Partner Nintendo 3DS Central Social

Malicious redirects on forum

M

Malachi

Well-Known Member
8
2013
1
Awards
1
Credits
2,850
Just a heads up - Tonight while I was browsing GamingForce, I kept getting notifications from my virus protection software (Kaspersky) that a malicious URL was being downloaded and had been blocked. A bit of Googling told me that the site in question (Desk-airline.ru/ais/ditante.php) was at the back end of about 2 dozen malicious redirects.

Now, it's possible my machine has been infected with spyware or malware that's attempting to hijack my browser, but I haven't been able to reproduce the issue on any other site. If it's the site and not my computer, then other forum members have probably experienced the same thing; if it's me, obviously they won't have. Kaspersky is doing a good job of blocking the redirect URLs, but unfortunately only tells me that Firefox.exe is attempting to download a PHP object which contains the desk-airline.ru malicious URL. There's no record of the specific URLs where the PHP object was found.

I figured it was something you'd want to investigate.
 
We recently just got hit with some spam that may be the cause. The spam is now gone, are you still getting this message because out of all my stuff on my PC I haven't received notice and my malware is a touchy program.
 
Thank you for the awesome heads up bro. Like DS said, we did just get hit with a bunch of spam, which has since been taken care of. Hopefully the cause is fully gone so the Malicious activity would be gone as well. Please let us know if you have anymore for us. +Rep for you.
 
Wow, you guys are quick.

Also, if anybody thinks they might have accidentally downloaded the object, the pieces of it have to be removed manually. The desk-airline.ru redirect/malware is usually associated with a program called isecurity.exe, which then installs itself as "Internet Security 2012". To get rid of it, you have to first find the isecurity.exe file on your hard drive and re-name it in order to stop the process from running. Once you've done that, open regedit and look for "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security 2012″". Delete those registry entries, then go back and delete the former isecurity file.
 
Good to see the kind and active admins are working upon this, I haven't had any notifications from my antivirus so it most likely has been sorted out which is hopefully the case. I hate spam attacks and hope this never happens again as it can be quite the frustrating thing to deal with.
 
Just so you guys know I have found and removed the cause of this. I will let Demon_Skeith decide what to reveal about the issue but I did want to let everyone know it's resolved.
 
Thank you for your diligence on this matter. I know that the members and us Admins appreciate the speedy effort to take care of this issue. Great work.
 
http://sitecheck.sucuri.net/results/forum.gamingforce.us

Apparently at some point a file was sneaked into a area of my hosted files I don't visit often which was the caused of this. For that I apologize. Luckily this malicious file wasn't a deadly threat and may have only reacted to those with Kaspersky as I've searched my PC and laptop and have not found this on either of them.

Many many thanks Malachi for bringing this to my attention. Here at GF stuff like this will of course be taken care of the second it's discovered and dealt with quickly. I will now work with my hosting to better ensure tighter security for the future.

-DS
 
Demon_Skeith said:
http://sitecheck.sucuri.net/results/forum.gamingforce.us

Apparently at some point a file was sneaked into a area of my hosted files I don't visit often which was the caused of this. For that I apologize. Luckily this malicious file wasn't a deadly threat and may have only reacted to those with Kaspersky as I've searched my PC and laptop and have not found this on either of them.

Many many thanks Malachi for bringing this to my attention. Here at GF stuff like this will of course be taken care of the second it's discovered and dealt with quickly. I will now work with my hosting to better ensure tighter security for the future.

-DS
Click to expand...
Yes a file of that nature isn't so easy to catch. I will say this though that if it had actually been an exploit, virus, etc that had been uploaded it would have been quarantined immediately. I wanted to ensure you and your users we do have safe guards in place for that type of activity.
 
Thank you again Chris_EH and Malachi for your work in this. We appreciate it respectively. +Rep for both of you.
 
You must log in or register to reply here.
Back
Top