virus on svt?

Admin · Dec 15, 2011

Hi guys, we have obviously been monitoring this thread and looking for a cause.

The servers have been scanned numerous times and have come back with a clean bill of health.

I think it's highly likely that the virus could be coming from one of two sources.

Banner Ads
Image code injection

I'm looking into both, but it would be incredibly helpful if you could let me know what pages are triggering the virus alert. Additionally, if you could save that page as HTML and email it to [email protected]

nickstang545 · Dec 15, 2011

I JUST GOT THE VIRUS AGAIN!!!!!!!! I was looking around trying to see where the alert is thinking i was now protected. But i was wrong. Went to THE MARKET, clicked on SVT focus and contour for sale section and got the alert. Went back to THE MARKET and got the alert again. I am now staying off SVTperformance until this issue is fixed. i cant keep doing this. Send out a mass email when the problem is fixed or something but for now im gone and warn others of the same. I love this site, but its getting expensive. Thanks.

pony racer · Dec 16, 2011

a friend of mine said "DNS cache poisoning most likely"

its kind of hard to screen shot when its happening, it imediatly closes your browser (at least it did for me..

i wil almost bet it is coming from one of the banner ads.. that keep scrolling through.. as i was on a page for a good few minutes reading the thread when it happend..

BLKFOX · Dec 16, 2011

It was all throughout my files on my computer...I got a pop up warning on a few threads that I looked at, I just didn't think anything about it and backed out.

Alensvsix · Dec 16, 2011

SID297 said:
In a specific thread, or just in the forum area?

when I was in the 03 cobra red vert, for sale thread...two of those virus- pop ups appeared!

PudgeTheMidget · Dec 16, 2011

SID297 said:
What was the exact page where it happened?

Couldn't tell you, I don't remember. Somewhere in the terminator parts market

SID297 · Dec 16, 2011

Alensvsix said:
when I was in the 03 cobra red vert, for sale thread...two of those virus- pop ups appeared!

Post a link.

jumperjack · Dec 16, 2011

I have had this blocked for the third time. I have Norton 360 on Vista 64 and I have been very happy with the product. Always blocks and detects before infecting any of my home computers and I pay 99 bucks a year for all 3 PC's. This is a screen shot of the message from Norton when it happened.

BLKFOX · Dec 17, 2011

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8365

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/13/2011 9:32:30 AM
mbam-log-2011-12-13 (09-32-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 252702
Time elapsed: 26 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
c:\Users\Josh\AppData\Local\rcq.exe (Trojan.ExeShell.Gen) -> 3996 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (nB) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Josh\AppData\Local\rcq.exe" -a "") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Josh\AppData\Local\rcq.exe" -a "") Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Josh\AppData\Local\rcq.exe" -a "") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Josh\AppData\Local\rcq.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

csb85 · Dec 17, 2011

I got the virus twice in the market. McAfee blows

jumperjack · Dec 17, 2011

Again

I just signed on and went to premium members section and BAM again. Something really needs to be done about this.

SID297 · Dec 18, 2011

That's actually very helpful.

jumperjack · Dec 18, 2011

SID297 said:
That's actually very helpful.

Maybe this screen shot will be helpful also.

SID297 · Dec 19, 2011

Progress is being made.

Admin · Dec 20, 2011

We've made a number of changes to seek out and isolate the virus warning messages.

please let me know if you experience any issues.

Thanks,
ADMIN

pony racer · Dec 21, 2011

got hit with it again.. this is the 4th time.. kills MSE, and Browser instantly..

pony racer · Dec 21, 2011

Trojan:Win64/Sirefef.J
Trojan:Win32/Alureon.TK
Trojan:Win64/Sirefef.B

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 8377

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/21/2011 6:44:07 PM
mbam-log-2011-12-21 (18-44-07).txt

Scan type: Quick scan
Objects scanned: 173083
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
c:\Users\Rick\AppData\Local\hvo.exe (Trojan.ExeShell.Gen) -> 4748 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Rick\AppData\Local\hvo.exe" -a "iexplore.exe) Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Rick\AppData\Local\hvo.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Rick\local settings\application data\hvo.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\Users\Rick\local settings\application data\xql.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

olefafl · Dec 21, 2011

I just got hit also.
Not sure if its the same thing but something keeps closing IE.
Website 178.17.163.189
I had the last page of the wife/GF pic thread open, but also had some others open.

wma8706 · Dec 22, 2011

I got hit last night with the XP antivirus 2012 from the pics and vid section on here!

DaleM · Dec 23, 2011

Doing a full Symantic scan now. WIN 7 had to take me back to earlier points where my computer was working. All is fine by scanning for SVTP AIDS.

virus on svt?

Jack of all trades

New Member

New Member

Active Member

New Member

New Member

OWNER/ADMIN

Active Member

Active Member

Member

Active Member

OWNER/ADMIN

Active Member

OWNER/ADMIN

Jack of all trades

New Member

New Member

Member

New Member

ATACMS changing the game!

Users who are viewing this thread