WXforum.net

Administration => WXForum Bugs/Suggestions => Topic started by: ncpilot on March 16, 2009, 08:52:18 AM

Title: !! to all ADMINS !!
Post by: ncpilot on March 16, 2009, 08:52:18 AM
Thought this might be the easiest way to contact you all...

Just now, when going to this forum directly by typing the URL, I'm getting multiple warnings from Trend Micro (work computer) for:

bamrot.com/qqp/index.php

Google even flags it as dangerous...

Never seen this before.

Has the forum site been hacked?
Title: Re: !! to all ADMINS !!
Post by: Bushman on March 16, 2009, 09:14:59 AM
I just tried it on a new load of FF and no such warnings.   Running SAV abd Win Firewall.  Maybe YOU'VE been hacked?
Title: Re: !! to all ADMINS !!
Post by: ncpilot on March 16, 2009, 09:33:28 AM
No other website I load gives that warning...

Try looking that site up in Google...
Title: Re: !! to all ADMINS !!
Post by: Bushman on March 16, 2009, 09:38:12 AM
I did.  It uses an ActiveX component.  Have you run a spyware scan on your system?  I don't get any such report accessing this or other sites.
Title: Re: !! to all ADMINS !!
Post by: mackbig on March 16, 2009, 09:59:30 AM
That site is an apparently known malware site, hence the google warning.

I am confused, I thought when trying to access this forum you got a warning about "bamrot.com/qqp/index.php"

I have not seen any warnings this morning for the forum.  I went to the above site, prior to googling it, nothing loaded, I assume our massive corporate firewall has it on a black list.

Andrew
Title: Re: !! to all ADMINS !!
Post by: ncpilot on March 16, 2009, 10:20:12 AM
You may have "silent" warnings...

I've got Trend Micro (for better or worse--it's what corporate uses) on my laptop, and every time I refresh or navigate on this forum, a window pops up warning about bamrot...

Just did a scan of my computer, and it's clean...

I'm using an older version of Firefox for a thumbdrive (and yes, I scanned my thumbdrive), so maybe FF 3 blocks the site?

I remoted into my home computer and went to this forum using FF 3, with AVG antivirus running, and I did not get a warning...
Title: Re: !! to all ADMINS !!
Post by: ncpilot on March 16, 2009, 10:30:40 AM
Warnings have gone away...

I see saratogawx is also online... maybe he fixed something?
Title: Re: !! to all ADMINS !!
Post by: Anthony on March 16, 2009, 10:30:45 AM
I run AVG and win xp pro and have not gotten any warnings either.

Title: Re: !! to all ADMINS !!
Post by: NGRRFan on March 16, 2009, 10:41:19 AM
Kaspersky also says there is a virus at this site.
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 10:53:28 AM
It was a problem.. a JavaScript malware code was appended to the index.php on this site.  It's now removed.

We're doing some forensics to see how it arrived on the site.

Thanks for the alert(s) that were sent.

I find that FireFox with NoScript absolutely prevents this kind of thing from penetrating my client .. I get a nice 'script blocked' indicator, then I can check which domain the script is trying to execute to, and it's easy to track down the malware. :)

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: sam2004gp on March 16, 2009, 12:17:28 PM
Thanks for fixing it guys.  Glad I waited until now to log in.
Title: Re: !! to all ADMINS !!
Post by: lddaly on March 16, 2009, 01:38:58 PM
If we visited the site while it was infected, what actions do we need to take? What are the details of the specific Malware that we can look for?
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 01:41:35 PM
If you have current anti-virus software or were using FF with NoScript, then no action is required.  Otherwise, update your anti-virus and run a system scan to make sure nothing untoward entered your system.

I'm still hunting down the source of the infection.
Title: Re: !! to all ADMINS !!
Post by: tweatherman on March 16, 2009, 03:07:29 PM
I got several spyware warnings on this site yesterday from webroot spyware running on my computer yesterday. Since have been removed on my end.

Tim
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 03:22:06 PM
I think we've found the source of the problem and plugged it, so with any luck, we won't see a re-infestation.

Please accept our apologies for any inconvenience caused by this malware infestation.

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 04:53:03 PM
I think we've found the source of the problem and plugged it, so with any luck, we won't see a re-infestation.

Please accept our apologies for any inconvenience caused by this malware infestation.

Best regards,
Ken

Good work, Ken, and whomever else was involved. Thanks for your diligence and hard work! =D>
Title: Re: !! to all ADMINS !!
Post by: racenet on March 16, 2009, 07:15:20 PM
Maybe not quite wiped out. Just got a warning via AVG. The first one today. Had 3 yesterday.



Bob
Title: Re: !! to all ADMINS !!
Post by: W3DRM on March 16, 2009, 07:39:53 PM
Ken,

I also got the warning via AVG about an hour ago when I first logged into WXForum.net. AVG caught it and let me quarantine it. Doesn't look like it did any damage though.

Thanks for the quick work in isolating the problem.
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 07:48:10 PM
Found another opening... getting plugged now. Grrrr.  this miscreant is persistent.

Thanks for keeping your 'shields up' and for your patience while we battle the infestation.

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 07:51:11 PM
Ken,

I also got the warning via AVG about an hour ago when I first logged into WXForum.net. AVG caught it and let me quarantine it. Doesn't look like it did any damage though.

Thanks for the quick work in isolating the problem.

Don, what settings to you use? I have AVG, and it isn't catching anything. Makes me wonder if I need to tighten it up.

Thanks!
Title: Re: !! to all ADMINS !!
Post by: kray1000 on March 16, 2009, 07:54:52 PM
I have McAfee and I'm not getting any alerts (even silent ones, I don't think).  What are folks doing to trigger the alerts?

(BTW... I use a bookmark to access the forum.)
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 07:55:27 PM
I also have AVG, but it doesn't activate since the NoScript as part of my Firefox never lets the resulting script execute fully :)

The target site for the script has already been sequestered by the Google Firefox plugin as a 'bad site', and the target site is listed in malwarebytes.com too .. The target site no longer coughs up the 'real payload' (which is a good thing).

Incredibly annoying .. it's like playing 'whack-a-mole' .. exciting, but not always 'final'.
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 08:44:11 PM

I don't mean to sound paranoid or alarmist, but do some of the fonts on the forum seem smaller? For example, the fonts in the menu tabs and some of the links seem smaller today than in the past. I don't believe I did anything to change my screen resolution. Anyone else notice that, or is it my imagination?
Title: Re: !! to all ADMINS !!
Post by: kray1000 on March 16, 2009, 08:53:37 PM
Large fonts are getting more expensive. 

Myself, I can't see a difference.  Everything seems the same.

For some reason, I have this uncontrollable urge to whack a mole.
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 09:02:55 PM
Large fonts are getting more expensive. 

Myself, I can't see a difference.  Everything seems the same.

For some reason, I have this uncontrollable urge to whack a mole.

He he he!

As I'm still recovering from a 3-week cold or flu or combo thereof, I'm still thinking over "coughs up the 'real payload'." :-& :lol:
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 09:21:46 PM

Hmm. Here's what I'm noticing this evening. Besides some of the fonts on the forum appearing smaller than usual (especially in the tabs and some other links), I noticed the banner images in peoples' sigs appear blurred/fuzzy. So I measured some of them, and they're smaller on the forum screen than they are when I "View Image", during which they appear normal size and unblurred. Anyone else?
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 09:29:36 PM
Hmmm... they all appear the same for me Kevin (both font sizes and banner sizes).  Which browser are you using?  If IE, have you inadvertently set character size as 'smaller'?  Also, have you cleared your disk cache and reloaded the page fresh?
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 16, 2009, 09:40:29 PM
Hmmm... they all appear the same for me Kevin (both font sizes and banner sizes).  Which browser are you using?  If IE, have you inadvertently set character size as 'smaller'?  Also, have you cleared your disk cache and reloaded the page fresh?

Hi, Ken.

I'm using FF 3.0.7. I haven't changed the character size. I did clear the cache and refreshed the page. What's strange is that the sig banners appear smaller (by measuring them on the screen) in the forum browser than in the browser when I "View Image." Also, my own banner is smaller on the forum page than it is on my web site.

I wondered if anyone else noticed it inasmuch as I didn't notice it until tonight (after the spyware "attack".) Don't worry about it unless several others mention they observe something similar.

Thanks!
Title: Re: !! to all ADMINS !!
Post by: up10ad N9RJH on March 16, 2009, 09:52:34 PM
I was getting the alert the other day when using Safari on my MacBook Pro but not when using Firefox.  I didn't try it with any of my Win clients until just now, and it seems clean to my system tests with AVG and Trend Micro.  Also re-tested with Safari and it gives no warnings now.

Good job cleaning, good luck locating source.
Title: Re: !! to all ADMINS !!
Post by: Mark / Ohio on March 16, 2009, 10:18:11 PM
Last night I received a "down for maintenance" full page gray banner for an hour of so around midnight.  Could that of been when the exploits was taking place?

Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 10:23:58 PM
I'm not sure Mark .. I worked on the issue a bit yesterday, and full log-grinding today to isolate the source.  

Their method (which I won't disclose :) shouldn't have caused the 'grey screen of death' for the forum.. that could have been a temporary loss of SQL connection due to other causes.

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: lddaly on March 16, 2009, 10:25:00 PM
Hi, Ken.

I'm using FF 3.0.7. I haven't changed the character size. I did clear the cache and refreshed the page. What's strange is that the sig banners appear smaller (by measuring them on the screen) in the forum browser than in the browser when I "View Image." Also, my own banner is smaller on the forum page than it is on my web site.

I wondered if anyone else noticed it inasmuch as I didn't notice it until tonight (after the spyware "attack".) Don't worry about it unless several others mention they observe something similar.

Thanks!
Since you are using FF, you can troubleshoot easily using safe mode: http://support.mozilla.com/en-US/kb/Safe+Mode
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 10:27:52 PM
FWIW, earlier this afternoon AVG warned me about two trojan infections when I logged on to this website. One AVG was able to heal, but the other it was not. I plan on running a full scan his evening and manually removing the offending boogger if I have to. It's a nasty job, but someone has to do it.  :-P

Thanks Ken for getting on top of this so quickly!

Bruce
Oooh... sorry you caught one, Bruce.  Those driveby downloaders are a pain.

FWIW:  the encoded JavaScript resulted in a small hidden <iframe> that caused an URL to be accessed .. that url had additional malware downloads.  Sneaky devils..  more reason to use FireFox with NoScript .. never execute the scripts from unknown sources and it prevents the infection in the first place.

Hope you can disinfect easily!  Sorry for the inconvenience!!

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: mackbig on March 16, 2009, 10:29:33 PM
I have not seen any warnings.  During the day since 6am at work, that is normal since my IE is a citrix deploy so not too worried about infection.  At home nothing on weather pc running IE 5.5 with CA internet suite.  Anyone else run CA?   Ass u me it catches this kind of thing?  I know one of the forum members had an injection attack (VBS/MS06-014!exploit.) on their site back in october (Ken, you helped in the cleaning/resolutino of that site)....  Nothing on mac running FF 3.07 (no protection).  what's this no script mode? should I be worried on a mac?

Andrew
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 16, 2009, 10:43:36 PM
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.
Title: Re: !! to all ADMINS !!
Post by: killwilly on March 17, 2009, 02:09:20 AM
I had two trojan horse infections over the weekend when connecting to the forum, fortunately AVG removed them both, had no problems since.

Many thanks Ken for your prompt action.   =D&gt;

Alan
Title: Re: !! to all ADMINS !!
Post by: Axelvold on March 17, 2009, 04:53:40 AM
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 17, 2009, 09:02:10 AM
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Thanks for the tip, Ken! I installed it. FF has so many plugins and add-ons that I rarely check them out any more.
Title: Re: !! to all ADMINS !!
Post by: Anthony on March 17, 2009, 09:09:28 AM
I was only on once or twice before noon yesterday. I also run AVG and have win firewall disabled on this machine. Did not recieve and warnings or notices from AVG what so ever. Normally I would have been on during the afternoon and evening. But was busy from noon on yesterday. So maybe that was my saving grace?

Title: Re: !! to all ADMINS !!
Post by: sam2004gp on March 17, 2009, 09:54:30 AM
Yeah, same here, I was not on during my normal times during the last two days.  When I get home today.  I will scan the computer really well.  I am on a MAC Duel-G5 right now, so no worry there. ;)
Title: Re: !! to all ADMINS !!
Post by: sam2004gp on March 17, 2009, 03:01:17 PM
At home on my main machine, running AVG full scan, windows defender full scan and installed no script in firefox.

What more can I do to my dedicated wx computer?
It is XP Pro SP3 (bootleg)<-no further updates after that. 
I have choosen not to put any virus software on it, to keep from slowing it down anymore. 
It's Pentuim II 300 MHZ machine with 384 RAM.  It has IE6, and I did set my "internet security settings" to high.  I do not surf on it, unless I am checking my own weather site, or perhaps WXforum.net quickly in case I don't want to start the main machine.
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 17, 2009, 03:46:37 PM
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 17, 2009, 04:14:14 PM
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Sure... the secret is to include something like
Code: [Select]
<noscript><p>[Enable JavaScript for live updates]</p></noscript> on your page where appropriate.  If JavaScript is NOT enabled the message "[Enable JavaScript for live updates]" will appear where you'd placed it on the page, otherwise the message doesn't appear.
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 17, 2009, 04:18:23 PM
At home on my main machine, running AVG full scan, windows defender full scan and installed no script in firefox.

What more can I do to my dedicated wx computer?
It is XP Pro SP3 (bootleg)<-no further updates after that. 
I have choosen not to put any virus software on it, to keep from slowing it done anymore. 
It's Pentuim II 300 MHZ machine with 384 RAM.  It has IE6, and I did set my "internet security settings" to high.  I do not surf on it, unless I am checking my own weather site, or perhaps WXforum.net quickly in case I don't want to start the main machine.
The best thing to do on a machine without AV software is:
1) don't use the browser (except IE to access the Windows Update) or
2) use Firefox with NoScript installed (prevents drive-by malicious JavaScripts from executing).

It's possible that even trusted sites may get hacked from time to time (witness our problems on 3/15-3/16), so having layers of defense is the best thing.   I don't have AV on my weather system either, but I only use FF+NoScript to check my website, and IE only for doing windows updates (which I do regularly).

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: WeatherBeacon on March 17, 2009, 04:28:59 PM
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Sure... the secret is to include something like
Code: [Select]
<noscript><p>[Enable JavaScript for live updates]</p></noscript> on your page where appropriate.  If JavaScript is NOT enabled the message "[Enable JavaScript for live updates]" will appear where you'd placed it on the page, otherwise the message doesn't appear.

Jiminy! You're the coding master, Ken! Thanks much! :-o
Title: Re: !! to all ADMINS !!
Post by: saratogaWX on March 17, 2009, 04:35:42 PM
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.

Hi Lars,

We feel fairly confident that we located the 'hole' that the miscreant used to modify the .php (and .htm) pages inserting the JavaScript to make the invisible <iframe> drive-by downloader.  Logs checked this morning, and last modification by them was on 3/16 at about 4am and no successful modifications after that.

In general, there are two basic ways that hackers can penetrate your site:
1) through scripts on your website that don't have sufficient parameter checks, or
2) ftp or ssh/telnet access to the site through a compromised password

For the commonly available weather website scripts (including the ones offered on my site, the templates and plugins), they all have safe parameter handling, so offer no way in for miscreants.  Older versions of HamWeather PHP did have a vulnerability (http://www.securityfocus.com/bid/20311) (3.9.8 .4 and below only) to allow script injection, so make sure your HAMweather is 3.9.8.5 + ).  Even though this vulnerability was patched in Oct 2006, I still see knocks at my door trying to see if I've been foolish enough to have an old version of HAMweather installed (I don't have it installed at all on my site).  Likewise, folks who use older versions of content management systems like PHP-nuke, Joomla, Mambo (etc) should keep their maintenance up-to-date too.. older versions of those software products had some code injection vulerabilities too.

For (2), just make sure whatever system you surf the internet with has current antivirus AND (highly recommended) FireFox+NoScript plugin.  It only takes a moment for an unprotected browser to grab a bit of malware, read your passwords (like to your ftp website), and steathly mail it off to the hacker who will use your website to spread his malware.

It's a hacker and kiddie-script jungle out there .. keep the defenses strong and layered so your internet experience can be without harm.

Best regards,
Ken
Title: Re: !! to all ADMINS !!
Post by: sam2004gp on March 17, 2009, 05:09:36 PM
Main Computer scans complete.  Nothing found except for a few tracking cookies.  Doing an online virus scan of the weather computer now.
Title: Re: !! to all ADMINS !!
Post by: Axelvold on March 17, 2009, 05:53:37 PM
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.

Hi Lars,

We feel fairly confident that we located the 'hole' that the miscreant used to modify the .php (and .htm) pages inserting the JavaScript to make the invisible <iframe> drive-by downloader.  Logs checked this morning, and last modification by them was on 3/16 at about 4am and no successful modifications after that.

In general, there are two basic ways that hackers can penetrate your site:
1) through scripts on your website that don't have sufficient parameter checks, or
2) ftp or ssh/telnet access to the site through a compromised password

For the commonly available weather website scripts (including the ones offered on my site, the templates and plugins), they all have safe parameter handling, so offer no way in for miscreants.  Older versions of HamWeather PHP did have a vulnerability (http://www.securityfocus.com/bid/20311) (3.9.8 .4 and below only) to allow script injection, so make sure your HAMweather is 3.9.8.5 + ).  Even though this vulnerability was patched in Oct 2006, I still see knocks at my door trying to see if I've been foolish enough to have an old version of HAMweather installed (I don't have it installed at all on my site).  Likewise, folks who use older versions of content management systems like PHP-nuke, Joomla, Mambo (etc) should keep their maintenance up-to-date too.. older versions of those software products had some code injection vulerabilities too.

For (2), just make sure whatever system you surf the internet with has current antivirus AND (highly recommended) FireFox+NoScript plugin.  It only takes a moment for an unprotected browser to grab a bit of malware, read your passwords (like to your ftp website), and steathly mail it off to the hacker who will use your website to spread his malware.

It's a hacker and kiddie-script jungle out there .. keep the defenses strong and layered so your internet experience can be without harm.

Best regards,
Ken

Thanks Ken for an excellent explanation.

I always have the virus database updated, plus that I have spyware doctor running so I feel quite safe when I surf the internet.

Best regards
Lars
Title: Re: !! to all ADMINS !!
Post by: AZmonsooncats on March 17, 2009, 10:06:08 PM
So far no warnings on my home or work computers :grin: I have ran full virus scans on both using Trend Micro and have only detected tracking cookies that were automatically remove should I have anymore concerns regarding this now fix malware infestation :evil:

Thanks,
           Jeanette
Title: Re: !! to all ADMINS !!
Post by: sam2004gp on March 18, 2009, 07:00:12 AM
So far no warnings on my home or work computers :grin: I have ran full virus scans on both using Trend Micro and have only detected tracking cookies that were automatically remove should I have anymore concerns regarding this now fix malware infestation :evil:

Thanks,
           Jeanette

My WX computer did check out fine.

AZmonsooncats.  I think if you follow the advice given above, which seems you did, and also make sure you have at least 3 separate copies of the backup of your machine or important data(1 being offsite), then you should be safe from any deviant or disaster that can come your way. Also as an additional safety measure I keep all of the older backups as well.  I have one of those 100cd-spindle holders dedicated to holding backups in my closet.  My brother in law's home serves as my location for offsite backup, and I have his offsite backup.

Some people may say why so redundent? :shock:

As safe as I have tried to be, I did get my first ever virus on my machine about 2 months ago, and I picked it up from photobucket.com.  It got onto my machine in a similar fashion that wxforum.net is facing now.  I had done a full backup of my machine about a month before I got it, so all I had to do was format my drive and run a restore process.  I was back to a safe "usable" computer in about 30mins.  I then carefully virus scanned and did a "important data" restore from my incremental backups right to the day before I got the bug.  So worse case for me was, that I lost my itunes playcount for that day. :roll:   Again the whole final restore process took around 45 mins in complete, versus the days or weeks that it would have taken me to reinstall windows and tweak my machine just right again.  So being "anal retentive" about backups that time did save my butt. 8-)
Title: Re: !! to all ADMINS !!
Post by: SlowModem on March 18, 2009, 08:18:06 AM
I have one of those 100cd-spindle holders dedicated to holding backups in my closet.

I have one of those, too, but it holds 45's.

Title: Re: !! to all ADMINS !!
Post by: W Thomas on March 21, 2009, 12:21:03 AM
IE8 just came out today, and it supposedly protects against Javascript malware. I hope that's the case since I just installed it.  :-P

Bruce

Just installed IE8 on my work computer today also.. I installed on that one first since I don't have as much to install from backup as I do here at home if it should croak.  I would be using FF3 on it if it were not for a conflict accessing certain portions of some of the GM websites I have to frequent daily.

Didn't really get a chance to play with it much after the install but the graphics were clear and crisp and seems all the normal functionality was there.
I keep everything locked down as much as I can in the shop at work due to some of the guys and their "not so user friendly" sites :) but there is one machine that slows to a crawl ever so often and I have to remove a couple gigs of tracking cookies and assorted malware mainly because they ignore the prompts from the auto run programs I have there and choose to not run something important :)