Author Topic: !! to all ADMINS !!  (Read 9502 times)

0 Members and 1 Guest are viewing this topic.

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1362
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #25 on: March 16, 2009, 09:21:46 PM »

Hmm. Here's what I'm noticing this evening. Besides some of the fonts on the forum appearing smaller than usual (especially in the tabs and some other links), I noticed the banner images in peoples' sigs appear blurred/fuzzy. So I measured some of them, and they're smaller on the forum screen than they are when I "View Image", during which they appear normal size and unblurred. Anyone else?
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #26 on: March 16, 2009, 09:29:36 PM »
Hmmm... they all appear the same for me Kevin (both font sizes and banner sizes).  Which browser are you using?  If IE, have you inadvertently set character size as 'smaller'?  Also, have you cleared your disk cache and reloaded the page fresh?
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1362
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #27 on: March 16, 2009, 09:40:29 PM »
Hmmm... they all appear the same for me Kevin (both font sizes and banner sizes).  Which browser are you using?  If IE, have you inadvertently set character size as 'smaller'?  Also, have you cleared your disk cache and reloaded the page fresh?

Hi, Ken.

I'm using FF 3.0.7. I haven't changed the character size. I did clear the cache and refreshed the page. What's strange is that the sig banners appear smaller (by measuring them on the screen) in the forum browser than in the browser when I "View Image." Also, my own banner is smaller on the forum page than it is on my web site.

I wondered if anyone else noticed it inasmuch as I didn't notice it until tonight (after the spyware "attack".) Don't worry about it unless several others mention they observe something similar.

Thanks!
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline up10ad

  • WxElement panel
  • Forecaster
  • *****
  • Posts: 564
    • DeltaWeatherCam
Re: !! to all ADMINS !!
« Reply #28 on: March 16, 2009, 09:52:34 PM »
I was getting the alert the other day when using Safari on my MacBook Pro but not when using Firefox.  I didn't try it with any of my Win clients until just now, and it seems clean to my system tests with AVG and Trend Micro.  Also re-tested with Safari and it gives no warnings now.

Good job cleaning, good luck locating source.
Rick
Have you joined USAWeatherFinder.com yet?


Offline Mark / Ohio

  • Live from Mars!
  • Forecaster
  • *****
  • Posts: 2403
    • Fairfield County Weather
Re: !! to all ADMINS !!
« Reply #29 on: March 16, 2009, 10:18:11 PM »
Last night I received a "down for maintenance" full page gray banner for an hour of so around midnight.  Could that of been when the exploits was taking place?

Mark 
2002 Davis VP I Wireless, WeatherLink (Serial), VWS, ImageSalsa, GRLevel3, VirtualVP, VPLive, StartWatch, Windows XP (SP3)


Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #30 on: March 16, 2009, 10:23:58 PM »
I'm not sure Mark .. I worked on the issue a bit yesterday, and full log-grinding today to isolate the source.  

Their method (which I won't disclose :) shouldn't have caused the 'grey screen of death' for the forum.. that could have been a temporary loss of SQL connection due to other causes.

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline lddaly

  • Plano, Texas - USA
  • Forecaster
  • *****
  • Posts: 414
    • Plano, TX Weather
Re: !! to all ADMINS !!
« Reply #31 on: March 16, 2009, 10:25:00 PM »
Hi, Ken.

I'm using FF 3.0.7. I haven't changed the character size. I did clear the cache and refreshed the page. What's strange is that the sig banners appear smaller (by measuring them on the screen) in the forum browser than in the browser when I "View Image." Also, my own banner is smaller on the forum page than it is on my web site.

I wondered if anyone else noticed it inasmuch as I didn't notice it until tonight (after the spyware "attack".) Don't worry about it unless several others mention they observe something similar.

Thanks!
Since you are using FF, you can troubleshoot easily using safe mode: http://support.mozilla.com/en-US/kb/Safe+Mode

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #32 on: March 16, 2009, 10:27:52 PM »
FWIW, earlier this afternoon AVG warned me about two trojan infections when I logged on to this website. One AVG was able to heal, but the other it was not. I plan on running a full scan his evening and manually removing the offending boogger if I have to. It's a nasty job, but someone has to do it.  :-P

Thanks Ken for getting on top of this so quickly!

Bruce
Oooh... sorry you caught one, Bruce.  Those driveby downloaders are a pain.

FWIW:  the encoded JavaScript resulted in a small hidden <iframe> that caused an URL to be accessed .. that url had additional malware downloads.  Sneaky devils..  more reason to use FireFox with NoScript .. never execute the scripts from unknown sources and it prevents the infection in the first place.

Hope you can disinfect easily!  Sorry for the inconvenience!!

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline mackbig

  • Forecaster
  • *****
  • Posts: 4121
    • Mackie's Main Street, Unionville, ON Canada Weather
Re: !! to all ADMINS !!
« Reply #33 on: March 16, 2009, 10:29:33 PM »
I have not seen any warnings.  During the day since 6am at work, that is normal since my IE is a citrix deploy so not too worried about infection.  At home nothing on weather pc running IE 5.5 with CA internet suite.  Anyone else run CA?   Ass u me it catches this kind of thing?  I know one of the forum members had an injection attack (VBS/MS06-014!exploit.) on their site back in october (Ken, you helped in the cleaning/resolutino of that site)....  Nothing on mac running FF 3.07 (no protection).  what's this no script mode? should I be worried on a mac?

Andrew

Andrew - Davis VP2+ 6163, serial weatherlink, wireless anemometer, running Weather Display.  Boltek PCI Stormtracker, Astrogenic Nexstorm, Strikestar - UNI, CWOP CW8618, GrLevel3, (Station 2 OS WMR968, VWS 13.01p09), Windows 7-64

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #34 on: March 16, 2009, 10:43:36 PM »
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline killwilly

  • Forecaster
  • *****
  • Posts: 775
Re: !! to all ADMINS !!
« Reply #35 on: March 17, 2009, 02:09:20 AM »
I had two trojan horse infections over the weekend when connecting to the forum, fortunately AVG removed them both, had no problems since.

Many thanks Ken for your prompt action.   =D&gt;

Alan
Alan >>>>>><br /><br />Hardware:- Davis Vantage Vue<br />Software:-  VWS:14.00 p87. Davis WeatherLink<br />Location:-  Lincolnshire, UK.<br /><br /><br />Wunderground ID,  ILINCOLN15

Offline Axelvold

  • Forecaster
  • *****
  • Posts: 1704
    • Axelvold's weather and photo
Re: !! to all ADMINS !!
« Reply #36 on: March 17, 2009, 04:53:40 AM »
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.
« Last Edit: March 17, 2009, 10:08:19 AM by Axelvold »
Lars Magnusson
Axelvold / Sweden
55° 57' 41" N / 13° 6' 1" E
WX Station: Davis Vantage Pro2 Plus

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1362
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #37 on: March 17, 2009, 09:02:10 AM »
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Thanks for the tip, Ken! I installed it. FF has so many plugins and add-ons that I rarely check them out any more.
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline Anthony

  • Forecaster
  • *****
  • Posts: 1707
    • Anthony's Weather
Re: !! to all ADMINS !!
« Reply #38 on: March 17, 2009, 09:09:28 AM »
I was only on once or twice before noon yesterday. I also run AVG and have win firewall disabled on this machine. Did not recieve and warnings or notices from AVG what so ever. Normally I would have been on during the afternoon and evening. But was busy from noon on yesterday. So maybe that was my saving grace?



Thanks,
Anthony
WB8YUE

Offline sam2004gp

  • Mount Crawford, Virginia
  • Forecaster
  • *****
  • Posts: 2814
  • Weeeeeeeee!!!!
    • Mount Crawford Weather, VA
Re: !! to all ADMINS !!
« Reply #39 on: March 17, 2009, 09:54:30 AM »
Yeah, same here, I was not on during my normal times during the last two days.  When I get home today.  I will scan the computer really well.  I am on a MAC Duel-G5 right now, so no worry there. ;)
SAM --->>> http://www.mountcrawfordweather.org
OS WMR-968 with a Dedicated PWS Weather Computer running VWS v13.01 p09


Offline sam2004gp

  • Mount Crawford, Virginia
  • Forecaster
  • *****
  • Posts: 2814
  • Weeeeeeeee!!!!
    • Mount Crawford Weather, VA
Re: !! to all ADMINS !!
« Reply #40 on: March 17, 2009, 03:01:17 PM »
At home on my main machine, running AVG full scan, windows defender full scan and installed no script in firefox.

What more can I do to my dedicated wx computer?
It is XP Pro SP3 (bootleg)<-no further updates after that. 
I have choosen not to put any virus software on it, to keep from slowing it down anymore. 
It's Pentuim II 300 MHZ machine with 384 RAM.  It has IE6, and I did set my "internet security settings" to high.  I do not surf on it, unless I am checking my own weather site, or perhaps WXforum.net quickly in case I don't want to start the main machine.
« Last Edit: March 17, 2009, 05:02:01 PM by sam2004gp »
SAM --->>> http://www.mountcrawfordweather.org
OS WMR-968 with a Dedicated PWS Weather Computer running VWS v13.01 p09


Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1362
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #41 on: March 17, 2009, 03:46:37 PM »
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #42 on: March 17, 2009, 04:14:14 PM »
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Sure... the secret is to include something like
Code: [Select]
<noscript><p>[Enable JavaScript for live updates]</p></noscript> on your page where appropriate.  If JavaScript is NOT enabled the message "[Enable JavaScript for live updates]" will appear where you'd placed it on the page, otherwise the message doesn't appear.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #43 on: March 17, 2009, 04:18:23 PM »
At home on my main machine, running AVG full scan, windows defender full scan and installed no script in firefox.

What more can I do to my dedicated wx computer?
It is XP Pro SP3 (bootleg)<-no further updates after that. 
I have choosen not to put any virus software on it, to keep from slowing it done anymore. 
It's Pentuim II 300 MHZ machine with 384 RAM.  It has IE6, and I did set my "internet security settings" to high.  I do not surf on it, unless I am checking my own weather site, or perhaps WXforum.net quickly in case I don't want to start the main machine.
The best thing to do on a machine without AV software is:
1) don't use the browser (except IE to access the Windows Update) or
2) use Firefox with NoScript installed (prevents drive-by malicious JavaScripts from executing).

It's possible that even trusted sites may get hacked from time to time (witness our problems on 3/15-3/16), so having layers of defense is the best thing.   I don't have AV on my weather system either, but I only use FF+NoScript to check my website, and IE only for doing windows updates (which I do regularly).

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1362
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #44 on: March 17, 2009, 04:28:59 PM »
Firefox has a great plugin called NoScript ( https://addons.mozilla.org/en-US/firefox/addon/722 )

With it, you have JavaScript automatically turned OFF on any new site you visit, and you have the option of enabling it for this and the next visit, or just for this browser session.  It gives you time to look at the domains of where the JavaScript is emanating from, and make your choices wisely.  Then if a bit of JavaScript malware creeps into a 'trusted' site, the destination site to get the real junk downloaded will be blocked by NoScript .. so drive-by downloads become very difficult to accomplish on your system -- good for you, bad for malware authors.

Is there a way to alert a visitor to my site to enable javascript when they don't have javascript enabled?

(Since installing the above plugin on my FF browser, I visited one of my usual web sites. It--the site, not FF--displayed a message telling me that I need to have javascript enabled. I liked that notice. Is there a simple way to do that without displaying the message on every page?)

Thanks!
Sure... the secret is to include something like
Code: [Select]
<noscript><p>[Enable JavaScript for live updates]</p></noscript> on your page where appropriate.  If JavaScript is NOT enabled the message "[Enable JavaScript for live updates]" will appear where you'd placed it on the page, otherwise the message doesn't appear.

Jiminy! You're the coding master, Ken! Thanks much! :-o
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 4506
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #45 on: March 17, 2009, 04:35:42 PM »
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.

Hi Lars,

We feel fairly confident that we located the 'hole' that the miscreant used to modify the .php (and .htm) pages inserting the JavaScript to make the invisible <iframe> drive-by downloader.  Logs checked this morning, and last modification by them was on 3/16 at about 4am and no successful modifications after that.

In general, there are two basic ways that hackers can penetrate your site:
1) through scripts on your website that don't have sufficient parameter checks, or
2) ftp or ssh/telnet access to the site through a compromised password

For the commonly available weather website scripts (including the ones offered on my site, the templates and plugins), they all have safe parameter handling, so offer no way in for miscreants.  Older versions of HamWeather PHP did have a vulnerability (3.9.8 .4 and below only) to allow script injection, so make sure your HAMweather is 3.9.8.5 + ).  Even though this vulnerability was patched in Oct 2006, I still see knocks at my door trying to see if I've been foolish enough to have an old version of HAMweather installed (I don't have it installed at all on my site).  Likewise, folks who use older versions of content management systems like PHP-nuke, Joomla, Mambo (etc) should keep their maintenance up-to-date too.. older versions of those software products had some code injection vulerabilities too.

For (2), just make sure whatever system you surf the internet with has current antivirus AND (highly recommended) FireFox+NoScript plugin.  It only takes a moment for an unprotected browser to grab a bit of malware, read your passwords (like to your ftp website), and steathly mail it off to the hacker who will use your website to spread his malware.

It's a hacker and kiddie-script jungle out there .. keep the defenses strong and layered so your internet experience can be without harm.

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis Vantage Pro Plus - FARS, Boltek-PCI/NexStorm, GRLevel3, WD, WL, VWS, Cumulus, Meteohub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline sam2004gp

  • Mount Crawford, Virginia
  • Forecaster
  • *****
  • Posts: 2814
  • Weeeeeeeee!!!!
    • Mount Crawford Weather, VA
Re: !! to all ADMINS !!
« Reply #46 on: March 17, 2009, 05:09:36 PM »
Main Computer scans complete.  Nothing found except for a few tracking cookies.  Doing an online virus scan of the weather computer now.
SAM --->>> http://www.mountcrawfordweather.org
OS WMR-968 with a Dedicated PWS Weather Computer running VWS v13.01 p09


Offline Axelvold

  • Forecaster
  • *****
  • Posts: 1704
    • Axelvold's weather and photo
Re: !! to all ADMINS !!
« Reply #47 on: March 17, 2009, 05:53:37 PM »
I just wonder how this can be possible, to any unauthorized person places a script without any notice it?

Is this not something to take up with the supplier of the we space, that they must review their security?

I know there are some who will find these questions stupid, but I can take it.

Hi Lars,

We feel fairly confident that we located the 'hole' that the miscreant used to modify the .php (and .htm) pages inserting the JavaScript to make the invisible <iframe> drive-by downloader.  Logs checked this morning, and last modification by them was on 3/16 at about 4am and no successful modifications after that.

In general, there are two basic ways that hackers can penetrate your site:
1) through scripts on your website that don't have sufficient parameter checks, or
2) ftp or ssh/telnet access to the site through a compromised password

For the commonly available weather website scripts (including the ones offered on my site, the templates and plugins), they all have safe parameter handling, so offer no way in for miscreants.  Older versions of HamWeather PHP did have a vulnerability (3.9.8 .4 and below only) to allow script injection, so make sure your HAMweather is 3.9.8.5 + ).  Even though this vulnerability was patched in Oct 2006, I still see knocks at my door trying to see if I've been foolish enough to have an old version of HAMweather installed (I don't have it installed at all on my site).  Likewise, folks who use older versions of content management systems like PHP-nuke, Joomla, Mambo (etc) should keep their maintenance up-to-date too.. older versions of those software products had some code injection vulerabilities too.

For (2), just make sure whatever system you surf the internet with has current antivirus AND (highly recommended) FireFox+NoScript plugin.  It only takes a moment for an unprotected browser to grab a bit of malware, read your passwords (like to your ftp website), and steathly mail it off to the hacker who will use your website to spread his malware.

It's a hacker and kiddie-script jungle out there .. keep the defenses strong and layered so your internet experience can be without harm.

Best regards,
Ken

Thanks Ken for an excellent explanation.

I always have the virus database updated, plus that I have spyware doctor running so I feel quite safe when I surf the internet.

Best regards
Lars
Lars Magnusson
Axelvold / Sweden
55° 57' 41" N / 13° 6' 1" E
WX Station: Davis Vantage Pro2 Plus

Offline AZmonsooncats

  • Current weather conditions in North Phoenix, Ariz
  • Senior Contributor
  • ****
  • Posts: 182
  • Me & My Little Sis!!
    • Pepper Ridge North Valley  Weather and Lightning
Re: !! to all ADMINS !!
« Reply #48 on: March 17, 2009, 10:06:08 PM »
So far no warnings on my home or work computers :grin: I have ran full virus scans on both using Trend Micro and have only detected tracking cookies that were automatically remove should I have anymore concerns regarding this now fix malware infestation :evil:

Thanks,
           Jeanette
"Some dreams are in the night time, And some seem like yesterday
But leaves turn brown and fade, Ships sail away
You long to say a thousand words…but Seasons Change."


Offline sam2004gp

  • Mount Crawford, Virginia
  • Forecaster
  • *****
  • Posts: 2814
  • Weeeeeeeee!!!!
    • Mount Crawford Weather, VA
Re: !! to all ADMINS !!
« Reply #49 on: March 18, 2009, 07:00:12 AM »
So far no warnings on my home or work computers :grin: I have ran full virus scans on both using Trend Micro and have only detected tracking cookies that were automatically remove should I have anymore concerns regarding this now fix malware infestation :evil:

Thanks,
           Jeanette

My WX computer did check out fine.

AZmonsooncats.  I think if you follow the advice given above, which seems you did, and also make sure you have at least 3 separate copies of the backup of your machine or important data(1 being offsite), then you should be safe from any deviant or disaster that can come your way. Also as an additional safety measure I keep all of the older backups as well.  I have one of those 100cd-spindle holders dedicated to holding backups in my closet.  My brother in law's home serves as my location for offsite backup, and I have his offsite backup.

Some people may say why so redundent? :shock:

As safe as I have tried to be, I did get my first ever virus on my machine about 2 months ago, and I picked it up from photobucket.com.  It got onto my machine in a similar fashion that wxforum.net is facing now.  I had done a full backup of my machine about a month before I got it, so all I had to do was format my drive and run a restore process.  I was back to a safe "usable" computer in about 30mins.  I then carefully virus scanned and did a "important data" restore from my incremental backups right to the day before I got the bug.  So worse case for me was, that I lost my itunes playcount for that day. :roll:   Again the whole final restore process took around 45 mins in complete, versus the days or weeks that it would have taken me to reinstall windows and tweak my machine just right again.  So being "anal retentive" about backups that time did save my butt. 8-)
SAM --->>> http://www.mountcrawfordweather.org
OS WMR-968 with a Dedicated PWS Weather Computer running VWS v13.01 p09