Hey just a heads up: I know alot of people from here visit OS as well. Please forgive my ignorance if this is wrong but here is what happened:
AT about 5:00pm(central) I visisted the OS site. Seconds after clinking on the page, my browser was acting all weird. I then got a warning from my PC that some file have changed and that they were unrecognizable. It recommended that I insert my XP disk to restore the changed files or something along those lines. When i did that the message box was gone!
I then restarted my PC to see if anything changed. Here's alist of things that were added:
Memory Manager
Clock Sync
A Desktop Toolbar
An Adware seach ingine
A Cosino Game and other suspicious files
Now I'm no computer tech but I used "System restore" and went back to an earlier date. That seemed to get rid of all the added programs.
Here's the double Wammy! I went on my kids PC and clicked on the Operation sports site again. I almost s*** my pants when the same thing happened on that PC as well.
Can anybody possibly tell me what the heck happened!!
Was it something on my end? or O/S?
Like I stated earlier, I put no blame on the O/S website because I really don't have a clue to why it happened? This is just a heads up to people here. Thanks for listening to my problem guys! Any information in regards to my problem would be much appreciated!
Off Topic: Possible problem w/Operation Sports Website.....
Moderators: Bill_Abner, ScoopBrady
-
HockeyJock
- Mario Mendoza
- Posts: 61
- Joined: Fri Nov 28, 2003 4:00 am
- Location: Franklin Park, IL
Was it some app called Golden Casino, or something similiar? If so I had something similiar.. It seemed to occur when one clicks on the forum link off the mainpage.. Every so often before you get to the forums, an intervening add page opens up. I think that is where it might have occurred.. I used the antispyware program called spybot and it solved my problem.. http://www.safer-networking.org/
Also, since I have been using the Firefox browser, I never have this issue anymore..
-Also, always be very cautious when any pop up window asks you to click "yes" to anything.. Especially if the source is unclear..
Also, since I have been using the Firefox browser, I never have this issue anymore..
-Also, always be very cautious when any pop up window asks you to click "yes" to anything.. Especially if the source is unclear..
Actually, I had a similar problem myself. Clicking on my OS shortcut gave me a warning message about a possible virus and then the page tried to open another page and some file was asking Zone Alarm for permission to access the internet. I clicked no and it went into a loop. A new window would try to open and Zone Alarm would ask again and so forth. Only when I shut all the open windows manually did I get everything closed. I then ran a virus scan on my whole system, but everything was clean.
Now that I read all this, I think I'm going to run Adaware and see what other s*** it might have put on my pc. Very disturbing to say the least.
Now that I read all this, I think I'm going to run Adaware and see what other s*** it might have put on my pc. Very disturbing to say the least.
While I have no access to the forums I went to the front page and it is either hacked or one of the advertisers he uses is doing some naughty things. When I went to the main page it installed the lycos sidesearch on my computer. It also changed the link on my home page.
I also got this message. Click on the link as the image was too large to fit.
http://www.jdfarm.com/oserror.JPG
I HIGHLY recommend running adaware ASAP if you have been to OS.
I am sure none of the OS staff or ownership had anything to do with this but tread lightly on that site until these issues are resolved.[/b]
I also got this message. Click on the link as the image was too large to fit.
http://www.jdfarm.com/oserror.JPG
I HIGHLY recommend running adaware ASAP if you have been to OS.
I am sure none of the OS staff or ownership had anything to do with this but tread lightly on that site until these issues are resolved.[/b]
Last edited by bdoughty on Sun Apr 11, 2004 6:17 am, edited 1 time in total.
[url=http://sites.google.com/site/bmdsooner/]My place for games![/url]
Just ran Ad-Aware and it found 7 items with 3 browser hijacks - 3 medium security risks.
http://www.jdfarm.com/virus.JPG
If you do not have Ad-Aware go here
http://www.lavasoftusa.com/support/download/
* Also make sure and run the latest reference file which is located on the page. You simply copy over the existing file once you get it installed.
http://www.jdfarm.com/virus.JPG
If you do not have Ad-Aware go here
http://www.lavasoftusa.com/support/download/
* Also make sure and run the latest reference file which is located on the page. You simply copy over the existing file once you get it installed.
Last edited by bdoughty on Sun Apr 11, 2004 6:18 am, edited 1 time in total.
[url=http://sites.google.com/site/bmdsooner/]My place for games![/url]
Jared wrote:Are you sure that the browser hijacks came from OS? I did a scan of my computer, cleared off any old bad things with AdAware, then went to OS, did another scan, and it didn't catch anything.
They were for me. I cleared everything off my computer and ran ad-aware before going there. I do not have any P2P programs on my computer, all of my temp internet files were removed. You might have to refresh the front page a few times to get the ad that causes the issue. I never once strayed from the front page. The Javascript error did not come up until I refreshed it a few times. It came up after a rather large ad popped up on the screen but never loaded, hence the error on the first image I showed where the browser hijack was happening.
[url=http://sites.google.com/site/bmdsooner/]My place for games![/url]
Holy crap. I think the site may be sending viruses....
So I was looking at the menu bar at the bottom of IE, to see what kind of links load up. They flash by very very quickly, and are usually downloads of ad pics from places like linkbuddies and what not (ad sites).
Well, on a few of things, I noticed for a split second something that had exploit in the URL. Odd. I loaded the page multiple times and kept looking at the info bar at the bottom of IE for info. This was the best I could make out:
http://2xx.xxx.xxx.xxx/new-exploit5/exploit.htm
That's pretty odd. After reloading the page a few more times, I got a message from Symantec AntiVirus:
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.6
File: C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\IPZL4W3S\search[2]
Location: Quarantine
Computer: LYCHEE
User: Jared
Action taken: Quarantine succeeded : Access denied
Date found: Sunday, April 11, 2004 4:19:24 AM
It's a Trojan Horse. Here's a link to the Symantec info page:
http://securityresponse.symantec.com/av ... oit.6.html
http://securityresponse.symantec.com/av ... oit.6.html
It doesn't sound good. Here's a quote from one of the Symantec links:
"By embedding a specially crafted URL in a Web page and having that URL refer to a CHM file containing an HTML file with scripts in it, an attacker could force the user who views the Web page with a vulnerable version of Internet Explorer to download and execute files."
I don't know for sure if this is linked w/some of the ads that OS is posting, but it seems like it. I'll post more when I find out. I'll also PM Steve and others at OS to let them know.
So I was looking at the menu bar at the bottom of IE, to see what kind of links load up. They flash by very very quickly, and are usually downloads of ad pics from places like linkbuddies and what not (ad sites).
Well, on a few of things, I noticed for a split second something that had exploit in the URL. Odd. I loaded the page multiple times and kept looking at the info bar at the bottom of IE for info. This was the best I could make out:
http://2xx.xxx.xxx.xxx/new-exploit5/exploit.htm
That's pretty odd. After reloading the page a few more times, I got a message from Symantec AntiVirus:
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Bloodhound.Exploit.6
File: C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\IPZL4W3S\search[2]
Location: Quarantine
Computer: LYCHEE
User: Jared
Action taken: Quarantine succeeded : Access denied
Date found: Sunday, April 11, 2004 4:19:24 AM
It's a Trojan Horse. Here's a link to the Symantec info page:
http://securityresponse.symantec.com/av ... oit.6.html
http://securityresponse.symantec.com/av ... oit.6.html
It doesn't sound good. Here's a quote from one of the Symantec links:
"By embedding a specially crafted URL in a Web page and having that URL refer to a CHM file containing an HTML file with scripts in it, an attacker could force the user who views the Web page with a vulnerable version of Internet Explorer to download and execute files."
I don't know for sure if this is linked w/some of the ads that OS is posting, but it seems like it. I'll post more when I find out. I'll also PM Steve and others at OS to let them know.
Bizarre......
So now when I try and google "exploit.htm", I get a virus message. Doesn't happen on my other computer. Weird. I'm not sure what's going on, but I have a feeling (from the exploit.htm header) that something from OS is sending out the Bloodhound virus.
And previously, the exploit.htm tag only flashed on maybe 3-4 out of 15 front page reloads. So it may not happen to everyone.
BUT before people freak, I have no idea for sure. Post here if you have evidence for or against it, NOT just to say stuff like "OS has viruses...it sucks."
So now when I try and google "exploit.htm", I get a virus message. Doesn't happen on my other computer. Weird. I'm not sure what's going on, but I have a feeling (from the exploit.htm header) that something from OS is sending out the Bloodhound virus.
And previously, the exploit.htm tag only flashed on maybe 3-4 out of 15 front page reloads. So it may not happen to everyone.
BUT before people freak, I have no idea for sure. Post here if you have evidence for or against it, NOT just to say stuff like "OS has viruses...it sucks."
Yea I am pretty sure it comes from OS and I would gladly keep testing it but removing the Lycos thing is a pain in the arse.
* You might have remove the Lycos thing manually in the explorer bar as it did not remove itself when I used the add/remove program. One of the .dll files is also being used so you will have to restart the computer.
Jared
I bet that if he removed all the ad's on the front page and forums the problem would be resolved. Then he would have to figure out which one is causing the problem. All the ads are javascript driven in the html code so it would be easy for him to test by removing it.
* You might have remove the Lycos thing manually in the explorer bar as it did not remove itself when I used the add/remove program. One of the .dll files is also being used so you will have to restart the computer.
Jared
I bet that if he removed all the ad's on the front page and forums the problem would be resolved. Then he would have to figure out which one is causing the problem. All the ads are javascript driven in the html code so it would be easy for him to test by removing it.
[url=http://sites.google.com/site/bmdsooner/]My place for games![/url]
That's the address I saw in the menu bar (the address in the screenshot...not bdoughty's sitebdoughty wrote:While I have no access to the forums I went to the front page and it is either hacked or one of the advertisers he uses is doing some naughty things. When I went to the main page it installed the lycos sidesearch on my computer. It also changed the link on my home page.
I also got this message. Click on the link as the image was too large to fit.
http://www.jdfarm.com/oserror.JPG
[/b]
). Good...so I'm not going insane. Yeah....whatever it is, it's likely being served up from the ads and somehow got dropped in their ad serving code. I've e-mailed OS and PM-ed Steve at their forums, so hopefully they'll get on it quick.I'm exhausted, so no more virus hunting for me.
And again, post in here if you have INFORMATION regarding viruses coming from OS. Do NOT post just to say bad things about OS...post will be deleted, and further consequences can be taken.
This sounds like the same problem I had at the end of March on the baseballsimcentral forums. I also had the Lycos sidesearch installed. What a pain in the ass!
http://www.digitalsportspage.com./modul ... e89f94b488
Please post here when it is safe to go back to OS.
http://www.digitalsportspage.com./modul ... e89f94b488
Please post here when it is safe to go back to OS.
Well I was told by AVG that there was a possible Startpage virus. And the location was my C:\blah.blah.\Temporary Internet Files\IE5\Content , but when I ran a scan on my Temporary Internet Files folder, my virus scan found nothing. Should I just delete the contents of my Temporary Internet Files folder to be safe?
I also ran adaware and cleaned all that out as well.
Anyway, here's a link to the OS forums. By using this link you will bypass the front page and go directly to the forums:
http://forums.operationsports.com//ubbt ... s.php?Cat=
I also ran adaware and cleaned all that out as well.
Anyway, here's a link to the OS forums. By using this link you will bypass the front page and go directly to the forums:
http://forums.operationsports.com//ubbt ... s.php?Cat=
I previously had a Mac for the last 5 years.. For that 5 years I never once had a virus or experienced spyware.. All that has changed now that I recently bought a PC.. Of course I also have access to a lot of good things that I didn't have access to when I owned a MAC.. OOTP and FOF as an example..Blublub wrote:Or browse with a Mac - none of those exploits can touch you. Actually, if you use Safari you'll never even see those stupid "1,000,000 visitor" popups.
Go Browns!!
Thanks
Steve saw the thread here, and I recieved an email as well.
Looks like this was caused by one of our banner ad people. Some of the code they serve is straight-up HTML, not just Images/Links. They usually catch stuff like this, but they didn't this time.
I'm not sure which provider it is, but I haven't seen anything today. Looks like whoever it was caught it (finally).
Sorry for the problems. Seems like it's safe to go back in the OS water ....
Looks like this was caused by one of our banner ad people. Some of the code they serve is straight-up HTML, not just Images/Links. They usually catch stuff like this, but they didn't this time.
I'm not sure which provider it is, but I haven't seen anything today. Looks like whoever it was caught it (finally).
Sorry for the problems. Seems like it's safe to go back in the OS water ....