Jump to content


Photo

VIRUS?!


This topic has been archived. This means that you cannot reply to this topic.
30 replies to this topic

#1 raiderjp

raiderjp

    Yardmaster

  • Valued Customer
  • PipPipPipPip
  • 403 posts

Posted 17 November 2005 - 08:21 PM

I came to the forum today and the first thing to pop up was VIRUS! The name of it was TROJAN.download and I was lucky enough to have Nortan Anti-Virus Controll to stop it. Now, where did it come from? Why did it pop up here? I only had this internet window, MSN Messanger, and MSN Messanger conv. (My friend did not send me anything through the conversation and it was inactive for over 10 minutes.) open. Hmm...

#2 zeke

zeke

    New Hire

  • Valued Customer
  • Pip
  • 5 posts

Posted 17 November 2005 - 08:44 PM

I'm getting it as well, and I don't have any messenger software. I'm using Opera as a browser and Norton caught the "Download.trojan" when I came here.

Rob Zych

#3 JRH1942

JRH1942

    Motorman

  • Valued Customer
  • PipPipPip
  • 84 posts

Posted 17 November 2005 - 08:44 PM

Basically the idiots that send this crap out have software that they can put in about 20,000 or more IP addresses in consecutive order. Then they just let it run its course. What it is looking for are open ports. When it finds one, guess what. It would have tried your computer no matter where you were. Just coincidence that you happened to be here.

This is why it is imperative to keep your firewall & av up to date.

John

#4 BCRbudd31

BCRbudd31

    Motorman

  • Valued Customer
  • PipPipPip
  • 96 posts

Posted 17 November 2005 - 08:52 PM

I got the Trojan message also but my security stopped it.

#5 lelandfletcher

lelandfletcher

    Engineer

  • Valued Customer
  • PipPipPip
  • 288 posts

Posted 17 November 2005 - 08:55 PM

Dear Friends,

This morning, Norton stopped it from my computer also.

Yours truly,
Leland

#6 bnsf1959

bnsf1959

    Engineer

  • Valued Customer
  • PipPipPip
  • 251 posts

Posted 17 November 2005 - 11:08 PM

I'm getting the same thing here since Wednesday, too. I emailed Marc to let him be aware of it and look into it. My anti-virus program also stopped it.

#7 Bananarama

Bananarama

    The Big Kahuna

  • 3DTrains Admin
  • 8,104 posts

Posted 18 November 2005 - 12:37 AM

As far as I can tell, it's not originating from this sever. I'll look into it further, however.

Cheers!
Marc

#8 wacampbell

wacampbell

    Brakeman

  • Valued Customer
  • PipPip
  • 64 posts

Posted 18 November 2005 - 02:36 AM

Yesterday I was getting the virus message here at the forum page - only on this site. So far no reports today though.

#9 Hawk

Hawk

    Yardmaster

  • Valued Customer
  • PipPipPipPip
  • 461 posts

Posted 18 November 2005 - 03:15 AM

I just got the same thing. Anti-Virus stopped it though.
I got it as soon as I clicked on "View New Posts".

#10 bnsf1959

bnsf1959

    Engineer

  • Valued Customer
  • PipPipPip
  • 251 posts

Posted 18 November 2005 - 05:18 AM

Marc,

I'm still getting a virus alert message today. Could it be a link to some infected website or something that could be somewhere in this forum? I'm not saying it's your server but it could be a bad file or a link from other member's post that person may not be aware of? I'm just guessing. unsure.gif unsure.gif

#11 cr-stagg

cr-stagg

    Superintendent

  • Beta Tester
  • 1,469 posts

Posted 18 November 2005 - 05:48 AM

That explains why Firetrust SiteHound would not let me enter the forum earlier in the week. I had to disable it. I was gettind redirected to some other site http:\\???.???.ru which Firetrust SiteHound said was a "bad" site. And apparently my HDW firewall was keeping the virusa from entering my system.

#12 NPS-4

NPS-4

    Station Clerk

  • Members
  • PipPip
  • 47 posts

Posted 18 November 2005 - 06:56 AM

I've been getting a warning from PC-cillin on this, every time I come here. It quarantines a file, count[1].htm . Pretty frustrating! Just happened a couple minutes ago, so something has linked in here. sad.gif

#13 cr-stagg

cr-stagg

    Superintendent

  • Beta Tester
  • 1,469 posts

Posted 18 November 2005 - 07:03 AM

I just sent the following email to Marc:
------------------
RE: 3DTrains Forums ->3DTrains General Discussion & Support ->General Discussion ->Sidetracked > Virus thread

I have (had) Firetrust Sitehound running. http:\\www.firetrust.com A free IE tool that checks sites. Wednesday evening I tried to enter the forums and SiteHound said I was trying to go to http://zootedgirls.com. Tried again same results. Did not go further but shut down PC for the night. Thursday AM same results. This time I told Sitehound to enter anyway. IE Address bar read http://ea97.com.ru/ with a blank screen. Booted my laptop which does not have Sitehound installed. Clicked on my Link to 3dtrains forum. Forum opened OK. Uninstalled Sitehound from my desktop PC. Accessed forum with no problem.

This morning I read the referenced thread. Decided to reload Sitehound. Got same results. This time I asked Sitehound for "Site Information" when it warned me I was about to enter a bad site. Said that the IP was: 66.96.213.199

BTW when I told Sitehound to enter the site inspite of warning, I did not get virus detected and scan finds none. Nor do I get it with Sitehound disabled. HDW firewall probably protected me.
-----------
Anyone else using Sitehound? Getting same results?

#14 msinclair

msinclair

    Engineer

  • Valued Customer
  • PipPipPip
  • 243 posts

Posted 18 November 2005 - 07:15 AM

Why is it that only some people are getting it and not others?

I have had no such warning.

Mike ohmy.gif

#15 cr-stagg

cr-stagg

    Superintendent

  • Beta Tester
  • 1,469 posts

Posted 18 November 2005 - 07:41 AM

QUOTE(msinclair @ Nov 18 2005, 09:15 AM)
Why is it that only some people are getting it and not others?

I have had no such warning.

Mike ohmy.gif

Does your connection to the internet go thru a HDW firewall? As in a Cable/DSL router?

#16 Genma Saotome

Genma Saotome

    Dispatcher

  • Valued Customer
  • PipPipPipPip
  • 737 posts

Posted 18 November 2005 - 08:31 AM

I my case trojan.download was tied to a graphics image -- not from a MSTS site, but a wallpaper site. I don't know if it was embedded in the graphics file or not but when I tried to download the image the trojan horse was there.

As a reminder, the trojan file itself will not do anything harmful but when it runs it goes out to the internet to obtain the payload and bring it back -- that's what is going to bad news.

#17 darkflyer

darkflyer

    ATSF Crosstied and Certified

  • Valued Customer
  • PipPipPipPip
  • 1,307 posts

Posted 18 November 2005 - 09:19 AM

I'm not having a problem Using Norton, Zone Alarm,w/ router, also I have xp,norton, and Zone alarm firewalls active. I have Norton and ZA set to scan before before I do any downloads. If you are getting stopped be glad it could have entered your system and really caused probs.

Clif

#18 bnsf1959

bnsf1959

    Engineer

  • Valued Customer
  • PipPipPip
  • 251 posts

Posted 18 November 2005 - 02:18 PM

Well, I'm not getting the pop up message from my anti-virus program, anymore. I think they found the problem and clear it up. I was getting it for the last 2 days and now nothing, today. rolleyes.gif

#19 SeanK97

SeanK97

    Operations Manager

  • 3DTrains Moderator
  • 1,846 posts

Posted 18 November 2005 - 02:46 PM

Have never received the message or error. I strictly use Firefox, perhaps that may be assisting my case though cannot confirm either way. I use ZoneAlarm, McAfee and go thru a router to my cable-modem although I don't currently have the hardware firewall enabled, or XP-firewall.

Go figure?

#20 gerr

gerr

    Dispatcher

  • Members
  • PipPipPipPip
  • 505 posts

Posted 18 November 2005 - 02:56 PM

I have Avast anti virus and it never cought a virus here. I recently got a virus over at Train Sim.com just a day ago. wink.gif