Is there a virus on this website?

News: Registration is free here at the CPMF!

Hello fellow members...

I am not sure if it's just me... but has anyone noticed an "active x" control pop-up on certain screens on this website?  It says that it wants to download some Microsoft data retrieving info software into my computer (something like that).   I've tried three different computers, and all have the same issue.  All the virus scanners on my computers all pop-up indicating a harmful virus was blocked.   

It sometimes on this website, and sometimes not... not sure if there's something or someone that was able to hack into this site...

Has anyone noticed this?

Thanks,

Michael 

Michael,

I have had no pop ups appear or any warnings from my McAfee Software.

Hope this helps.

Michael:
Yes, it was on last mid-night.  But I have McAfee internet security installed on my computer, it automatically let me to turn it down.  I didn't read it in detail but McAfee site advisor indicated that the site (or the link that I click) was phishing or scams and trying to steal some user information.  I can't remember exactly the link but the post I guess was between yesterday afternoon and mid-night.  Probably the link was hacked.

Now, it is okay for me.

Yuman

Yep,Trend Micro caught it on my work comp.

I had an active X object try to load. The website that was loading in behind was saying "Your computer may be infected, blah, blah". When I closed the window it never came back. My Mcafee anti-virus did pick it up. This site puts a cookie on the computer when you log in. Those cookies can be traced by other sites and trigger the behavior described. Having never seen this happen here on this site, I wonder if the tracking cookie given at login has been changed. 

If you do have any concerns, delete your cookies and login again. Maybe choose 24 hours for the period to see if the  cookie expires as designed.

I use Kaspersky, and it just told me there is a malicious trojan script running on this forum. I have never seen this before.

I had an active X object try to load. The website that was loading in behind was saying "Your computer may be infected, blah, blah". When I closed the window it never came back. My Mcafee anti-virus did pick it up. This site puts a cookie on the computer when you log in. Those cookies can be traced by other sites and trigger the behavior described. Having never seen this happen here on this site, I wonder if the tracking cookie given at login has been changed. 

If you do have any concerns, delete your cookies and login again. Maybe choose 24 hours for the period to see if the  cookie expires as designed.

Basically just got the same Active X pain. my PC Spyware just picked it up on this site. Got the same Pop-in virus claim, I did the same thing by closing it down then did a very thourough scan before coming back on. I use NOD32 Antivirus.

Yes, I was on the site about half an hour ago and when I left the site, my Norton Firewall blocked an high risk intrusion attempt.

What URLs are generating this problem? Is it on ALL pages, or only some? Has anyone who has seen this been able to narrow down the source of the problem?

I had a problem when I tried to reply to the grading poll question.

I had it happen to me twice when I went into 4 miscut 20s on Ebay. It said a Trojan horse had been detected. It happened about 8am EST this morning.

I'm not seeing anything strange. Can you guys please take screenshots of all these alerts and email them to me? bwjm@cdnpapermoney.com. Please include the page you were at (ie: full URL) when you got the message.
Thanks!

There is a hit and miss on this virus...  in most cases, when you logout or have not logged in, that's where this virus hits...

When you scroll your cursor or mouse over the links... you will see the following:
http://www.cdnpapermoney.com/forum/index.php?PHPSESSID=7bbc149d80fd07cccaf0b2b2631e9276
(the website address when you drag your cursor over buttons or links will show on the bottom left side of the Internet Explorer window). 

I have no idea what that PHPSESSID is... but, what I know is that it's on all the address links after the Canadian papermoney website's address.  Whenever you click any of the links to any subjects ... your computer seizes up a bit, the "active x control" pops up on the window, and states:  "This website want to run the following add on:  'Microsoft  Data Access-Remote, Data Services Dat...' from Microsoft Corp.  If you trust the website and add on and want to allow it to run, click here..."   While this is running, the virus scanners pops up to indicate a known virus is blocked, and when you try to close the window... sometimes your computer freezes...

I WOULD ADVISE, DO NOT CLICK THIS...  as it's going to install something on your computer which can be permanent... and perhaps can track what your passwords, etc., are on PayPal, your banking website, etc... 

I hope this helps. 

Michael

I found this website, trying to search this "Microsoft Remote Access Data Services.." 

This is an EXCELLENT little article showing the real website vs... a fake website:

http://msmvps.com/blogs/hostsnews/archive/2007/09/13/can-you-spot-the-fake.aspx

So Brent, I think this website has been attacked by some scrupulious person... and there's some debugging that someone's going to do...

Michael

Yes, this has also haeppened to me twice over the last few days.  Very frustrating.  I tried to open the polls last nite when it hit me again.  The earlier time when I clicked to access/open the forum it would just not open at all.  I restarted the computer and then it did open without trouble.  I will look more closely next time and get details.

OK, I got it to happen once in Internet Explorer, but it has never happened in Firefox. I also cannot seem to reproduce it in Internet Explorer, which is annoying.
As far as I can tell, none of the source files for the website have been modified, but I haven't been able to properly examine this thing in action yet.

OK, I see the stupid thing, but I can't figure out where it's coming from. It's got to be in the source code somewhere, but everything I've looked at seems fine.

What pages are generating this problem? Is it only when you're viewing a topic? Does it happen when viewing a forum, or the main page? PMs?

Hi Brent,

It's EVERYWHERE!!!  It's on the mainpage of cdnpapermoney.com, the forum links to each section, when you post a reply, click the home page, click the help button, and so on....  Not sure if it's affecting PM.   

Hard to recreate the error. I got it twice in a row doing some testing. Both times it happened when I clicked the General bread crumb shortcut at the top of the page. It happened while I was logged in and not logged in on the same link both times. Not sure it's in the code, or a MIME setting in the webservers settings. MIME is a communication that occurs between a web server and browser (IE mostly). This is where the webserver tells the browser what software is required to "see" pages or open specific file types embedded in pages (mpg, avi, pdf). If this is a hosted site, then it is possible that something changed for another site on the server, but the settings were applied across all sites instead of just the site that requires that Active X object.
It is unlikely a virus, but since there are no active x objects on this site, anti-virus software is flagging it as a threat. My next step is to actually install it to see what happens.

I installed the active x object as requested. I've not seen any issuses with the computers (running this on 2 seperate laptops).
I also have not seen any foreign connections appear when I'm using the internet. After the install of active x object, I  updated and ran the following software and all indicated no threats found.

Symantec anti-virus v 10 Enterprise Edition
Spybot Searce and Destroy
Ad Aware Personal

It's either been fixed, or the active x object was not harmful (in my opinion).

Please note: I DO NOT recommend installing this activex control.

From what I have seen, there is definitely malware being returned on random page requests for this website. I do not know where it's coming from, despite spending hours poring over source code.

Hello,

I just became a member and there seems to be problems where ever I go on the site. I had a virus detected (trojan) when trying to become a member but my software took care of it, but when I tried to get into the recent posts my computer hung.   I rebooted and went back in and found this post and again got the virus detected and systems hung. I went back and finally got to post this.  Is this something to do with this specific site right now since I did access the site about 1 week ago as a guest and no problems . I am a little concerned that it is popping up so frequently and causing my computer to hang.
Any info appreciated.
Is is best to stay away from the site until this gets resolved.

ELDIABLO666

Use Firefox and you should not have this problem: www.getfirefox.com.

I am investigating, but this is going to take some time. Please be patient.

How about now? Is anyone getting that damned thing now?

I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday so I ran for the Hills. Today seems alright - fullscan on my computer and she's healthy as a horse !!! 

Everything seems to be fine in this end of the world.

Hi Brent,

It seems that the website address, still has that weird PHPSESSID.

http://www.cdnpapermoney.com/forum/index.php?PHPSESSID=19e35906acd129334213a4c0807399f5&topic=6703.msg33425#new

It's a hit or miss on this... it seems that it randomly does this everytime you go into the link or refresh the screen... 

Normally, it should be:

http://www.cdnpapermoney.com/forum/index.php?topic=6703.0 or this:

http://www.cdnpapermoney.com/forum/index.php?topic=6703.msg33426#msg33426

Not sure if this can be corrected.

Disregard the PHPSESSID thing. That's just tracking your session so the server knows it's still you making each request. I would expect that if you enable cookies or something, you should be able to avoid that. If not, no big deal.

I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday so I ran for the Hills. Today seems alright - fullscan on my computer and she's healthy as a horse !!! 

 My computer was as healthy as a horse too but a trojan horse! My computer was running rough yesturday I did a virus scan and there was a virus called SHeur.AIGJ in there but I'm not sure were I got it from.

 

I noticed it for the first time yesterday (Internet Explorer)- Active X controls were trying to load when I clicked a page yesterday

Yesterday was the same for me and after 11:30 or so I couldn't open the forum at all.Seems fine now.

I will be installing firefox very soon.

Working good on my end Brent.

Thanks!

I ran both IE first and then Firefox right after on this site. So far everything seems to be running okay here. Thanks Brent, that's why you get the big bucks 

Keeping my fingers crossed. PD

I got all screwed up from this too. I'm not as tech savy as some of you. I ran a couple of spyware programs and seem to be OK now. I just stayed away for a few days.

Yesterday night, that active x thing was popping up constantly.  I couldn't get pas at either sites, cdnpapermoney.com or cdnpapermoney.com/forum/

Seems that things are okay now...

The exact same thing here, but that firefox install is on the list.

About 4 days ago, while on the Forum, this "active X" virus got through my firewall and slowed my computer down considerably . After I ran my Norton protection program, it found the virus and removed it. However, for the next few days I noticed quite a lag on my computer, but as of today everything is back to normal . I can't understand what motivates these hackers to create these worms, virus's and such . Does someone pay them to infect certain sites or is it pure vandalism

I to have had nothing but trouble along the same lines as all others. I have a trojan virus now that my ad-aware or other programs will not get rid of. Does anyone have any other programs or ideas that will help get this off of my comp. I have removed many things with ad-aware lately but this one just restarts my computer when ever the program detects it? Any info would be greatly appreciated. I have now switched to firefox for browsing!! Thanks Very Much...


    Jeff

Hey Jeff,

I do not think there is an easy solution to this problem. I ended up backing up my hard on another drive, reformatting the hard drive, and then reinstalling the operating system. No data was lost, but the hassle of going through all of this was not fun. Now everything is 100%

I have had no problems for a few days but my AVG software didn't detect a trojan .
I would like to know the name of it?

My AVG found a trojan virus and it was called SHeur.AIGJ

I also have AVG (the freebie) one and it detected it, put it in the vault and then I deleted it.
FRIEDSQUID

I did the AVG as well and it said it found 176 files with a trojan??? Not real sure what it all means, it said it removed all but 1 of them? I will try it out and see how it runs this afternoon. I'm not a comp wizard so I just have been doing what I was told? I do not have a anti-virus program, maybe it is time to purchase one that is new and up to date??? Any thoughts on what else to try or what to buy if it comes down to that, Thanks for all the help!!

  Jeff

AVG is a good way to go. If you're that infected though, getting cleaned up may be a challenge. Anti-virus protection is an absolute essential in today's world. It's like wearing a seat-belt while in a car.

I think the virus was back on this website earlier today...

The website originator who ever is trying to attack the site has the following website address which was being hosted on this site:
-http://gomyron.com/MTgxNjQ=/2/6411/ax=1/ed=1/ex=1// (don't copy this website and try to open it)  

I was able to obtain this website address when my windows explorer started seizing up... disconnected from the wireless internet connection... and that address was shown on my address bar, instead of the www.cdnpapermoney.com/forum/

I've had no problems since I installed the firefox browser.

The problem seems to have been an issue on my master account. All of the domains on my server were doing this (not just CdnPaperMoney). You guys actually found it long before I was aware of it, but I believe it's been fixed as of Sunday (Jan 13th) afternoon. Guess I should drop in more often.

I'm sorry of the troubles.

Paul

Nice to hear from you Paul!  Glad to know that things are okay with the site.

Michael