|
Virus infection in this forum?
I have noticed already 2-3 days that every time as I come into this forum, my Avast says "Threat blocked, The connection to JS: Miner-C [Tr] is blocked. The site's infection was coinhive.com" and says that you must scan your computer:re:...
Anyone got same message/virus warning here? Warhero |
Re: Virus infection in this forum?
Not here and my anti-virus/ Malware checker tends toward over aggressivness
|
Re: Virus infection in this forum?
I have Avast, and it does not report this. Seems that the problem is at your end somewhere?.
Its warning you about some sort of bitcoin miner and its likely in JavaScript. I'd scan your computer for malware. Ghostery shows 1 advertising script (nothing to do with yours) - blocked Privacy badger shows 1 tracker (Newssltest) - Blocked Ad Block Plus shows 6 advertisements blocked (but wont say what 6) But JS: Miner-C [Tr] isnt one of them. |
Re: Virus infection in this forum?
Well I have ran Avast every time and nothing serious found (fortunately)... Btw, it's interesting that this warning comes only here but not in WinSPWW2 forum.
Warhero |
Re: Virus infection in this forum?
I checked between the 2 - and on the WW2 forum there was a report of a tracker from "coinhive.com" via privacy badger. Which is worrying. In fact - privacy badger is now showing that site on both forums, not just WW2.
I simply put that on Privacy Badger's block list for now, as its a tracker and not anything more serious. |
Re: Virus infection in this forum?
Shrapnel has been notified
|
Re: Virus infection in this forum?
Now I'm concerned. Has anyone else had issues "bouncing" from thread to thread and seeing the following from... showuptimeexclusivesystem4updates and
freesoftwarestation telling you your flash player needs to be updated? I HAVE MODIFIED THE ABOVE FROM OG ADDY. I run total Bitdefender Total Security Suite 2018, also ran the following Malwarebytes (Free Version), the new Defender (That was just downloaded with the new OS earlier this week.), MS Malicious Software Tool (Which did find 300+ infected files earlier in the week.), MS Emergency Repair Kit, downloaded AVG (Free) and Roadkiller all negative ACCEPT as noted but afterwards. My Bitdefender is blocking and identifying the above as malware. That BITCOIN ISSUE COULD BE A LITTLE MORE SERIOUS THAN NOTED DEPENDING ON WHICH VERSION HAS GOTTEN INTO YOUR SYSTEM. ALSO ZEUS is on the rise again from latest malware reports, they believe due to the holiday season and improved "spoofing" of otherwise legitimate websites. I would be curious what Shrapnel comes up with, it might just blow my current sense of relief and security. :rolleyes: Reports, Pat :capt: |
Re: Virus infection in this forum?
I was getting some pop-ups for a porn/dating site yesterday when I opened these forums, seems to be fixed today.
BUT I'd just updated to the new version of Firefox so I assumed the problem was with Firefox not these forums. |
Re: Virus infection in this forum?
Same here too. Mine is advert pop up, but only when using incognito in chrome for ascertaining whether the image i uploaded shows up correctly. VirusTotal.com, Google Web Safety Checker, and Windows Defender all show negative at the time.
Kinda worried, probably related that the forum has seen a surge of new members probably spammers with vietnamese nicknames. For now only accessing the site with mobile device. |
Re: Virus infection in this forum?
This is just for FYI, just checked my Bitdefender logs the first attack on my system occurred on 17 DEC @ 1036 and was blocked successfully along with 24 others thus far. That would be about normal for me when looking into the site prior to getting ready for work. Just trying to provide some kind of timeline for the "IT" person.
Regards, Pat :capt: |
Re: Virus infection in this forum?
I'm also getting reports, from Malwarebytes, whenever I click on the link in the email to come to a thread on WipSPMBT (the only forum I look at.)
Malwarebytes is telling me that access to the websites "deloton.com" and "go.pushnative.com" is blocked. |
Re: Virus infection in this forum?
Shrapnel IS looking into this but so far they have not found any malware but the process is still ongoing. I personally have not seen any of these pop up ads and I'm on an off these forums 10-15 times a day ( or more )
|
Re: Virus infection in this forum?
My anti-virus (Kaspersky Internet Security) throws up a warning every time I visit a page in the forum. It recommends that I close each page I visit.
This information is shown in the report: Download blocked http:/forum.shrapnelgames.com/clientscript/vbulletin_read_marker.js?v=381 Object name: HEUR:Trojan.Script.Generic |
Re: Virus infection in this forum?
Just started to get the same warnings from Kaspersky:
Download blocked http: //forum.shrapnelgames.com/clientscript/vbulletin_read_marker.js?v=381 Object name: HEUR:Trojan.Script.Generic Object: http: //forum.shrapnelgames.com/clientscript/vbulletin_read_marker.js?v=381 Application: Firefox Object type: Trojan program Time: 21/11/2017 01:58 This occurs with every page/thread opened in the forum |
Re: Virus infection in this forum?
Same warning (as earlier) again even today...
|
Re: Virus infection in this forum?
They're still looking and as long as people are reporting them I am passing them on.
|
Re: Virus infection in this forum?
And even today... Nice to see that I'm not only one who have warnings. Hopefully Shrapnelgames will find solution someday?
Warhero |
Re: Virus infection in this forum?
Btw, I got same message recently in WinSPWW2 forum first time ever...
Warhero |
Re: Virus infection in this forum?
I thought the forums were down yesterday to fix this - apparently not...
|
Re: Virus infection in this forum?
All I can tell you is what I have been told......"[] we have scoured the files – ALL FILES – in the forums and there are no instances of viruses. People should clear their cache and see if they are still having troubles. Andy had mentioned maybe ads showing on or site may cause the trouble. Google and Shrapnel are the only ads allowed on our site. We scanned our ad serving software and no problems there either."
All I can add to that is Andy reports ============ "Cleared cache and closed and reopened firefox. privacy badger add-on to firefox is still showing the "coinhive.com" tracker (blocked) No Coin add-on to firefox is still showing that a coin miner has been detected on the site, and blocked" ============= but from my end I have had NO issues at all using Chrome or Internet Explorer or Edge.... 99% of the time I use Chrome but I tested with the other 2 and same result...nothing So it still remains a baffling mystery but the attempts to sort it out have not been abandoned Don FWIW I have added Privacy Badger to my Chrome and I'll see what pops up..so far nothing at all |
Re: Virus infection in this forum?
I cleared Firefox's history this day and shut browser. Then I reopened it and now no any warnings here:)... But what will happen tomorrow? No more warnings?
Warhero |
Re: Virus infection in this forum?
I guess we'll have to wait and see.....nothing is showing up on Badger ATM for me
|
Re: Virus infection in this forum?
This ain't anything new. Happens all the time. Makes me mad. I mean who understands this ****? I bet 99% of all the computer users don't even know what viruses and malware is. I know I don't. How is anybody supposed to act responsible about this, if they don't understand the problem? I wish the ghost of Babe Roth or some other heavy hitter would knock the internet satellite out of orbit. Hell, I haven't been able to get a new game to load on my machine for about 10 years. I think PC stands for personal confuser not Personal Computer.
|
Re: Virus infection in this forum?
Unfortunately it came back though I kept problem already solved:(... But main thing is that Avast will block that (trojan?) malware away from my PC. No matter how many times I will see same warning in this forum.
Warhero |
Re: Virus infection in this forum?
My Norton software has been blocking coinhive.min and cryptonight-asmjs.min for about the last two weeks when I visit the SPMBT or SPWW2 forums.
I am using Mircosoft Edge as my browser. |
Re: Virus infection in this forum?
Coinhive.com is still present, I.P. address 94.130.129.243 also oel1.gq
|
Re: Virus infection in this forum?
https://malwaretips.com/blogs/remove...e-miner-virus/
Quote:
|
Re: Virus infection in this forum?
I installed Malwarebytes and now I get a message saying coinhive is being blocked
My contact with Shrapnel tells me "We are still looking. Three different companies besides us have scanned our site, including Google. No one has found any maleware." so it's being looked into but it's still a mystery |
Re: Virus infection in this forum?
2 Attachment(s)
Well now.......this is new
http://forum.shrapnelgames.com/attac...1&d=1511788436 THAT is someone who posts regularly on both forums as Pibwl http://forum.shrapnelgames.com/attac...1&d=1511788733 |
Re: Virus infection in this forum?
2 Attachment(s)
and the coinhive IP that shows for me every time I check the forums this morning is
http://forum.shrapnelgames.com/attac...1&d=1511789243 http://forum.shrapnelgames.com/attac...1&d=1511789267 but that changes from day to day |
Re: Virus infection in this forum?
2 Attachment(s)
now it's showing a new ISP but still from Kassel Germany
http://forum.shrapnelgames.com/attac...1&d=1511789665 http://forum.shrapnelgames.com/attac...1&d=1511789672 |
Re: Virus infection in this forum?
and now a new one from 94.130.90.154......still Kassel Germany
|
Re: Virus infection in this forum?
Now it shows the block from 94.130.90.167
Kassel once again IP address or hostname 94.130.90.167 Lookup IP 94.130.90.167 Hostname static.167.90.130.94.clients.your-server.de ASN AS24940 Country Germany (DE) Provider Hetzner Online GmbH DMA 0 City Latitude 51.299301147461 Area 0 Region Longitude 9.4910001754761 TimeZone Europe/Berlin Postal Code Continent EU DateTime 2017-11-27 16:54:21 |
Re: Virus infection in this forum?
This time 94.130.102.124
guess where.......Kassel then again 94.130.128.151 Kassel http://www.ip-tracker.org/blacklist-...94.130.128.151 Blacklist Status: Not Blacklisted |
Re: Virus infection in this forum?
Hmm seems that source of infection is in Germany (Kassel)... Could Shrapnelgames able to remove threat from here? Or via German authorities (police for example)?
Warhero |
Re: Virus infection in this forum?
Quote:
You might win the lottery. Its not a problem so long as you own decent antivirus software, not nice but will be sorted at some point. To politicaly correct nowadays first Kapersky software I had asked me twice if it could fight back as my computer had been underattack for 3 minutes. As they were originaly major hackers in both cases reported threat disabled & let me continue. Of course this was banned you cannot defend your property aggresivly. |
Re: Virus infection in this forum?
As an experiment I stripped Chrome of all ad blockers and privacy guard extensions then opened up the shrapnel forums with the browser "nekkid".
On opening the task manager, no process was taking any inordinate amount of CPU, whether it was any of the several chrome services running or a.n. other. Active coin miners are supposed to eat CPU cycles - and nothing was doing so. So my conclusion is that the "threat" was very low - none of Malwarebytes or Spybot Search and Destroy found anything "placed on" my PC either. So I am perfectly happy to continue on the forums with Firefox with Privacy Badger and Ghostery as usual, and Ad Block Plus of course - otherwise many web pages cannot be seen for intrusive ads!. But then - those are the sort of things a sensible web user has added to their browser these days in any case. Nb - those extensions are available for Chrome as well. |
Re: Virus infection in this forum?
I'm getting it too.
From Norton - "JSCoinminer Download 10" |
Re: Virus infection in this forum?
Cpu usahe might be low, but bitcoin miners ate kniwn for their use of gpu hardware.
And ip address diesnt mean nothing in this day and age when professional hackers normly use proxies to mask their true origin. |
Re: Virus infection in this forum?
RightDeve is correct - miners famously use graphic card processes.
I am still getting a blocked "malicious link" and "malicious webpage" by Kaspersky due to a "Trojan Script" //forum.shrapnelgames.com/clientscript/vbulletin_read_marker.js?v=381 |
Re: Virus infection in this forum?
So, warnings will come every time as I come here until end of world?
|
Re: Virus infection in this forum?
We are still working on this. Probably won't be till end of world. But we have to locate the problem.:hurt:
|
Re: Virus infection in this forum?
Quote:
On my PC machines I run Comodo Internet Security 10. <br> |
Re: Virus infection in this forum?
Just as a FYI - I get the same warnings and blocks from Kaspersky whether using Firefox, IE, Edge or Chrome...
|
Re: Virus infection in this forum?
Yay! :)
No warnings or blocks today! |
Re: Virus infection in this forum?
I still get the same warnings as Don. I'm using Malwarebytes.
|
Re: Virus infection in this forum?
Today I get no messages if I use internet explorer .
If I use Chrome I was still getting the coinhive message so I flushed my cache from chrome but now I get the coinhive blocked message AND go.pushnative.com has been added. If I view the site with Edge I'm warned about coinhive , pushnative and now deloton.com Personally I don't think this is Shrapnel. Why are there different warning for different browsers... ?? Still no warnings about the site using IE.....I think these alert systems are too sensitive |
Re: Virus infection in this forum?
Wonderful........now the blocked messages are showing up In IE
|
Re: Virus infection in this forum?
The entire situation is frustrating for us, Shrapnel and everyone using these formations. What I would like to do is resurrect Vlad the Impaler and send him on a mission against malware authors :mean:
|
Re: Virus infection in this forum?
INFO found Here
Quote:
|
| All times are GMT -4. The time now is 10:26 PM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©1999 - 2024, Shrapnel Games, Inc. - All Rights Reserved.