Azazello1313
10/14/09 9:04pm
at work today, our network guy came into my office and said, "we have to take your desktop off the network immediately and re-image (format the hard drive and re-install the OS and everything else)...we had a report of some malicious code embedded in some PDF
attacking our network through your system from the huddle.com"
makes me look pretty bad, but that ain't even the point. your site is crashing peoples' computers and infecting them with malicious code. I'm sure WW will just blow it off as usual, but this is a big problem.
Pope Flick
10/14/09 9:14pm
Wow.
evil_gop_liars
10/14/09 9:27pm
QUOTE (Azazello1313 @ 10/14/09 7:04pm)
at work today, our network guy came into my office and said, "we have to take your desktop off the network immediately and re-image (format the hard drive and re-install the OS and everything else)...we had a report of some malicious code embedded in some PDF
attacking our network through your system from the huddle.com"
makes me look pretty bad, but that ain't even the point. your site is crashing peoples' computers and infecting them with malicious code. I'm sure WW will just blow it off as usual, but this is a big problem.
I had the same warning pop from my anti virus. some pdf virus thingy.
This thing completely wiped out my home comp. I had to reinstall everything and I lost a ton of stuff. What a joke
BillyBalata
10/14/09 9:41pm
Yep....adobe just wanted to install something on this computer. It's one thing when i am at home and choose to visit a site that wants to mess up my computer. Whether it be porn sites or the huddle. But I'm laid up and stuck at my dads house and his laptop for the time being. If this screws up his computer I'm going to be doubly pissed off.
QUOTE (whomper @ 10/14/09 7:37pm)
This thing completely wiped out my home comp. I had to reinstall everything and I lost a ton of stuff. What a joke
Was having the same problem with a pop up warning about an adobe acrobat plug-in failure. Took Atomic's advice in the thread below and disable it, seems to be working. Running a virus scan now.
Since I have been using the forum's here on a pretty regular basis, about 2 years, I have had to dump my computer twice do to nasty virus' that I acquired here at the Huddle, and I know it was from the Huddle because both times it was the first place I visited the day both attacks happened. The most recent was just a few months ago from some virus that was embedded on the home page and the other was sometime last year, I think during our initial draft for AOTAOP. If my leagues were not all hosted here on the board I would probably seriously consider not coming around that often if at all.
KICK A$$ BLASTER
10/14/09 10:57pm
My Kaspersky anti-virus is going nuts every time I log in. Personalbag.com is trying to load some sort of a trojan...
I out for a few days.....
polksalet
10/15/09 3:38am
I feel for you people who can't afford Linux. Let me know and I'll send you a illegal download link and you can steal a copy.
AtomicCEO
10/15/09 8:29am
This would seem to be in line with peoples reports that it is crashing Adobe Acrobat plugins as well.
Can someone from this site disable firewalls, anti-virus, and anti-spyware packages on their computer and reproduce this problem?
Crashing my IE at work every single time I try to load the forum page. It is not happening with the main page. Very frustrating.
rocknrobn26
10/15/09 10:33am
Anyone have a name on this PDF it's trying to load?
evil_gop_liars
10/15/09 11:00am
QUOTE (rocknrobn26 @ 10/15/09 8:33am)
Anyone have a name on this PDF it's trying to load?
Exploit.pdf-jS.Gen
Big F'n Dave
10/15/09 11:21am
Yeah, I've got a Mac.
STATUS: So far (our forum host has been looking into this since yesterday) we've been unable to find any malicious code in the forum software. There was an issue that we found early yesterday (Wednesday) with the forum code on the main site home page, but that was dealt with early yesterday. It is possible that the issues people are currently experiencing are left over from something picked up from the home page. But we are still looking for any problems here.
Question - Has anyone noticed the problems here in a specific forum or page, or is it hitting randomly? Also, if everyone experiencing this can provide their operating system and browser used that may help as well. Thanks.
IE 7 on XP Pro. It seemed to only be hitting me when I try to come straight to the forum page as that is my bookmark.
It seems to have hit me pretty good on my work computer.
QUOTE (WW @ 10/15/09 11:28am)
STATUS: So far (our forum host has been looking into this since yesterday) we've been unable to find any malicious code in the forum software. There was an issue that we found early yesterday (Wednesday) with the forum code on the main site home page, but that was dealt with early yesterday. It is possible that the issues people are currently experiencing are left over from something picked up from the home page. But we are still looking for any problems here.
Question - Has anyone noticed the problems here in a specific forum or page, or is it hitting randomly? Also, if everyone experiencing this can provide their operating system and browser used that may help as well. Thanks.
In my case, clicking over from the Main page into forums my AV was blocking the alleged Trojan. Thereafter, every time I clicked on a different area of the forums my AV would block and pop the message up again. I ran ProcessExplorer from "sysinternals" to take a look at the processes running in my machine and did not see anything out of the ordinary. My firewall did not pop any messages either.
I have not received any messages today (although I'm at work and I have a different AV).
Thanks
rocknrobn26
10/15/09 12:23pm
QUOTE (WW @ 10/15/09 11:28am)
STATUS: So far (our forum host has been looking into this since yesterday) we've been unable to find any malicious code in the forum software. There was an issue that we found early yesterday (Wednesday) with the forum code on the main site home page, but that was dealt with early yesterday. It is possible that the issues people are currently experiencing are left over from something picked up from the home page. But we are still looking for any problems here.
Question - Has anyone noticed the problems here in a specific forum or page, or is it hitting randomly? Also, if everyone experiencing this can provide their operating system and browser used that may help as well. Thanks.
I'm sending you a screen shot (yesterday's report, but same today) of my virus software's (Trendmicro) log on "Blocked Threats". Probably won't help but maybe it will.
For what it's worth, TrendMicro is stopping it many, many times per day
Caveman_Nick
10/15/09 1:41pm
QUOTE (WW @ 10/15/09 12:28pm)
STATUS: So far (our forum host has been looking into this since yesterday) we've been unable to find any malicious code in the forum software. There was an issue that we found early yesterday (Wednesday) with the forum code on the main site home page, but that was dealt with early yesterday. It is possible that the issues people are currently experiencing are left over from something picked up from the home page. But we are still looking for any problems here.
Question - Has anyone noticed the problems here in a specific forum or page, or is it hitting randomly? Also, if everyone experiencing this can provide their operating system and browser used that may help as well. Thanks.
As posted in the other thread: The bog down comes when something is trying to load from personalbag.com.
This isn't affecting my system, it's just creating significant slowness. But then I am running a Mac OS 10.6.1, using Firefox with Adblock Plus. I wouldn't expect mailicious code to affect my machine, but the slowdown is consistent with what I would expect when a site is trying to execute an unwelcome script on my machine.
polksalet
10/15/09 3:58pm
QUOTE (Big F'n Dave @ 10/15/09 4:21pm)
Yeah, I've got a Mac.
me too, but my o/s is free and works with all hw configs
Savage Beatings
10/15/09 5:40pm
I can't access the forums from work... crashes me every time.
Windows XP Professional
Windows Internet Explorer 7.0.5
rocknrobn26
10/15/09 7:04pm
As I stated above using Trend Micro all I see is a "Blocked" report, and I have to open the main panel to see that, otherwise I never would have known what was going on. Not trying to hype them , but maybe that saved me.
This is a nasty booger w/ hairs and I'm sorry to say WW/the powers that be may never find the source.
Might be my imagination but it seems like the forums are at a very low usage rate.
For David's, WW's, and the Huddle in general's sake, I hope they resolve it. I love this place and hope this onus is short lived.
GOD SAVE THE HUDDLE!!!!
Didn't have any problems at work today using Firefox on XP, AVG antivirus. But just now at home my Bit Defender blocked the PDF thing. Using XP & Firefox at home as well. I got it as soon as I hit the forums & then again when I tried to switch to MSHB II in the league forums.
ETA: At the same time the PC started to download what it said was an update to Adobe to which I canceled out of.
KICK A$$ BLASTER
10/15/09 7:38pm
This is happening again to me. This time from home. I don't have this problem at work.
I am using XP pro and IE7 from home...
Kaspersky is setting off the alarm every time a new forum page is brought up.
QUOTE (rajncajn @ 10/15/09 5:31pm)
Didn't have any problems at work today using Firefox on XP, AVG antivirus. But just now at home my Bit Defender blocked the PDF thing. Using XP & Firefox at home as well. I got it as soon as I hit the forums & then again when I tried to switch to MSHB II in the league forums.
ETA: At the same time the PC started to download what it said was an update to Adobe to which I canceled out of.
Can you, or anyone else, provide the pdf file name that it's trying to download?
QUOTE (WW @ 10/15/09 9:04pm)
Can you, or anyone else, provide the pdf file name that it's trying to download?
QUOTE (evil_gop_liars @ 10/15/09 11:00am)
Exploit.pdf-jS.Gen
I'm using XP Pro with IE-8 and everytime I open a new forum page I get a message that says that the website wants to run the add-on "owc10.dll". It then says that if I trust the website and the add-on and I want to allow it to run I can do so.
I'm not going to do that.
The problem is that I get this same message (along with the annoying notification 'beep' everytime I open up or refresh a page).
QUOTE (wiegie @ 10/15/09 10:18pm)
I'm using XP Pro with IE-8 and everytime I open a new forum page I get a message that says that the website wants to run the add-on "owc10.dll". It then says that if I trust the website and the add-on and I want to allow it to run I can do so.
I'm not going to do that.
The problem is that I get this same message (along with the annoying notification 'beep' everytime I open up or refresh a page).
+1 same exact thing for me
CaP'N GRuNGe
10/15/09 10:15pm
I'm on XP with Firefox and McAfee at home. No issues that I can tell. At least I hope so.
Also no problems at work other than slow loading forum pages from time to time. XP and IE 6 or something.
QUOTE (WW @ 10/15/09 9:04pm)
Can you, or anyone else, provide the pdf file name that it's trying to download?
Same as Darin, Exploit.pdf-jS.Gen.
Here is Bit Defenders page on it.QUOTE
Exploit.PDF-JS.Gen
( Exploit:Win32/Pidief.D; Exploit:W32/AdobeReader.QQ )
Spreading: medium
Damage: medium
Size: variable
Discovered: 2008 Nov 23
SYMPTOMS:
There are no obvious symptoms until the malware manages to infiltrate the system. This can happen when opening a crafted PDF file and the javascript code inside the file is executed.
TECHNICAL DESCRIPTION:
This is a generic detection for specially crafted PDF files which exploit different vulnerabilities found in Adobe PDF Reader's Javascript engine in order to execute malicious code on user's computer. The exploitation mainly involves the following two functions:
util.printf() - if an attacker sends a string long enough to generate a
stack-based buffer overflow he will then be able to
execute arbitrary code on user's computer with the
same level privileges as the user who opened the PDF
file
Collab.colectEmailInfo() - a stack-based buffer overflow can be
caused by passing a string long enough (at least 44952
characters) as a parameter in the msg field of this
function.
The Javascript function containing the actual exploit is specified in the OpenAction tag of the PDF file. Usually this function is encoded using zlib. After decompression sometimes the script is still obscured through one or more layers of encoding in order to avoid detection and make analysis more difficult.
The javascript code inside the PDF file is used to download and execute other malware on user's computer.
QUOTE (wiegie @ 10/15/09 10:18pm)
I'm using XP Pro with IE-8 and everytime I open a new forum page I get a message that says that the website wants to run the add-on "owc10.dll". It then says that if I trust the website and the add-on and I want to allow it to run I can do so.
I'm not going to do that.
The problem is that I get this same message (along with the annoying notification 'beep' everytime I open up or refresh a page).
for whatever reason, I'm not getting this message here at work (even though I am using the same laptop that I was using yesterday
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.