Trojan alert: don't visit my website!!!

Discussion in 'General Questions' started by DougC, Jan 10, 2008.

  1. DougC

    DougC Guest

    Don't visit any of the links to my own website until further notice (the address).

    I found a problem on my website today: there was a trojan javascript loader written into the two base pages (index.html and default.html).

    I don't think I ever posted links to those pages here, because the index page just had html links off to other pages and sub-directories that I posted stuff on. None of the bicycle-related pages had the trojan stuff on them when I checked them today (the evening of January 10).

    The ISP was looking into the matter this afternoon and said for me not to mess with the website for a few days until they say they're done--so I cannot upload new pages, or make any changes at all. Whoever did it the first time could do it again to other pages however, so just stay away until further notice.

    I had Spybot Search and Destroy and AdAware but no antivirus. Spybot and Adaware both picked up different various infections when they scanned but could not delete them. I installed AVG antivirus afterwards but that found even more totally-different stuff and could not delete that either (-all three of these programs are free downloads, by the by). I tried for a couple days and couldn't isolate any one virus or trojan that was being used, and decided to just reinstall WinXP.

    If you use Firefox and you see in the status bar that it tries to connect to the IP addresses 77,221,133,189 or 77,221,133,188 , then your computer is infected. I don't use Internet Explorer at all, so I don't know if that gives any visible warning or not.

    For the technically-inclined, this is one page with some info on the matter:
    Last edited by a moderator: Jan 10, 2008

  2. DougC

    DougC Guest

    Okay, alert is over.
    Everything back to normal.
    Apparently the people who changed the webpage got my PC passwords with a regular-type virus.
  3. azbill

    azbill Active Member

    thanks for the 'heads up' !
    glad all is back to normal :D
  4. I have a Mac anyway so.......macs rule. :D
  5. Dockspa1

    Dockspa1 Guest

    Yup, thanks alot Doug, My wife and I had to shut down our computer repair shop for awhile back when the first Trojan viruses hit us. Couldn't figure out why everything I was fixing kept coming back with a jumbled hard drive.
    L.P. You talking about the Big Mac, right? Ha Ha Ha
    I'm probably bigger than you.
  6. DougC

    DougC Guest

    Apparently this is becoming more and more common--when a virus steals all your passwords, the people search the info it gives them for FTP info and then upload viruses to any of your webpages they can--but they have to do it by hand, so it takes them a while. But now when you get infected you have to worry about changing your ISP's password too.

    The ISP told me that their log files showed that the Russki person(?) accessed the server several times over a few days (before I found out about my own PC's infection). Each time they took down the previous one, and put up a different virus on the page. The funny part is that I never gave the index page address out anyway--I only gave out links to the pages that the index page linked to, where I had posted specific stuff--so I was basically the only person who ever viewed the index page (aside from anyone who randomly landed on it from Google results or whatever).

    Use Firefox browser, friends. Firefox was the only reason I saw that anything was odd.


    Also I think I know when the infection happened--and it was with Internet Explorer. I was searching for something with Google (and using Firefox) and clicked on one result and got a blank page. So then I tried Internet Explorer instead, and it showed the page as normal. Considering all that's happened, Firefox should have showed something on that page--unless the page was set up to detect browsers, and only show in IE, forcing people to use IE to view it.

    I have used Spybot Search and Destroy for a long time, but never tried using the "immunize" feature before. If you do this, what it does is it sets a big list of known infections website domain names to localhost on your machine, in your hosts file. So if you happen to browse or get redirected to any of these domain names, then all you see (with either browser) is a blank page--but this way you know why you're getting the blank page.
    Last edited by a moderator: Jan 17, 2008
  7. srdavo

    srdavo Active Member

    I only use one browser....was an recently updated MS explorer.
    Since the update, I was, almost daily, getting a blank window. I could not X out of it. the only way to close it was to restart my pc.
    today, when I logged on, my original explorer is back!! I liked it better anyways....:lol:

    I am PC confused as usual :rolleyes:
  8. Naw. My Computer is a Mac. Any virus it may get if any will go away if sent to the trash and deleted. And in any future worst case senarios if someone makes a Mac virous that messes with the trash or something that's okay too cause you can just reinstall your OS disc and you have a clean new computer all over again.
    Geek Squad is for PC. Ever see them work on a Mac? :)
  9. DougC

    DougC Guest

    This seems to be a rising trend -- of somebody infecting your computer, and then using the info they get of that to infect any websites you have upload access to.

    At this point if I could have my ISP automatically filter out any websites or email from Nigeria, Russia or China I think I would do it.....
  10. fetor56

    fetor56 Guest

    I've tested hundreds of backup/restore programs and this would have to be the boots BEFORE Windows so u can backup/restore Windows even BEFORE u boot into it.I use it on both my PC's and wouldn't be without it.
    It's Shareware meaning u have to pay for it(in thoery) but it's essential IMHO and gives great peace of mind.

    BTW...forgot to mention,it's AMAZINGLY fast.
    Last edited by a moderator: Jan 25, 2008