Results 1 to 10 of 10

Thread: Is it just me??

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 9th May 2006 #1
    ivor&mel
    ivor&mel is offline
    Banned ivor&mel's Avatar
    Join Date
    Feb 2006
    Location
    Sheffield
    Posts
    586
    Rep Power
    0
    Send a message via Yahoo to ivor&mel
    Quote Originally Posted by deepete @ May 9 2006, 06:13 PM
    I received an e-mail about a tool for win2win that I thought looked suspicious, so after checking I deleted it.

    If thats the same one you received I was very lucky, I`m running zonealarm suite but I didnt put it to the test so I dont know if it would have prevented any infection.

    Sorry to hear its causing you problems, go to zonealarm and test their software free for 2 weeks. It will do a scan and get rid of any problems, hopefully.

    I`m still evaluating mine, its seemed to have slowed down my computer but it may be a price worth paying.

    Peter
    I run Zonealarm as firewall and AVG as anti-virus. AVG immediately picked up the Trojan in the e-mail; my ZA would not detect a Trojan in the exe file, it would only detect dodgy outgoing/incoming connections if the Trojan had been run.

    I've never looked at the anti-virus capabilities of ZA: all I use is the free firewall version. I'm always a bit suspicious of software that tries to do too many jobs! I use the ZA/AVG combination on all my machines, plus Spybot Search & Destroy (though I've read about problems with that recently) and Ad-aware. It seems to have kept me safe and clean, but nothing is ever 100% foolproof!

    I used the forum first thing this morning without any problems. I suspect the hacking or whatever occurred between 10:00 and 11:00 - the e-mail was sent at 10:55 and I immediately went to the Forum and then started seeing the problems. The e-mail was sent from IP address 66.147.238.53, which resolves to hc1.ded203.com and is part of a netblock assigned to HostRocket Web Services of New York.

    Are there any disgruntled Forum members with technical skills enough to hack the site, perhaps?

    Ivor and Mel

    Quote Originally Posted by ivor&mel @ May 9 2006, 06:55 PM
    Are there any disgruntled Forum members with technical skills enough to hack the site, perhaps?
    I've just reread that, and it sounds ambiguous! I am not suggesting hacking HostRocket Web Services! I was just wondering if the hacking of this Forum had been done by a disgruntled Forum member!

    Ivor and Mel

  2. 9th May 2006 #2
    Admin
    Admin is offline
    Administrator
    Join Date
    Jan 2001
    Location
    N Wales
    Posts
    1,651
    Rep Power
    0
    Note: Their is no virus on the site or server. It has been thoroughly tested by myself, and other in the UK, and different countries.

    Your computer has been infected via spoof emails, and is most likely WINFIXER, which is MALWARE, hence adaware, spybot, av will not find it.

    The problem is on your own computer & the fix is here,

    http://forums.bollyent.com/index.php?showtopic=12084
    Regards,

    Keith & Ping

    Free Asian dating & forum - www.filipinouk.co.uk
    Subscription dating, 1000's of members - www.asiansingle4u.com
    Professional gambling & forum - www.win2win.co.uk
    Betting bot reviews - www.exchangebots.com
    Professional poker & forum - www.win2winpoker.co.uk
    Astronomy forum - www.astronomy-forum.co.uk
    Company site - www.win2win-limited.co.uk

  3. 9th May 2006 #3
    ivor&mel
    ivor&mel is offline
    Banned ivor&mel's Avatar
    Join Date
    Feb 2006
    Location
    Sheffield
    Posts
    586
    Rep Power
    0
    Send a message via Yahoo to ivor&mel
    Quote Originally Posted by admin @ May 9 2006, 07:30 PM
    Note: Their is no virus on the site or server. It has been thoroughly tested by myself, and other in the UK, and different countries.

    Your computer has been infected via spoof emails, and is most likely WINFIXER, which is MALWARE, hence adaware, spybot, av will not find it.

    The problem is on your own computer & the fix is here,

    http://forums.bollyent.com/index.php?showtopic=12084
    So are you telling me that all the machines I have used today are infected by that e-mail? Even though the e-mail was seen on only one of the machines, and the attachment was not run to install the Trojan? The only pages that show this behaviour are the Forum and Gallery pages on win2winracing. The only common factor is a visit to these pages on win2winracing.

    The e-mail headers show the following routing:

    Received: from [66.147.238.53] (helo=host.win2winracing.com) by pih-mxcore09.plus.net with esmtp (PlusNet MXCore v2.00) id 1FdOwf-00038z-Uo for <my-e-mail-address>; Tue, 09 May 2006 10:55:58 +0100

    Received: from nobody by host.win2winracing.com with local (Exim 4.44) id 1FdOwZ-0003eW-5L for <my-e-mail-address>; Tue, 09 May 2006 10:55:51 +0100

    X-Mailer: IPB PHP Mailer
    Message-ID: <E1FdOwZ-0003eW-5L@host.win2winracing.com>

    It seems that 66.147.238.53 resolves to both hc1.ded203.com and host.win2winracing.com... So where did the e-mail come from...?

    Ivor and Mel

    EDIT: I'm still trying to figure out what is going on here... It seems that whenever I connect to win2win, the browser downloads 2 Java files into:

    C:\Documents and Settings\Ivor Hutchinson.ROMSDAL.001\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

    i.e.

    count.jar-15d389d-xxxxxxxx.idx
    count.jar-15d389d-xxxxxxxx.zip

    (xxxxxxxx seems to vary) and AVG reports the ZIP file as being infected.

« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Visitors found this page by searching for:

ivor hutchinson

SEO Blog

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Filipino Forum : Philippine Forum