The Virus problem on this site is getting out of control - Page 4 - Toyota 4Runner Forum

nevada · 08-20-2012, 03:06 PM

The Virus problem on this site is getting out of control

maybe these can be merged?
theres atleast one other recent theread out there aswell.

jrm · 08-21-2012, 04:04 PM

Quote:

Originally Posted by BMeister

the virus is called Sirefef. to this day I have yet to find an anti-virus that will block it. agv, essentials, norton have been unsuccessful in preventing this virus. it disguises itself as an adobe or java update. one you get it, its very hard to get rid of. even software like malwarebytes removes only portions of it. then it eventually comes back. check the Eset antivirus site for the tools you need to remove.

once you go to install the fake update, will the anti virus catch it or is it too late.

eli_lilly · 08-21-2012, 04:59 PM

Quote:

Originally Posted by jrm

once you go to install the fake update, will the anti virus catch it or is it too late.

When you see the prompt for the fake update you're already infected. What happens is a bug in Java or Flash is used to siliently install the rootkit. Once the rootkit is up and running, it launches its first payload, which is the fake update thing. It will keep launching that, redirecting your browser, stealing your usernames and passwords, and other fantastic stuff until the rootkit is removed. When I caught it, the antivirus software was catching and preventing the payload launches... but did not recognize the rootkit or see that it was installed and running. Neither did McAfee's rootkit removal util, neither did Kapersky's TDSSKiller. Combofix did find and remove it.

-E

Sungod · 08-21-2012, 05:13 PM

Quote:

Originally Posted by BMeister

the virus is called Sirefef. to this day I have yet to find an anti-virus that will block it. agv, essentials, norton have been unsuccessful in preventing this virus. it disguises itself as an adobe or java update. one you get it, its very hard to get rid of. even software like malwarebytes removes only portions of it. then it eventually comes back. check the Eset antivirus site for the tools you need to remove.

Mine is trying to run the adobe update. How do I get rid of it?

run4estrunner · 08-21-2012, 06:14 PM

Quote:

Originally Posted by Sungod

Mine is trying to run the adobe update. How do I get rid of it?

You can start by laying off the gay porn sungod

scottm · 08-21-2012, 09:08 PM

Quote:

Originally Posted by Sungod

Mine is trying to run the adobe update. How do I get rid of it?

If your Restore function isn't already disabled try that. Mine was already disabled by the time I tried it. Like I said, this is a nasty bug.

eli_lilly · 08-22-2012, 08:56 AM

Quote:

Originally Posted by Sungod

Mine is trying to run the adobe update. How do I get rid of it?

Download and run combofix.

-E

CXS · 08-22-2012, 11:37 AM

If the Admin let's it ride with all these reported problems its simply a matter of time before it's totally infected or malware is injected and it becomes inaccessible. I know that as a fact because I spent yesterday fixing my vBulletin site that was infected.

As a Mac user I was unaware but starting yesterday morning my users started sending me PM's, e-mails and phone calls telling me we had been hacked. It sounded pretty much like the messages above but by noon it was inaccessible. I hope it doesn't happen here.

jimithing · 08-22-2012, 01:01 PM

Quote:

Originally Posted by CXS

If the Admin let's it ride with all these reported problems its simply a matter of time before it's totally infected or malware is injected and it becomes inaccessible. I know that as a fact because I spent yesterday fixing my vBulletin site that was infected.

As a Mac user I was unaware but starting yesterday morning my users started sending me PM's, e-mails and phone calls telling me we had been hacked. It sounded pretty much like the messages above but by noon it was inaccessible. I hope it doesn't happen here.

Would be nice if they would at least comment and say what's going on. I PM'ed the Admin and one of the moderators a link to this thread a couple days ago and haven't gotten a response. And they obviously haven't posted in here either. Kinda sucks.

Sungod · 08-22-2012, 05:06 PM

Quote:

Originally Posted by eli_lilly

Download and run combofix.

-E

I looked at combofix. It looks pretty aggressive. How scary is it to use?

admin · 08-23-2012, 08:18 AM

Just catching up on this thread. Looking into it. I don't run into any issues, and I visit the site from variety of computers/OSes.

Investigating ...

Update 1:

I haven't found anything suspicious. I also scanned the site using a 3rd party tool, which found no issues either. Here are the results of the scan:
Sucuri SiteCheck - Free Website Malware Scanner

Update 2:
Another service reported the site as safe. See attached screensnap.

Update 3:
AVG reported this site as safe as well.

Update 4:
Norton is also reporting the site as safe:

I'll keep digging.

Sungod · 08-23-2012, 09:31 AM

As soon as I opened this site today I got a pop up message regarding another block from malwarebytes. I'll be happy to send you my logs from malware and mcafee.

admin · 08-23-2012, 09:54 AM

Yes, definitely interested in the logs, as it may be related to a particular thread or post. You can email it to me directly to infotoyota-4runner.org

Also, what OS and browser+version are you using?

Thanks,
admin.

eli_lilly · 08-23-2012, 10:04 AM

Quote:

Originally Posted by Sungod

I looked at combofix. It looks pretty aggressive. How scary is it to use?

I thought the same thing, but it's just run it and let it go. Takes maybe 30 mins. After I saw them use it on my PC here at work, I downloaded it and ran it on two desktops at home and two laptops. It found and removed something on my main desktop, even though I run MS Security Essentials.

-E

admin · 08-23-2012, 12:21 PM

Gents, for those that are getting virus alerts, do they happen across the site or on a specific thread? If specific thread, can you post the thread url here?

Thanks,
admin.

Forums
Toyota 4Runner Forum	Official Vendors & Sponsors	4Runner & Hilux Surf Clubs	Site related
New Members	Become a Sponsor/Advertiser	American T4R Clubs (click to view)	Advertising & Sponsorship Information
General Discussions	Cali Raised LED	Florida	Software Related Questions & Answers
6th gen T4Rs	Trail4R	Georgia	Comments & Suggestions
5th gen T4Rs	SuncentAuto	(The Rest of) The Deep South	Links
4th Gen T4Rs	BaseLayer	So Cal	2012 4Runner
3rd gen T4Rs	DRZ OFF ROAD	Nor Cal	2017 4Runner
Classic T4Rs	Wheeler's Off-Road	Pacific NW	2015 4Runner
Classifieds - buy & sell (no commercial ads please)	C4 Fabrication	Southwest	2016 4Runner
For Sale: Vehicles	TRDParts4U	Texas & Oklahoma	2013 4Runner
For Sale: Suspension/Wheels/Tires	Rago Fabrication	Carolinas	2014 4Runner
For Sale: T4R Items	VTXWheels	Maryland / Virginia / WV / D.C.	2019 4Runner
For Sale: Non-T4R Items	SDHQ OFFROAD	Northeast	2011 4Runner
Free	Cali Raised LED	New England	2010 4Runner
Want to Buy/Trade	Coastal Offroad	Great Lakes	2009 4Runner
Feedback on Sellers & Buyers	GarageTime	Ozarks	2008 4Runner
Group Buys	Accessorides	Heartland	2007 4Runner
Off Topic	Raingler	Mountain	2006 4Runner
TSB	Proline 4wd Equipment	Alaska & Hawaii	2005 4Runner
Off-Roading	Venomrex	Canadian T4R Clubs (click to view)	2004 4Runner
Gallery	LFD Off Road	Montreal / Quebec	2003 4Runner
Engines / Suspension / Wheels / Tires / Audio / Accessories	OEM Audio Plus	Toronto / Ottawa / Ontario	2002 4Runner
Maintenance/Detailing	Victory4x4	Edmonton / Calgary / Alberta	2001 4Runner
Problems & Warranty Issues	Overland Gear Guy	Vancouver / British Columbia	2000 4Runner
Polls	RCI Off Road	Winnipeg / Manitoba	1999 4Runner
Dealers - Your Experience	TreadWright	European T4R & Hilux Surf Clubs (click to view)	1998 4Runner
FJ Cruiser	Underdog Racing Development / URD	UK	1997 4Runner
Lexus GX470/460	Front Runner Outfitters	France	1996 4Runner
All Other Vehicles	BOSS StrongBox	Germany
	Orange Boxx	Iceland
	Sherpa Equipment Co	Italy
	4RUNNERLIFESTYLE	Russia
	Ironman 4x4	Scandinavia
	LASFIT	Asia & Oceania T4R & Hilux Surf Clubs (click to view)
	Toyota Parts Express	Australia
	4xInnovations.com	Guam
	All-Pro Off Road	Japan
	Rockauto	Mongolia
	Air Lift	New Zealand
	UltraRev	Africa & Middle East T4R & Hilux Surf Clubs (click to view)
	Stealth Custom Series	Nigeria
	High Tech Auto and Truck Center	South Africa
	Metal-tech 4x4	Egypt
	ToyotaTRDParts.com	Latin America / Carribbean T4R & Hilux Surf Clubs (click to view)
	Addicted Offroad	Argentina
		Brazil
		Caribbean Islands
		Mexico
		T4R Meet Announcements & Info
		T4R Meet Pictorials & Writeups

Site Navigation