# Malware detected by Google Chrome today on the site



## zurn (Oct 21, 2009)

Problably a false positive but when I connected today I received this warning from my browser.


----------



## GuitarsCanada (Dec 30, 2005)

I am not getting anything personally but I will have our host check into it and see whats up


----------



## al3d (Oct 3, 2007)

it's not an actuall Virus...but it can cause harm to your wallet to visit GC to often..LOL



zurn said:


> Problably a false positive but when I connected today I received this warning from my browser.


----------



## Guest (Jul 22, 2010)

GC: Check to make sure it's not being delivered via one of the ad banners.


----------



## GuitarsCanada (Dec 30, 2005)

iaresee said:


> GC: Check to make sure it's not being delivered via one of the ad banners.


I thought about that but not sure how to do it


----------



## urko99 (Mar 30, 2009)

I just spent 6 hours at work yesterday trying to get rid of it and a few hours this morning. I had to call the IT guys that we use to get rid of it. It's a pretty persistant Trojan! The IT guys went to a site called "Trend" to do a system scan which took 16 hours to run to correct it. Pretty Nasty! FYI


----------



## GuitarsCanada (Dec 30, 2005)

urko99 said:


> I just spent 6 hours at work yesterday trying to get rid of it and a few hours this morning. I had to call the IT guys that we use to get rid of it. It's a pretty persistant Trojan! The IT guys went to a site called "Trend" to do a system scan which took 16 hours to run to correct it. Pretty Nasty! FYI


You mean on your work site or on GC?


----------



## urko99 (Mar 30, 2009)

On my work Computer, I picked up the trojan clicking on a video in one of the threads.


----------



## Guest (Jul 22, 2010)

FWIW I'm using Chrome on OS X and not getting any warnings about the site.


----------



## ne1roc (Mar 4, 2006)

I had the same thing pop up on Monday on this site. Kaspersky didn't let it through. It hasn't popped up since.


----------



## GuitarsCanada (Dec 30, 2005)

urko99 said:


> On my work Computer, I picked up the trojan clicking on a video in one of the threads.


You may have hit on the source then, it is buried in one of the links ie youtube or something


----------



## keeperofthegood (Apr 30, 2008)

That is very probable. I have seen people burnt by video embedded nastiness from several sites including some of the smaller but no less respected news sites (I didn't watch the vid, not available to us Canadians so I didn't make a not of what news service that was).

One site I am a member of got a virus, that then reprogrammed the "click here" kinds of buttons on its site to do what the button said but to also install the virus on members computers. They got that from one of the ad banners.


----------



## hollowbody (Jan 15, 2008)

I use chrome at home and at work to access the site and nothing has popped up for me. I use Avast and Norton as my evil-ridders.


----------



## aC2rs (Jul 9, 2007)

Problem continues to exist ...


----------



## keeperofthegood (Apr 30, 2008)

What URL specifically are you accessing?


----------



## cheezyridr (Jun 8, 2009)

i have picked up something twice as soon as i hit the forum page. my av caught it both times though


----------



## GuitarsCanada (Dec 30, 2005)

Interesting, I have not encountered it at all. Very bizarre, unless it is reacting to some kind of file


----------



## Sneaky (Feb 14, 2006)

I got something nasty at home too. And I didn't click on any you tubes or anything.


----------



## six-string (Oct 7, 2009)

okay i got this thing as soon as i went on the site today.
please get rid of it from your site.
McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: FakeAlert-DefCnt.a.dll (Trojan), FakeAlert-DefCnt.a.dll (Trojan)
Location: C:\Program Files\Defense Center\defext.dll


----------



## rhh7 (Mar 14, 2008)

My Kaspersky Internet Security intercepted 9 Trojans when I logged on this afternoon.


----------



## I_cant_play (Jun 26, 2006)

I do not think I got this from a link. The 2 times I got it I would first see a splash screen saying Java was being downloaded (or updated) and then it would come up. This was all automatic as soon as I load the board page from my favourites. However, I didn't get it this time so maybe it's gone.


----------



## I_cant_play (Jun 26, 2006)

Ship of fools said:


> And at least you know the jerk who made that wonderful bug also sells fix's for it at the same time, so for 49.99 he'll fix the problem he created. Me I am to stupid to pay that idiot and often pay some other guy to fix the problem to take out his program so you don't have to watch it pop up all of the time. Don't you guys just love these jerks.Ship


Actually buying the software _won't_ fix the problem. It's just a scam...


----------



## I_cant_play (Jun 26, 2006)

allthumbs56 said:


> My desktop went down yesterday morning. I'm using my Mac right now. The desktop has a nasty case of that Defense Center thing too and even starting in safe mode when I try to run anything, including task manager it ask me what program I wish to use to "open this file". I don't know when I got hit but I do remember one of the last things I did on that Machine was link to a youtube video of that Gibby Traditional that's for sale in the emporium.
> 
> Anyway, I'm not real good with this stuff but if I can't even run taskmgr in safe mode then I have the feeling I'm pooched.


Have you tried "msconfig" like I suggested? I think this is the best way to solve this. I had very bad luck using AV programs to fix this because the defense center disables them all. So I think safe mode is your best chance. I don't know why task manager wouldn't work in safe mode though. Look at my post above and try the MSCONFIG method. It worked for me a bunch of times.


----------



## allthumbs56 (Jul 24, 2006)

I_cant_play said:


> Have you tried "msconfig" like I suggested? I think this is the best way to solve this. I had very bad luck using AV programs to fix this because the defense center disables them all. So I think safe mode is your best chance. I don't know why task manager wouldn't work in safe mode though. Look at my post above and try the MSCONFIG method. It worked for me a bunch of times.


I am now back up and running. The only windows program that would run was the registration editor (and that was from DOS). Once into the registry we found several entries to delete including the one that disabled the task manager and command execution. We could then halt suspicious processes and find and delete Defense Center files. Then we downloaded Malwarebytes onto my Mac, loaded it on a stick and ran it directly from the stick on the PC. It found and fixed six infected objects.

Seem to be ok now although I don't know how it got past AVG in the first place. Guess I need to look in to some better security that will keep me protected .......................................... until the next time.


----------



## six-string (Oct 7, 2009)

well it seems i have one computer working for now.
i would like to make clear i don't think that anyone at GC or thier server is deliberately trying to spread a virus. i simply wanted to advise that it appears as if this site is where i picked up the bug. yes it is possible it came from some embedded link or someone's posted utube video or something like that. i did read something that said it could be attached to vulnerabiites in Adobe programs. 
i did read all i could find on the Defense Center malware lastnight. i have run the malwarebyes program and it appears to have cleared out the problem on my desktop computer. the malwarebytes program said it found 39 infected files including a bunch of registery keys. i have since also run a full update and detailed scan with McAfee and so far everything looks good.

my laptop i thought was cleared up but then i had a problem trying to boot up and then i couldn't boot into safe mode. i found a patch on McAfees site that i loaded onto a USB stick and then managed to get the laptop up into safe mode. it is still running the Malwarebytes scan and so far has found 7 infected objects.

i did find out that this Defense Center is clone of about a dozen other similar malware programs with different names but similar characteristics. yes they all send bogus popups claiming your system is infected and you should click on their banners to fix the problem. of course if you do even click to close the banner, it automatically executes their program without your knowledge or consent. of course it all so they can try to get you to buy their phony software, which does not exist anyway. it is all a scam. 
anyway, you can search this stuff on Google or CNET and find the appropriate steps to clean up your PCs.
if anything, i am mostly pissed at McAfee for not intercepting this in the first place. i pay their annual fee for full service anti-virus and internet protection. i have the system on automatic update and i run full scans on all computers at least 1 a week, often more than that. i will be speaking to their service people soon.
best of luck to everyone.

p.s. sorry for the typos. i'm a little tired and frustrated with this stuff. 
another beer or two and i should be fine. cheers!


----------



## I_cant_play (Jun 26, 2006)

No I know it's not deliberate either but I do think the site is still infected. I got the message twice again today. I'm also sure it's the site itself not a link. As soon as I click it in favourites and the page loads it comes up. Anyway, hope it gets fixed soon.


----------



## keeperofthegood (Apr 30, 2008)

AVG Online Virus Scanner | Scan Web Pages | AVG LinkScanner Drop Zone comes up clean on http://www.guitarscanada.com/forum.php and GuitarsCanada.com - The Front Page for me. Maybe the URLs are themselves corrupted or co-opted or the infection you had is still there and catching the most used URLs and co-opting them. My most frustrating virus was a JAVA one that would block and re-direct anything www.go.


----------



## keeperofthegood (Apr 30, 2008)

Hey I did come across this. If you guys are not on a Windows platform, it may be of interest to you GC guys:

iScanner - Remove website malwares, web pages viruses and malicious codes


----------



## dtsaudio (Apr 15, 2009)

AVG link scanner caught this to day "gosoft.in/x/js.php" Calling it an Exploit Javascript Obfuscation
This is the second time AVG has blocked something going to a GC webpage. The first time I thought it was a fluke and deleted it, so I don't know if it is the same thing.


----------



## keeperofthegood (Apr 30, 2008)

*Whois lookup for gosoft:*

Access to .IN WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
.IN registry database. The data in this record is provided by
.IN Registry for informational purposes only, and .IN does not
guarantee its accuracy. This service is intended only for query-based
access. You agree that you will use this data only for lawful purposes
and that, under no circumstances will you use this data to: (a) allow,
enable, or otherwise support the transmission by e-mail, telephone, or
facsimile of mass unsolicited, commercial advertising or solicitations
to entities other than the data recipient's own existing customers; or
(b) enable high volume, automated, electronic processes that send
queries or data to the systems of Registry Operator, a Registrar, or
Afilias except as reasonably necessary to register domain names or
modify existing registrations. All rights reserved. .IN reserves
the right to modify these terms at any time. By submitting this query,
you agree to abide by this policy.
*
Domain ID:*D4355513-AFIN
*Domain Name:*GOSOFT.IN
*Created On:*23-Jul-2010 18:45:10 UTC
*Last Updated On:*23-Jul-2010 19:02:21 UTC
*Expiration Date:*23-Jul-2011 18:45:10 UTC
*Sponsoring Registrar:*Directi Web Services Pvt. Ltd. (R118-AFIN)
*Status:*CLIENT TRANSFER PROHIBITED
*Status:*TRANSFER PROHIBITED
*Registrant ID:*DI_11955107
*Registrant Name:*Igor Ivano-Frankov
*Registrant Organization:*Nicaragua Inc.
*Registrant Street1:*ul. Vostochnaya, 16, str. 2, office 73
*Registrant Street2:*
*Registrant Street3:*
*Registrant City:*Moscow
Registrant State/Province:Moskovskaya oblast
*Registrant Postal Code:*110700
*Registrant Country:*RU
*Registrant Phone:*+7.9261234912
Registrant Phone Ext.:
*Registrant FAX:*
Registrant FAX Ext.:
*Registrant Email:*[email protected]
*Admin ID:*DI_11955107
*Admin Name:*Igor Ivano-Frankov
*Admin Organization:*Nicaragua Inc.
*Admin Street1:*ul. Vostochnaya, 16, str. 2, office 73
*Admin Street2:*
*Admin Street3:*
*Admin City:*Moscow
Admin State/Province:Moskovskaya oblast
*Admin Postal Code:*110700
*Admin Country:*RU
*Admin Phone:*+7.9261234912
Admin Phone Ext.:
*Admin FAX:*
Admin FAX Ext.:
*Admin Email:*[email protected]
*Tech ID:*DI_11955107
*Tech Name:*Igor Ivano-Frankov
*Tech Organization:*Nicaragua Inc.
*Tech Street1:*ul. Vostochnaya, 16, str. 2, office 73
*Tech Street2:*
*Tech Street3:*
*Tech City:*Moscow
Tech State/Province:Moskovskaya oblast
*Tech Postal Code:*110700
*Tech Country:*RU
*Tech Phone:*+7.9261234912
Tech Phone Ext.:
*Tech FAX:*
Tech FAX Ext.:
*Tech Email:*[email protected]
*Name Server:*MNS01.DOMAINCONTROL.COM
*Name Server:*MNS02.DOMAINCONTROL.COM
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*
*Name Server:*


----------



## keeperofthegood (Apr 30, 2008)

dtsaudio said:


> AVG link scanner caught this to day "gosoft.in/x/js.php" Calling it an Exploit Javascript Obfuscation
> This is the second time AVG has blocked something going to a GC webpage. The first time I thought it was a fluke and deleted it, so I don't know if it is the same thing.



When making that url downloadable, and downloading the js.php file, it come down as 0 bytes in size and is empty.


----------



## GuitarsCanada (Dec 30, 2005)

keeperofthegood said:


> Hey I did come across this. If you guys are not on a Windows platform, it may be of interest to you GC guys:
> 
> iScanner - Remove website malwares, web pages viruses and malicious codes


I will forward this along to Andrew, maybe he can use it. I am at a loss as to what to do a this point. I have scanned the site using several programs and they all come back showing it clean


----------



## keeperofthegood (Apr 30, 2008)

The ONLY other thing I can think of is "false positives". Maybe something in the facebook js links is setting off something in a few virus scanners. Wouldn't be the first time this has happened and would explain why only a few of the variety of scanners are putting up a fuss.

This is what comes up as facebook code on this page here:

```
http://static.ak.fbcdn.net/rsrc.php/z29JW/hash/a27w6e83.js
http://static.ak.fbcdn.net/rsrc.php/z47SK/hash/bb353uo3.js
http://static.ak.fbcdn.net/rsrc.php/z58V3/hash/88ey9nfj.js
http://static.ak.fbcdn.net/rsrc.php/z731Q/hash/5q1hyil2.png
http://static.ak.fbcdn.net/rsrc.php/z86SM/hash/191wiexm.png
http://static.ak.fbcdn.net/rsrc.php/zC345/hash/62qzelbf.js
http://static.ak.fbcdn.net/rsrc.php/zEN2R/hash/8cg0jfwx.css
http://static.ak.fbcdn.net/rsrc.php/zZGCO/hash/7f8m1afs.css
[URL="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.guitarscanada.com%2Fshowthread.php%3Ft%3D35236&layout=standard&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=27"]Facebook
```


----------



## GuitarsCanada (Dec 30, 2005)

That is very possible as well, I have shut off the Facebook interface, other than the direct links for posting to your facebook page. Those are the ones located at the bottom of the threads, with Twitter. But I shut off the interface and lets see if that clears things up


----------



## keeperofthegood (Apr 30, 2008)

Then again....

My computer just shut off. All dark. When it powered up again, I had a pop up that my configuration had changed. Now, I have made changes but that was a few weeks ago and I have had several power up/down cycles since then. Hmm.... virus scan time.


----------



## GuitarsCanada (Dec 30, 2005)

keeperofthegood said:


> Then again....
> 
> My computer just shut off. All dark. When it powered up again, I had a pop up that my configuration had changed. Now, I have made changes but that was a few weeks ago and I have had several power up/down cycles since then. Hmm.... virus scan time.


Its an odd situation to be sure. I am on the site off and on 10 plus hours a day and I have never had an instance of anything, no pop-ups no warnings and no viruses. I run Avast on this machine and use several browsers with no issues. I did get one warning using the computer over at the store. AVG on that machine. Just the one time and never happened again. So I am lost as to what may be causing some of the members this issue


----------



## puckhead (Sep 8, 2008)

AVG just stopped this for me at the home page, to add to the info flying around
(sorry for the redundant PM boss, didn't see the thread)

URL: ssldns.in/x/js.php
Name: JavaScript Obfuscation (type 1512)


----------



## keeperofthegood (Apr 30, 2008)

Hmm again a page that is "empty" or otherwise non-existent. I would like to see a different program that AVG catch and warn on this. The AVG forum has some hinting information though. There have been issues of false positives with this message in the history of AVG, and there have been real positives but the reason for the hit/miss with people getting the message is because the infected file was a rotating ad and it is just 'luck of the draw' for when a person visits AND the ad is up.

Virus scanning with AVAST! and nothing at all is found on my computer


----------



## GuitarsCanada (Dec 30, 2005)

puckhead said:


> AVG just stopped this for me at the home page, to add to the info flying around
> (sorry for the redundant PM boss, didn't see the thread)
> 
> URL: ssldns.in/x/js.php
> Name: JavaScript Obfuscation (type 1512)


I did a little bit of research on this javascript thing. Apparently AVG in particular can go off on older java script if it reads any. We do have java script on the site. That facebook interface uses it as well as many other applications. I deleted and updated some code today so lets see what that does. One thing I have concluded is that it is not malware and there are no viruses being spread from here. Those that picked up a malicious piece of code had to have gotten it elsewhere. The site itself is clean, but certain AV programs are going off on some code.


----------



## fraser (Feb 24, 2007)

ive been on and off the site a number of times since this thread started, and have seen nothing- no problems at all.
firefox here, using avira and spybot, with a malwarebytes sweep daily.


----------



## Rumble_b (Feb 14, 2006)

AVG just blocked something on this site for me too. Didn't want to let me use the site at all. Using IE.


----------



## zontar (Oct 25, 2007)

No problems here.
Not sure why or why not...


----------



## keeperofthegood (Apr 30, 2008)

Yup

You know why I don't use AVG?

When I had win 3.11 I had a virus (thank you Yahoo chat client software). I got AVG to get rid of it. It buzzed about, found OMG infected files, did its cleaning and I stayed infected.

I threw out that hard drive.

I got then win 95, and of course picked up a virus again (what can I say, I like to download software and programs that IS what a computer is made to run). So, AVG again, not realizing "yet" the issues and OMG it found things... the same things it had found on win 3.11 but I didn't quite notice that at this point in time, however, 4 months later when I went to win 98 and did AVG AGAIN IT FOUND THE SAME FILES AS INFECTED but at this point I am both more savvy and it was soon enough between that I knew it instantly. Meh, I went with AVG for a bit, had it a month or so when it decided my system directory was infected with viruses. It deleted all my dll files for me :B

This time, I had reinstall disks and got my system back and from a clean fresh formatted install and my suspicions HIGH I installed and ran AVG as the first thing I did. No surprise, my computer was infected again with the same files. Only this time, I noted them. I killed AVG and went looking. Only AVG found them, I didn't.

A few years later, I have win xp. A friend of mine :blahblah: AVG this and AVG that and "oh it is much improved now...." so, on the lark, I gave it a whirl on my xp and yup if you guess that again it found the same files, you would be right. They didn't exist, don't exist, never ever did exist. They are carrots to make you feel good you got their product. I told my very surprised friend about it, having had AVG for 15 mins on my compy I had had it long enough, I then scrubbed it off my system.

So, if you can find a program OTHER than AVG to give you issues, then maybe I would be more willing to feel there may be something slipping in the doors of GC but at this point in time it simply sounds to me like more of the same same from AVG and the boojums it sees everywhere.

NOTE: I don't consider Norton or McAfee to be anti-viral programs, they are 99% bloated ad-ware system killers. They succeed less in catching virus infections than women's spray perfume does in masking feminine odor.

NOTE 2: I have still not read anything on google about the #######.in Java or other issues. USUALLY when such events occur there is a marked increase in internet chatter about them. On this, the net is very silent.


----------



## Budda (May 29, 2007)

Today I got a message from AVG about a Java thing, I'm using firefox.


----------



## GuitarsCanada (Dec 30, 2005)

Downloaded yet another website checker, all green from this one too. McAfee SiteAdvisor Software 

All of the website scanners I have used have all come back OK. None of them are picking up any malware or issues of any kind. Those that are using AVG I recommend making sure you have the latest version and also consider getting rid of it. I used to use it until someone on here suggested Avast. Been using that for a while now and it has been great.


----------



## Budda (May 29, 2007)

My roommate told me about Avast, I'll make that switch at some point.


----------



## ne1roc (Mar 4, 2006)

I am using Firefox and Kaspersky. Everytime I load the GC Front Page, java script opens up and Kaspersky is detecting something different. This morning it detected a phishing URL. 
Kaspersky has detected but not necessarily deleted the problem. Looks like I'm infected.
I'm not a computer guy so I'm not sure how to get rid of this stuff?


----------



## shoretyus (Jan 6, 2007)

I am using Avira and have been detecting a java problem too.... Not sure if I am infected or not.... I am also using Comodo firewall and I blocked the last attempt to download the fake Java thing....


----------



## keeperofthegood (Apr 30, 2008)

ne1roc said:


> I am using Firefox and Kaspersky. Everytime I load the GC Front Page, java script opens up and Kaspersky is detecting something different. This morning it detected a phishing URL.
> Kaspersky has detected but not necessarily deleted the problem. Looks like I'm infected.
> I'm not a computer guy so I'm not sure how to get rid of this stuff?





shoretyus said:


> I am using Avira and have been detecting a java problem too.... Not sure if I am infected or not.... I am also using Comodo firewall and I blocked the last attempt to download the fake Java thing....


You guys should both run GMER - Rootkit Detector and Remover just download it to the desktop and run it and walk away till it is done. Better yet, go to bed and let it run (yes, can take that long). I find it hangs my mouse, but if I unplug my mouse and plug it back in I can at least save the log of what it finds. If you guys are interested in what I did just a couple months ago to delete a couple bad reg keys, and all the programs I ran to do so, have a read/look at this Help with undeletable registry key/malware? - Cyber Tech Help Support Forums


----------



## ne1roc (Mar 4, 2006)

keeperofthegood said:


> You guys should both run GMER - Rootkit Detector and Remover just download it to the desktop and run it and walk away till it is done. Better yet, go to bed and let it run (yes, can take that long). I find it hangs my mouse, but if I unplug my mouse and plug it back in I can at least save the log of what it finds. If you guys are interested in what I did just a couple months ago to delete a couple bad reg keys, and all the programs I ran to do so, have a read/look at this Help with undeletable registry key/malware? - Cyber Tech Help Support Forums


Thanks man!


----------



## GuitarsCanada (Dec 30, 2005)

I have gone through every piece of script on that GC Main Page and cannot find anything that does not "appear" to belong there. I remember getting a java update popup a while back, I went directly to Oracle and downloaded the latest version and never got the popup again. Whether that was some kind of phishing scheme I dont know. But I have scanned my machine many times and it is clean as far as I can tell. If someone comes up with something try to copy and paste the messages or popups you are getting, that may help to try and track down anything. Although I keep getting an all clear on all the website scanners I can find.


----------



## Guest (Jul 26, 2010)

All smells like an ad-injected problem. It's not happening consistently for anyone, correct? Where are you getting your ads from? Google? Can you turn them off and have people try reloading pages a few dozen times to see if it clears the issue?

Well balls. After posting this I hit the back button and I GOT THE WARNING from Chrome! I closed the tab and did a new 'New Posts' search and no warning. Ads. For sure. It's coming in through your banners. I'd bet good money on that.

Here's the warning. grabbed a quick screen cap for you:

http://dl.dropbox.com/u/870088/pictures/Screen%20shot%202010-07-26%20at%209.19.00%20AM.png

My search ID is in the URL if that helps track down the exact code that was sent to my browser. I tried to view HTML but, obviously, Chrome rejected my request to do that.

Edit: for those of you using Chrome you can add spotpc.in to your blocked images and JavaScript providers list. That'll stop anything malicious from that domain from trying to load on your machine.

Edit: if you don't want to fiddle with Chrome settings at the level you can use a plugin. Here are some good ones to choose from: http://www.techyard.net/chrome-extensions-to-block-ads-images-flash-in-chrome-browser/


----------



## shoretyus (Jan 6, 2007)

keeperofthegood said:


> You guys should both run GMER - Rootkit Detector and Remover just download it to the desktop and run it and walk away till it is done. Better yet, go to bed and let it run (yes, can take that long). I find it hangs my mouse, but if I unplug my mouse and plug it back in I can at least save the log of what it finds. If you guys are interested in what I did just a couple months ago to delete a couple bad reg keys, and all the programs I ran to do so, have a read/look at this Help with undeletable registry key/malware? - Cyber Tech Help Support Forums


I did that and didn't find anything. Avira seems to be quarentining it ....


----------



## GuitarsCanada (Dec 30, 2005)

iaresee said:


> All smells like an ad-injected problem. It's not happening consistently for anyone, correct? Where are you getting your ads from? Google? Can you turn them off and have people try reloading pages a few dozen times to see if it clears the issue?
> 
> Well balls. After posting this I hit the back button and I GOT THE WARNING from Chrome! I closed the tab and did a new 'New Posts' search and no warning. Ads. For sure. It's coming in through your banners. I'd bet good money on that.
> 
> ...


Yes, the ads up top are either google or an ad that was paid for by a direct advertisier. Those of course, you would think would be fine because they are direct links to the advertisers page and I check all those sites out. But the google ads are served to the site via google and you really never know what will pop up. However, the google ads are served up on all pages of the forum and we seem to have the most instances of this coming from the GC Main page for some reason. I am going to take down the google ads for now and lets see what happens.


----------



## Guest (Jul 26, 2010)

GuitarsCanada said:


> Yes, the ads up top are either google or an ad that was paid for by a direct advertisier. Those of course, you would think would be fine because they are direct links to the advertisers page and I check all those sites out. But the google ads are served to the site via google and you really never know what will pop up. However, the google ads are served up on all pages of the forum and we seem to have the most instances of this coming from the GC Main page for some reason. I am going to take down the google ads for now and lets see what happens.


FWIW: I never visit the main page. I always enter the site through a new posts search. Specifically: http://www.guitarscanada.com/search.php?do=getnew


----------



## hollowbody (Jan 15, 2008)

iaresee said:


> FWIW: I never visit the main page. I always enter the site through a new posts search. Specifically: http://www.guitarscanada.com/search.php?do=getnew


Same here, which might explain why I've never seen this warning.


----------



## GuitarsCanada (Dec 30, 2005)

iaresee said:


> FWIW: I never visit the main page. I always enter the site through a new posts search. Specifically: http://www.guitarscanada.com/search.php?do=getnew


So you got the warning on another page other than the GC Main Page. It would be intersting if we could have noted if the pop up warning came when it was serving a google ad. People probably dont notive what is up there but if they all came with a google ad, that would narrow it down pretty quick. I have turned them off so lets see if that was the cause.

Another thing to remember and one that may answer why some people get it and some dont is that the google ads are served up many times via the geographical area that you live in. So I may be seeing one ad when you are seeing another, based on our locations. One may contain shit the other not


----------



## Guest (Jul 26, 2010)

GuitarsCanada said:


> So you got the warning on another page other than the GC Main Page. It would be intersting if we could have noted if the pop up warning came when it was serving a google ad. People probably dont notive what is up there but if they all came with a google ad, that would narrow it down pretty quick. I have turned them off so lets see if that was the cause.


No pop up warning was issued for me.



> Another thing to remember and one that may answer why some people get it and some dont is that the google ads are served up many times via the geographical area that you live in. So I may be seeing one ad when you are seeing another, based on our locations. One may contain shit the other not


Yup. This is exactly what I think is happening. No two people are seeing the same ad at the same time. Google's ad system is getting gamed.


----------



## keeperofthegood (Apr 30, 2008)

shoretyus said:


> I did that and didn't find anything. Avira seems to be quarentining it ....


That is to be expected actually. Scanners are by definition portalling on your system, and AV programs ping on such programs. The difference being this is a trusted program but simply telling the AV that is not 100% so the usual recommendation is to turn off the AV and Firewalls when you run gmer (or any similar scanning program, there are half a dozen ones out there as I found when I was working to get rid of those reg keys left over from a FLASH decompiler that was infected). For me, AVAST! is usually pretty cool with what I run when I run it so the admonition of temporarily turning off system protections when you run the system scan tends to slip my mind, my apologies for that 

Ian, can you track the js links? I would like to know if any AV sites are tracking _*.IN*_ domain threats, google search comes up empty.


----------



## GuitarsCanada (Dec 30, 2005)

I tried to google some of these "threats" that are being picked up and can never find anything on them. Usually you get all kinds of hits on new threats etc. But none of these seem to be out there.


----------



## six-string (Oct 7, 2009)

hey folks- well the desktop is still fine. i did do some updates on all the software and yes i even downloaded the McAfee site advisor and all seems good.
my laptop is still seriously messed up though. 
i was too busy yesterday to look at it, but i got it into Safe mode this morning and it is now running the GMER rootkit software (thanks KOFG for the tip). i loaded it onto a stick and am running it in the laptop now. it has already found a bunch of stuff.
hopefully i can get it removed.
i did have an interesting, if difficult conversation with a phone agent at McAfee.
he would not tell me where he was located, but definitely offshore somewhere.
they were willing to do an internet intervention diagnostic of my computer for about $89.
i thought i would try a few more things before commiting to spend money to scrape this crap off my harddrive. i will let you know how it goes.


----------



## GuitarsCanada (Dec 30, 2005)

OK, how are we doing folks? All google is off the pages, are we seeing any warnings now?


----------



## Guest (Jul 26, 2010)

GuitarsCanada said:


> OK, how are we doing folks? All google is off the pages, are we seeing any warnings now?


Unfortunately I've only ever encountered it that one time so my input is likely useless. Just reporting in so you have some feedback on your question.


----------



## greco (Jul 15, 2007)

iaresee said:


> Unfortunately I've only ever encountered it that one time so my input is likely useless. Just reporting in so you have some feedback on your question.


Same here, only once and that was a few days ago.

cheers

Dave


----------



## ne1roc (Mar 4, 2006)

I am lo longer getting warnings but I updated Java and Firefox a few minutes ago, which may have been my problem?
How long has that Amazon Images ad been up on the upper right hand corner? I think that is what was causing the issues with the Java and my browser?


----------



## keeperofthegood (Apr 30, 2008)

Me thinks if it IS a rotating ad, you will need to give it 72 hours watch time.


----------



## GuitarsCanada (Dec 30, 2005)

ne1roc said:


> I am lo longer getting warnings but I updated Java and Firefox a few minutes ago, which may have been my problem?
> How long has that Amazon Images ad been up on the upper right hand corner? I think that is what was causing the issues with the Java and my browser?


The DVD one has been up for a week or so now, but that is 100% flash, no java script at all in it


----------



## GuitarsCanada (Dec 30, 2005)

keeperofthegood said:


> Me thinks if it IS a rotating ad, you will need to give it 72 hours watch time.


Keep me posted, it might a process of elimination here


----------



## ne1roc (Mar 4, 2006)

keeperofthegood said:


> Me thinks if it IS a rotating ad, you will need to give it 72 hours watch time.


Interesting! Looking at my Kaspersky report dates these are the days this site affected me;
July 19
July 23
July 26


----------



## shoretyus (Jan 6, 2007)

Nothing after about 4 login's from the main page .. ps ...thanks for the sleuthing


----------



## I_cant_play (Jun 26, 2006)

I'm still getting it. Today I did a full scan of my machine and found 2 viruses one of which was a rootkit (as far as I know the most dangerous type of virus) which downloads other viruses. After it was cleaned (at least Microsoft Security Essentials claims it was) I visited the site again to see if it would happen again and the Java thing and the warning came up again. Then I tried it with Firefox instead of Explorer and it didn't happen. Maybe it's exploiting some kind of explorer vulnerability.

Cheers


----------



## GuitarsCanada (Dec 30, 2005)

I_cant_play said:


> I'm still getting it. Today I did a full scan of my machine and found 2 viruses one of which was a rootkit (as far as I know the most dangerous type of virus) which downloads other viruses. After it was cleaned (at least Microsoft Security Essentials claims it was) I visited the site again to see if it would happen again and the Java thing and the warning came up again. Then I tried it with Firefox instead of Explorer and it didn't happen. Maybe it's exploiting some kind of explorer vulnerability.
> 
> Cheers


So I guess its safe to eliminate google as a source


----------



## GuitarsCanada (Dec 30, 2005)

Mcafee is offering several free scanners. A few Stingers whisch are good. McAfee Threat Center


----------



## keeperofthegood (Apr 30, 2008)

I still would leave google off the site till Friday AM. Once people, with clean computers, have had a few days to see if they are getting pings or not would be best. I would suggest that by Friday AM if there are more pings from clean systems the next would be to take the facebook off and see if there is something conflicting with that.


----------



## GuitarsCanada (Dec 30, 2005)

keeperofthegood said:


> I still would leave google off the site till Friday AM. Once people, with clean computers, have had a few days to see if they are getting pings or not would be best. I would suggest that by Friday AM if there are more pings from clean systems the next would be to take the facebook off and see if there is something conflicting with that.


Will do, have to get down to teh bottom of this


----------



## dtsaudio (Apr 15, 2009)

> Maybe it's exploiting some kind of explorer vulnerability.


I'm using Firefox, and it just happened again. Different file this time though.
I have run scans and there is nothing on my computer as AVG is catching them.


----------



## keeperofthegood (Apr 30, 2008)

GuitarsCanada said:


> Will do, have to get down to teh bottom of this





dtsaudio said:


> I'm using Firefox, and it just happened again. Different file this time though.
> I have run scans and there is nothing on my computer as AVG is catching them.


HAHA at this rate Friday AM will be moot.


----------



## six-string (Oct 7, 2009)

okay maybe another piece of the puzzle.
i found something called C:WINDOWS\merdll.dll with a scan. i removed it and it seems to have cleared something up.
i just did a google search and this is what it says:
System32Root]\mer.dll which is apparently some sort of rootkit that attaches itself to IE pages-it is considered a threat.
something to look for anyway... i'm still scanning the laptop now with malwarebytes but it has not found anything else yet.

i also just got a JAVA VIRTUAL MACHINE popup when i came to this page.
now it says in the box, "unable to access jarfile \\flashmobile.in\puvlic\java.jar" 
not sure what the hell that means but i've neverseen that one before.


----------



## GuitarsCanada (Dec 30, 2005)

six-string said:


> okay maybe another piece of the puzzle.
> i found something called C:WINDOWS\merdll.dll with a scan. i removed it and it seems to have cleared something up.
> i just did a google search and this is what it says:
> System32Root]\mer.dll which is apparently some sort of rootkit that attaches itself to IE pages-it is considered a threat.
> ...


That one appears to be looking for a java update. If you need to do that go direct to Java and update there java.com: Java + You


----------



## I_cant_play (Jun 26, 2006)

I'm no computer whiz here but I think that a rootkit is the source of the problem. The reason is that every time I get the virus it seems to be a different one. A lot of us have had a lot of different kinds of viruses. The rootkit that MS Security Essentials found on my computer apparently downloads other malware, causes popups, affects google search results etc. This would explain the fact that I've had quite a few different viruses lately.

Cheers and good luck guys


----------



## GuitarsCanada (Dec 30, 2005)

I_cant_play said:


> I'm no computer whiz here but I think that a rootkit is the source of the problem. The reason is that every time I get the virus it seems to be a different one. A lot of us have had a lot of different kinds of viruses. The rootkit that MS Security Essentials found on my computer apparently downloads other malware, causes popups, affects google search results etc. This would explain the fact that I've had quite a few different viruses lately.
> 
> Cheers and good luck guys


Question is, if in fact it is a rootkit, where the hell is it? Thats what we need to know. I cannot find anything within the site that is out of normal. I am the only person with access to the files up on the server, other than the host.


----------



## shoretyus (Jan 6, 2007)

I just got this again .. after I installed the latest Java .. and I blocked it 

Virus or unwanted program 'EXP/Pdfka.aog.1465 [exploit]'
detected in file 'C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6ye91jl.default\Cache\BAD0E081d01.
Action performed: Allow access


----------



## GuitarsCanada (Dec 30, 2005)

shoretyus said:


> I just got this again .. after I installed the latest Java .. and I blocked it
> 
> Virus or unwanted program 'EXP/Pdfka.aog.1465 [exploit]'
> detected in file 'C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\z6ye91jl.default\Cache\BAD0E081d01.
> Action performed: Allow access


When it says "detected in" that is pointing to your c drive not to anything on the site. Am I missing something there?


----------



## shoretyus (Jan 6, 2007)

That pops up when I open this site


----------



## GuitarsCanada (Dec 30, 2005)

shoretyus said:


> That pops up when I open this site


And this is happening consistently?


----------



## keeperofthegood (Apr 30, 2008)

It is on your computer. It appears to be a PDF file exploit. Malware with virusname: EXP/Pdfka.aog.1465 - Clean MX - realtime tracked here. Have a further look/read here Info about Exploit.JS.Pdfka.amp

When you have something on your compy, and you visit some sites that are java enabled, and it wants to use java to communicate, and it wants its own broken versions of java, it will wake up and try to fool you into using the corrupted java or simply try to download a corrupted version in order to do the 'exploiting'. This is what I think you are experiencing.

I would look to joining a tech forum, and going through some additional levels of cleaning, including hijackthis and eset.


----------



## six-string (Oct 7, 2009)

so after a considerable fight, the Defense Center has been removed. now i am dealing with another item called Security Tool. this is a similar but more insidious malware. this Security Tool shuts down all access to your desktop. no icons no nothing. and even in safe mode it is difficult. i went into the msconfig after booting in safe mode and shut off a bunch of start stuff that i could not tell what it was. i'm no computer geek so it is all just trial and error and whatever i can read on google. good thing i have at least one working computer or i would be screwed. 
i have downloaded and run the RKill program to shut down the Security Tool from running and now running Malwarebytes again to try and remove the bloody thing. the McAfee update said it removed 2 trojans but apparently missed this. i swear if i ever run into someone who programs this sort of crap i will beat him to a pulp. 
other than that....wasn't it a lovely day?


----------



## Rumble_b (Feb 14, 2006)

My work comp got nailed with the Security tool virus. It's pretty bad, haven't got rid of it yet. I emailed my I.T. guy, he can deal with it tomorrow.


----------



## Guest (Jul 27, 2010)

shoretyus said:


> That pops up when I open this site


Clear your browser cache.


----------



## Guest (Jul 27, 2010)

Just like to note I'm on OS X. Was when I got the warning earlier today.

GC: are you loading third party JavaScript libraries as part of the site? I'd check for myself but I'm on my phone now, not my MacBook. I'd check to make sure it's not coming in as payload from a third party library.


----------



## shoretyus (Jan 6, 2007)

iaresee said:


> Clear your browser cache.


It clears everytime it closes.


----------



## keeperofthegood (Apr 30, 2008)

There may be some movement towards a fix on this.


I found this just now, it is 2 years old, but it reads like a current event here Solution to <IFRAME> and JAVA SCRIPT HACK


----------



## GuitarsCanada (Dec 30, 2005)

keeperofthegood said:


> There may be some movement towards a fix on this.
> 
> 
> I found this just now, it is 2 years old, but it reads like a current event here Solution to <IFRAME> and JAVA SCRIPT HACK


The issue appears to be connected to teh CMS GC Front Page. I have shut that off for now while we investigate further. If someone sees something on the forum pages let me know.


----------



## allthumbs56 (Jul 24, 2006)

six-string said:


> i swear if i ever run into someone who programs this sort of crap i will beat him to a pulp.
> other than that....wasn't it a lovely day?


My house has been broken into a couple times. This malware/virus crap leaves me feeling a lot like that. Except it's usually an unsophisticated thug that breaks your door down. It takes an extremely talented genius to program something like that Defense Center - I wonder what gets bent in their heads to make them waste their talents like this................................ of course if I were cynical I might suggest that they are on the payroll at McCaffe or Norton......


----------



## Jeff Flowerday (Jan 23, 2006)

allthumbs56 said:


> My house has been broken into a couple times. This malware/virus crap leaves me feeling a lot like that. Except it's usually an unsophisticated thug that breaks your door down. It takes an extremely talented genius to program something like that Defense Center - I wonder what gets bent in their heads to make them waste their talents like this................................ of course if I were cynical I might suggest that they are on the payroll at McCaffe or Norton......


They got tired of cheese doodles and porn I guess.


----------



## bagpipe (Sep 19, 2006)

You can get tired of those ?



Jeff Flowerday said:


> They got tired of cheese doodles and porn I guess.


----------



## Brennan (Apr 9, 2008)

allthumbs56 said:


> My house has been broken into a couple times. This malware/virus crap leaves me feeling a lot like that. Except it's usually an unsophisticated thug that breaks your door down. It takes an extremely talented genius to program something like that Defense Center - I wonder what gets bent in their heads to make them waste their talents like this................................ of course if I were cynical I might suggest that they are on the payroll at McCaffe or Norton......


Most of them are paid very well by internet advertisement agencies to do it.


----------



## GuitarsCanada (Dec 30, 2005)

How are we doing since the CMS main page (GC Front Page) has been turned off? Any problems?


----------



## GuitarsCanada (Dec 30, 2005)

OK, found a piece of nasty code that got attached to an element of the forum. It has been deleted. I have added back the forum homepage. Please let me know if you have any other issues. I apologize for the trouble this has caused some of you. We will be taking every step we can to make sure it never happens again.


----------



## shoretyus (Jan 6, 2007)

GuitarsCanada said:


> OK, We will be taking every step we can to make sure it never happens again.


Well it is porn we are surfing ... and when ya surf porn ya have to expect this stuff..........

Merci


----------



## six-string (Oct 7, 2009)

thank you for your efforts. and for being able to confirm what some of us suspected. 

i am still scanning and not quite certain if my laptop is clean yet. 
i have run 2 full scans with Macafee today and 1 with Malwarebytes and all came up clean. but i am still running with my msconfig file altered so that nothing loads on startup. i also temporarily have disabled the Windows System Restore function as recommended by MacAfee and am now running their Stinger program to see what that might come up with. their Stinger program does claim it can remove both the Defense Center and System Tool malware programs. 
so far i am back on the laptop and i can access the internet but i am still nervous and not sure if all the malware is gone yet. 
i'll keep you guys notified if things change. best of luck to everyone.



GuitarsCanada said:


> OK, found a piece of nasty code that got attached to an element of the forum. It has been deleted. I have added back the forum homepage. Please let me know if you have any other issues. I apologize for the trouble this has caused some of you. We will be taking every step we can to make sure it never happens again.


----------



## GuitarsCanada (Dec 30, 2005)

I am still working with our providers to see if we can determine if there was a breach of some kind. I found that code with the help of a bunch of people at vBulletin that are familiar with the code and hiding spots that are used and methods. Right now we have no idea how the code got there. I have doubled security on my machine which has access via ftp to the forums files. I have asked our providers to make every effort to find out what happened and how. I did not find any funny stuff on my machine and scanned it with every available program I could find. 

At this time it may be prudent for users to change their passwords as we have no way of knowing how deep this security breach was. If I find out for sure that accounts were tampered with I will report that to everyone. At this time I simply do not know. Gaining access to someones account on here is not a major breach. There is no sensitive data being stored in the accounts outside of email addresses. However it is always a good idea to keep different passwords for different systems. ie dont use the same password here, or any forum, that you use for your banking or paypal as examples.


----------



## Guest (Jul 29, 2010)

I can't say enough good things about LastPass: LastPass - Password Manager, Form Filler, Password Management -- it'll generate strong, random passwords for you. And your Last Pass data is encrypted, viewable only by you.

Excellent browser add-on.


----------



## GuitarsCanada (Dec 30, 2005)

It is certainly a sad state of affairs when a bunch of people cant shoot the shit about guitars and amps without being hacked and bothered by assholes that surf the web getting their jollies from this kind of thing. I would like to get my hands on them just for a few minutes


----------



## keeperofthegood (Apr 30, 2008)

Unfortunately it is becoming less a pimply kid issue and far more an organized crime issue. In the last 6 months or so, several "corporations" have been shut down, where college kids are paid to write computer code that becomes the next generation of viruses et al. There is a Russian story from last September where hackers were paid 43 cents per mac infected and that is not a stand alone story. Yes, there are still some babes in arms hackers out there, but more and more it is the domain of wiseguys.


----------



## torndownunit (May 14, 2006)

Ok, I just need a summary because I am not very technically inclined when it comes to PC's (mac user). There is a PC in the house I do view the site on occasionally though.

- The issue was coming from the GC Front Page?
- If a machined was infected, I am taking it from these posts that the symptoms would be pretty obvious?


----------



## keeperofthegood (Apr 30, 2008)

Not necessarily.

If you are running a good AV you are probably pretty much ok. The code was attached to one ad that was not always present on login. The direction the code would send your computer was being taken down and out pretty fast, so while people were getting "exploit" notices, the place where those exploits would have happened were disappearing just as fast.

The best defense is a good offense. Cliche I know, but true. There really should be an Admin Sticky with this for all users and maybe we can post up enough Scott can put a good posting up in Admin Announcements. What I do not have is MAC software, and yes the MAC does need protection now too. Read this Earn 43 cents every time you infect a Mac | Graham Cluley's blog  and apparently Google Chrome is a "hot" browser for exploits and hacks at this time too Malware writers begin to target Google's Chrome browser



 *General Cleaning and Upkeep*
CCleaner - Optimization and Cleaning - Free Download Ccleaner, good general purpose temp file erasing program. I run mine every week or so.
Eusing Free Registry Cleaner: Safely scan and repair registry problems - Spyware FREE. This is registry specific and does do a snazzy job of a deep cleaning, I run this once a month
Eusing Free Registry Defrag: Compact the registry and speed up computer - Spyware FREE. This I have only needed to run once, and it did do a great job at sorting the registry
|MG| Malwarebytes Anti-Malware 1.46 Download This can be dangerous because some malware will disable things that are not reenabled when you remove them, BUT it also can get to a lot of ickies that can hide on your computer. **Turn off all anti-virus and firewall software, including Windows build in software before running**
GMER - Rootkit Detector and Remover gmer, once Malwarebytes has done it's job, to see if anything is still hiding you go next to this program. When you run this, do not use or touch your computer, for me my mouse hangs, I unplug the mouse, plug it back in, and save the log then reboot my computer when I use this. **Turn off all anti-virus and firewall software, including Windows build in software before running**

Now, Malwarebytes is pretty tame, has its risks. For me, when it found three ickies and fixed those, my computer had to have a restore otherwise it would bsod on power up. But that risk is pretty minimal and it is pretty n00b safe to use and run.

Gmer is not n00b safe. If you feel you are a n00b with computers, and you run gmer and it finds things, then join a good tech forum. I have used Cyber Tech Help Support Forums on a few occasions with good results, and there are others like this one out there (if you know one post one ) and they will help walk you through what to do to fix you up. WORD TO THE WISE, this forum and all like it will NOT deal with you if you have any P2P software on your computer. They feel that it is unacceptable grey market and a portal to so many infections that any fixing they do is like patching a rusty bucket. Tech forums can be retentive, so go slow, read their rules, be polite and do as they say and by the end of the day your computer will be back in the game 


*Keeping yourself to yourself*
MRU-Blaster™ Why let a hacker know what you like to do?
Systenance Software - Index.dat Analyzer "only Microsoft knows why..." is a very good reason to keep them cleaned out.
Eraser I once picked up a computer from the side of the road, and on it was a persons 5 years worth of income tax files. Why? Erase it, and know it is gone forever.
 
*Anti-Virus Program List*
HouseCall - Free Online Virus Scan - Trend Micro USA Online scan, can crash easy, can take HOURS to run too, but it also does a fair job at catching nasties
avast! - Download Free Antivirus Software or Internet Security AVAST! has become a leader in anti viral software, often catching things before they become public knowledge.
 
*BROWSERS - Always maintain your updates! And addon suggestions.*
Firefox web browser | Faster, more secure, & customizable

Recommended addons:
NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction I also recommend using the latest version of Firefox with an add-on called NoScript. NoScript actually caught and stopped this exploit when I logged into GC last week. It basically blocks ALL Java scripts until you tell it to "allow". Once you allow a script you can always go back and block it as well.
MR Technical Solutions (Mel Reyes) - Custom Programming and Integration Services!! For Firefox, this is a great portal on all the bits and bobs that make your fox run
Web Developer Often an issue may occur, and you need to find out where/why. This will allow you to do things like disable all image, or jave etc on a page
Adblock Plus: Save your time and traffic This will simply stop that what carries bad code.
 
Google Chrome - Get a fast new browser. For PC, Mac, and Linux
Internet Explorer 8 Windows 7 Security Features Malware Privacy
Opera browser | Faster & safer internet | Free download
Apple - Safari - Browse the web in smarter, more powerful ways.





I do not know add ons for the remaining browser, Please post your recommendations (and a WHY blurb too) and I will add them into the list.


----------



## Big_Daddy (Apr 2, 2009)

keeperofthegood said:


> Not necessarily.
> 
> If you are running a good AV you are probably pretty much ok. The code was attached to one ad that was not always present on login. The direction the code would send your computer was being taken down and out pretty fast, so while people were getting "exploit" notices, the place where those exploits would have happened were disappearing just as fast.
> 
> ...


All good advice! I also recommend using the latest version of Firefox with an add-on called NoScript. NoScript actually caught and stopped this exploit when I logged into GC last week. It basically blocks ALL Java scripts until you tell it to "allow". Once you allow a script you can always go back and un-block it as well. It means more user involvement but I think that is a good thing in these risky times. I support a network of over 800 users and we have been hard pressed to keep up with the number of exploits that are coming out daily, even with enterprise-level security.

EDIT: We use Spybot-Search & Destroy as well as Malwarebytes at work. One anti-spyware/malware program never seems to be enough. Spybot has an Immunize feature that pro-actively blocks known exploits. The only catch is you have to keep it up to date (like any of these programs) and re-immunize regularly.


----------



## keeperofthegood (Apr 30, 2008)

link both! I am back editing my post adding to it, maybe by the end of the day it can become a stand alone sticky.


----------

