Tfans virused?

Discussion in 'Transformers General Discussion' started by Jaguaratron, Mar 4, 2006.

Thread Status:
Not open for further replies.
  1. Jaguaratron

    Jaguaratron Well-Known Member

    Joined:
    Nov 10, 2004
    Posts:
    1,156
    Trophy Points:
    287
    Likes:
    +1,480
    Just tried to go and have a nose around there and looks like someone has hacked or virused the site. My anti virus goes nuts and the window locks up

    Information I ahve got is

    CME-875


    This worm spreads by internet exploiting MS Windows LSASS service vulnerability described in MS Security Bulletin MS04-011.

    Installation:
    When the worm is launched it copies itself as windows.exe and attach.tmp to Windows System Directory and registers itself as WIN in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key in Windows Registry.

    Spreading: internet
    Worm searches IP addresses and when it finds a vulnerable computer it uses the exploit for downloading a copy of itself and its launching.


    This is not to bash any other boards but to let you know so you are able to protect your computer and maybe update your anti virus software accordingly
     
  2. Nevermore

    Nevermore It's self-perpetuating a parahumanoidarianised!

    Joined:
    May 14, 2004
    Posts:
    21,588
    News Credits:
    537
    Trophy Points:
    412
    Location:
    Germany
    Likes:
    +16,666
    My best guess would be it's in one of the banner ads.
     
  3. Jaguaratron

    Jaguaratron Well-Known Member

    Joined:
    Nov 10, 2004
    Posts:
    1,156
    Trophy Points:
    287
    Likes:
    +1,480
    doesnt happen on homepage but does in all attempts to get past using the topic links which should throw up a different banner link each time. Just tried now, 2 attempts, 2 banners up, tempting toys and stuckakid and same problem happens, looks like its trying to run some chinese script in a prompt box.
     
  4. Chaos Convoy

    Chaos Convoy Dai Gurren-Dan member

    Joined:
    Jul 6, 2002
    Posts:
    1,432
    News Credits:
    5
    Trophy Points:
    287
    Likes:
    +834
    Norton showed an intrusion attempt when I tried to go there earlier.
     
  5. godsenddeath

    godsenddeath . TFW2005 Supporter

    Joined:
    May 26, 2005
    Posts:
    4,895
    News Credits:
    2
    Trophy Points:
    216
    Likes:
    +8
    I don't use Norton....

    but Tfans killed IE on both my PCs.
     
  6. Kickback

    Kickback @GeekWithChris Administrator News Staff

    Joined:
    Jun 25, 2002
    Posts:
    40,473
    News Credits:
    2
    Trophy Points:
    447
    Location:
    Greenville, SC
    Likes:
    +630
    Ebay:
    Facebook:
    Twitter:
    Instagram:
    YouTube (Legacy):
    Tumblr:
    I don't go to TFans, so I wouldn't know :) 
     
  7. .SentinelPrime Is Dead.

    .SentinelPrime Is Dead. Banned

    Joined:
    Jul 7, 2002
    Posts:
    2,218
    Trophy Points:
    186
    Likes:
    +7
    I signed up there. but i rarely go. i just got a weird email from them. thats about it.
     
  8. Cyclone_X

    Cyclone_X Cybertronian Warlord

    Joined:
    Dec 8, 2002
    Posts:
    519
    Trophy Points:
    146
    Likes:
    +3
    IE froze up at first, then it worked, and now it's frozen again
     
  9. Denyer

    Denyer Shooty Dog Thing

    Joined:
    Feb 14, 2004
    Posts:
    986
    Trophy Points:
    212
    Likes:
    +37
  10. Darkprime

    Darkprime Antigrav Singular Destron

    Joined:
    Jul 1, 2002
    Posts:
    5,082
    News Credits:
    19
    Trophy Points:
    337
    Likes:
    +367
    Ebay:
    I thought TFans.com was the virus?
     
  11. Gen. Magnus

    Gen. Magnus Meep

    Joined:
    May 24, 2004
    Posts:
    7,435
    News Credits:
    8
    Trophy Points:
    337
    Location:
    NJ, USA
    Likes:
    +380
    I got the message but I do not have my e-mail to be displayed (IIRC). Of course, 1) I almost never go there 2) I could see the link was a virus. You'd have to be stupid not to.
     
  12. Boardwise

    Boardwise There are no strings on me Veteran

    Joined:
    Dec 14, 2002
    Posts:
    24,334
    News Credits:
    6
    Trophy Points:
    372
    Likes:
    +23
    Ebay:
    Lets not start that, shall we.
     
  13. Denyer

    Denyer Shooty Dog Thing

    Joined:
    Feb 14, 2004
    Posts:
    986
    Trophy Points:
    212
    Likes:
    +37
    That seriously isn't good, then... odds are someone's got full SQL and/or FTP rights on the server. Passwords are likely to be stored as MD5 hashes, but any dictionary words or commonly used combinations would be easy to look up in a hash database -- mostly a problem for staff, but if anyone's got login/mail/pass details the same for a bunch of sites (always a bad idea, but it happens) they should go round updating them.
     
  14. Nevermore

    Nevermore It's self-perpetuating a parahumanoidarianised!

    Joined:
    May 14, 2004
    Posts:
    21,588
    News Credits:
    537
    Trophy Points:
    412
    Location:
    Germany
    Likes:
    +16,666
    Is it just me, or are the staff's reactions in the thread Denyer linked hilarious? "Why is the staff acting like douches? Instead of trying to fix the problem with your board, you belittle your members." "Cry me a river..."
     
  15. Denyer

    Denyer Shooty Dog Thing

    Joined:
    Feb 14, 2004
    Posts:
    986
    Trophy Points:
    212
    Likes:
    +37
    Well, they can't really do anything -- other than make sure all staff passwords are changed, advise everyone else to change their passwords, etc. Still won't make any difference if someone can walk into their SQL database or modify files on the server (if you get FTP access and db user accounts haven't been carefully restricted in their permissions, the former usually follows the latter...)
     
  16. Drake

    Drake Smooth Is Smooth Baby

    Joined:
    Jul 2, 2002
    Posts:
    11,203
    Trophy Points:
    236
    Likes:
    +4
    Doesn't sound good.
     
  17. Megatronwp38

    Megatronwp38 Nobody defeats the DEVASTATOR!

    Joined:
    Jan 25, 2006
    Posts:
    11,122
    Trophy Points:
    362
    Location:
    Eastern Shore of VA
    Likes:
    +7,663
    I just finished clearing out my computer of 5 trojans that I just got in my temporary internet files from TFans....I went to their home page, clicked on talk and Bam my Macafee went Nuts! I scanned my computer and it found 5 trojan viruses in my Temporary internet files! Guess I wont be going there for a while.
     
  18. Emperor Megatron

    Emperor Megatron Something goes here

    Joined:
    Aug 24, 2002
    Posts:
    59
    Trophy Points:
    141
    Likes:
    +0
    TFans has been taken down for repairs. We're working to fix this ASAP. We apologize for the inconvienve this has caused.
     
  19. Denyer

    Denyer Shooty Dog Thing

    Joined:
    Feb 14, 2004
    Posts:
    986
    Trophy Points:
    212
    Likes:
    +37
    Just as a general bit of advice: if it's your machine, ditch Internet Explorer, otherwise any website has the potential to do the same to you. Microsoft are lethargic about fixing security holes, even assuming you have Windows set up to automatically download and apply security patches.

    Opera's free now, or there's Firefox. If it isn't your machine... er, you're fucked. Although you could run Firefox off a USB flash drive.
     
  20. Megatronwp38

    Megatronwp38 Nobody defeats the DEVASTATOR!

    Joined:
    Jan 25, 2006
    Posts:
    11,122
    Trophy Points:
    362
    Location:
    Eastern Shore of VA
    Likes:
    +7,663

    im pretty sure it was from tfans...i scan everyday and had just scanned this morning and no automatic downloads occured between the time of the scan this AM and the time I tried to go on tfans. I have dial up, i scanned the computer...showered and got dressed...signed on went to tfans and that is when the bells went off exactly how everyone else described...i dont know if they had trojans, however when I scanned I did and they were not there an hour before. Everything is fine now...McAfee Virus Scan got rid of the viruses.
     
Thread Status:
Not open for further replies.