Danger - computer malware - no drill!!!
Results 1 to 23 of 23

Thread: Danger - computer malware - no drill!!!

  1. #1
    Join Date
    Oct 2008
    Location
    'Beachy' Southern California
    Posts
    4,303

    Default Danger - computer malware - no drill!!!

    Trojan Horse Computer Infection Alert!!! Sourced from Thread in this Forum entitled: "Thread Anybody seen the movie Dark Waters"

    This morning I was perusing the "New Posts" Thread, happening upon the above titled Thead. Perhaps less than a minute into viewing, my computer "Bit Defender" Malware Program Hazard Warning taking over full screen, lit up like a Christmas Tree. First time ever such over a number of years.

    Below, is the Bit Defender Malware advisory result reflected after my clicking "Remove" from my computer.

    Note that ONLY ACTION REQUIRED TO INFECT MY COMPUTER - MERELY OPENING THE THEAD TO READ IT! NOTHING FURTHER & INFECTED!

    By the time Bit Defender documented/removed infection, and some minutes investigation, attempting to return to the offensive Thread (without opening!), it appears to be gone. Yet even if Administrators removed it, everyone who clicked on that thread to open, my assumption their computer now infected.

    I can't tell more. No expertise on Malware. Just common sense sharing via alert. Suggest anyone who read that Thread might wish to run a virus scan on their computer. The infection removed from mine looked very serious!

    Would appreciate any feedback from anyone having read this infected Thread. Also just the comment that the original poster, quite possibly unknowing passing the infection rather than knowledgeably with wrongful intent. You may be the next "unintentional" person passing from your infected computer!

    Good gosh! What next!?!

    Good luck & Best.

    John


    Computer Bit Defender Malware "Removal" results:

    Bitdefender Log File
    Task:Device Scanning
    Scan date:Monday, June 1, 2020 9:42:13
    Log path:C:\ProgramData\Bitdefender\Desktop\Profiles\L ogs\S-1-5-21-209483488-4113576734-157129042-1001\db7af1a4-db8-4f42-903a-9d200e40d03c\1591028850_1_02.xml
    Scan paths:
    Path: E:\
    Scan Results Summary
    Resolved issues
    Item path Threat Name Action taken
    E:\A.I\Transfer\Hakai (v2.2).zip=>Hakai (v2.2)/Hakai.exe Trojan.GenericKD.33671243 Deleted
    E:\A.I\Cracking&Hacking\Hacking (OLD)\Vpn\HideMyAss Checker 1.3\HideMyAss Checker 1.3.exe Gen:Variant.MSILPerseus.201749 Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.aspx_ Trojan.Sqlmap.P Deleted
    E:\A.I\Synapse X v1.0.0\bin\SynapseInjector.dll Gen:Suspicious.Cloud.8.5A4aaSmuhypi Deleted
    E:\A.I\Cracking&Hacking\Old STORM+ config by Alphacrack\STORM.exe Gen:Variant.MSILPerseus.196935 Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.K Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.jsp_ Trojan.Sqlmap.R Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.php_ Trojan.Sqlmap.S Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.aspx_ Trojan.Sqlmap.B Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.asp_ Trojan.Sqlmap.A Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.jsp_ Trojan.Sqlmap.C Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.asp_ Trojan.Sqlmap.Q Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/mysql/windows/32/lib_mysqludf_sys.dll_ Trojan.Sqlmap.H Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/mysql/windows/64/lib_mysqludf_sys.dll_ Trojan.Sqlmap.F Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.O Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.J Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.M Deleted

  2. #2
    Join Date
    Nov 2007
    Location
    In my WVA free state mind!
    Posts
    46,024

    Default

    Erased all my cookies and history..still kicking me off?
    "Christ’s Grace + being constitutionally solvent !"

  3. #3
    Join Date
    Dec 1969
    Posts
    12,846

    Default

    swept mine found nothing. everything works okay, send email to warned friends ( warned by phone before i sent only if they agreed) .. they could find nothing this puter is on PC matic .. others on Norton

    so?
    Three People to never believe

    A Religious Leader who tells you how to Vote

    A Politician who tells you how to Pray

    And

    A Draft Dodger who tells you how to be a Patriot

    And Smiling Bob

    Should I keep back my opinions at such a time, through fear of giving offense, I should consider myself as guilty of treason toward my country.”
    — PATRICK HENRY

    https://orders.stansberryresearch.co...T137955&page=1

  4. Remove Advertisements
    GunBoards.com
    Advertisements
     

  5. #4
    Join Date
    Dec 2008
    Location
    MId Atlantic reigon of continental USA
    Posts
    8,496

    Default

    My blocker caught it & disconnected before any damage done.
    Ran a full scan nothing left behind.
    “Americans talk a lot about the value of freedom, but are actually afraid of anyone who truly exhibits it”.
    : Billy (The kid / Dennis Hopper).

  6. #5
    Join Date
    Dec 2019
    Posts
    689

    Default

    Then why is the thread still up?
    Don't Violate My Airspace

  7. #6
    Join Date
    Sep 2008
    Posts
    9,965

    Default

    From early last night until now I have not been able to get on Gun Boards. Page didn’t open and received a “server can not be found” notice.

    Is this related to the virus thread OP mentions? A thread I did not open by the way.

    I’m using an Apple iPad.
    Purists of the world, unite!

    “If ye love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen.”
    Samuel Adams

  8. #7
    Join Date
    Oct 2016
    Location
    South Louisiana
    Posts
    219

    Default

    Ditto Richard.
    My phone or laptop would not open GunBoards.
    Same message from my computer and phone.
    I did not open the thread either.
    GunBoards opened up about 2 hours ago for me.
    If you use the 1st Amendment, you will need the 2nd Amendment...

  9. #8
    Join Date
    Dec 2019
    Posts
    689

    Default

    Quote Originally Posted by Richard in NY* View Post
    From early last night until now I have not been able to get on Gun Boards. Page didn’t open and received a “server can not be found” notice.

    Is this related to the virus thread OP mentions? A thread I did not open by the way.

    I’m using an Apple iPad.
    That could be your connection, modem or wifi.

    I have not had a problem and opened the thread. But should be deleted.
    Don't Violate My Airspace

  10. #9
    Join Date
    Dec 1969
    Posts
    12,846

    Default

    Gunboards was down.. don't know why, some speculation it was maintenance, check in at the service issues forum at the top of the forum list

    of course it could always be part of the military takeover of the US .. just joking, everybody knows that will never happen ..... i think?
    Three People to never believe

    A Religious Leader who tells you how to Vote

    A Politician who tells you how to Pray

    And

    A Draft Dodger who tells you how to be a Patriot

    And Smiling Bob

    Should I keep back my opinions at such a time, through fear of giving offense, I should consider myself as guilty of treason toward my country.”
    — PATRICK HENRY

    https://orders.stansberryresearch.co...T137955&page=1

  11. #10
    Join Date
    Oct 2008
    Location
    'Beachy' Southern California
    Posts
    4,303

    Default

    General response. First Dan: History & Cookies removal is about as useful as taking aspirin as Corona Virus remedy! You need to run a quality Virus scan. The fact that your computer appears to behave normally is no assurance whatsoever. All sorts of malicious things, Trojan Horses can accomplish. Might want to strongly consider changing any important passwords.
    Otherwise:
    Don't believe the malware I detected likely took down Gunboards. Do believe it spawned the wise reaction of GB Administration to disconnect the Website-Internet interface pending their own virus scan/removal activities. The entire GB Website disconnect was not just coincidental. I just wish that they offered an announcement to all members explaining what happened and urging members to consider actively scanning any computers having connected to GB within the last few days. Conversely, it may have been an 'image/marketing' decision not to emphasize such attack, causing some folks to be wary of GB; the Website getting a 'rep'.

    I'm just damned happy to see my favorite gun forum Website, back in business. Whew!

    Best!
    John
    Last edited by iskra; 06-02-2020 at 02:45 PM.

  12. #11
    Join Date
    Dec 1969
    Location
    Austn Tx
    Posts
    6,789

    Default

    I can click on the link and get no warnings.
    I use Malawarebytes, it catches everything.

  13. #12
    Join Date
    Dec 1969
    Location
    Austn Tx
    Posts
    6,789

    Default

    Quote Originally Posted by iskra View Post
    Trojan Horse Computer Infection Alert!!! Sourced from Thread in this Forum entitled: "Thread Anybody seen the movie Dark Waters"

    This morning I was perusing the "New Posts" Thread, happening upon the above titled Thead. Perhaps less than a minute into viewing, my computer "Bit Defender" Malware Program Hazard Warning taking over full screen, lit up like a Christmas Tree. First time ever such over a number of years.

    Below, is the Bit Defender Malware advisory result reflected after my clicking "Remove" from my computer.

    Note that ONLY ACTION REQUIRED TO INFECT MY COMPUTER - MERELY OPENING THE THEAD TO READ IT! NOTHING FURTHER & INFECTED!

    By the time Bit Defender documented/removed infection, and some minutes investigation, attempting to return to the offensive Thread (without opening!), it appears to be gone. Yet even if Administrators removed it, everyone who clicked on that thread to open, my assumption their computer now infected.

    I can't tell more. No expertise on Malware. Just common sense sharing via alert. Suggest anyone who read that Thread might wish to run a virus scan on their computer. The infection removed from mine looked very serious!

    Would appreciate any feedback from anyone having read this infected Thread. Also just the comment that the original poster, quite possibly unknowing passing the infection rather than knowledgeably with wrongful intent. You may be the next "unintentional" person passing from your infected computer!

    Good gosh! What next!?!

    Good luck & Best.

    John


    Computer Bit Defender Malware "Removal" results:

    Bitdefender Log File
    Task:Device Scanning
    Scan date:Monday, June 1, 2020 9:42:13
    Log path:C:\ProgramData\Bitdefender\Desktop\Profiles\L ogs\S-1-5-21-209483488-4113576734-157129042-1001\db7af1a4-db8-4f42-903a-9d200e40d03c\1591028850_1_02.xml
    Scan paths:
    Path: E:\
    Scan Results Summary
    Resolved issues
    Item path Threat Name Action taken
    E:\A.I\Transfer\Hakai (v2.2).zip=>Hakai (v2.2)/Hakai.exe Trojan.GenericKD.33671243 Deleted
    E:\A.I\Cracking&Hacking\Hacking (OLD)\Vpn\HideMyAss Checker 1.3\HideMyAss Checker 1.3.exe Gen:Variant.MSILPerseus.201749 Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.aspx_ Trojan.Sqlmap.P Deleted
    E:\A.I\Synapse X v1.0.0\bin\SynapseInjector.dll Gen:Suspicious.Cloud.8.5A4aaSmuhypi Deleted
    E:\A.I\Cracking&Hacking\Old STORM+ config by Alphacrack\STORM.exe Gen:Variant.MSILPerseus.196935 Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.K Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.jsp_ Trojan.Sqlmap.R Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.php_ Trojan.Sqlmap.S Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.aspx_ Trojan.Sqlmap.B Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.asp_ Trojan.Sqlmap.A Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/backdoors/backdoor.jsp_ Trojan.Sqlmap.C Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/shell/stagers/stager.asp_ Trojan.Sqlmap.Q Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/mysql/windows/32/lib_mysqludf_sys.dll_ Trojan.Sqlmap.H Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/mysql/windows/64/lib_mysqludf_sys.dll_ Trojan.Sqlmap.F Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.O Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.J Deleted
    E:\A.I\Cracking&Hacking\ALL best Dorks Tools\sqlmapproject-sqlmap-1.2.5-19-g42042fb.zip=>sqlmapproject-sqlmap-42042fb/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ Trojan.Sqlmap.M Deleted
    The original poster, me, did not include any links to click on, so reading my original post is unlikely to infect anyone with anything.

  14. #13
    Join Date
    Dec 1969
    Posts
    12,846

    Default

    He said he clicked on the THREAD, may be the can get you just by clicking on threads .. I dunno, just know I am either not infected or PC Matic couldn't stop or detect it.

    maybe management could comment?
    Three People to never believe

    A Religious Leader who tells you how to Vote

    A Politician who tells you how to Pray

    And

    A Draft Dodger who tells you how to be a Patriot

    And Smiling Bob

    Should I keep back my opinions at such a time, through fear of giving offense, I should consider myself as guilty of treason toward my country.”
    — PATRICK HENRY

    https://orders.stansberryresearch.co...T137955&page=1

  15. #14
    Join Date
    Oct 2007
    Location
    We're gonna need a bigger boat.
    Posts
    15,954

    Default

    My computer is clear. I asked the admins to look into this. So far they have not gotten back to anyone about it.
    Regards, Alan K.
    Available for Cabinet level positions, consultation on matters of foreign policy, weddings and bar-mitzvahs. Will work for gold or guns.

  16. #15
    Join Date
    Oct 2016
    Posts
    3,292

    Default

    Also off line yesterday, address not found, but no indication on AVG or Cleaner. I trust the poster has been checked, malicious or not.

  17. #16
    Join Date
    Dec 1969
    Location
    Austn Tx
    Posts
    6,789

    Default

    I run two very powerful anti-mal ware and virus killing robots and they never pinged.
    I was also unable to access the site for a dozen hours or so, but I thought it was the owners finally getting a belly full of MAGA over on RKBA and they were making changes.
    After getting banned here (for some pretty weak stuff IMHO) I emailed someone who said they would look into it as they were not happy with the way things had been going and were wanting to make changes anyway, and soon after I was pardoned by the same individual.
    That was a poorly constructed sentence as it conflated two completely different subjects and at the detriment of a Mod who is blameless in the outage.
    Last edited by chasdev; 06-03-2020 at 10:11 AM.

  18. #17
    Join Date
    Nov 2007
    Location
    In my WVA free state mind!
    Posts
    46,024

    Default

    Hard to erase Gunboards and get a clean start.
    "Christ’s Grace + being constitutionally solvent !"

  19. #18
    Join Date
    Mar 2014
    Posts
    1,470

    Default

    Did some checks on the page that sparked the the alerts and I'm not getting any warnings, nor can I find anything that would explain what caused them for others. There are a lot of links on the page, which means there were a lot of avenues of communication open, but I can't find anything definitive.

    Only thing to do now is to keep an eye out. I don't think we need to remove the thread unless we get any other reports.

    One thing would like to know is the browser of those who got the alert. If it was an older browser, it would be something to check on. In general, older browsers have weaker security and there could be something designed to attack those weaknesses

    Kevin

    Kevin

  20. #19
    Join Date
    Dec 2008
    Location
    MId Atlantic reigon of continental USA
    Posts
    8,496

    Default

    I'm on the latest Firefox Build. (76.0.1)
    “Americans talk a lot about the value of freedom, but are actually afraid of anyone who truly exhibits it”.
    : Billy (The kid / Dennis Hopper).

  21. #20
    Join Date
    Dec 1969
    Location
    Austn Tx
    Posts
    6,789

    Default

    Quote Originally Posted by Admin View Post
    Did some checks on the page that sparked the the alerts and I'm not getting any warnings, nor can I find anything that would explain what caused them for others. There are a lot of links on the page, which means there were a lot of avenues of communication open, but I can't find anything definitive.

    Only thing to do now is to keep an eye out. I don't think we need to remove the thread unless we get any other reports.

    One thing would like to know is the browser of those who got the alert. If it was an older browser, it would be something to check on. In general, older browsers have weaker security and there could be something designed to attack those weaknesses

    Kevin

    Kevin

    Does management or the owner/s use Cloudflare?
    They are supposed to be able to prevent outside attacks or warn of them.

  22. #21

    Default

    Quote Originally Posted by chasdev View Post
    I can click on the link and get no warnings.
    I use Malawarebytes, it catches everything.
    No it doesn’t. Just had them miss 2 bugs that defender isolated.

  23. #22
    Join Date
    Oct 2007
    Location
    We're gonna need a bigger boat.
    Posts
    15,954

    Default

    Quote Originally Posted by chasdev View Post
    Does management or the owner/s use Cloudflare?
    They are supposed to be able to prevent outside attacks or warn of them.
    Cloudflare may prevent attacks or warn of them, I don't know anything about it myself, but it was Cloudflare that caused the outage we had the other day. Just a little hiccup. Nothing's perfect.
    Regards, Alan K.
    Available for Cabinet level positions, consultation on matters of foreign policy, weddings and bar-mitzvahs. Will work for gold or guns.

  24. #23
    Join Date
    Oct 2008
    Location
    'Beachy' Southern California
    Posts
    4,303

    Default

    Quote Originally Posted by Admin View Post
    Did some checks on the page that sparked the the alerts and I'm not getting any warnings, nor can I find anything that would explain what caused them for others. There are a lot of links on the page, which means there were a lot of avenues of communication open, but I can't find anything definitive.

    Only thing to do now is to keep an eye out. I don't think we need to remove the thread unless we get any other reports.

    One thing would like to know is the browser of those who got the alert. If it was an older browser, it would be something to check on. In general, older browsers have weaker security and there could be something designed to attack those weaknesses

    Kevin

    Kevin
    Hi Kevin, I reported the initial attack caught as noted by my Bit Defender Program. There may have been other members whose anti-virus, etc., programs more quietly simply blocked & removed the spyware. Bit Defender seems something of a more 'techie' program with full info log which I shared.
    I had opened the referenced Thread and on it just some seconds as BD lit up my screen with warnings. Hadn't 'clicked', opened anything further. After making my warning post, I did send Chasdev a PM advising of situation. Obviously, wouldn't have done that if considered he knowingly posted a malicious Thread. My browser used was Google Chrome & up to date. I remain concerned for any fellow members who may be infected without realizing. Trojans are among the nastier/more hazardous computer compromising infections.
    Just to remark that it's also 'trauma' for me when GB is down! Glad it doesn't happen too often! If any more info needed... Just knock!
    Best & thanks for the info/explanation here!
    Best!
    John

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •