Trojan alert: don't visit my website!!!

D

DougC

Guest
Don't visit any of the links to my own website until further notice (the norcom2000.com/dcimper address).

I found a problem on my website today: there was a trojan javascript loader written into the two base pages (index.html and default.html).

I don't think I ever posted links to those pages here, because the index page just had html links off to other pages and sub-directories that I posted stuff on. None of the bicycle-related pages had the trojan stuff on them when I checked them today (the evening of January 10).

The ISP was looking into the matter this afternoon and said for me not to mess with the website for a few days until they say they're done--so I cannot upload new pages, or make any changes at all. Whoever did it the first time could do it again to other pages however, so just stay away until further notice.

I had Spybot Search and Destroy and AdAware but no antivirus. Spybot and Adaware both picked up different various infections when they scanned but could not delete them. I installed AVG antivirus afterwards but that found even more totally-different stuff and could not delete that either (-all three of these programs are free downloads, by the by). I tried for a couple days and couldn't isolate any one virus or trojan that was being used, and decided to just reinstall WinXP.

If you use Firefox and you see in the status bar that it tries to connect to the IP addresses 77,221,133,189 or 77,221,133,188 , then your computer is infected. I don't use Internet Explorer at all, so I don't know if that gives any visible warning or not.

For the technically-inclined, this is one page with some info on the matter:
http://www.justsupportuk.co.uk/77-221-133-188.htm
~
 
Last edited by a moderator:
Okay, alert is over.
Everything back to normal.
Apparently the people who changed the webpage got my PC passwords with a regular-type virus.
~
 
Yup, thanks alot Doug, My wife and I had to shut down our computer repair shop for awhile back when the first Trojan viruses hit us. Couldn't figure out why everything I was fixing kept coming back with a jumbled hard drive.
L.P. You talking about the Big Mac, right? Ha Ha Ha
I'm probably bigger than you.
 
Apparently this is becoming more and more common--when a virus steals all your passwords, the people search the info it gives them for FTP info and then upload viruses to any of your webpages they can--but they have to do it by hand, so it takes them a while. But now when you get infected you have to worry about changing your ISP's password too.

The ISP told me that their log files showed that the Russki person(?) accessed the server several times over a few days (before I found out about my own PC's infection). Each time they took down the previous one, and put up a different virus on the page. The funny part is that I never gave the index page address out anyway--I only gave out links to the pages that the index page linked to, where I had posted specific stuff--so I was basically the only person who ever viewed the index page (aside from anyone who randomly landed on it from Google results or whatever).

Use Firefox browser, friends. Firefox was the only reason I saw that anything was odd.

-------

Also I think I know when the infection happened--and it was with Internet Explorer. I was searching for something with Google (and using Firefox) and clicked on one result and got a blank page. So then I tried Internet Explorer instead, and it showed the page as normal. Considering all that's happened, Firefox should have showed something on that page--unless the page was set up to detect browsers, and only show in IE, forcing people to use IE to view it.

I have used Spybot Search and Destroy for a long time, but never tried using the "immunize" feature before. If you do this, what it does is it sets a big list of known infections website domain names to localhost on your machine, in your hosts file. So if you happen to browse or get redirected to any of these domain names, then all you see (with either browser) is a blank page--but this way you know why you're getting the blank page.
~
 
Last edited by a moderator:
then all you see (with either browser) is a blank page--but this way you know why you're getting the blank page.
~

I only use one browser....was an recently updated MS explorer.
Since the update, I was, almost daily, getting a blank window. I could not X out of it. the only way to close it was to restart my pc.
today, when I logged on, my original explorer is back!! I liked it better anyways....:LOL:

I am PC confused as usual :rolleyes:
 
L.P. You talking about the Big Mac, right? Ha Ha Ha
I'm probably bigger than you.
Naw. My Computer is a Mac. Any virus it may get if any will go away if sent to the trash and deleted. And in any future worst case senarios if someone makes a Mac virous that messes with the trash or something that's okay too cause you can just reinstall your OS disc and you have a clean new computer all over again.
Geek Squad is for PC. Ever see them work on a Mac? :)
 
I've tested hundreds of backup/restore programs and this would have to be the best...it boots BEFORE Windows so u can backup/restore Windows even BEFORE u boot into it.I use it on both my PC's and wouldn't be without it.
It's Shareware meaning u have to pay for it(in thoery) but it's essential IMHO and gives great peace of mind.

http://www.eazsolution.com/

BTW...forgot to mention,it's AMAZINGLY fast.
 
Last edited by a moderator:
Back
Top