Just a Heads Up

[Rooster Cogburn]

Apparently there is a AV Security Suite malware attached to something on this site. I am currently removing it from my desktop and coming here on the laptop I received the same messages.

How to remove AV Security Suite (Uninstall Guide)

Rooster

 

[Prometheus]

Avast just went nuts on my machine as well. Good news is Avast catches and terminates such attempts. No infection for me.

Here is the originator:
http://analytics.type16secure. XXX com/x/pdf.php

I inserted the XXX and the two spaces to prevent someone from accidentally clicking it or re embedding it into this thread.

For those looking for some of the best virus software around (and it's free for individuals) go to www.avast.com

 

[Scutter01]

We've had one other person with a similar report, but we can't find anything in any of the code on the website. I suspect that if it's coming from INGO, it may be bad code in one of the ads presented by our ad server. If you see it again, please try to get a screenshot of the page you're on when the alert happens. PM me for my e-mail address and you can send it to me.

 

[lovemachine]

It's probably from all the talk about bacon. I keep telling everyone it's unhealthy, nothing good can come from it. But NO, nobody listens to me.

 

[Scutter01]

I've temporarily removed our banner ads until our ad server can scan their code. Please PM me if you get another warning.

 

[MinuteMan47]

I scan using AVG every other day. My last scan showed no infections. I just used the link Rooster provided and it is finding numerous infections. Why would AVG not have found them???

 

[MinuteMan47]

...but now it is telling me I have to pay to have the threats removed !

 

[CarmelHP]

Kaspersky detected the trojan twice today. Last time when I came here about an hour ago. (approx 10:30-11PM on 7/8).

 

[360]

We've had one other person with a similar report, but we can't find anything in any of the code on the website. I suspect that if it's coming from INGO, it may be bad code in one of the ads presented by our ad server. If you see it again, please try to get a screenshot of the page you're on when the alert happens. PM me for my e-mail address and you can send it to me.

I think you would be better off to have a screenshot of the source code from whatever page is causing it?

 

[CarmelHP]

...but now it is telling me I have to pay to have the threats removed !

try Malwarebytes. The free version works well.

 

[Rooster Cogburn]

I use AVAST and it didn't catch it. Dunno why...

Yes after much reading about the malware, it is typically embedded in codes such as banners and such. The desktop of XP and IE 7 was relatively easy to repair once I downloaded the fixes provided on the link. And followed the instructions to the letter.

However, when I came here to post originally, the laptop was infected and much more of an issue. Following the instructions didn't work. It has Vista and IE 8. The quick way was to put the fix files on a flash drive and fix it by downloading and implementing the files directly. I hope that trick helps someone else as it took me awhile to come to that conclusion.

Definitely wasn't an INGO issue and I do apologize if that was the way it appeared. I was freaking when the laptop went south. I know INGO would never put us in harms way.

 

[Prometheus]

I think you would be better off to have a screenshot of the source code from whatever page is causing it?

See my post on page one. It's the page, but I didn't screen shot it.

Rooster:
Each virus program works differently...

Avast is one of the best (along with the pricey Kaspersky one poster mentioned) at stopping virus' BEFORE they embed themselves.

AVG works better (for some issues) at removing the virus once it's in, but does poorly at stopping them "at the gate" so to speak.

Also, I have no idea why anyone would use IE as a browser. The security issues alone make it a POS browser, let alone the memory it hogs.

I'm very careful what I surf from my TouchPro2... I'm hoping this same issue isn't corrupting my phone.

It was from a specific ad... I'm hoping that ad didn't pop up while browsing yesterday. On the plus side, I didn't surf from my phone today.

Scutter and Fenway, I'd have a SERIOUS talk with your ad hosting service about the ^&*( it sends out.

 

[misconfig]

I'm running either Linux or OS X - I'm coasting right now

 

[Scutter01]

I think you would be better off to have a screenshot of the source code from whatever page is causing it?

Ideally, yes, but so far I haven't gotten anyone to send me anything at all. Prometheus had the most useful information, but nothing is on the server and so far nothing has been found in any of the ads. It's easy to claim it came from INGO (or the ad agency), but without more info, I can't confirm that. CarmelHP says he got an alert around 10:30, but that was hours after the ad service was suspended.

And anyway, if I could get someone to send me a screen shot of the source code, then they'd also know how to just send me the source code as a text file. I have to request the things that I feel I'm likely to be able to get.

 

[bmwdud]

i picked up some thing yesterday about 4 10 pm . . may have 10:34 am
the onley place i went was INGO
ok now . got 2 trojan's
will see if i can find the names if that will help


virus name . Trojan.Zefarch!gen

file names . Exyocefuw.dll and overlay.xul

 

[Ricnzak]

It hit me last night and IT spent all morning getting rid of it. Now I'm getting warnings of a trojan.fakeav

See ya

 

[misconfig]

Can't beat this software..

Malwarebytes

 

[Rooster Cogburn]

Also, I have no idea why anyone would use IE as a browser. The security issues alone make it a POS browser, let alone the memory it hogs.

I use Firefox exclusively. But if you read the page link I sent, you must go into IE to change the LAN settings. Changing it in FF doesn't work.

I have used FF exclusively for 4 years now...will never go back to IE. WIll give up my Internet addiction first!

 

[Prometheus]

Ideally, yes, but so far I haven't gotten anyone to send me anything at all. Prometheus had the most useful information, but nothing is on the server and so far nothing has been found in any of the ads. It's easy to claim it came from INGO (or the ad agency), but without more info, I can't confirm that. CarmelHP says he got an alert around 10:30, but that was hours after the ad service was suspended.

And anyway, if I could get someone to send me a screen shot of the source code, then they'd also know how to just send me the source code as a text file. I have to request the things that I feel I'm likely to be able to get.

Sorry Scutter if you were a few seconds faster on asking for the screen shot I would have grabbed it.

Hasn't happened since, but Avast defaults to permanent blocking and i won't see that exact same attack notification again.

My Avast log shows this:
7/8/2010 7:05:58 PM SYSTEM 1672 Sign of "JS:Pdfka-gen [Expl]" has been found in "http://analytics.type16secure.XYZ/x/pdf.php" file.

That is a verbatim copy except replace ".XYZ" with .com

 

[Scutter01]

My Avast log shows this:
7/8/2010 7:05:58 PM SYSTEM 1672 Sign of "JS:Pdfka-gen [Expl]" has been found in "http://analytics.type16secure.XYZ/x/pdf.php" file.

replace ".XYZ" with .com

Yeah, I got that much of it, but that didn't come from our servers. It either came from something already on your PC or it came from our ad provider. The screenshot or source code would help me determine which ad is the culprit or which site template might be affected (again, assuming INGO was involved in some way). The time stamp might help a little, though.