Security Issues...........

Discussion in 'Computer Corner' started by tubafran, Mar 27, 2011.

  1. P_S_Price

    P_S_Price Member

  2. Sop_Or_Bass?

    Sop_Or_Bass? Member

    Attached Files:

  3. Janet Watkins

    Janet Watkins Member

    I have been hit again! :mad:

    I stupidly went to tMP on my Windows desktop PC without thinking. Not sure what variety of nasty it is this time as I pulled the plug quickly. No bogus warnings of hard drive failure etc. or option to use "Windows Restore" program.

    There was a program called <lots of random numbers>.exe on my desktop. I had to edit the registry to re-enable the task manager in order to stop it. It was called DCOM Manager in task manager. I let my uptodate version of AVG handle it which seems to have made things worse! Any clues where to look for guidance in the mess it has created. Lots of files were hidden (as before) but I seem to be missing important programs such as system restore......

    As far as I can tell, my data is still in tact.

    Needless to say I am not a happy bunny!
     
  4. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    Did you ever get a chance to help John with this? As is clear from Janet's latest post, it hasn't gone away.
     
  5. Thirteen Ball

    Thirteen Ball Active Member

    It is interesting that Janet was using AVG when she was hit - as was I.

    Now I've binned AVG and gone over to Kaspersky - no problems.

    Was anyone else who's been targeted using AVG?
     
  6. P_S_Price

    P_S_Price Member


    I've always been fine using Norton. (and McAfee at work).

    For info AVG wont prevent the kind of attacks that the Firewall and surfing elements that Norton and McAfee prevent. AVG is just that - Anti Virus.
     
  7. MoominDave

    MoominDave Well-Known Member

    Must admit to being rather confused about where all this is going. Is there work going on behind the scenes to eradicate this? It seems that not fixing it is harming tMP's reputation and stopping people visiting the site, and there are offers of help in this thread from concerned experts who seem confident that they can fix the problem. Surely the means to sort it out is at hand?

    :confused::confused::confused:
     
  8. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    Hi Dave

    Yep - I have engaged with an experienced programmer and database expert who now has full access to the underlying database and tables for tMP. Despite a full virus sweep of the server undertaken by our hosting company a month or so ago - which yielded nothing - we are still investigating this further, and want to get to the bottom of the issue.

    Personally, I have not experienced any virus issues, either using Firefox on a Mac or Firefox on a Windows NT machine - so it seems this that this is only under certain OS/browser combinations that this issue manifests.

    As soon as we find something, I will update the thread and keep you informed.

    John
     
  9. Thirteen Ball

    Thirteen Ball Active Member

    Only if you're using AVG free. If you pay for the full suite (Which I used to) it's an all-around security system like any other. Just - it appears - not a very good one....
     
  10. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    The key to this is fixing the problem rather than finding an AV product that stops it - like many, I can't afford another attack on a company machine so only visit tMp from my safe Chrome environment at home. (many corpororate users will be restricted to IE I'm afraid).
     
  11. TheFopp

    TheFopp Member

    Kaspersky AV picked it up again this morning (running XP with IE8):

    URL http://129.121.128.110/Home/index.php containing malware detected

    when I landed on the www.themouthpiece.com/vb page.

    Doesn't happen everytime, and Kaspersky blocks it, but apparently it got a member of our band's PC a couple of weeks back and messed up quite a bit of the PC.

    I wonder if the link is maybe in someones signature and when that appears on the homepage is causing the Anti-Virus software to get it?
     
  12. Janet Watkins

    Janet Watkins Member

    Following up on my latest attack, I have had to leave the affected computer for a bit. However, I wonder if anyone knows what type of virus it is and where I can look online line for some help in sorting it out?

    My first attack was by the "Windows Restore" virus and I managed to return the PC (Windows Vista HP, IE, AVG Free) to a usable state having searched for the problem and found some helpful walkthroughs.

    This time there were no spurious warning messages (impending hard drive failure, memory problems etc) or offers of a solution for a price.

    The first signs were the background wallpaper turned black, AVG detected a threat and I chose to quarantine the virus. Icons started disappearing from the desktop.

    I tried stopping the virus using Task Manager but this had been disabled. Using the notes from last time, I edited the registry to enable task manager and found a rogue program running (a very random string of characters which was described by the system as DCOM Manager). I ended the process and all seemed to go quiet. I then set about unhiding all the files and ran a full AVG scan (updated shortly before the attack). Nothing was found.

    The thing which really bothers me is that I seem to have lost alot of my 'administrator priviledges' and some of the 'system tools/programs' have gone missing (not hidden as far as I can tell) eg System Restore, Windows Backup etc. All my data seemed intact and installed programs (eg Office) appeared to run OK.

    I also did a full scan using the version of MalWareBytes I downloaded last time, but it hadn't been updated as I was reluctant to go back on line. This found one problem regarding the disabling of the Task Manager. I let it 'correct' this and was then prompted to do a restart to finish the process. After logging back on after the restart, the PC went back into meltdown! Fortunately I seemed to catch it before the TM was disabled and stopped the virus (different string of random characters this time) running again.

    I really hope I can restore the system without having to go back to a factory restore. There is a recovery partition and I have a set of recovery discs. I anyone can post a link to a recovery procedure for this nasty I would be extremly greatful.
     
  13. Thirteen Ball

    Thirteen Ball Active Member

    Janet, my best advice would be get some better protection than AVG free. As myself and P_S_Price were discussing earlier, AVG Free is only anti-virus. There is no protection between you and a threat, so it relies entirely on being able to get rid of something that has come down off the web - which it may well not be able to do.

    Something like McAfee, Norton, or Kaspersky (the last of which I can reccomend) will cost you £15-30 a year (depending what's on special offer) and any one of them offers far better protection. They're also far better at killing off malware and viruses that your system already has than AVG free is. Unplug your PC from the web, put the disk in, and let it do it's thing.

    PC safety software is like anything else. You get what you pay for.
     
  14. Jan H

    Jan H Moderator Staff Member

    Also it seems that so far only users of Internet Explorer have been affected, so it might be a good idea to switch to Mozilla Firefox or Google Chrome, if that is possible.

    It is my undersanding that John is currently working very hard on the issue, and they have already made some progress in securing the webserver. But since I don't know any details, I'll leave it up to him to communicate about the progress.
     
  15. MoominDave

    MoominDave Well-Known Member

    Glad to hear it's being actively chased! Was just surprised that it has taken so long while people are going at it full out.
     
  16. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    Yes, I can confirm that only users on Windows using Internet Explorer have been attacked. You are safe using Chrome, Firefox, or if using a Mac.

    I did instigate a full anti-virus sweep of the server by the hosts a few weeks ago, which yielded nothing, but now we are looking at a more detailed analysis - at file and javascript level. I may also be upgrading the tMP software to the latest (and ****** expensive) version of vBulletin, as the upgrade path/process look to be do-able from the version I currently have.

    No decision made yet, but should I decide to do this, it will mean some temporary loss of functionality such as the tMP theme, tMP Prediction stuff, as this will need to be updated and I'd need to sweet-talk Steve into updating it for me. However, I think this is a small price to pay for the removal of any malware/virus threats some of us are currently experiencing.

    I am on the case... we will sort it one way or another.

    Contributions greatly appreciated... :):biggrin:
     
  17. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    I thought I should pop a reply in here so as those subscribed to this thread who may not have visited tMP recently because of any security concerns will have an update.

    Good news:
    We have upgraded tMP to a totally new version of the software that powers it (rewritten from previous versions), and have also moved tMP in its entirety to a new server. You should no longer experience any security issues, warnings or reports.

    If you do receive this in an email... come on back :)
     
  18. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    My work environment has Macafee and is always up to date yet this one still got me and was totally undetected by all the stuff we have in place- and trust me, we are as risk averse as you can get when it comes to protecting our networks. Whilst I wouldn't disagree that a subscription to Norton or even upgrading to the full (and paid for) AVG is a good idea, you're never 100% sure. (which is why I spend a lot of time running penetration tests on any external site to which the systems I manage are linked).

    Well done John on getting a new version up an running - I'll pop a donation in sometime over the next 10 days (and would encourage others to do likewise) as I know this has been an expense for you.
     

Share This Page