redirect is losing replies.

[tjm4fun]

Reply to posts are getting lost in ie based browsers. I repleied to a thread, had a nice long bit of info in it,
hit the reply and was redirected to a page that says visit our sponsors. After the timeout, it went to a screen with a popup that stated the thread could not be found, it may have moved.
The reply was lost.
Finally did it in firefox, which killed the interloping window and went right to the reply.
Now I know that you may need this to get hit income, but make sure it works in all cases!

 

[tjm4fun]

Oh, fails in Avant browser. even with popups blocked.
Firefox pops up a warning that it tried to open another site and was blocked.
Stock IE6 just pops a seperate window(s) and replies make it.

 

[tjm4fun]

please disregard this thread.
Tho I believe that the infection came from a link off this board, since the resultant bug only started after my visit here.
Got nabbed with a trojan that apparently hit avant, but ie was getting it cause it was not in it;s cache yet.

Good thing I don;t use this piece o crapola norton at home. This is a corp edition at work and it didn;t catch it. Had to unload norton, install antivir, and remove it, then reinstall norton so the coprorate spyware will be happy.

Again, Sorry about the mis post, but as this all started right after I clicked on a forum category here, and it opened a bunch of popups.
Only place the browser was today was here, yahoo mail, and BBF.
All was working fine yesterday. You may want to verify that there has been no intrusion here.
here is the info:
Trojan.ByteVerify


Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.


Also Known As: Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Type: Trojan Horse Infection Length: various

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP Systems Not Affected: Linux, Macintosh, OS/2, UNIX


So much for the fix, that's all done too, for a while now.... note which systems aren;t affected!

 

[Ian]

Phew, I was worried there for a moment. Are you sure the link came from this board, as I haven't seen any suspect links?

 

[muckshifter]

get the scanners out ... disinfect everybody at the main gate

Why you running such an old version of VM then Tom?


I've clicked on everything around here, as I am immune to infections, and can't get nuffin.

 

[tjm4fun]

I am fairly sure it came from here, as I segregate my browsing on my work machines very carefully. Due to the poor protection afforded by norton, I do most of my side surfing on linux on my laptop.

My workstation is reserved for safe sites, like this, bbf, wcg and my mail accounts.
I've had too many issues with that stupid corporate load to want to fix it yet again.
It may have been from a sig link, tho I rarely click on them. it was just strange that this was the only place getting the redirect.
Well, sorry for any inconvenience, but better to be safe than sorry.

Mucks, that was only a ref on the trojan, also found the downloader . something. I suspect that the bulletin is only one source of infection. the machine that was infected is current with updates and versions, it has to be, the corp spyware checks and let;'s you know if anything is out of date, and being on a building lan where we are constantly exposed to marketing people who plug in here after god knows where else, you have to stay current or get infected. If norton was doing it's job half as well as Anti-vir, avg or vast, I wouldn;t have needed to spend about 4 days total this year cleaning up my 3 machines. (why do these things hit the day after I leave for a week off or an away school?????)

 

[muckshifter]

OK Tom I don't doubt your word you were hit by something, but can I just reassure our readers it was not from this forum.

We have been over the server and forum with a fine nit comb and we can find nothing out of the ordinary. However, that does not mean one should relax when it comes to "virus" protection

The current "worm" infestations is growing fast ... one ploy is to mass-mail forum members so please be on your guard.

Make sure your AV software is up-to-date.

 

[tjm4fun]

Yes, please keep all your anit virus as current as possible. have them check for updates daily. And if you;re using norton, for gods sake get rid of it.
not only did it not detect the originla intrusion, it can;t remove it properly.
Any of the 3 most popular free anti-viruses are rated ebtter than norton or mcaffey.

Now iw have been online all nite, only been to yahoo mail and bbf. Have been replying to bbf threads no problme.

I tried to reply to this post in IE, and I'm back to the redirect:

jttp://www.affiliatetarget.com/cgi-bin/51/1/3.cgi?https://www.pcreview.co.uk/forums/newreply.php

and my reply was lost. ( I altered it so it should not show up as a clickable link)

Happened as soon as I came here. .... so it could be something triggering the dormant virus, or a rootkit, or one of those self reinstalling worms and it;s just coincidence.

This reply was done in firefox, and worked fine.
This machine be owned, now I gonna really find out by what. Corporate spyware be damned! I will not tolerate this crap.

 

[Ian]

Ah yes, thats definetly some spyware / hijacker with the URL containing "http://www.affiliatetarget.com/cgi-bin/51/1/3.cgi"...

Which antispyware applications have you run?

 

[tjm4fun]

Corp load does not have any.

I run spybot s&d and adaware, both came back clean after I removed this.
Haven't had a chance yet to re-attack it as it resurfaced right at quittin time.
The first removal was done by norton, it did find it after doing a full scan.
This time, it;s not finding it as of when I left work.
Very annoying, it should not have come back unless schnorton didn;t get it all.... no surprise there!

I'll be back to work friday nite, I'll update when I finally eradicate this thing, and more importantly, what is re-installing it. That is the real culprit, and I think that could be the problem.
It could be some link on this page that is triggering the reload, so it would have appeared that the infection came from here. They often set trigger points to common site links.

Again, sorry for the false alarm, I usually don't get caught like this on my personal machines.

 

[muckshifter]

No problem, keep us up to date ...

I might just do a virus scan on my box, just to see how it works.

 

[tjm4fun]

I know you are kind of strict with cursing on here. so let me sum it up:

(e-mail address removed)!!!!!!!

Just spent 3 hours drilling thru trojans and worms that were so deeply imbedded, they would never get off.
Anti-vir found it but got caught up in a loop trying to deny access to a system service that was infected. And guess what got infected? the corporate spyware. What an unholy biatch to kill that just to get out of the loop.
Even pskill would not stop it, comp services said it stopped it, but it was still happil;y running away. Had to remove the sob in safemode. Then all the other crap came out of the woodwork. Mostly remnant stuff but a few active downloaders.
I believe this was planted a few months back when we got hit with one of the sobol worms, and I was away on vacation, so it had 2 weeks to hide itself. The pc was locked, no explorers running, just the crunching program.
No open shares. Norton did a fine job then, and has had 3 months of updates to find it and never did.
I should have written down everyone, but I was getting so ****ed off, I just started manually removing things, most I;ve seen before, and it is actually quicker to kill them and delete them than to scan for them and let the scanners do it.
For this second, the machine is clean. I have no doubt that the next worm/trojan of the momnet will happily slide in right past norton's autoprotect
and daily update and find a nice home for itself.
Now to see how long it takes for them to figure out what part of the spyware is dead and gone, and send me nasty notes.