check for viruses infecting the forum.
[owner-c] updated: 2008-07-11 15:31:27
Appears it may be the work of Russian Hackers:
http://www.trentmueller.com/blog/htmlfr ... press.html
http://www.precisesecurity.com/blogs/20 ... mlframerz/
Please clean this website IMMEDIATELY.
Whois Search results for Domain Name BGFORUMS.NET
WHOIS Server: whois.tucows.com
Registrant:
Contact Privacy Inc. Customer 0132932270
96 Mowat Ave
Toronto, ON M6K 3M1
CA
Domain name: BGFORUMS.NET
Administrative Contact:
Contact Privacy Inc. Customer 0132932270, bgforums.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Technical Contact:
Contact Privacy Inc. Customer 0132932270, bgforums.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Registrar of Record: TUCOWS, INC.
Record last updated on 06-May-2013.
Record expires on 28-Jan-2014.
Record created on 28-Jan-2008.
Registrar Domain Name Help Center:
http://tucowsdomains.com
Domain servers in listed order:
NS1.ABOVE.COM
NS2.ABOVE.COM
Btw , i got it from Whoisxy.com
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
Re: Virus affecting forums.
Is anyone else getting this?
-
- Board Admin
- Posts: 2918
- Joined: Sep 29 2008
- Human: Yes
- Contact:
Re: Virus affecting forums.
I think target was just responding to a 5 year old thread. I do not THINK he was getting the same as op back 5 years ago.
https://www.youtube.com/user/GIJoe597
Older/retired gamers, who do not tolerate foolishness.
http://steamcommunity.com/groups/USARG
Older/retired gamers, who do not tolerate foolishness.
http://steamcommunity.com/groups/USARG
-
- Captain
- Posts: 107
- Joined: Oct 16 2013
- Human: Yes
Re: Virus affecting forums.
LOL, yeah, assuming Tucows actually is your domain registrar everything looks like it should.