Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3 4 ... 7

Author Topic: Warning - DSLzone site compromised  (Read 36453 times)

UncleUB

  • Helpful
  • Senior Kitizen
  • *
  • Posts: 29543
Re: Warning - DSLzone site compromised
« Reply #15 on: March 22, 2010, 09:50:42 AM »

Don't ask where the name comes from....even the Spybot people at Safer Networking don't seem to know.
It is disabled by default ( IIRC )......just don't switch it on..

I see.

So I have now seen..Spybot S&D,Housecall,and one called Malwarebytes......Which would be the best (easiest) for me (the wuss) to use.
Logged

tuftedduck

  • Senior Kitizen
  • ******
  • Posts: 29658
  • Router Luvvin Duck
Re: Warning - DSLzone site compromised
« Reply #16 on: March 22, 2010, 09:58:17 AM »

Malwarebytes.

Get it from here.....http://www.malwarebytes.org/    .using the blue button to get the free version.

Install, update and then do a full scan...................good program and constructed specifically so that you can do effective scan in "normal" mode...no need to put the PC into safe mode........and scans very quickly.
Also, it is reliable...if it finds something, let it deal with it.
Further, the free version has no resident component so no clash with your av.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Warning - DSLzone site compromised
« Reply #17 on: March 22, 2010, 10:01:20 AM »

-edited - keep going to reply but TD is very much on the ball with this thread and beat me to it..- so follow his advice :)
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Browni

  • Reg Member
  • ***
  • Posts: 137
Re: Warning - DSLzone site compromised
« Reply #18 on: March 22, 2010, 10:01:51 AM »

Beat me to it tufted!

I'm moderating a local Freegle group just now so can't be just as quick on the keyboard as you!

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Warning - DSLzone site compromised
« Reply #19 on: March 22, 2010, 10:30:18 AM »

Quote
I will run some scans, I personally think its poorly written scripts as someone said Admin has been in and done summit

I can guarantee it isnt - the database has definitely been compromised by a 3rd party...and I know exactly what code has been modified, and where the payload is coming from.   

Doesnt take a genius to do a proper bit of detective work to find that out.   Once you have that info then the alarm bells start ringing with all the protection sites as its well known to host trojan payloads of this type 
Theres a very obvious reason why I wont disclose that info on a public forum. :no:
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33879
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Warning - DSLzone site compromised
« Reply #20 on: March 22, 2010, 11:02:50 AM »

Not going to waste any more of my time on this.  
Not my problem...   and I have more than enough to do on my own site.


I cared about those that did use that site and didnt want them being infected.
Ive done my bit for the diagnostics.... far more than they (site owners) have.  Its now up to the other site to properly act upon the information passed on to them.
« Last Edit: March 22, 2010, 11:05:37 AM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Browni

  • Reg Member
  • ***
  • Posts: 137
Re: Warning - DSLzone site compromised
« Reply #21 on: March 22, 2010, 11:06:22 AM »

Kitz,

I think what you have done is admirable.

UncleUB

  • Helpful
  • Senior Kitizen
  • *
  • Posts: 29543
Re: Warning - DSLzone site compromised
« Reply #22 on: March 22, 2010, 11:58:24 AM »

I downloaded malwarebytes and did a full scan as requested.

It found 1 infected item,what's the best way to proceed with it?

This was the result



I think it is adware.mywebsearch......

« Last Edit: March 22, 2010, 12:23:04 PM by UncleUB »
Logged

CurlyWhirly

  • Reg Member
  • ***
  • Posts: 370
Re: Warning - DSLzone site compromised
« Reply #23 on: March 22, 2010, 12:01:38 PM »

Not going to waste any more of my time on this.  
Not my problem...   and I have more than enough to do on my own site.


I cared about those that did use that site and didnt want them being infected.
Ive done my bit for the diagnostics.... far more than they (site owners) have.  Its now up to the other site to properly act upon the information passed on to them.
Thanks very much for your warning  :thumbs:

You confirmed my suspicions, as ever since visiting DSL Zone yesterday, my internet connection was playing up.

I was unable to update NOD32, Spybot and was even prevented from downloading Trend Micro House Call and MalwareBytes  :o

Worringly for me was the fact that NOD32 didn't give me any warning and yet the free version of Avast did  ???

What's more NOD32 was disabled and, when I tried to enable it, (after being alerted by Windows Security Center that my AV was switched off), I got an error saying that there was no communication with the kernel  :hmm:

I think I'm going to change my AV - I think I'll give Kaspersky a try as it gets good reviews.

Thanks again, Mike


p.s. as much as I enjoy DSL Zone, if the Admin team can't even update the site (with security patches, etc) to keep members safe then I'll not be returning and I've been a member for 4 years  :no:
Logged
Mike

tuftedduck

  • Senior Kitizen
  • ******
  • Posts: 29658
  • Router Luvvin Duck
Re: Warning - DSLzone site compromised
« Reply #24 on: March 22, 2010, 12:31:34 PM »

@ unkyUb

In malwarebytes......select that item by putting a tick in the little box to the left of the description and then hit the "remove selected" button.

Reboot, then follow the following just to make sure..:-

Most of the program can be remove by clicking on Start->Settings->Control Panel and double clicking on Add/Remove Programs. Then find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with

FunWebProducts
My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way

To clean up the registry, delete the keys and value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin.

Reboot your Computer.

Next, open My Computer, Drive C, and double-click on the Program Files folder

Right-click and delete the folders for:

FunWebProducts
MyWebSearch

MyWebSearch should now be completely uninstalled from your computer.


Fingrs crossed, that should do it.
Logged

UncleUB

  • Helpful
  • Senior Kitizen
  • *
  • Posts: 29543
Re: Warning - DSLzone site compromised
« Reply #25 on: March 22, 2010, 01:07:34 PM »

Followed your advice TD......let Malwarebytes delete it,

Re booted

looked in my computer/add/remove programmes......nothing there.

Went into registry re your link........nothing there.

So hopefully it will have gone.  :fingers:

Thanks for taking the time to help me.  :)

Edit,as regards smiley central.......That might have been a site I looked at when I first got this pc (April 2007) and unknowingly downloaded something I shouldn't  :no:

Edit2,Re  Malwarebytes........do you just scan if and when needed,I can't seem to see anything about scheduling a scan at certain times/days/weeks?
« Last Edit: March 22, 2010, 01:27:37 PM by UncleUB »
Logged

tuftedduck

  • Senior Kitizen
  • ******
  • Posts: 29658
  • Router Luvvin Duck
Re: Warning - DSLzone site compromised
« Reply #26 on: March 22, 2010, 01:45:04 PM »

>>>So hopefully it will have gone <<<<............sounds like it.. :clap2:

I don't think you can schedule scan in the free version.......just fire him up now and again and have a wee scan...the "quick scan" option is normally sufficient unless you have strong reason to suspect that you are infected.

>>Thanks for taking the time to help me.<<.............my pleasure, unkyUb and I am sure that your machine is clean again.  :)

Sometime when you have a minute or two to spare, do a quick scan just to make sure.. ;)
« Last Edit: March 22, 2010, 01:52:15 PM by tuftedduck »
Logged

postie

  • Member
  • **
  • Posts: 28
Re: Warning - DSLzone site compromised
« Reply #27 on: March 22, 2010, 02:06:44 PM »

Yep as curly said thanks for the help kitz,as said the keys to the site need to be handed over to thar and the site looked after.
I think the PC'S here are clean now not 100% sure but cant find anything else on them,cant believe norton 2010 security suite never even blinked  :no: :o it was on a 3 month free trial but no more!put microsofts MSE on for now as i decide what to do.either go back to nod32 which did pick up a trojan or try gdata again which i liked but was a bit of a resource hog.
Logged

the doctor

  • Member
  • **
  • Posts: 26
Re: Warning - DSLzone site compromised
« Reply #28 on: March 22, 2010, 02:18:16 PM »

Did anyone with mse detect anything.. ive run that and prevx through my 64 bit pc. didnt pick up nothing

has it taken down 24 as well..
Logged
A great philosopher once wrote "Naughty, naughty, very naughty"

Browni

  • Reg Member
  • ***
  • Posts: 137
Re: Warning - DSLzone site compromised
« Reply #29 on: March 22, 2010, 02:25:10 PM »

Did anyone with mse detect anything.. ive run that and prevx through my 64 bit pc. didnt pick up nothing

has it taken down 24 as well..

I use MSE and it didn't detect anything but when accessing the home page FF went loopy.
Pages: 1 [2] 3 4 ... 7