UKBouldering.com

technical => computers, technology and the internet => Topic started by: clm on April 12, 2005, 10:10:15 pm

Title: pop up
Post by: clm on April 12, 2005, 10:10:15 pm
i keep getting a pop up but omnly when i visit this site.  it is a box entitled MS internet explorer saying do you want to download free soft ware and giving me the option of yes and nothing else. seems to be associated with a download box for some movie software.  only happens with this site and freezes up the windows until i click yes.  is it this site or is it my computer?
Title: pop up
Post by: Carnage on April 12, 2005, 11:25:38 pm
I'm getting it too and its fucking annoying. :evil:
Title: pop up
Post by: chappers on April 12, 2005, 11:52:40 pm
im getting the same thing, only on the front page. but over and over bout 10 times.
getting on my tits
Title: pop up
Post by: Jim on April 13, 2005, 12:51:39 am
I get this as well, its annoying
Title: pop up
Post by: Bubba on April 13, 2005, 08:21:44 am
Looking into it now people...
Title: pop up
Post by: Bonjoy on April 13, 2005, 08:23:09 am
Am getting it too
Title: pop up
Post by: Bubba on April 13, 2005, 08:34:18 am
As far as I can see, it only happens in Internet Explorer - is anyone getting it using Firefox?
Title: pop up
Post by: dave on April 13, 2005, 09:03:08 am
I get it too. I changed some of the activeX settings on my tinternet explorer security and its OK now. We all know IE blows, but some of us are stuck with it at work.
Title: pop up
Post by: Bubba on April 13, 2005, 09:13:28 am
I've found the problem - somehow, some code had been inserted into the forum configuration database which caused the software to pull in some .php code from a malicious site.

I have removed the offending code from the database (It was nothing too serious but was annoying adware)

Unfortunately, if you have already been infected, it's probably dropped some files onto your PC.

* I have done the following and the problem has gone away *

i) Exit IE

ii) Empty your temporary internet files (in C:\windows\documents and settings\*your user name*\local settings\
- There is a particular file, starting with name "ireg32" that will be infected.

iii) To be certain, run a full virus scan using a good, up to date virus scanner like Norton Antivirus (it should pick up a virus in a file with a name starting with 2ireg32" - NB it may not be able to automatically fix this problem.

iv) Stop using Internet Explorer !
- I know I've said this many times, but running IE on your computer is a huge security risk - use Firefox instead. As Dave says, I know lots of you have to use it at work, but don't use it at home.

btw Dave, what Active X settings did you change?

If you require more information, which may be pertinent to your setup (most of it didn't apply to mine), please look at this page (http://securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html).
Title: pop up
Post by: Bonjoy on April 13, 2005, 09:14:01 am
Didn't get it this time I entered site.
Title: pop up
Post by: cofe on April 13, 2005, 09:14:50 am
i don't get it. la la la.

but i am using bad/angry firefox...
Title: pop up
Post by: Bubba on April 13, 2005, 09:15:51 am
Cool, I think it's sorted now, but also make sure to check your PC for the infected file.

Thanks for bringing this up though CLM, I would never have noticed it otherwise.
Title: pop up
Post by: dave on April 13, 2005, 09:28:08 am
can't remember exactly what i changed, but went into the custom settings on the internet security zone and switched summert from "disable" to "prompt" (everything else was already set to enable or prompt as part of the default meduim security setting), the thinking being i could get to choose what was going on and shit.
Title: pop up
Post by: Jim on April 13, 2005, 11:18:11 am
Its gone. WooHoo
Title: pop up
Post by: dave on April 13, 2005, 01:03:18 pm
anyone else getting redirected to http://www.cashtoolbar.net/reg.php?ref=2351 a few seconds after ukb loads?
Title: pop up
Post by: JR on April 13, 2005, 01:28:51 pm
yes, its f*ing annoying
Title: pop up
Post by: jimbo on April 13, 2005, 01:38:58 pm
Yep, just started happening since i got back from lunch.
Title: pop up
Post by: dave on April 13, 2005, 01:41:32 pm
i think someone is twisting our shit.
Title: pop up
Post by: cofe on April 13, 2005, 01:46:07 pm
me too.
Title: pop up
Post by: JR on April 13, 2005, 03:15:22 pm
its now telling me there are no posts in the bouldering forum!!?!?!
Title: pop up
Post by: Bubba on April 13, 2005, 03:42:50 pm
The no posts thing is an intermittent problem and nothing to do with the cashtoolbar.net one.

Ok, I've just re-tested in IE and checked the database and all is well.

Have you gone through all the steps I outlined in my earlier post? If you haven't, then it's going to keep happening because it places infected files on your PC. I've sorted the server end, but you've got to clean your own PC at your end.
Title: pop up
Post by: JR on April 13, 2005, 03:47:02 pm
Quote from: "Bubba"
The no posts thing is an intermittent problem and nothing to do with the cashtoolbar.net one.

Ok, I've just re-tested in IE and checked the database and all is well.

Have you gone through all the steps I outlined in my earlier post? If you haven't, then it's going to keep happening because it places infected files on your PC. I've sorted the server end, but you've got to clean your own PC at your end.


Yes, I only use firefox anyway.

I checked anyway and i had no spyware or viruses.
Title: pop up
Post by: Bubba on April 13, 2005, 04:09:39 pm
Which page is affected? I'm using firefox and the main forum and the portal page aren't having problems.
Title: pop up
Post by: JR on April 13, 2005, 04:16:35 pm
http://www.ukbouldering.com/board/

It would reload after a few seconds to cashtoolbar.cunts

Although curiously its not doing it anymore ie last 15 mins
Title: pop up
Post by: cofe on April 13, 2005, 04:36:56 pm
Quote from: "JR"
curiously


i saw this word and immediately twirled my 'tache.

the plot thickens...
Title: pop up
Post by: JR on April 13, 2005, 04:40:53 pm
have you written anything remotely serious today cofe?  Or let alone that, done any work?
Title: pop up
Post by: cofe on April 13, 2005, 04:45:01 pm
no. no.








no. no. no. no.

no. no. no. no.

no. no there's no limit.
Title: pop up
Post by: Bubba on April 15, 2005, 12:30:14 pm
It looks like this problem may have re-occurred. This is exremely annoying.

Really, this pre-modded version of phpbb has been a bit of a nighmare and I'm now considering going back to a standard install of the latest version of phpbb. I was going to hold out until the release of phpBB Olympus but this has been once again delayed.

Unfortunately if I choose this route, many of the nice "extras" will be lost (eg sub-forums) but I think that this is preferable to having people getting infected with dodgy spyware.
Title: pop up
Post by: jonP on April 15, 2005, 08:20:28 pm
Apparently there's a major security problem with phpbb 2.0.10. Could you upgrade to 2.0.12?

http://www.phpbb2.de/portal.php?topic_id=25058

But apparently there's a major security problem with 2.0.12 as well:

http://www.phpbb.com/phpBB/viewtopic.php?t=267563
Title: pop up
Post by: Bubba on April 15, 2005, 08:28:29 pm
Thanks Jon - I checked phpbb2 earlier but couldn't find anything :oops:

I'm tempted to go back to a vanilla install anyway because this one runs like a pig. I'll have to test it out first so will take a few days.
Title: pop up
Post by: Bubba on April 16, 2005, 09:21:42 am
btw, phpbb2.de isn't the real phpbb - it's a pre-hacked version - the real version is at phpbb.com and is already at 2.0.13.
Title: pop up
Post by: JR on April 16, 2005, 10:16:15 am
or even 2.0.14
Title: pop up
Post by: Bubba on April 16, 2005, 10:25:42 am
pedant :lol:

I might upgrade to php 5 at the same time....
Title: pop up
Post by: JR on April 16, 2005, 10:29:05 am
Quote from: "Bubba"
pedant :lol:

I might upgrade to php 5 at the same time....


is everybody having the same problems with running phpbb2?
Title: pop up
Post by: clm on April 16, 2005, 12:44:46 pm
i dont understand all these numbers.
re my original problem (which has randomly fixed itself). do youn think by clicking yes when it asked me if i wanted software it actually started to download shit onto my machine or just gave me the next pop up?
had to click yes to unfreeze explorer.
Title: pop up
Post by: Bubba on April 16, 2005, 12:49:21 pm
Quote from: "JR"
is everybody having the same problems with running phpbb2?


These problems come and go - phpbb is the most popular forum software so it's going to have a lot of attacks against it.

Really, the problem lies with IE anyway - it's the IFRAME exploit in IE that causes all these problems, if you use Firefox this doesn't happen.
Title: pop up
Post by: Bubba on April 16, 2005, 12:55:02 pm
Quote from: "clm"
i dont understand all these numbers.
re my original problem (which has randomly fixed itself). do youn think by clicking yes when it asked me if i wanted software it actually started to download shit onto my machine or just gave me the next pop up?
had to click yes to unfreeze explorer.


It might have downloaded something - run a full virus/adware check.

If you get the same problem again, just go to the task manager and kill IE.
SimplePortal 2.3.7 © 2008-2024, SimplePortal