Virus affecting forums.

If you are experiencing technical problems with the forum, post them here.

Moderators: Balthagor, Legend, Empier4552, Moderators

Post Reply
vortex79
Colonel
Posts: 284
Joined: Jul 21 2008

Virus affecting forums.

Post by vortex79 »

I noticed there was a virus warning from AVG today when I connected to http://www.bgforums.com/ using Firefox. It informed me it was redirect to this IP: 58.65.232.33. Please investigate.

A whois on the domain provided this result:

WHOIS information for: bgforums.net:

[whois.psi-usa.info]
%
% =============
% PSI-USA, Inc.
% =============
%
% This is the PSI-USA, Inc. WHOIS server.
%
% All requests are logged.
%
% Requesting IP: 128.121.95.55
% Requesting URL: http://whois.psi-usa.info
% Requesting Object: domain bgforums.net
% Timestamp: 2008-08-13 22:57:04
%
% You can see the policy that you agree by submitting a query to this server:
% whois -h whois.psi-usa.info POLICY


domain: bgforums.net
status: ACTIVE
owner-c: LULU-9776177
admin-c: LULU-9776177
tech-c: LULU-9776177
zone-c: LULU-9776177
nserver: ns1.fastpark.net
nserver: ns2.fastpark.net
created: 2008-01-28 12:05:20
expire: 2009-01-28 00:00:00 (registry time)
changed: 2008-06-11 17:21:13

[owner-c] handle: 9776177
[owner-c] type: ORG
[owner-c] title: CEO
[owner-c] fname: Andrea
[owner-c] lname: Ralli
[owner-c] org: RevenueDriver srl
[owner-c] address: Via sestriere, 25
[owner-c] city: rome
[owner-c] pcode: 00135
[owner-c] country: IT
[owner-c] state: Roma
[owner-c] phone: +39-333-1849516
[owner-c] fax: +39-333-1849516
[owner-c] email: revenuedriver@gmail.com
[owner-c] protection: B

Couretsy Whois.net. Please verify and check for viruses infecting the forum.
[owner-c] updated: 2008-07-11 15:31:27

Appears it may be the work of Russian Hackers:

http://www.trentmueller.com/blog/htmlfr ... press.html

http://www.precisesecurity.com/blogs/20 ... mlframerz/

Please clean this website IMMEDIATELY.
User avatar
George Geczy
General
Posts: 2688
Joined: Jun 04 2002
Location: BattleGoat Studios
Contact:

Re: Virus affecting forums.

Post by George Geczy »

As mentioned in the other thread, they were persistently annoying, but hopefully we've cleaned up whatever crack they crawled through.

-- George.
User avatar
Xbwalker
Brigadier Gen.
Posts: 529
Joined: Jun 28 2008
Location: Las Vegas NV USA
Contact:

Re: Virus affecting forums.

Post by Xbwalker »

Thanks. Yeah avast also caught it and I was feeling sad.
powercell
Colonel
Posts: 482
Joined: May 29 2005

Re: Virus affecting forums.

Post by powercell »

My avast still freak out whenever IE browser is redirected.

I ran another scan but didn't find anything.
Lamb Chop
Lieutenant
Posts: 83
Joined: Jul 27 2005
Location: Behind you

Re: Virus affecting forums.

Post by Lamb Chop »

Get a decent AV? Not those jumpy kids.

Symantec Endpoint Protection has native x64 and x86 support, doesn't cry wolf every time it sniffs a poodle, annihilates the wannabe wolfs 100%. Footprint is small, settings are a bit tougher if you are an amateour but, works great.

It just sits there in the tray, all quiet, no pop-ups nothing just slaughters any virus/malware/trojan there is.

Downside is, It is a bit pricey compared to CA eTrust, Norton AV, kaspersky etc.

Look at it this way, we protect whole enterprise networks and server rooms with it! Try to find a single datacenter that uses AVG/Avast or Kaspersky
vortex79
Colonel
Posts: 284
Joined: Jul 21 2008

Re: Virus affecting forums.

Post by vortex79 »

Don't need to. Used avg for over 5 years, it is free, it has never failed me. I use it in tandem with other freeware which combined makes it as effective as any of the above packages. Why waste my cash?

Besides, I like the alerts. I like to make people aware when their sites may be hijacked in order to attack other users who might be my friends.

Thank you BG in your rapid response to fix this issue.
User avatar
haenkie
Brigadier Gen.
Posts: 596
Joined: May 27 2005
Location: Netherlands

Re: Virus affecting forums.

Post by haenkie »

Problem with symantec is you need a seperate server or computer just to handle the program, it is THAT cpu consuming!
Lamb Chop
Lieutenant
Posts: 83
Joined: Jul 27 2005
Location: Behind you

Re: Virus affecting forums.

Post by Lamb Chop »

haenkie wrote:Problem with symantec is you need a seperate server or computer just to handle the program, it is THAT cpu consuming!
That is a bit inaccurate tbh...
You will get 2 discs 1 is the management console that requires IIS service running. That is an absolute resource or more processor hog! It is supposed to be, it is designed to keep track of and manage all clients in an enterprise environment.

If you install workstation version (fancy name to unmanaged client) it uses about 2500K memory on normal operation but can go upto 20-30MB's if scanning emails, extracted archives etc all together (It is also native x64...).

We keep creating and signing petitions to symantec to reduce this massive resource wastage but they keep telling us to get bent or piss off depending on their mood.
User avatar
Balthagor
Supreme Ruler
Posts: 22072
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Re: Virus affecting forums.

Post by Balthagor »

Lamb Chop wrote:...We keep creating and signing petitions to symantec to reduce this massive resource wastage but they keep telling us to get bent or piss off depending on their mood.
Hence why my home system uses Avast, my favorite AV software :)
Chris Latour
BattleGoat Studios
chris@battlegoat.com
SGTscuba
General
Posts: 2540
Joined: Dec 08 2007
Location: Tipton, UK

Re: Virus affecting forums.

Post by SGTscuba »

Do not trust Macaffe, mine turned itself off and windows firewall. My comp has had to go in to be sorted, and has cost me £100, lucky i got it off a freind..........

USe spybot and it will work well..
My SR:U Model Project, get the latest and post suggestions here:

http://www.bgforums.com/forums/viewtopi ... 79&t=28040
target
Corporal
Posts: 8
Joined: Jun 21 2013
Human: Yes

Re: Virus affecting forums.

Post by target »

vortex79 wrote:I noticed there was a virus warning from AVG today when I connected to http://www.bgforums.com/ using Firefox. It informed me it was redirect to this IP: 58.65.232.33. Please investigate.

A whois on the domain provided this result:

WHOIS information for: bgforums.net:

[whois.psi-usa.info]
%
% =============
% PSI-USA, Inc.
% =============
%
% This is the PSI-USA, Inc. WHOIS server.
%
% All requests are logged.
%
% Requesting IP: 128.121.95.55
% Requesting URL: http://whois.psi-usa.info
% Requesting Object: domain bgforums.net
% Timestamp: 2008-08-13 22:57:04
%
% You can see the policy that you agree by submitting a query to this server:
% whois -h whois.psi-usa.info POLICY


domain: bgforums.net
status: ACTIVE
owner-c: LULU-9776177
admin-c: LULU-9776177
tech-c: LULU-9776177
zone-c: LULU-9776177
nserver: ns1.fastpark.net
nserver: ns2.fastpark.net
created: 2008-01-28 12:05:20
expire: 2009-01-28 00:00:00 (registry time)
changed: 2008-06-11 17:21:13

[owner-c] handle: 9776177
[owner-c] type: ORG
[owner-c] title: CEO
[owner-c] fname: Andrea
[owner-c] lname: Ralli
[owner-c] org: RevenueDriver srl
[owner-c] address: Via sestriere, 25
[owner-c] city: rome
[owner-c] pcode: 00135
[owner-c] country: IT
[owner-c] state: Roma
[owner-c] phone: +39-333-1849516
[owner-c] fax: +39-333-1849516
[owner-c] email: revenuedriver@gmail.com
[owner-c] protection: B

Couretsy Whois.net. Please verify and check for viruses infecting the forum.
[owner-c] updated: 2008-07-11 15:31:27

Appears it may be the work of Russian Hackers:

http://www.trentmueller.com/blog/htmlfr ... press.html

http://www.precisesecurity.com/blogs/20 ... mlframerz/

Please clean this website IMMEDIATELY.
Well ! I got the following results :
Whois Search results for Domain Name BGFORUMS.NET

WHOIS Server: whois.tucows.com
Registrant:
Contact Privacy Inc. Customer 0132932270
96 Mowat Ave
Toronto, ON M6K 3M1
CA
Domain name: BGFORUMS.NET
Administrative Contact:
Contact Privacy Inc. Customer 0132932270, bgforums.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Technical Contact:
Contact Privacy Inc. Customer 0132932270, bgforums.net@contactprivacy.com
96 Mowat Ave
Toronto, ON M6K 3M1
CA
+1.4165385457
Registrar of Record: TUCOWS, INC.
Record last updated on 06-May-2013.
Record expires on 28-Jan-2014.
Record created on 28-Jan-2008.
Registrar Domain Name Help Center:
http://tucowsdomains.com
Domain servers in listed order:
NS1.ABOVE.COM
NS2.ABOVE.COM


Btw , i got it from Whoisxy.com
User avatar
Balthagor
Supreme Ruler
Posts: 22072
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Re: Virus affecting forums.

Post by Balthagor »

Is anyone else getting this?
Chris Latour
BattleGoat Studios
chris@battlegoat.com
GIJoe597
Board Admin
Posts: 2918
Joined: Sep 29 2008
Human: Yes
Contact:

Re: Virus affecting forums.

Post by GIJoe597 »

I think target was just responding to a 5 year old thread. I do not THINK he was getting the same as op back 5 years ago.
https://www.youtube.com/user/GIJoe597


Older/retired gamers, who do not tolerate foolishness.
http://steamcommunity.com/groups/USARG
Kellick
Captain
Posts: 107
Joined: Oct 16 2013
Human: Yes

Re: Virus affecting forums.

Post by Kellick »

LOL, yeah, assuming Tucows actually is your domain registrar everything looks like it should.
Post Reply

Return to “Message Board Technical Problems”