ClubLexus - Lexus Forum Discussion

Site Suggestions & Problems Bring up any suggestions, questions or problems concerning ClubLexus. If you need to test a forum feature, post here too. Note - questions about your Lexus do not belong in this forum!

CL Site Malware thread (fixed, please let us know if you see issues)

Thread Tools
 
Search this Thread
 
Old 11-04-12, 02:57 PM
  #1  
Briano7
Driver School Candidate
Thread Starter
 
Briano7's Avatar
 
Join Date: Sep 2012
Location: FL
Posts: 37
Likes: 0
Received 0 Likes on 0 Posts
Default CL Site Malware thread (fixed, please let us know if you see issues)
I'm not sure where to post this but
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33


Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from <b>dnsserv.ssrsystems.com/dhFJwR?leETD=31</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Just thought you ought to know.
It's supposed to be nasty.
Briano7 is offline  
Reply Like
Old 11-04-12, 06:16 PM
  #2  
YeA 2jZ
Lexus Fanatic
iTrader: (15)
 
YeA 2jZ's Avatar
 
Join Date: Apr 2005
Location: SC Land, FL
Posts: 5,251
Received 3 Likes on 3 Posts
Default Getting a Trojan warning in main SC Forum
When I reload the main & SC300/400 forum page I keep getting a "warning detected" "trojan" warning from my AVG. Its only been happening today ?
Last edited by YeA 2jZ; 11-04-12 at 08:05 PM.
YeA 2jZ is offline  
Reply Like
Old 11-04-12, 06:27 PM
  #3  
m1964
Intermediate
 
m1964's Avatar
 
Join Date: Feb 2012
Location: NY
Posts: 279
Received 6 Likes on 5 Posts
Default any one else got the message?
While browsing this forum, I got a message from my antivirus program saying it blocked an attack on my computer-happened today, more then once on both work laptop and home desktop, with different anti-virus software....
m1964 is offline  
Reply Like
Old 11-04-12, 06:59 PM
  #4  
YeA 2jZ
Lexus Fanatic
iTrader: (15)
 
YeA 2jZ's Avatar
 
Join Date: Apr 2005
Location: SC Land, FL
Posts: 5,251
Received 3 Likes on 3 Posts
Default
YeA 2jZ is offline  
Reply Like
Old 11-04-12, 07:22 PM
  #5  
LexBob2
Lexus Champion
 
LexBob2's Avatar
 
Join Date: Aug 2006
Location: Illinois
Posts: 10,987
Received 137 Likes on 111 Posts
Default
Originally Posted by m1964
While browsing this forum, I got a message from my antivirus program saying it blocked an attack on my computer-happened today, more then once on both work laptop and home desktop, with different anti-virus software....
I've been getting it regularly too.
LexBob2 is online now  
Reply Like
Old 11-04-12, 07:43 PM
  #6  
RXSF
Moderator
 
RXSF's Avatar
 
Join Date: Aug 2006
Location: San Francisco, CA
Posts: 12,042
Likes: 0
Received 69 Likes on 42 Posts
Default
Interesting. I am going to move or create a link to the site problems subforum so that Dave can be aware of the problem if he isnt already
RXSF is online now  
Reply Like
Old 11-04-12, 07:46 PM
  #7  
GRPFAN
Pole Position
 
GRPFAN's Avatar
 
Join Date: Nov 2011
Location: Wisconsin
Posts: 396
Likes: 0
Received 1 Like on 1 Post
Default
Originally Posted by RXSF
Interesting. I am going to move or create a link to the site problems subforum so that Dave can be aware of the problem if he isnt already
I get a message that says" This site uses Java to view"
I ignore it and it's fine.
GRPFAN is offline  
Reply Like

Trending Topics

Old 11-04-12, 07:50 PM
  #8  
GRPFAN
Pole Position
 
GRPFAN's Avatar
 
Join Date: Nov 2011
Location: Wisconsin
Posts: 396
Likes: 0
Received 1 Like on 1 Post
Default
Originally Posted by YeA 2jZ
When I reload the main SC300/400 forum page I keep getting a "warning detected" "trojan" warning from my AVG. Its only been happening today ?
I'm atta here...
GRPFAN is offline  
Reply Like
Old 11-04-12, 09:25 PM
  #9  
Supraman16
Advanced
iTrader: (5)
 
Supraman16's Avatar
 
Join Date: Apr 2001
Location: Burbank, CA
Posts: 586
Received 36 Likes on 19 Posts
Default
I got infected from the FBI/Moneypak Malware virus this morning when I came to the clublexus forums. I managed to get rid of it by booting in Safe Mode and running MalwareBytes and then I got rid of Java to prevent it from getting into my computer. After that, I came back to ClubLexus and sure enough, you can tell there are some "data" (likely the virus again) that's trying to download into my computer. I think there is a virus tagged to clublexus.
Supraman16 is offline  
Reply Like
Old 11-04-12, 09:50 PM
  #10  
DaveGS4
Forum Administrator

iTrader: (2)
 
DaveGS4's Avatar
 
Join Date: Feb 2001
Location: North Carolina
Posts: 31,427
Received 2,119 Likes on 1,293 Posts
Default
Thanks all, I've sent this along to the tech folks. I'm sure any additional details you can provide (was it the same page each time?) will be helpful as are screen shots like yea posted (thanks)

Merged similar threads
Last edited by DaveGS4; 11-04-12 at 09:54 PM.
DaveGS4 is offline  
Reply Like
Old 11-05-12, 03:18 AM
  #11  
Briano7
Driver School Candidate
Thread Starter
 
Briano7's Avatar
 
Join Date: Sep 2012
Location: FL
Posts: 37
Likes: 0
Received 0 Likes on 0 Posts
Default
I get the warning when I click the FORUMS button or the SPONSORS button.
Briano7 is offline  
Reply Like
Old 11-05-12, 04:43 AM
  #12  
TripleL
No Substitute

 
TripleL's Avatar
 
Join Date: Nov 2005
Location: RI
Posts: 2,707
Received 11 Likes on 8 Posts
Default
Same here noticed it started Sunday night.

Posting what I recieved, hope it helps.

Code:
 
239	11/4/2012 8:01:48 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64006	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	dnsserv.ssrsystems.com/dhFJwR?leETD=31		1	11/4/2012 8:01:35 PM	11/4/2012 8:01:35 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
240	11/4/2012 8:01:59 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64167	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	dnsserv.ssrsystems.com/dhFJwR?leETD=31		1	11/4/2012 8:02:00 PM	11/4/2012 8:02:00 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
241	11/4/2012 8:03:39 PM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	64249	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	moloko.net-transfer.info/dhFJwR?leETD=31	1	11/4/2012 8:03:28 PM	11/4/2012 8:03:28 PM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
242	11/5/2012 7:26:15 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49356	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		2	11/5/2012 7:25:02 AM	11/5/2012 7:25:12 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
243	11/5/2012 7:28:40 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49395	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		1	11/5/2012 7:27:37 AM	11/5/2012 7:27:37 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
244	11/5/2012 7:34:54 AM	Intrusion Prevention	Critical	Incoming	TCP	213.179.207.140	80	N/A	49500	N/A	\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE	26033	69582	Web Attack: Exploit Toolkit Website 33	rokko.poundstone.co.uk/dhFJwR?leETD=31		1	11/5/2012 7:33:53 AM	11/5/2012 7:33:53 AM	[SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Attached Thumbnails CL Site Malware thread (fixed, please let us know if you see issues)-cl-concern.jpg  
Last edited by TripleL; 11-05-12 at 05:04 AM.
TripleL is offline  
Reply Like
Old 11-05-12, 06:24 AM
  #13  
Robb M.
Internet Brands
 
Robb M.'s Avatar
 
Join Date: Mar 2010
Location: ON
Posts: 43
Received 51 Likes on 29 Posts
Default
Are you all using IE?
Robb M. is offline  
Reply Like
Old 11-05-12, 07:26 AM
  #14  
neurocity
Neu`roc´i`ty

iTrader: (17)
 
neurocity's Avatar
 
Join Date: Jan 2006
Location: Chicago
Posts: 8,693
Received 73 Likes on 37 Posts
Default
I just got nailed, on iPad now while I run Malwarebytes to clean in safe mode.

Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.

Windows seven 64bit, Mozilla latest release. Norton.
neurocity is offline  
Reply Like
Old 11-05-12, 08:27 AM
  #15  
Lil4X
Out of Warranty
 
Lil4X's Avatar
 
Join Date: Aug 2001
Location: Houston, Republic of Texas
Posts: 14,926
Received 12 Likes on 12 Posts
Default
Got the same Norton flags yesterday and today, CL has become unstable. I'm shutting down to run Malwarebytes too.


W/7, Firefox, Norton, on Comcast
Lil4X is offline  
Reply Like



Advanced Search
Reply Closed Thread Share
Forum Jump

All times are GMT -7. The time now is 09:13 AM.