Requesting a little more info on our hacker....

[centurycigar]

I got nailed even with AVG and Windows Defender, Ive run scans and its seems that the virus wants to stick around.
Not sure if its a virus, AVG keeps finding Java/Byteverify ! Not sure what this is.
Can anybody give me some advice?

How up to date was your AVG? Mine stopped it dead in its tracks.

Tryout SPYBOT

http://www.safer-networking.org/

It might get rid of it for you if your AVG can't / won't.

All I have to say is Linux. Virus? What's a virus :laugh:

Sorry man, there are plenty of linux viruses out there, and more are being programmed every day.

And since IBM decided to switch completely to Redhat (good news IMO) more larger corperations are going to make the switch and the more interest the virus writing dickweeds will be motivated to bring new ones into the wild.

I work for IBM and I haven't heard about switching over to Linux? ???

http://www.neoseeker.com/news/story/5436/

It might just be in Germany, but we shall see...

My AVG was up-to-date, not sure why its not deleting these Java/ByteVerify viruses.
After each scan, instead of deleting everything, its states it can detect 8 viruses but doesn't heal them.
Who knows? I might have to re-format the HD. What a pain in the ass.

 

[LilBastage]

Just google the Java/Byte Verify thing and you'll find out how to rid yourself of it with no format. I think all you need to do is clear your Java cache, which is fairly simple.

Go into Control Panel and double click on the Java icon to bring up the java control panel. Then find the cache settings and just clear the cache. That's what I did at least, and AVG no longer finds anything. After you do this, you should really download the latest Java update as it is more secure (so they say).

YMMV, of course.

 

[moki]

Why would someone want to hack cigarpass? What do they stand to gain? The only real sensitive info is our e-mail addresses...Rod mentioned something about a virus, any one seeing symptoms? Do we know what virus this is? Just curious as to the motive for hacking us bunch of smokin' fools...

I can verify that there is a security hole in some versions of Invision BB -- we've been in touch with the company, and are upgrading our forums as well, to prevent the kind of hack that hit CigarPass.com

Typically the motivation is money... I'll explain. People search out forum software vulnerabilities, then hack into them, and infect as many members of the site as possible.

The viral cocktail that the are forced to quaff allows people to use their machines as "zombies" to send out spam... for which the person controlling said computers is paid money.

 

[smallg]

My AVG was up-to-date, not sure why its not deleting these Java/ByteVerify viruses.
After each scan, instead of deleting everything, its states it can detect 8 viruses but doesn't heal them.
Who knows? I might have to re-format the HD. What a pain in the ass.

CLEAR your IE ONLINE and OFFLINE Temporary Internet Files aka your cache. After you've done that, do the JAVA stuff see previous posts. Reboot, run your virus scan again. They should be gone.

The issue was that the WMF exploit leaves "shell" files that have already released it's payload. These show up as files but do not really exist so your AV can't handle them.

Clearing cache should do it.

I should also mention that going into System Tools and STOPPING system restore will help against worms burying themselves into your restore cache.

edit: spelling

 

[tangomar]

I was using FF when I 1st went into CP that day and my AV (Norton) still put that site on a timeout so it acted like there was a virus (Computer was Lagging). Then poof all was well again.

Now maybe I wont bitch so much when I pay for the yearly AV protection.

 

[Cigar Penguin]

All I have to say is Linux. Virus? What's a virus :laugh:

Same here.


This virus was stopped.Yes there are plenty of linux/unix viri out there but most are root hacks and not really browser infections from surfing the net.Linux has it's defenses too.The best thing about it is you never run as root like windows.

I hope this person was served.The hosting company usually goes after people dos'ing but a website hacker on one particular box is usually ignored.Hopefully with the updates you are safe for now.This is why I usually encourage folks to stay on top of security updates for windows and linux in the tech forums I belong too.Backups are a must as well.

Glad to see CP back online.Thanks for the speedy recovery.

 

[Sunward]

My AVG was up-to-date, not sure why its not deleting these Java/ByteVerify viruses.
After each scan, instead of deleting everything, its states it can detect 8 viruses but doesn't heal them.
Who knows? I might have to re-format the HD. What a pain in the ass.

Try going to Norton mainpage. They explain how to remove the virus. My puter had Download.Trojan , and Norton caught it. I still went to the HKEY registry to check for anything funny. Its explained in Norton:
Norton Link

maybe its hiding, or you have the restore function turned on. Good luck!

 

[centurycigar]

Thanks for your help guys.
I ended up running a free trial of Kaspersky, cleaned up everything AVG could not. Amazing program, might have to get a subscription.

 

[tobaccoleaf1]

I ran my favorite program "Security Task Manager" and it found a big old worm program running in the background that sends and receives information...It was promptly deleted :thumbs:

 

[Devil Doc]

I ran my favorite program "Security Task Manager" and it found a big old worm program running in the background that sends and receives information...It was promptly deleted :thumbs:

Do any of us, who have done buisness with you, over the internet, have anything to worry about? You know, like credit card info.

Doc.

 

[speedingpenguin]

I got the email but it was fairly obvious to me that it was a virus.....just the way it was written and the way it looked..... I try to avoid stuff like that

 

[tobaccoleaf1]

I ran my favorite program "Security Task Manager" and it found a big old worm program running in the background that sends and receives information...It was promptly deleted :thumbs:

Do any of us, who have done buisness with you, over the internet, have anything to worry about? You know, like credit card info.

Doc.

Heh, everything is stored on Yahoo!'s servers...