x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 
Latest Forum Activity

Malware infection, observed while using the site ...

1 2
RJ99 Page Icon Posted 2009-04-04 4:20 AM
#
Avatar image of RJ99
Factorite (Elite)

Posts:
105
Location:
Surrey, England
Status:
A few days ago I was reading through the Forums (I think it was the 'What the HPC was intended to be' ... thread) when suddenly the PC went crazy, opening multiple windows faster than I could close them.

Eventually regained 'control' I think via Task Manager - and discovered the PC was infected. With four Trojans. Maybe this was totally unrelated to my being on HPCFactor at the time, but thought 'as a responsible HPC Citizen' I should report it. I've held back from using the site for the week since but am now venturing back ... so far no symptoms! (BTW my PC has always-opdated Norton 360 and a Spyware Blocker, but the Trojans managed to get through, as they do it seems!).
 Top of the page Quote Reply
CE Geek Page Icon Posted 2009-04-04 4:37 AM
#
Avatar image of CE Geek
Global Moderator
H/PC Oracle

Posts:
12,662
Location:
Southern California
Status:
Conficker, maybe?
 Top of the page Quote Reply
cmonex Page Icon Posted 2009-04-04 5:17 AM
#
Avatar image of cmonex
H/PC Oracle

Posts:
16,175
Location:
Budapest, Hungary
Status:
RJ99: what windows, internet explorer or other program?
 Top of the page Quote Reply
C:Amie Page Icon Posted 2009-04-04 5:22 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,950
Location:
United Kingdom
Status:
Why've you posted this in the news and editorials section... this just got sent to anyone with a RSS subscription to the news forum... thanks :/

Moved to HPC:Factor Related Discussion

Of course I take this very seriously and while I do not believe it is anything other than a fluke (you didn't download binary content from us?), I will give the farm a good going over post-haste.

oh and Norton was your downfall
 Top of the page Quote Reply
RJ99 Page Icon Posted 2009-04-04 9:08 AM
#
Avatar image of RJ99
Factorite (Elite)

Posts:
105
Location:
Surrey, England
Status:
CMONEX: Vista/Explorer 7
C:Amie - Yikes, posting on 'news ..' was daft, I should've reflected for a moment! Apologies.
 Top of the page Quote Reply
Rich Hawley Page Icon Posted 2009-04-04 9:31 AM
#
Avatar image of Rich Hawley
Global Moderator
H/PC Guru

Posts:
7,188
Location:
USA
Status:
RJ99, I empathize with you. I've had the exact same thing happen to me in the past. It was always my own fault. Normally it was from trying to run a music or program file I downloaded from Limewire, or opening a file downloaded from some warez site to see what it looked like...and I often ended up paying the price for my foolishness.

Those pop up website windows are really hard to clean off the system. So is the one that opens with a blue desktop. If you truly got your's cleaned up, then you were luckier than myself. I ended up wasting hours trying to fix the problem, and finally had to reformat my hard drive and reinstal everything from scratch.

Now-a-days I don't have those problems. I use an entirely separate computer for those "iffy" websites and files. I have dual partitions on that HD, one with a complete virus free disk image of the other, so if I get any nasty infections, it is simply a matter of rebooting in dos, and reimaging the infected partition using Ghost 2003.

I think everyone here at one time or another has suffered similarly.

Rich
 Top of the page Quote Reply
C:Amie Page Icon Posted 2009-04-04 11:10 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,950
Location:
United Kingdom
Status:
I've had the AV, security tools rattling away for over 5.25 hours on the farm, and there is no sign of any problems. I'm not seeing any odd traffic or firewall issues.
I'm prepared to say that this has nothing to do with us at this point.

Looks like a fluke.

edit: 8.75 hours
 Top of the page Quote Reply
Rich Hawley Page Icon Posted 2009-04-04 2:33 PM
#
Avatar image of Rich Hawley
Global Moderator
H/PC Guru

Posts:
7,188
Location:
USA
Status:
Nice that you checked it out C:Amie...but I would have given odds that it wasn't HPCFactor to begin with...
 Top of the page Quote Reply
C:Amie Page Icon Posted 2009-04-04 2:34 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,950
Location:
United Kingdom
Status:
You've got to take it seriously, a site this size comprimised is not pretty... and if it is hacked, guess who gets the bill for someone elses warez.
 Top of the page Quote Reply
ZSX Page Icon Posted 2009-04-05 5:39 AM
#
Avatar image of ZSX
H/PC Elite

Posts:
550
Location:
London, UK
Status:
Regarding Conficker, Lifehacker has a post suggesting this website "Conficker Eye Chart" based on the premise that Conficker variants protect themselves by blocking access to a number of antimalware vendors like F-secure, SecureWorks and Trend Micro. It is supposed to be a simple way of finding out whether or not you have Conficker A/B/C. It shouldn't be a problem is you are up to date on your Windows Updates and antivirus.
 Top of the page Quote Reply
RJ99 Page Icon Posted 2009-04-05 6:12 AM
#
Avatar image of RJ99
Factorite (Elite)

Posts:
105
Location:
Surrey, England
Status:
It does look like it was just happenstance that it popped up whilst on HPCFactor ...

One thing I didn't mention was that it happened in Saudi Arabia, at a hotel, with slooooow 'unprotected' wireless - naively thinking my Norton etc set up would keep me safe from nasties. I will try to resist the temptation to go online there in future (sadly, there are few entertainment opportunities for the expat businessman there & dipping into HCFactor was one of them).
 Top of the page Quote Reply
mr-mac Page Icon Posted 2009-04-14 4:49 AM
#
Avatar image of mr-mac
H/PC Elder

Posts:
1,973
Status:
There was a virus (torjan) that was dormant but due to wake up on the 1st of April, being the date of your first post was close to month start and you mentioned it was a few days before, I guess this is the most likely suspect.

It was the conficker previously mentioned.

Hope you got rid of it and all is ok.

John
 Top of the page Quote Reply
Alt Bass Page Icon Posted 2009-04-17 5:53 AM
#
Avatar image of Alt Bass
H/PC Sensei

Posts:
1,169
Location:
Russia
Status:
I'm using two computers to access HPC:Factor. They are not connected with each other. There are very few sites I'm visiting from both of these computers. I've observed malware opening the new windows or just opening a new window while surfing HPC:Factor forums. These two PCs doesn't have any similar running processes except system ones.

www2.866-86.cn/a/a1.htm is opened in the new window.

What that could be?
 Top of the page Quote Reply
C:Amie Page Icon Posted 2009-04-17 6:33 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,950
Location:
United Kingdom
Status:
It's not us, the servers were given an external run-over by the latest McAfee Enterprise 8.5i; patches and dats most current.

Chances are that a worm has targeted your IP address, got through and exploited your systems.

Don't forget to be updating from Microsoft Update, not just Windows Update, there are a few nasty MS Office exploits out there (flash, adobe reader, quicktime, firefox also). Sticking IE8 on for good measure I would also recommend as it'll help isolate browser hijacks.
 Top of the page Quote Reply
Alt Bass Page Icon Posted 2009-04-17 3:23 PM
#
Avatar image of Alt Bass
H/PC Sensei

Posts:
1,169
Location:
Russia
Status:
Those two PC's are in separate subnets.

McAfee? Is that pretty, truly, absolutely reliable?) Nothing is ideal.
 Top of the page Quote Reply
1 2
Jump to forum:
Seconds to generate: 0.277 - Cached queries : 65 - Executed queries : 17