Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47

Thread: Spinquad hijack attack!!

  1. #16
    Now Available! kurv's Avatar
    Join Date
    Mar 2003
    Location
    McKinney TX
    Posts
    622
    We caught it and fixed it... thanks guys.

    Yes if I ever catch one of these guys... I will take them straight to Elmar

  2. #17
    Super Member Silkrooster's Avatar
    Join Date
    Mar 2004
    Location
    Northern New York
    Posts
    5,254
    Quote Originally Posted by kurv View Post
    We caught it and fixed it... thanks guys.

    Yes if I ever catch one of these guys... I will take them straight to Elmar
    You take the feet. I have their arms... (did I say that? snort,snort {Steve Erkle's voice})
    Silkrooster.com - temporarily offline due to updating...
    Spinquad Forum - Closed Sorry...
    lightwave-resources.pdf - - temporarily offline due to updating...

  3. #18
    Banned OnlineRender's Avatar
    Join Date
    Dec 2008
    Location
    Glasgow , Scotland , UK
    Posts
    6,383
    Quote Originally Posted by kurv View Post
    We caught it and fixed it... thanks guys.

    Yes if I ever catch one of these guys... I will take them straight to Elmar
    But didn't frodo take the ring to mordor ................
    (IT CROWED QUOTE ) :P

  4. #19
    Wudai Ninja Waver aurora's Avatar
    Join Date
    Feb 2003
    Location
    Colorado
    Posts
    1,972
    Hey, I get first crack at one of these [email protected][email protected]%#'s. Death is too easy, long slow, never ending torture, ahh, now thats the balm to sooth the pain of dealing them them demonic [email protected][email protected]%#'s.
    Tim - aurora - Dunn
    WorkStation: AMD64 2x2.8 Ghz / 8gb RAM / Win7-64bit / NVidia GTX 560 Ti

    Laptop: Intel i7 8x2Ghz / 16 Gb Ram / WIn7-64bit / GeForce 540M (8.17.12.6780)

  5. #20
    Now Available! kurv's Avatar
    Join Date
    Mar 2003
    Location
    McKinney TX
    Posts
    622
    Okay..... quietly shifts his concern from Elmar to aurora...........

  6. #21
    Newbie Member wjo53's Avatar
    Join Date
    May 2006
    Location
    Miramichi, NB
    Posts
    37
    Quote Originally Posted by aurora View Post
    Hey, I get first crack at one of these [email protected][email protected]%#'s. Death is too easy, long slow, never ending torture, ahh, now thats the balm to sooth the pain of dealing them them demonic [email protected][email protected]%#'s.
    ...hang him by the eyelids, and beat him in the b*lls until he blinks...

  7. #22
    I think these bastards all have small reproductive organs. That is why they are so eager to get attention...
    Yes, my Avatar shows a volume rendering...
    VoluMedic Creative Edition only USD 299 !
    www.volumedic.com

  8. #23
    Almost newbie Cageman's Avatar
    Join Date
    Apr 2003
    Location
    Malmö, SWEDEN
    Posts
    7,778
    I just recently visited SpinQuad and I still get warnings from Avast. :/
    Senior Technical Supervisor
    Cinematics Department
    Massive - A Ubisoft Studio
    -----
    AMD Ryzen Threadripper 3990X (64 cores/ 128 threads)
    64GB Ram
    Quadro 620
    Windows 10 Pro x64

  9. #24
    ya it's still there as of 9:25 CST.

    If this is what I am thinking it is... Lemme explain what is going on here, and how to combat it.

    First, a question...Is this an iframe/html.inf issue? do you see a line of code at the bottom of the page?

    If so, read on, if not, ignore.

    You need to take a close look at any file with the word "index" in it, as well as all .js files... always at the bottom of the file, there is a line of code, remove it. Do the same with all .js files.

    Next, remove all passwords from your FTP app.

    Scan and clean your local computer. (avast and malwarebytes works well for this)

    Change ALL passwords via the admin control panel or whatever, on your server, that is associated to what you had stored in the FTP app.

    This particular trojan will steal passwords from popular FTP apps. It is dropped onto your local machine via an infected site or banner. Once it is on your local machine, it sniffs out the passwords stored in an FTP app, then phones home. Person gets the info, logs in, and utilizes the server for spam e-mail.

    The catch here is, when someone visits the site, it replicates it self, and the villain in this case has a never ending supply of FTP credentials to log into to host spam images and such.

    Best way to stay safe? Store no passwords in your FTP. Even if you get it, it won't phone home, cuz there is no data to relay.

    If your on win7, look at the folder:
    c/users/username/AppData/Local .. or ..
    c/users/username/AppData/roaming

    In that location is where some wack exe's will reside at the root. There will be a few references to them in the registry as well.

    Good luck
    Andrew with a [B]Y[/B]
    Senior Creative Artist, Marketing
    [url]http://www.newtek.com[/url]
    Skype: denali5x
    ----
    [URL="http://www.greenkiwi.co.nz/footprints/mongolia/ghengis_history.htm"]Genghis Khan[/URL]

  10. #25
    Almost newbie Cageman's Avatar
    Join Date
    Apr 2003
    Location
    Malmö, SWEDEN
    Posts
    7,778
    Andrew,

    Was your message targeted to Kurv, or us who have visited the site?

    Since Avast have stopped this bugger for some time, I'm pretty sure I'm clean. I also took a look inside the folders you mentioned and could not find any weirdness there (thanks to Avast memory protection).
    Senior Technical Supervisor
    Cinematics Department
    Massive - A Ubisoft Studio
    -----
    AMD Ryzen Threadripper 3990X (64 cores/ 128 threads)
    64GB Ram
    Quadro 620
    Windows 10 Pro x64

  11. #26
    It's more of an education type of response for whomever reads it. It may effect others too. It's just better if we are all educated on this, so we know what to look for if this is the case.

    I cannot say for sure what is happening here on SQ, I could be totally wrong on this issue, however, it seems to me that this has popped up a few times and kinda fits the profile of this particular issue... and just wanted to bring it up. It is a well known and documented hunk of malware, but it can be tricky too.

    I hate to see these things proliferate across the net, and the more one is educated on what this is exactly, the better off we are on stopping it on many angles in the future.
    Andrew with a [B]Y[/B]
    Senior Creative Artist, Marketing
    [url]http://www.newtek.com[/url]
    Skype: denali5x
    ----
    [URL="http://www.greenkiwi.co.nz/footprints/mongolia/ghengis_history.htm"]Genghis Khan[/URL]

  12. #27
    Quantum Mechanic danielkaiser's Avatar
    Join Date
    Feb 2003
    Location
    Riverside CA
    Posts
    1,061
    Don't know if this will help but here is the error I get.
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	Capture1.PNG 
Views:	75 
Size:	20.8 KB 
ID:	86559  
    Daniel Kaiser

    "A mistake is always forgivable, rarely excusable and never acceptable." Robert Fripp

    AMD Phenom II x6 3.2
    Win 7 Pro x64
    8gig Ram
    Nvidia 640 GT 2Gb
    LW 11 x64

  13. #28
    Registered User
    Join Date
    Feb 2003
    Location
    US
    Posts
    868
    Please do not send spinquad email newsletters until you cure your virus issue. I just clicked on one of the newsletter links and right off the bat received a warning from Norton.

    Risk Name: MSIE Java Deployment Toolkit Input Invalidation
    Attacker URL: why include it - we dont want more people to go get infected.

    The issue is obviously not fixed.
    First thing I would do would be to suspend all of your ads, turn them off and see if the issue goes away, and backtrack from there. Either the site itself is compromised, or one ad campaign is the culprit.

  14. #29
    Stuck in a very big cube Waves of light's Avatar
    Join Date
    Aug 2007
    Location
    South Yorkshire, England
    Posts
    2,503
    Utter set of BĢ*$Ģ$(* the lot of em. Nothing better to do... 'oh, guys... check this it out, it will be hilarious'. Bet none of them ever get laid.

  15. #30
    Now Available! kurv's Avatar
    Join Date
    Mar 2003
    Location
    McKinney TX
    Posts
    622
    I have scanned the site with Norton and get no notices. Have you tried deleting your cache and try it again?

Page 2 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •