malware on site

How do I.... ?

Moderator: Team Cub

Re: malware on site

Postby Dusti Snider » Fri Dec 16, 2011 8:23 am

Our laptop at home got hit with that windows 2012 blah blah crap a few nights ago. I was using it at home doing my normal tractor sites visits, nothing out of the ordinary, had no idea how it happened. Maybe now I do. Haven't been able to use it since, not computer savvy enought to do that on my own. I got it here at work waiting on our computer guy to come by sometime and look at it for me...
Image

Member IHCC Chapter 37 & 42 - North Carolina
User avatar
Dusti Snider
10+ Years
10+ Years
 
Posts: 595
Joined: Tue Feb 04, 2003 9:10 am
Location: Mercer County, West Virginia
Zip Code: 24740
Tractors Owned: 1951 Farmall "M" - Restored
1949 Farmall Cub - Original "Blue Ribbon Reconditioned"
1934 Farmall F-12
1929 Farmall Regular
1956 Ford 640
1967 John Deere 112H
1973 John Deere 140H3
1985 John Deere 420
Circle of Safety Award
Circle of Safety: Y

Re: malware on site

Postby CharlieK » Fri Dec 16, 2011 9:40 am

my secutity blocked a high severity intrusion attempt last nite at 8:53 while i was on this site--don't know if this will help ya dennis but this was what was blocked: (178.18.243.89 ) i have norton
get er done; life is good
CharlieK
5+ Years
5+ Years
 
Posts: 218
Joined: Sun Apr 10, 2005 9:25 pm
Location: bullitt county, kentucky

Re: malware on site

Postby Don McCombs » Fri Dec 16, 2011 10:14 am

Charlie,

What Norton product do you have? I have Symantic Anti-virus and I obviously need to do something different. :shock:
Don McCombs
MD, Deep Creek Lake

"1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
User avatar
Don McCombs
Team Cub Mentor
Team Cub Mentor
 
Posts: 10639
Joined: Mon Feb 03, 2003 6:45 am
Location: MD, Deep Creek Lake
Zip Code: 21550
Tractors Owned: "1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
Circle of Safety Award
Circle of Safety: Y

Re: malware on site

Postby Rudi » Fri Dec 16, 2011 1:01 pm

Charlie:

Out of curiosity I googled

178.18.243.89


and it resolves to somewhere in England... 178.18.243.89

A whois.net query resolves as

[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf


Ripe shows it as a German IP addy.
Confusion breeds Discussion which breeds Knowledge which breeds Confidence which breeds Friendship

User avatar
Rudi
Team Cub
Team Cub
 
Posts: 28544
Joined: Sun Feb 02, 2003 8:37 pm
Location: NB Dieppe, Canada
Zip Code: E1A7J3
eBay ID: ve9rhs
Skype Name: R.H. "Rudi" Saueracker, SSM
Tractors Owned: 1947 Cub "Granny"
1948 Cub "Ellie-Mae"
1951 Cub "Jethro"
Dad's Putt-Putt
IH 129 CC
Circle of Safety Award
Circle of Safety: Y
Twitter ID: Rudi Saueracker, SSM

Re: malware on site

Postby Dennis » Fri Dec 16, 2011 1:35 pm

OK folks,

I've been over the site with a fine tooth comb and cannot find any evidence of malware/viruses on the site.

For those of you who have noticed strange things, be aware, that most viruses and mailware are delivered via "downloaded" files, email attachements, and some "drive by" infections on computers with un-patched computer files.
Once a virus or malware is loaded onto a computer, it will give bogus information and prompt the person to click or purchase some software or it may just interfere with the computers normal operation.

Blocked ads can be either a false positive from the anti-virus software or it is blocking the originating URL of the ad -- for whatever reason. It does not mean the ad has a virus and it will infect your computer by display on the screen. (I've checked with Google Adsense and they report no known malware or viruses invading their ad network and are vigilant in that quest; it is their bread and butter, so they are serious about keeping it clean.)

If you want, you can scan the site by using the multiple scanners located on this site: http://www.virustotal.com/index.html
Click the "Submit URL" tab and enter "farmallcub.com" in the box and scan the site for your assurance that the site is clean.

Regardless, be assured I take all potential threats as real and fully investigate them. However, with a whole internet full of sites (and I'm sure FarmallCub is not the only one you visit), plus email threats, it is a difficult job to try and find where these nasties originate from. I can only verify this site.

Please let me know if you have positive proof of any malicious activity from this site.

Thanks,
Dennis
Image Proud Member
Are you a member? Copy this code below and paste it in your signature to display it proudly!
Code: Select all
[url=http://nationalihcollectors.com/index.html][img]http://farmallcub.com/images/ihcc.jpg[/img][/url]
User avatar
Dennis
Site Admin
 
Posts: 2629
Joined: Sat Feb 01, 2003 9:53 pm
Location: MO, Oak Grove
Zip Code: 64075
Tractors Owned: 1947 Farmall Cub
104 Cub Cadet
Cub Cadet Original
Circle of Safety Award
Circle of Safety: Y
Twitter ID: @farmallcubcom

Re: malware on site

Postby tmays » Fri Dec 16, 2011 8:37 pm

I haven't been hit yet and I use

Apple products

[ Post made via iPhone ] Image
Thomas
User avatar
tmays
501 Club
501 Club
 
Posts: 1631
Joined: Wed May 11, 2011 8:59 pm
Location: Raymond, MS
Zip Code: 39154
Tractors Owned: 1953 Cub
1947 Cub
1952 Cub
1953 Farmall Super C
154 Cub LoBoy

Re: malware on site

Postby gitractorman » Fri Dec 16, 2011 9:29 pm

Dennis,
Yep, I got hit on Wednesday afternoon and it basically locked up my computer. Fortunately it was a company computer, 8-months old, but it locked her up good. Our IT guy could not get in to my computer remotely, so I spent the day in Syracuse on Thursday letting them work on it. After a whole day, something that they used to remove the virus, or the virus itself, stripped some of the Windows files, and my computer was toast. They had to re-install Windows. So, I got a new laptop out of the deal (because they were tired of working on it and had new ones laying there).

Regardless. I know exactly where I was when I got hit. I was in the Cub Vine section, and it was about noon on Wednesday.
1951 Farmall Cub, Cub Cadets 102, 104, 1811, 1864, Simplicity Legacy XL 4x4 Diesel with FEL, 60" mower, 50" Tiller
User avatar
gitractorman
5+ Years
5+ Years
 
Posts: 2097
Joined: Mon Oct 24, 2005 11:35 am
Location: Grand Island, NY
Zip Code: 14072
eBay ID: toysforjake
Tractors Owned: Lots of Cub Cadets!
1951 Farmall Cub
1977 IH Cub
1966 IH Cub
1965 IH Lo Boy
1949 Farmall Cub
Several IH 154 Lo Boys
1979 IH 184 Lo Boy
Simplicity 4416 Sovereign
Simplicity Conquest
Simplicity Legacy 4x4 Diesel
Circle of Safety Award
Circle of Safety: Y

Re: malware on site

Postby Don McCombs » Thu Dec 22, 2011 4:41 pm

What's the status of this situation?
Don McCombs
MD, Deep Creek Lake

"1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
User avatar
Don McCombs
Team Cub Mentor
Team Cub Mentor
 
Posts: 10639
Joined: Mon Feb 03, 2003 6:45 am
Location: MD, Deep Creek Lake
Zip Code: 21550
Tractors Owned: "1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
Circle of Safety Award
Circle of Safety: Y

Re: malware on site

Postby Dennis » Fri Dec 23, 2011 5:23 pm

Don McCombs wrote:What's the status of this situation?


Don and FarmallCub members,

I have been over this site multiple times looking for any malicious code and scanned it with server based scanners and third party scanners. I find ZERO evidence of any "Trojan" or virus software on FarmallCub.Com.

I have also triple checked with Google Adsense and they verified that their are ZERO reports of any compromised ads on their networks.

Now that being said, NEVER let down your guard and neither will I. Keep your systems patched with security updates, religiously -- set them to AUTOMATIC if you're a windows user. Keep a good anti-virus installed and updated (firewall too.) Never, ever, click on an email attachment unless you are 100% positive that it is safe -- that includes emails from friends and business (they can be "spoofed").

I also hate to say it, but Windows XP currently accounts for 75% of all virus infections... if you are using XP, be extra careful. You might want to ask Santa for a new Windows 7 or Apple computer. ;)

Dennis

PS: I personally spent the last five days cleaning a very nasty "rootkit" virus off my brothers computer.... he clicked on a file attachment.
Image Proud Member
Are you a member? Copy this code below and paste it in your signature to display it proudly!
Code: Select all
[url=http://nationalihcollectors.com/index.html][img]http://farmallcub.com/images/ihcc.jpg[/img][/url]
User avatar
Dennis
Site Admin
 
Posts: 2629
Joined: Sat Feb 01, 2003 9:53 pm
Location: MO, Oak Grove
Zip Code: 64075
Tractors Owned: 1947 Farmall Cub
104 Cub Cadet
Cub Cadet Original
Circle of Safety Award
Circle of Safety: Y
Twitter ID: @farmallcubcom

Re: malware on site

Postby Don McCombs » Fri Dec 23, 2011 5:55 pm

Thanks, Dennis, for all that you do for the board. It is definitely appreciated.
Don McCombs
MD, Deep Creek Lake

"1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
User avatar
Don McCombs
Team Cub Mentor
Team Cub Mentor
 
Posts: 10639
Joined: Mon Feb 03, 2003 6:45 am
Location: MD, Deep Creek Lake
Zip Code: 21550
Tractors Owned: "1950 Something" Farmall Cub
1977 International Cub w/FH
1978 International Cub
1948 Farmall Super A
1951 Farmall Super C w/FH
Circle of Safety Award
Circle of Safety: Y

Previous

Return to Message Board & Computer Questions

Who is online

Users browsing this forum: No registered users and 0 guests