CL Site Malware thread (fixed, please let us know if you see issues)
#1
Driver School Candidate
Thread Starter
Join Date: Sep 2012
Location: FL
Posts: 37
Likes: 0
Received 0 Likes
on
0 Posts
CL Site Malware thread (fixed, please let us know if you see issues)
I'm not sure where to post this but
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33
Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from <b>dnsserv.ssrsystems.com/dhFJwR?leETD=31</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Just thought you ought to know.
It's supposed to be nasty.
Starting yesterday, the 3rd, when I sign on to Club Lexus Forum I get a popup warning from Norton Security saying:
Norton blocked an attack by:
EXPLOIT TOOLKIT
WEBSITE 33
Details:
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-11-04 17:30:28,High,An intrusion attempt by dnsserv.ssrsystems.com was blocked.,Blocked,No Action Required,Web Attack: Exploit Toolkit Website 33,No Action Required,No Action Required,"dnsserv.ssrsystems.com (213.179.207.140, 80)",dnsserv.ssrsystems.com/dhFJwR?leETD=31,"OWNER-PC (192.168.1.68, 51765)",213.179.207.140 (213.179.207.140),"TCP, www-http"
Network traffic from <b>dnsserv.ssrsystems.com/dhFJwR?leETD=31</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
Just thought you ought to know.
It's supposed to be nasty.
#3
any one else got the message?
While browsing this forum, I got a message from my antivirus program saying it blocked an attack on my computer-happened today, more then once on both work laptop and home desktop, with different anti-virus software....
#5
Lexus Champion
#7
Trending Topics
#8
#9
Advanced
iTrader: (5)
I got infected from the FBI/Moneypak Malware virus this morning when I came to the clublexus forums. I managed to get rid of it by booting in Safe Mode and running MalwareBytes and then I got rid of Java to prevent it from getting into my computer. After that, I came back to ClubLexus and sure enough, you can tell there are some "data" (likely the virus again) that's trying to download into my computer. I think there is a virus tagged to clublexus.
#10
Forum Administrator
iTrader: (2)
Thanks all, I've sent this along to the tech folks. I'm sure any additional details you can provide (was it the same page each time?) will be helpful as are screen shots like yea posted (thanks)
Merged similar threads
Merged similar threads
Last edited by DaveGS4; 11-04-12 at 09:54 PM.
#12
Same here noticed it started Sunday night.
Posting what I recieved, hope it helps.
Posting what I recieved, hope it helps.
Code:
239 11/4/2012 8:01:48 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64006 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 dnsserv.ssrsystems.com/dhFJwR?leETD=31 1 11/4/2012 8:01:35 PM 11/4/2012 8:01:35 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 240 11/4/2012 8:01:59 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64167 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 dnsserv.ssrsystems.com/dhFJwR?leETD=31 1 11/4/2012 8:02:00 PM 11/4/2012 8:02:00 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 241 11/4/2012 8:03:39 PM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 64249 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 moloko.net-transfer.info/dhFJwR?leETD=31 1 11/4/2012 8:03:28 PM 11/4/2012 8:03:28 PM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 242 11/5/2012 7:26:15 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49356 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 2 11/5/2012 7:25:02 AM 11/5/2012 7:25:12 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 243 11/5/2012 7:28:40 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49395 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 1 11/5/2012 7:27:37 AM 11/5/2012 7:27:37 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 244 11/5/2012 7:34:54 AM Intrusion Prevention Critical Incoming TCP 213.179.207.140 80 N/A 49500 N/A \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE 26033 69582 Web Attack: Exploit Toolkit Website 33 rokko.poundstone.co.uk/dhFJwR?leETD=31 1 11/5/2012 7:33:53 AM 11/5/2012 7:33:53 AM [SID: 26033] Web Attack: Exploit Toolkit Website 33 attack blocked. Traffic has been blocked for this application: \PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Last edited by TripleL; 11-05-12 at 05:04 AM.
#14
Neu`roc´i`ty
iTrader: (17)
I just got nailed, on iPad now while I run Malwarebytes to clean in safe mode.
Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.
Windows seven 64bit, Mozilla latest release. Norton.
Wtf!? I never get hit with stuff, first time in like ten years, on my work laptop no less. This was fast as hell too... Like I just clicked on the main forum page and then this just popped up. I can only imagine what's nailing everyone else.
Windows seven 64bit, Mozilla latest release. Norton.
#15
Out of Warranty
Got the same Norton flags yesterday and today, CL has become unstable. I'm shutting down to run Malwarebytes too.
W/7, Firefox, Norton, on Comcast
W/7, Firefox, Norton, on Comcast