Author
Topic: Is there a virus on this website?  (Read 16325 times)
coinsplus
  • Moderator
  • *****
  • Posts: 763
  • Yabba Dabba D'OH$$$
    • More about me.
« on: January 04, 2008, 02:52:23 pm »

Hello fellow members...

I am not sure if it's just me... but has anyone noticed an "active x" control pop-up on certain screens on this website?  It says that it wants to download some Microsoft data retrieving info software into my computer (something like that).   I've tried three different computers, and all have the same issue.  All the virus scanners on my computers all pop-up indicating a harmful virus was blocked.   

It sometimes on this website, and sometimes not... not sure if there's something or someone that was able to hack into this site...

Has anyone noticed this?

Thanks,

Michael 

  Smile from your heart.  ;D
kforse
  • Junior Member
  • **
  • Posts: 17
  • CPMS Member
« Reply #1 on: January 04, 2008, 03:36:46 pm »

Michael,

I have had no pop ups appear or any warnings from my McAfee Software.

Hope this helps.

Life is to short not to have fun
YuMan
  • Wiki Contributor
  • Junior Member
  • **
  • Posts: 75
  • Paper Money is Art!
« Reply #2 on: January 04, 2008, 03:45:26 pm »

Michael:
Yes, it was on last mid-night.  But I have McAfee internet security installed on my computer, it automatically let me to turn it down.  I didn't read it in detail but McAfee site advisor indicated that the site (or the link that I click) was phishing or scams and trying to steal some user information.  I can't remember exactly the link but the post I guess was between yesterday afternoon and mid-night.  Probably the link was hacked.

Now, it is okay for me.

Yuman

Yuman
twoinvallarta
  • Senior Member
  • ****
  • Posts: 445
  • Paper Money is Art!
« Reply #3 on: January 04, 2008, 05:09:46 pm »

Yep,Trend Micro caught it on my work comp.

hanmer
  • Full Member
  • ***
  • Posts: 188
« Reply #4 on: January 04, 2008, 05:38:32 pm »

I had an active X object try to load. The website that was loading in behind was saying "Your computer may be infected, blah, blah". When I closed the window it never came back. My Mcafee anti-virus did pick it up. This site puts a cookie on the computer when you log in. Those cookies can be traced by other sites and trigger the behavior described. Having never seen this happen here on this site, I wonder if the tracking cookie given at login has been changed. 

If you do have any concerns, delete your cookies and login again. Maybe choose 24 hours for the period to see if the  cookie expires as designed.

:)



:)
Manada
  • Very Senior Member
  • *****
  • Posts: 580
« Reply #5 on: January 04, 2008, 06:04:03 pm »

I use Kaspersky, and it just told me there is a malicious trojan script running on this forum. I have never seen this before.

But always, there remained the discipline of steel. - Conan the Barbarian
Punkys Dad
  • Very Senior Member
  • *****
  • Posts: 547
  • I keep my $1000 bill collection at Squid's place
« Reply #6 on: January 04, 2008, 06:21:00 pm »

I had an active X object try to load. The website that was loading in behind was saying "Your computer may be infected, blah, blah". When I closed the window it never came back. My Mcafee anti-virus did pick it up. This site puts a cookie on the computer when you log in. Those cookies can be traced by other sites and trigger the behavior described. Having never seen this happen here on this site, I wonder if the tracking cookie given at login has been changed. 

If you do have any concerns, delete your cookies and login again. Maybe choose 24 hours for the period to see if the  cookie expires as designed.

:)

Basically just got the same Active X pain. my PC Spyware just picked it up on this site. Got the same Pop-in virus claim, I did the same thing by closing it down then did a very thourough scan before coming back on. I use NOD32 Antivirus.

Teeny guy on my shoulder sez, It's only money mon
Fever
  • Guest
« Reply #7 on: January 04, 2008, 06:21:35 pm »

Yes, I was on the site about half an hour ago and when I left the site, my Norton Firewall blocked an high risk intrusion attempt.
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #8 on: January 04, 2008, 06:25:39 pm »

What URLs are generating this problem? Is it on ALL pages, or only some? Has anyone who has seen this been able to narrow down the source of the problem?

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
Gary_T
  • Very Senior Member
  • *****
  • Posts: 1,081
  • CPMS radar member 1551
« Reply #9 on: January 04, 2008, 06:30:32 pm »

I had a problem when I tried to reply to the grading poll question.

Gary_T
comox
  • Junior Member
  • **
  • Posts: 37
« Reply #10 on: January 04, 2008, 06:34:38 pm »

I had it happen to me twice when I went into 4 miscut 20s on Ebay. It said a Trojan horse had been detected. It happened about 8am EST this morning.

Gordo
BWJM
  • Very Senior Member
  • *****
  • Posts: 5,018
« Reply #11 on: January 04, 2008, 06:46:06 pm »

I'm not seeing anything strange. Can you guys please take screenshots of all these alerts and email them to me? bwjm@cdnpapermoney.com. Please include the page you were at (ie: full URL) when you got the message.
Thanks!

BWJM, F.O.N.A.
Life Member of CPMS, RCNA, ONA, ANA, IBNS, WCS.
President, IBNS Ontario Chapter.
Treasurer, Waterloo Coin Society.
Show Chair, Cambridge Coin Show.
Fellow of the Ontario Numismatic Association.
coinsplus
  • Moderator
  • *****
  • Posts: 763
  • Yabba Dabba D'OH$$$
    • More about me.
« Reply #12 on: January 04, 2008, 09:34:01 pm »

There is a hit and miss on this virus...  in most cases, when you logout or have not logged in, that's where this virus hits...

When you scroll your cursor or mouse over the links... you will see the following:
http://www.cdnpapermoney.com/forum/index.php?PHPSESSID=7bbc149d80fd07cccaf0b2b2631e9276
(the website address when you drag your cursor over buttons or links will show on the bottom left side of the Internet Explorer window). 

I have no idea what that PHPSESSID is... but, what I know is that it's on all the address links after the Canadian papermoney website's address.  Whenever you click any of the links to any subjects ... your computer seizes up a bit, the "active x control" pops up on the window, and states:  "This website want to run the following add on:  'Microsoft  Data Access-Remote, Data Services Dat...' from Microsoft Corp.  If you trust the website and add on and want to allow it to run, click here..."   While this is running, the virus scanners pops up to indicate a known virus is blocked, and when you try to close the window... sometimes your computer freezes...

I WOULD ADVISE, DO NOT CLICK THIS...  as it's going to install something on your computer which can be permanent... and perhaps can track what your passwords, etc., are on PayPal, your banking website, etc... 

I hope this helps. 

Michael
« Last Edit: January 04, 2008, 09:43:24 pm by coinsplus »

  Smile from your heart.  ;D
coinsplus
  • Moderator
  • *****
  • Posts: 763
  • Yabba Dabba D'OH$$$
    • More about me.
« Reply #13 on: January 04, 2008, 09:57:38 pm »

I found this website, trying to search this "Microsoft Remote Access Data Services.." 

This is an EXCELLENT little article showing the real website vs... a fake website:

http://msmvps.com/blogs/hostsnews/archive/2007/09/13/can-you-spot-the-fake.aspx

So Brent, I think this website has been attacked by some scrupulious person... and there's some debugging that someone's going to do...

Michael
« Last Edit: January 04, 2008, 10:00:15 pm by coinsplus »

  Smile from your heart.  ;D
Northwest5
  • Full Member
  • ***
  • Posts: 180
« Reply #14 on: January 04, 2008, 10:35:17 pm »

Yes, this has also haeppened to me twice over the last few days.  Very frustrating.  I tried to open the polls last nite when it hit me again.  The earlier time when I clicked to access/open the forum it would just not open at all.  I restarted the computer and then it did open without trouble.  I will look more closely next time and get details.
 

Login with username, password and session length