PDA

View Full Version : Site Security Problem?



walpurgis
28-01-2013, 09:31
When I visited AOS this morning, my anti-virus immediately flagged up suspicious activity, which I blocked (I should have written down what it was I suppose). Also, a Java update was presented, which I also blocked, as I've already just updated mine and suspect the file may have been something else.

Beechwoods
28-01-2013, 09:38
If anyone else could post up any observations I'd be grateful. Martin, can you check your AV logs? Thank you.

MartinT
28-01-2013, 10:28
I've checked my AV logs and there's nothing. I've been all over the site this morning.

Geoff - a rogue page may have been in your browser's internet cache. Could you please empty it and try visiting AoS again? It would also be useful to know which page you visited when you received the warning.

A Java update is probably not related - it often presents an update for installation.

JazzBones
28-01-2013, 12:00
I've checked my AV logs and there's nothing. I've been all over the site this morning.

Geoff - a rogue page may have been in your browser's internet cache. Could you please empty it and try visiting AoS again? It would also be useful to know which page you visited when you received the warning.

A Java update is probably not related - it often presents an update for installation.

Martin, not being as clued up on the complete workings of my PC as you guys are, how do you ascertain whether a Java update is the the real deal? I get informed that I 'You have an update' on a regular basis from Java and when I start the initial process of seeing what it is all about I get notification that 'down loading this site could cause damage to my computer' I therefore do not carry on the process of downloading, more than a probability that I'm restricting performance? I'm normally a jovial old codger but I due err on being a cautious one as well. Can I please ask a clued up youngster, such as you, if I'm being over cautious.... thankee :)

NRG
28-01-2013, 12:45
Go to the Java site and check there...

MartinT
28-01-2013, 13:05
Yes. In addition, you will only get Java updates if you installed Java in the first place. There will be an orange icon in your system tray (Windows). If in doubt, install it from the Java (http://www.java.com/en/) website.

JazzBones
28-01-2013, 14:18
Go to the Java site and check there...

Thanks Neil, will do :)

JazzBones
28-01-2013, 17:12
Martin and Neal (Neal, sorry I misspelled your name first time around), have just downloaded 'Java' for free, I could not find it in my files. Checked it out first using my Norton Internet Security... got a clean bill of health result. Thanks for the help :)

walpurgis
29-01-2013, 21:52
The suspicious activity warnings seemed to have stopped a day or so ago, but despite having cleared all the temporary file clutter a number of times over the last recently via the 'temporary internet files and history settings' facility and 'disc cleanup' and 'cache cleaner' (which each seem to find different stuff), also running a registry repair app. and doing a deep scan for spyware/malware etc. The AOS site was still causing problems, i.e. page freezing and slowness. I did a one week system restore (its XP) and things hopefully seem to be back to normal. Not getting any more Java updates being offered now either. Dunno what was up though.

walpurgis
29-01-2013, 23:49
Still getting asked if I want to download Java update 7/11 and the whole page freezes if I try to close the yellow bar at the top asking me to run the 'add on'.
I've already been to the Java website and downloaded this update, so something funny is going on. Only occurs when I go on AOS.

walpurgis
30-01-2013, 00:09
It's just done it again. I get a notification in a box and the bar at the top of the page. if I try to close the bar asking me to update Java everything freezes and I have to use the task manager to close I.E.

Here's a screenshot of what I'm getting:

http://i47.tinypic.com/wsk86s.jpg

MartinT
30-01-2013, 07:29
Geoff - don't run it!! That location is an IP address and is almost certainly malware. You could try resetting your Internet Explorer (Internet Options | Advanced | Reset) to put it back to defaults, as well as emptying the internet cache. I would scan again with Spybot and Malwarebytes.

Beechwoods
30-01-2013, 07:43
I'll take a look into this this evening (I'm away on work at the moment without access to a desktop/laptop) but its odd that this issue isn't affecting everyone. Thanks for the screenshot Geoff.

NRG
30-01-2013, 08:04
The IP Traces back to Albuquerque in the USA...

Mike on AT is reporting his Avast s/w is warning him of an Infection: HTML:Iframe-inf on AoS

walpurgis
30-01-2013, 17:10
I'll take a look into this this evening (I'm away on work at the moment without access to a desktop/laptop) but its odd that this issue isn't affecting everyone. Thanks for the screenshot Geoff.

My desktop PC is now dead because of this. I'm now on my very slow laptop! I tried to get on AOS this morning and the Java bar came up and everything froze. I shut down and rebooted to find the 'desktop' screen suddenly replaced by a blank white screen. It won't boot in safe mode and won't let me access BIOS. Computer's F*cked!!! Not amused!!!

Beechwoods
30-01-2013, 17:14
I'm truly sorry to hear this Geoff. As said I will be doing what I can to get to the bottom of this tonight.

Beechwoods
30-01-2013, 21:00
I have rechecked the site, and can find no unauthorised or suspect network calls being made when pages are downloaded. If you have Safari, you can enable the Develop menu and track Network activity generated as you surf. This details the domain to which any object in the pages downloaded point to. None of these are pointing to addresses other than those I would expect.

Please, if you have any concerns about your machine doing anything suspicious, clear your Cache / Temporary Internet Files. This will ensure that your machine will only run file versions currently hosted on the site.

Not only have I verified this, but other members have confirmed that they have found the site clear of issues. I have surfed the site on a Windows machine running AVG anti-virus with not issues flagged. Google's tools have also scanned the site and found it free of problems. As discussed on other recent threads, we had an issue with an exploit which hijacked a scripts last week, which has been resolved. If you have not recently cleared your cache, it is possible that your machine could still run the compromised script from your previously downloaded files, rather than the files currently held on the forums servers.

I apologise to any member that has had problems as a result of that issue, but can assure you that the forum is now clean and safe, following the actions taken last Thursday and Friday.

Many thanks.

Tim
30-01-2013, 21:08
Not only have I verified this, but other members have confirmed that they have found the site clear of issues.
+1

I use Firefox and my browser cache is automatically cleared everytime I shut the browser down. This is easy to do, just go to Options > Privacy and select Never remember history.

http://i173.photobucket.com/albums/w63/greatgig/21-10_30-01-2013_zpsa23e7001.jpg

I find this a very good option, its basically a permanent Private Browsing Session and nothing is written to the hard drive from your browsing session, its written to RAM only, so its a very safe method - unless of course you are in the habit of clicking on things without knowing what you are activating ;)

To repeat the above by Nick, I checked my O/S SSD with both MSE (full scan) and then removed the drive and ran a full scan with the drive attached to a secure 'internet isolated' standalone workstation, running a fully up to date business version of NOD32 - again, no problems reported.

MartinT
30-01-2013, 21:48
For Windows users with browsers that use the central settings (Internet Explorer and some others), go to Control Panel | Internet Options and in the General tab tick Delete browsing history on exit. This will wipe everything on exit.

For additional protection from malware, go to the Security tab and tick Enable Protected Mode. This reduces IE privileges so that any website-based malware cannot trash your system.

walpurgis
30-01-2013, 23:30
Unfortunately I'm still stuck with a knackered PC. The only site I've used that showed the dodgy Java update bar on the page was AOS and at no time did I click on it to allow it to run, but it infected my computer somehow. Anybody got any ideas as to how I can revive the PC? I can't boot from a repair/recovery disc as I can't access BIOS. All I can think of is replacing the HDD and motherboard too if the BIOS has also been compromised and bunging in a new install of Windows. All that's expensive enough to call for a replacement PC really. I can't keep using this old laptop as it's monstrously slow.

The Grand Wazoo
31-01-2013, 00:13
Sorry, what I know about computers isn't worth telling about.
On the bright side though....it's keeping you away from Ebay and pointing out all those ropey old 'bargains' to us!!

Just kidding - I hope you get it sorted soon.

Rare Bird
31-01-2013, 00:17
Ive had an ongoing problem with my laptop since around the time AOS has a few issues, ive tried the basics but can't shift it, however im one of those that has zero time for computers, i would rather dump it & buy another.. :)

Beechwoods
31-01-2013, 07:46
Unfortunately I'm still stuck with a knackered PC. The only site I've used that showed the dodgy Java update bar on the page was AOS and at no time did I click on it to allow it to run, but it infected my computer somehow. Anybody got any ideas as to how I can revive the PC? I can't boot from a repair/recovery disc as I can't access BIOS. All I can think of is replacing the HDD and motherboard too if the BIOS has also been compromised and bunging in a new install of Windows. All that's expensive enough to call for a replacement PC really. I can't keep using this old laptop as it's monstrously slow.

Hopefully a member with Windows PC experience will be along shortly to advise on the best course of action. Unfortunately I am primarily a Mac user.

When you say you cannot access BIOS does that mean when you hit the key combination to access BIOS in the first few seconds after you've switched on your PC, it doesn't respond?

MartinT
31-01-2013, 08:37
Geoff

Are you saying you cannot access the BIOS via the usual F1, F2 or DEL keys on boot-up? It's ultra-rare for malware to screw the BIOS as it's flash ROM. In fact, so rare that I've never seen it happen. Can you check your PC/motherboard manual to see if there's a BIOS recovery process?

walpurgis
31-01-2013, 09:42
Geoff

Are you saying you cannot access the BIOS via the usual F1, F2 or DEL keys on boot-up? It's ultra-rare for malware to screw the BIOS as it's flash ROM. In fact, so rare that I've never seen it happen. Can you check your PC/motherboard manual to see if there's a BIOS recovery process?

I've tried all permutations F keys etc. and I can get to the restart options, but that's the only access I can find. I can't navigate to the boot options and run a repair disc. If I select start in 'safe mode' or the othet options it just display a stream of 'system 32' stuff that whizzes by too fast to read, that's what makes me suspect that even the BIOS has been attacked, or using 'last known good configuration' it just starts as usual and shows the desktop then the screen goes white again and nothing works at all.

MartinT
31-01-2013, 10:00
Ok, you're confusing Windows (safe mode) with the BIOS which controls system boot before Windows kicks in. Your BIOS must be ok otherwise the machine would be dead or crash before booting. Try to access the BIOS so that you can force booting from the DVD drive, then boot your Windows disc and perform repairs.

walpurgis
31-01-2013, 11:22
Just had another tinker, got into BIOS somehow, not sure what I did. I'll see if the recovery disc works.

Mark Grant
31-01-2013, 11:31
If you have any important information on the computer it would be a good idea to make a backup of the complete drive before recovering/re installing the windows installation as it is easy to loose photos and documents etc.

If there is nothing important on it then not a problem.

MartinT
31-01-2013, 12:58
Of course. I always make the assumption that people back things up if they're sufficiently important! Of course, some don't and my empathy expires at that point...

Mark Grant
31-01-2013, 19:42
I thought I would mention the backing up as most people don't have any recent backups and you know how easy it is to loose stuff with windows repairs especially if important pictures are in 'my pictures' etc rather than their own folder outside of the windows folder or even better on their own partition or separate drive.

MartinT
31-01-2013, 19:47
Actually, the best backup scheme is to put documents where they should be kept: documents in My Documents, pictures in My Pictures etc. That way, when Windows 7 backup (or Windows 8 File History) is setup to create backups to an external drive, all important files are saved individually as well as an image created (in W7 or W8's 'W7 File Recovery').

AlfaGTV
01-02-2013, 06:26
Haven't seen any of the issues described early in this thread before, but just now i got a message tha theartofsound.net wanted to run an ActiveX:
"Will you allow deployJava1.dll from Oracle America,Inc to run?"
While fiddling about, Microsoft Security essentials complained about a suspicious file in temporary internet files, called c(1).htm, not dismissing it, but wanting to know if i'd like to send to them for evauation.
At same time, windows UAC constantly nags about letting Adobe Flash change settings on my computer...

Nah, something is really embedded here that is of the malicious kind!
Please look into the matter again MartinT

Regards Mike
Ps i mostly use tapatalk, which is naturally not affected. DS

Dds
I cancelled all warnings, not allowing these to run, but was unable to recreate thescenario?
However, when i went back to theoffending page a little later it reared it's ugly head again?
Something from an advertizer? Not displaying on every session?

Beechwoods
01-02-2013, 07:47
If you Google the error message you got you will see it is quite common and related to IE Java compatibility:

https://www.google.co.uk/search?q=Will+you+allow+deployJava1.dll+from+Oracl e+America%2CInc+to+run

Have you cleared your browser cache / temporary internet files? You say you mostly use Tapatalk, so your cached files may be old.

The only advertisements we have here are those served by Google's servers, which should be safe, if any are.

MartinT
01-02-2013, 07:53
However, when i went back to theoffending page a little later it reared it's ugly head again?

Could you let us know which page that is please, Mike?

AlfaGTV
01-02-2013, 08:01
Hi guys! Thx for your response, i did Google the issue myself also.
Went to java.com and checked my settings, discovered i had a Java version that was not the very newest.
Updated, cleared my caches and havent seen it again since?

The page that i have bookmarked and my point of entry initially was the Digital Expressions forum part:
http://theartofsound.net/forum/forumdisplay.php?f=3
I dont think it was the same page i went back to thoguh, think that was the Unread Posts...

Very strange though! On the second occasion i had to force IE (9) to shut down...

I'll report in i see any further strange behaviour!

Regards //Mike

AlfaGTV
01-02-2013, 08:55
Did you just add a "Notice" to the front page?
I seems to have solved my problems at least, clearing the caches. (And upgrading Java, incidentally)

Thanks for your efforts guy's! :cool:

Beechwoods
01-02-2013, 09:44
Yes - I've added a notice because it seemed that a site wide announcement was the best way of getting the message out there.

Your advice about ensuring you are on the latest Java version is also a very good on. I may add that to the notice as well.

Marco
01-02-2013, 09:44
You know, throughout all this Malware pish, I never once had an issue with this site using AOL...

They're probably not the best ISP by any stretch of the immagination, especially for 'techies', but I've been with them now for nearly 10 years, and in that time have only twice had a problem with my Internet service.

Good old AOL :)

Marco.

MartinT
01-02-2013, 09:50
It has little to do with your ISP, Marco. It's much more to do with the OS, firewall, browser and anti-virus software you're using. Generally, the later the versions of everything, the more secure you are.

I've found so far that nothing can penetrate Windows 8, Internet Explorer 10 and W8 Defender or AVG 2012. The same goes for Chrome on both Windows and Apples. I'm much less certain about Safari because it has so many bugs in the iOS6 implementation.

Beechwoods
01-02-2013, 09:52
AOL do have their own browser which may be part of it.

Marco
01-02-2013, 09:59
Indeed, it could well be that, which for me, is one more reason to stick with them! :)

Marco.

MartinT
01-02-2013, 10:14
The AOL browser is based on the Internet Explorer engine.

Marco
01-02-2013, 10:47
Cool... Whatever it was, it resulted in me not experiencing the issues other people, regretfully, have had.

Anyway, the most important thing is that we've resolved it now and are taking steps to try and ensure that it never happens again :)

Marco.

walpurgis
01-02-2013, 19:17
Following the bug that slaughtered my Windows setup, I managed (eventually) to get the PC to boot from my recovery disc. Everything that was on it has now been overwritten, so all saved files are lost, fortunately I'd left nothing crucial on there. I'm in the process of setting up the renewed installation and will hopefully be back up to speed soon so I can annoy you lot properly again.

walpurgis
02-02-2013, 00:31
There are still bugs on here. AVG is catching something each time I visit. I'll bung the details on here in the morning. Just off to bed!

And yes, I have finally got my PC up and running properly, took me about eight hours of work!

synsei
02-02-2013, 00:47
Although it is impossible for me to say for certain having not been there to witness what happened to your PC Geoff, I suspect there were other gremlins at work. It is still open to debate whether the infection on my system came from here but once I got rid of it everything was fine. Incidentally it was just my music PC which was affected. It is my old gaming rig and gets used for very little else these days, and my lappy soldiered on as if nothing had happened. Both machines are very securely locked down ;)

Jeff Nikon
02-02-2013, 06:05
If you try and visit AOS via Google search a warning page comes up from Google saying the site is marked as malicious. This has been happening for a few weeks. If I were site admin I would look into this as a matter of urgency. I thought it might be a Google mixup but if anti virus is also picking things up you need to get it sorted.

MartinT
02-02-2013, 07:10
Jeff, the Google warning was fixed and it was clearly notified here. This is not happening now (I've just verified it). Please check carefully before making such claims as we don't want to put doubt into member's minds about further problems existing.

Beechwoods
02-02-2013, 07:36
I have access to Google's Malware / Site Health tools for this site within their Webmaster Tools, and I can assure you that their scans have found the site clean. I've checked again this morning. As 'Site Admin' I think all my time on the site in the last couple of weeks have been spent either resolving the initial Malware problem, or responding to members who continue to report issues which may well have nothing to do with the site or be a hangover from the initial incident, that would be resolved if they followed advice already given on this thread or elsewhere.

Jeff Nikon
02-02-2013, 09:51
Jeff, the Google warning was fixed and it was clearly notified here. This is not happening now (I've just verified it). Please check carefully before making such claims as we don't want to put doubt into member's minds about further problems existing.

Not making claims just stating facts as I recently saw them. I cant be expected to read every thread. Glad you've got it sorted - just looking out for you and trying to help. It doesn't hurt to encourage members to do that.

Marco
02-02-2013, 10:28
If you try and visit AOS via Google search a warning page comes up from Google saying the site is marked as malicious. This has been happening for a few weeks. If I were site admin I would look into this as a matter of urgency. I thought it might be a Google mixup but if anti virus is also picking things up you need to get it sorted.

Jeff, with respect, there are warnings up all over the site regarding this matter (scroll up to the top of this page and have a look), not to mention numerous posts/threads on the subject, one of which you've just contributed to here, so it might be a good idea to read some of this information first (including the earlier posts on this thread) before wading in and going over old ground yet AGAIN.... :doh:

Sorry to have a go, but it frustrates me beyond belief how people will join in discussions without first checking the history of the subject under discussion, and what already may have been resolved in respect of the Malware issue.

Marco.

Tim
02-02-2013, 11:27
If you try and visit AOS via Google search a warning page comes up from Google saying the site is marked as malicious.
Jeff this isn't correct, I put the words 'art of sound' into Google at 11:20 hours today (just now in other words) and got the below return, your post information is wrong and you are getting returns from your own computer browser cache not from Google. You need to act as advised by clearing your cache or this will keep occurring until your cache purges itself, which can be sometime depending on your browser settings and how often you go online ;)

http://i173.photobucket.com/albums/w63/greatgig/11-16_02-02-2013_zps48642aef.jpg

Folks, this problem has been sorted for sometime now so please think about what you are posting if you have not taken the advice given, which can be seen at the top of every forum page.

:cool:

Marco
02-02-2013, 11:35
Folks, this problem has been sorted for sometime now so please think about what you are posting if you have not taken the advice given, which can be seen at the top of every forum page.


Indeed, Tim. I fail to see how anyone could miss it:


Following a Malware attack, which was resolved last weekend, please can all users clear their Internet Cache / Temporary Internet Files. This will ensure that your machine will only run safe file versions currently hosted on the site. Instructions are here: http://www.wikihow.com/Clear-Your-Browser's-Cache


Let's open our eyes, guys, in future FIRST before putting fingers to keyboard! ;)

Marco.

walpurgis
02-02-2013, 15:06
Computer was up and running yesterday.

Today I've been sorting my software apps. to suit me and downloading what extras I need.

Anyway, as mentioned, I visited AOS later yesterday and immediately got AVG flagging that they had removed a threat. This is on a new and fully updated AVG installation and obviously, a new, updated Windows re-installation with little in the way of temporary internet files on it yet (and those had only been on there a few hours).

I just visited AOS briefly a short while ago today and AVG is still flagging the same issue, so perhaps things are not quite right yet. It only happens when I go to AOS, not on other websites.

Sorry if this is causing headaches.

Here's a photo I took of the screen:

http://i46.tinypic.com/2ep3cj7.jpg

Tim
02-02-2013, 16:13
Geoff can you answer these questions for me?


What Operating System (O/S) are you running (full details please)
What web browser, make and version.
What AVG, free or paid
Did you fully erase your hard drive before installing the new O/S
How did you install the O/S, upgrade over the top or fresh install
What computer do you have, desktop or laptop
Do you have any other disks installed or is your system a single disk
Have you any USB devices installed or have you used any since the new install


Thanks

Beechwoods
02-02-2013, 16:22
It seems that if there is still an issue it is only affecting users with certain Browsers. I am still looking into this, before anyone assumes that 'site admin' isn't interested. I have checked all the site's files and none have been altered.

Do you have ad-blocking enabled or disabled Geoff?

walpurgis
02-02-2013, 16:46
Here are the details Tim:

Windows XP Media Center Edition (SP3)

Internet Explorer 8 (new download yesterday)

AVG free (new download yesterday + full updates)

I used the manufacturers (Acer) recovery disc to reinstall the OS, presumably overwriting the existing hard disc contents.

I'm using an Acer L100 mini desktop PC.

No other discs or drives were used.

No USB devices used. (apart from printer and input devices)

walpurgis
02-02-2013, 16:48
Nick, I generally keep ad blocking on, but not always.

Beechwoods
02-02-2013, 16:56
Geoff. One further thought. When you reinstalled the OS you probably installed an old version of Java, from your recovery disc. Can you try updating your Java installation, via the link below, and let me know if this resolves the issue you have?

http://www.java.com/en/download/index.jsp

Tim
02-02-2013, 17:16
Here are the details Tim:

Windows XP Media Center Edition (SP3)

Internet Explorer 8 (new download yesterday)

AVG free (new download yesterday + full updates)

I used the manufacturers (Acer) recovery disc to reinstall the OS, presumably overwriting the existing hard disc contents.

I'm using an Acer L100 mini desktop PC.

No other discs or drives were used.

No USB devices used. (apart from printer and input devices)
OK, I'm looking into this and I will duplicate your configuration (apart from the PC of course as I don't have the same) and see what happens.

I have just installed a Windows XP SP3 image onto a securely wiped spare HDD, I''ll install AVG and open AoS in Internet Explorer 8 to see what happens?

MartinT
02-02-2013, 17:36
Good move, Tim. Let's hope it's a false positive. I have an old XP machine at work I can test too.

Beechwoods
02-02-2013, 17:51
It's worth noting that I have downloaded and scanned the entirety of the Forum website using both Sophos AV and Avast, and neither found anything.

Tim
02-02-2013, 18:00
Well I have duplicated as much as I can;

Windows XP SP3 (32bit) clean install on a securely wiped 160GB hard drive (this will differ to yours)
Internet Explorer 8.0
AVG Free (latest version and fully updated)

I have had no reports from AVG and I have been mooching around the AoS site for around 10 minutes now. So I can confirm there is nothing sinister going on as far as I am concerned, so I can only conclude its unique to you for some reason, as Nick suggests try updating the Java plugin?

I have looked at this every which way now and I am 100% certain there is not an issue with AoS if you are running up to date software, have A/V running and I would recommend Microsoft Security Essentials and are using an up to date web browser.

EDIT:
OK, I have got to the bottom of this . . . its a false positive thrown up by AVG and is caused by Javascript. Google "exploit blackhole exploit kit (type 1973)" for some explanations. If you update your Java plugin you will be fine, but you are fine already actually.

So Geoff you can rest easy, there is nothing going on apart from you using what IMHO is a very flawed A/V software program called AVG. I have never liked it, it is notorious for throwing up false positives in the FREE version. Get yourself a good free one like MSE or pay for one of the market leaders like Kaspersky (avoid Norton).

Guys, please can I assure everyone here this issue has been rectified and it wasn't anything to particularity worry about anyway if you follow some safe computing practices. I have now run numerous scenarios using differing web browsers, different A/V packages, fresh and old Windows installs, every A/V, malware and spyware checker you can think of and am totally confident there is absolutely no reason for concern. My day job is computer forensics so I do know what I'm talking about ;)

MartinT
02-02-2013, 18:02
Nice one, Tim. I thought it must be a false positive.

Beechwoods
02-02-2013, 18:08
I really appreciate your work on this Tim, you are a star, and if anyone has the experience to make a reliable and trustworthy statement on the matter, you are :)

I have heard about AVG false-positives, but at the sharp end, it's a tough issue to counter.

Anyway, I have added the recommendation re. Updating Java to the sitewide notice. I hope that members will heed the advice and we will all be safer and more confident browsing here and elsewhere as a result.

Tim
02-02-2013, 18:09
Nice one, Tim. I thought it must be a false positive.
Yup, I really do have a dislike for AVG Martin for this very reason, its throws up false positives far too often, Avast free used to be questionable too, but that seems to have improved. Before MSE became available I always paid for anti-virus software and favoured NOD32. However, I am very impressed with MSE so for now I will stick with that.

keiths
02-02-2013, 18:12
I've just tried to duplicate Geoff's problem on an XP SP3 box with IE8 and AVG (paid version though - not the free one) and cannot find any issues.

Tim
02-02-2013, 18:15
I really appreciate your work on this Tim, you are a star
My pleasure Nick, Internet Security is something I am very mindful of and I wanted to be sure for my own peace of mind too. I have all too often seen the end result of people who have been exploited online, so I don't take any chances myself ;)

I missed some of the England game testing it, but hey ho, Ireland won so thats all I have been concerned about today, what a great game too :D

walpurgis
02-02-2013, 18:24
Interesting findings.

I'm using AVG Free by default. Yesterday I couldn't get a download of MSE that would open properly for some reason. I may try again. Although I did use AVG in the past for many years without any bother.

As for paying for software? I'd sooner hack an arm off (somebody else's).

Checking, I found there was no Java installed at all, mind you I know people who don't use it and have no problems. Anyway, I have just downloaded the latest Java version, so I'll see how it goes.

MartinT
02-02-2013, 23:31
I am very impressed with MSE so for now I will stick with that.

Yes, so am I Tim and I use it (well, W8 Defender as it is known on that platform) on all my home machines. I use AVG Business Edition at work because MSE is not licenced for business use and the professional version is tied up in Forefront, which is an exceedingly complex product. However, AVG Business Edition doesn't throw up all these false positives so it could just be a quirk of the free edition and/or the AVG firewall, which is dreadful and should never be installed.

MartinT
02-02-2013, 23:35
As for paying for software? I'd sooner hack an arm off (somebody else's).

Why? Free software can often be untested, unsupported and frankly broken. There are times when nothing else will do; for instance Microsoft Office. The freebie offices are crap.

One presumes that you paid for the Windows XP that you're using?

Alex_UK
02-02-2013, 23:36
I've used MSE since it was Beta and so far, no problems at all - can't say the same for AV I've paid for (or AVG) in the past...

Tim
02-02-2013, 23:43
As for paying for software? I'd sooner hack an arm off (somebody else's)
This statement kind of speaks volumes :scratch:

Qwin
03-02-2013, 12:37
Didn't know there was a problem till a few minutes ago.
I never read 95% of what is on the pages I flick through to get to my target page so missed all the warnings.

I used the link and followed the instructions to purge the browser cache. (Explorer v9). I had an update reminder this morning from Java but when it ran said I allready had the latest version installed.

I went on to TAOS and got the virus warning as posted by Walpurgis in post #54.

Strange I only had a problem after following the safety proceedure.

I am using AVG free.

How do you establish if you are getting a false-positive?

Beechwoods
03-02-2013, 14:11
It seems the issue you're reporting is only flagged up by the Free version of AVG. The paid version doesn't flag an issue, apparently. If you're after a good free Antivirus Microsoft Security Essentials comes recommended.

MartinT
03-02-2013, 14:19
Yes, MSE can be used from XP SP2 onwards, is free, very non-intrusive, uses less CPU power and is effective. Windows 8 users do not need to download it, just turn Defender on in the Control Panel (it's built in).

walpurgis
03-02-2013, 20:51
It's just done it again. I get a notification in a box and the bar at the top of the page. if I try to close the bar asking me to update Java everything freezes and I have to use the task manager to close I.E.

Here's a screenshot of what I'm getting:

http://i47.tinypic.com/wsk86s.jpg

The same thing is now happening on my desktop PC all over again despite the Windows re-installation and new software.

I'm now back on my slow laptop as it has been unaffected.

I managed to get a proper download of MSE, but it did not deal with the issue and the AOS page still displayed as in the screenshot above and froze.

I've now downloaded Kingsoft Antivirus (it looks very professional), but that is just as ineffective. The only one that caught the bug and stopped it was AVG!

It may be that I'm the only person being targeted, but I can't see why. It is definitely only occurring when I visit AOS!

I'm not sure what Tim's point was about free software. Millions of people use it successfully and this is the first time I've ever had a destructive infection on a computer.

This is getting very frustrating!!!!!!!!!!!!

Rare Bird
03-02-2013, 21:01
Ive given up Geoff, im gonna do one of two things, New HDD or new Laptop.

MartinT
03-02-2013, 21:10
Geoff, there has to be some reason why your machine wants to go to IP address 129.121.202.44 and I doubt that it's a good reason. There doesn't seem to be anything there when I try it under a controlled test. When you restored your machine, what files did you restore? Did you copy your favourites back in, for instance?

walpurgis
03-02-2013, 21:48
I deliberately installed no old files or old installations of anything!

walpurgis
03-02-2013, 22:57
It seems the issue you're reporting is only flagged up by the Free version of AVG. The paid version doesn't flag an issue, apparently. If you're after a good free Antivirus Microsoft Security Essentials comes recommended.

Wrong! I've just re-installed AVG. The full version, on trial and it's still picking up the bug and only from the AOS site. At least it catches it and renders it harmless, which the other AV suites I tried didn't, including MSE. At least now I can get back on AOS with my desktop PC.

For the umpteenth time, I say it is definitely only happening when I visit AOS.

There is still an issue of some sort. If I'm the only person affected have no idea why.

Tim
03-02-2013, 23:14
Geoff, for goodness sake calm down fella - you are getting a false positive, that's why other A/V isn't picking it up, because its not an issue.

Also, that warning screen you posted is not an infection, it looks like the O/S asking if you want to run a Java update. You are totally overreacting and I repeat there is nothing wrong with the AoS site, I have spent a not inconsiderable amount of time checking this as have others.

Think about it, if there was it would be reported as it was previously by Google, which it now isn't. You are running very old outdated software (your copy of XP and IE 8.0 for instance - IE 10 is the latest Microsoft browser). You need to trust those that know when we tell you there is not and issue with this site, just an issue with your installation. My advice would be to use a more modern browser as IE 8.0 is rather old now (March 2009) and maybe even treat yourself to a modern O/S like Windows 7 or even 8. If you don't want to spend any money get Firefox 18 and MSE.

Final word on the subject . . . . THERE IS NOTHING WRONG WITH THE CURRENT SECURITY OF AoS.

walpurgis
03-02-2013, 23:40
How would a "false positive" freeze a computer?

As I said, I just tried MSE and it failed. The AOS page displayed as I've shown and froze. AVG dealt with it!

Why would I be offered the Java update when that one has already been installed and is automatically detectable and why is it only this site freezing in exactly the same way as it did before I had to reinstall the OS?

IE8 is the MS recommended browser for XP. Mine has all updates! Firefox has been known to have issues too.

XP should and does cope with any internet use under normal circumstances.

Anyway, I can now use AOS, even if (full) AVG flags constant problems and the other AVs couldn't cope, so we'll see!

The Grand Wazoo
03-02-2013, 23:45
Geoff, I know this is frustrating for you.
But.......you're getting advice from people who, under other circumstances, would be charging you an a-w-f-u-l lot of money for their skills, time and knowledge. These folks are rather more qualified to give you really sound advice on your problem than the guy who runs the place in the low rent computer shop down behind the High Street.
You really should trust them, mate.

walpurgis
04-02-2013, 00:11
I'm simply explaining what's happening at my end of things and regardless of people's skills I can't help it if I still have issues.

Hopefully, the information I've tried to put forward may prove to be of use.

Here's what AVG has to say about the Blackhole bug it keeps detecting:

http://i48.tinypic.com/2nl7k0j.jpg

synsei
04-02-2013, 03:51
Geoff, if I were you I would ditch AVG free. Up until a couple of years ago I used to use it on all my PC's but after a while it began to regularly throw up false positives and the alerts became quite tedious and intrusive. Since then I have been using MSE to great effect along with a utility by IOBit called Advanced System Care. Unlike some of the utilities out there that claim to fix problems on your PC then end up dumping malware on it instead, ASC actually does what it says on the tin. The free version is very good, the commercial version however is utterly superb and it is excellent value for money (there is currently a three licence deal running for just over a tenner). It is very efficient with resources too (I have it running comfortably under Win XP on a 7 year old single core netbook). Do a search on the net and bone up on it Geoff, it may be the answer to your problem.

I think your Java issue is a separate one by the way, I regularly receive alerts for Java updates only to discover that I already have the latest version. I just ignore them now and download the latest version from Oracles website when one is available. I believe you can uninstall the Java auto-update tool from the Control Panel.

Beechwoods
04-02-2013, 07:32
In simple terms Geoff, by 'False Positive' it is meant that AVG is mistakenly identifying the trojan you are pointing to. I'm not an expert in these things, but Tim and Martin are, and I trust what they say on the matter.

Believe me, I for one have pulled enough hair out about this that I know very well what you are getting at, and the info page you've screenshot. But it looks to me like AVG Free is causing your problems, and the best course of action would be to upgrade to the paid version, or to Microsoft Security Essentials, to avoid further inconvenience and frustration.

walpurgis
04-02-2013, 10:32
Please pay attention! You guys are not reading what I've said properly

Listen fellas, I don't have an axe to grind, but Chris said it's a matter of trust. Well trust did not help at my end of things.


Here is what I have already stated.

I'm not using AVG Free, I have the full version with all the bells and whistles, for a trial period.

I tried MSE twice and it did not stop the bug from freezing AOS pages. AVG is at least dealing with the issue. I also tried other AV suites and AVG was the only effective one in this situation.

And as mentioned I have the latest Java


Anyhow, I'm back on here this morning using a different browser: 'Torch' and no issues so far. It may be that even though I'd downloaded IE8 with all updates, there was a conflict of some sort.

Remember I use XP and as I pointed out, Microsoft state IE8 is their recommended choice for use with XP.

Fingers crossed, things are now OK.

Marco
04-02-2013, 17:47
I'm locking this one now, chaps, as this is clearly an individual issue relating to Geoff's computer and the security software he's using. There is no further issue regarding Malware, with the forum itself, as that matter has now been resolved. Rest assured that AoS is now a safe site! :)

Marco.