Site virus !!

[cornishwrecker220]

The past few times I have logged on here my P.C security has flagged up a `exploit` virus ...Microsoft security states this is dangerous & exploits the pc it is run on....fortunately the security I have installed on my P.C alerts me of this & deals with this prompt so no harm done.....Has anyone else noticed this when they log on?? ....I have noticed that the lettering on the KDX site has also gone large again???

[KDXGarage]

Mine looks fine.

[ArkAngel]

mine is also fine.. no problems here

[Gotanubike]

Nope, and I am running MSE as well. Also a web inspector extension and malware bytes with malicious website blocking. All good here

[scheckaet]

no problem here.

[Gotanubike]

I did an web inspector scan for the heck of it...report turned up 100% clean

[cornishwrecker220]

Hmmm don't know why its just me! ..or why it does it when I only log on to here & nowhere else ....thanks for scanning chaps.

[6 Riders]

Hmmm don't know why its just me! ..or why it does it when I only log on to here & nowhere else ....thanks for scanning chaps.

Probably embedded in YOUR browser, do scan with the browser open and then run Spybot with your browser closed.

[Gotanubike]

Could be an ISP filtering or how MSE databases vary in the UK, who knows

[ICRage42]

Define "my pc security". Theres tons of programs out there all of which is about as pointless as carrying a knife to a gun fight but atleast you have a knife.

Sounds like you have a keylogger of sorts. "logs passwords and sites visited amongst often being combined with other programs"

But definetly sounds your end.

First lets take a look at virus's and how and where/when you get them.

1. Visiting porn sites. Sadly porn sites get attacked a lot. Due to the traffic and amount of money they generate.

2. Downloaded pirate programs or operating systems. Also in music files at times.

3. Installing unknown programs from unknown sources.

4. Not properly setting up your computer. (aka remote desktop, network sharing, no passwords or easy ones etc.)

5. THE SITES YA VISIT! Visit a hacking site> expect an injector of sorts. Visit some sick porno site and yea it probably made some hacker mad. Hell Netflix went through this with their site when customers got mad at their price hike. Literally cost them a lot of money in the long run to remove the threats.

What to do!

This is where task manager comes to life. It shows all processes or programs running in realtime. They try to hide it from ya labeling it even Microsoft and such but you more then likely will find it running. You get a fresh computer theres gonna be a specific list that runs in the background and its almost the same for everyone at fresh new. You install a program it will add to the list of running programs. Deciphering if you have something running that shouldn't would be as easy as seeing in task manager. ( another good method in here is also by DATE when installed. if you haven't installed anything for a while ( the one usually with a new date will often be your new culprit.)

So what do you do?

This is the safe mode you always hear about. You simple boot the computer to a safe point where no internet or anything of pizzaz runs. Its just the basic stuff and will have no desktop background but just a simple operating system without anything added or you installed running. OR A VIRUS. Some threats will still be able to run however in safe mode youll be able to terminate the process and also start removing them. (not removing all of the program usually results when booting normal will just redownload the program and start running again.) This is where you google the suspicious program and from there you be sure to remove all programs associated with the threat. Most often in safe mode your anitivirus can do a scan and help to remove the threat or identify it for you to remove. If its a new virus then google or your anitivirus will be of not much help and only your investigator skills will only help you and your knowledge of running processes. (whats supposed to run). From here you also have to make sure you have no traces in your registry otherwise it will keep downloading the program every time you boot up.

Once removed.

You simply return to normal and avoid nasty sites. Change your passwords for piece of mind.

How to avoid.

I cannot stress this enough......it could not be you who infected your computer. Someone on your network could of, or a kid downloading games or music can as well. Visiting porn sites often gets ya so pick a trusted one. But its almost very hard for virus's of sorts to happen anymore with UAC enabled devices. (USER ACCOUNT CONTROL) In order for it to install you have to physically CLICK TO INSTALL so yea don't install if your not sure. Just clicking yes to go to the site or whatever generally puts it on the computer and you wont notice it till you boot up the next time.

If it was KDXRider then Julien would have to do the same above to remove it from the server files and prolly about 300 or so post stating VIRUS would be evident. Also most antivirus programs will report it and most often an antivirus will add it to a database and most wont be able to view the site all together until its fixed and files are no longer on site. A lot of antivirus's share the same database threats. Its like over 3000 new virus's are reported new a day and it takes several days for programs to catch up and realize they are a threat too.

If your computer is up to date with updates and you can view youtube videos. You do not need to download programs to view videos or codecs. (scam)

Never click to install additional software to view this or that. (scam) Your computer is already able to read it.

Ive removed virus's for years and I always tell everyone who I help. Ive had a customer for years and all she visits is a quilting website. Shes still on windows 98. Doesn't have an email or anitivirus at all. Only goes to that one website. Shes never had a virus in all these years. I never charge her but she thinks that her computer is like her car and every three thousand miles brings her computer to me.

Post back with your findings and if you need help. I can try as best as possible from my end for ya.

[ICRage42]

also your web inspector and other programs like that are a bit misleading you still can go to a website that checks out fine but there still can be threats there. Especially if flash based website.

Im familiar with this database and its structure and I can tell you KDXRider has an antivirus running. The site It doesn't allow certain file uploads and is very basic in design toward the (you) user end. So basically you really couldn't receive any threats here.

Now however if you follow a link and it redirects you from these forums your now back at where the hell did ya go and is it safe. So keep that in mind.

The method I just showed you just made you YOUR OWN SPYBOT SEARCH AND DESTROY. Once you get this understanding youll never have to rely on some program and youll be better protected. All I did was teach you some internet kung fu.

I basically showed you how to do a plug chop on a computer to see how your running. If you got a virus your gonna run sluggish. Do a "plug chop" task manager to see whats up. Reboot/ Run the computer (see if you removed everything) do another plug chop task manager to see if you run better or faster. Reboot run check repeat. Till satisfied or nothing running weird. Computers run faster with less processes. In safe mode itll run slicker then a babies ass because theres very little processes running.

[ICRage42]

I should also note please be sure to check what your stopping or uninstalling. Its basically not that hard but like anything you can make it a lot harder. Just ask.

It could be as simple as a false positive for private messages. In theory a forced pop up box sometimes can be determined as a threat.

Shoot me some more info.

[Gotanubike]

Being a laptop user I constantly have my eye on processes merely for the intent to keep my system temperatures as low as I can...heck I even go as for to reset windows explorer now and again to keep the working memory and I/O reads lower for that. dllhost.exe, taskhost.exe, any graphics catalyst programs on standby can be closed..

I'm a big believer in Comodo group(the web inspector). They are pretty much the leaders in online freeware for firewall and antivirus applications. They are 2nd behind Symantec for issuing website SSL certificates and are pretty legit. I trust their databases are up to date

[Julien D]

I have tested every which way from sunday and cannot turn up any malicious code on the site.

[scheckaet]

thanks ICRage42, very informative.
Thanks to Julien too for checking it out and keeping the site running

[KDXGarage]

Thank you for the long thorough information IC.

Julien D, thanks again for checking it out.

[ICRage42]

I have tested every which way from sunday and cannot turn up any malicious code on the site.

and you wont not your end. TY for testing for **** sakes however I sense the force is strong with you Julien no worries.

Being a laptop user I constantly have my eye on processes merely for the intent to keep my system temperatures as low as I can...heck I even go as for to reset windows explorer now and again to keep the working memory and I/O reads lower for that. dllhost.exe, taskhost.exe, any graphics catalyst programs on standby can be closed..

I'm a big believer in Comodo group(the web inspector). They are pretty much the leaders in online freeware for firewall and antivirus applications. They are 2nd behind Symantec for issuing website SSL certificates and are pretty legit. I trust their databases are up to date

Only thing I have to say about that is this.......anything man made will break........anything on the internet is vulnerable. I can have a flash website and it will check fine but can easily effect you just within source code. Yea I know I lost ya but its just too easy. Just warnin ya is all. Wear a helmet too hahahaha

AND TY
I try to help since you've all been very kind here. No matter who I meet its always a good day. ....an yea I can type pages of info rofl but give me some info I can figure it out. Least I can do for the help

[ICRage42]

Thank you for the long thorough information IC.

Julien D, thanks again for checking it out.

omg im sorry dude really I can get carried away at times. To me its fun.

[cornishwrecker220]

Thanks for your help guys I`ll see what I can do at my end.....it flagged up again when I visited this site just now! ...its funny but it doesn't do it on any other site..only here

[Gotanubike]

I have tested every which way from sunday and cannot turn up any malicious code on the site.

and you wont not your end. TY for testing for **** sakes however I sense the force is strong with you Julien no worries.

Being a laptop user I constantly have my eye on processes merely for the intent to keep my system temperatures as low as I can...heck I even go as for to reset windows explorer now and again to keep the working memory and I/O reads lower for that. dllhost.exe, taskhost.exe, any graphics catalyst programs on standby can be closed..

I'm a big believer in Comodo group(the web inspector). They are pretty much the leaders in online freeware for firewall and antivirus applications. They are 2nd behind Symantec for issuing website SSL certificates and are pretty legit. I trust their databases are up to date

Only thing I have to say about that is this.......anything man made will break........anything on the internet is vulnerable. I can have a flash website and it will check fine but can easily effect you just within source code.

True adobe does place many unique shared cookies on your system so it can optimize how you use it. Many sites do this and you can expect they would be able to track your use of that website.

Luckily there are certificates for safe executable downloads, and I'm pretty sure there's more to adobe then just borrowing their host platform to put up a flash game and delivering a virus through a cookie.

That being said, phpBB is an open source forum software, but absolutely could never be used to distribute a virus.