Weird pm's, virus on the forum?
- Thread starter Ulrik Sandgren
- Start date
D
Dennis Sorensen
Guest
Mine are in the forum only as a private message.
H
hecksf
Guest
It appears as if Wilbur has disabled PM's.
Here's what I think I don't know 'bout this
Did some investigatin' and it seems that the PMs were sent from 3 accounts, Francis, Alinwa, and Ulrik. If you guys could change your passwords, I'll turn the PMs back on in a day or so. I would like to leave it off for a day to see if those smarties are somehow bypassing the forum software altogether.
http://www.benchrest.com/forums/profile.php?do=editpassword
Did some investigatin' and it seems that the PMs were sent from 3 accounts, Francis, Alinwa, and Ulrik. If you guys could change your passwords, I'll turn the PMs back on in a day or so. I would like to leave it off for a day to see if those smarties are somehow bypassing the forum software altogether.
http://www.benchrest.com/forums/profile.php?do=editpassword
Wilbur I have changed my password.
I don't know what a "strong" password is, mine was all numbers, 4 digits long.
al
BTW I "think" that the one to me from Ulrik was first. I tried to load it because it suckered me..... it said "this video looks like you!" or something to that effect and it just so happens that TWO of my teenage sons have got youtube vids out there. A couple have me on them.
Don't know if this info helps but PLEASE all, keep me informed if more are being sent by me.
I'm scrubbing my comp best I know how as we speak.
I don't know what a "strong" password is, mine was all numbers, 4 digits long.
al
BTW I "think" that the one to me from Ulrik was first. I tried to load it because it suckered me..... it said "this video looks like you!" or something to that effect and it just so happens that TWO of my teenage sons have got youtube vids out there. A couple have me on them.
Don't know if this info helps but PLEASE all, keep me informed if more are being sent by me.
I'm scrubbing my comp best I know how as we speak.
Ulrik Sandgren
New member
I have run through my computer with several security programs without finding any installed virus, maybe my antivirus kept it from be installed.
I did a search on Google about it and it seems the there are more forums based on vBulletin that have been attacked by this virus, maybe the virus uses some kind of weakness in the forum software or the Internet Explorer itself.
I changed my password just for the safety.
/Ulrik
I did a search on Google about it and it seems the there are more forums based on vBulletin that have been attacked by this virus, maybe the virus uses some kind of weakness in the forum software or the Internet Explorer itself.
I changed my password just for the safety.
/Ulrik
Ulrik
Can you give me the Google search terms you used. My terms didn't find anything specific.
I'm treating this as a software/server issue for now. My problem with understanding the deal is that nothing jumps out of the IP list as unusual. Seems that there would be an unusual IP associated with the account.
Can you give me the Google search terms you used. My terms didn't find anything specific.
I'm treating this as a software/server issue for now. My problem with understanding the deal is that nothing jumps out of the IP list as unusual. Seems that there would be an unusual IP associated with the account.
Last edited:
Ulrik Sandgren
New member
Hi Wilbur
I'm not an expert on tracking viruses, this is what I have done.
Searching on the infected site gives hit on a couple of other forums, I needed to use a translator to understand the languages.
http://www.google.co.uk/search?hl=en&q=creozone+virus&meta=
The virus that the site uses is named Win32:Small-DKF [Trj] which seems to be some kind of Trojan.
http://www.google.co.uk/search?hl=en&q=Win32:Small-DKF+[Trj]&meta=
I could not find anything that connects Win32:Small-DKF [Trj] with vBulletin. My guess is that the installing software that tries to install Win32:Small-DKF [Trj] also contains a program that causes the vBulletin message thing we have seen.
I also did a reverse lockup on creozone.info and reported the abuse to the hostname company where the name was registered.
Hopefully they can remove the name from their servers.
I failed to get the name of the ISP for the server.
The server seems to be located in Singapore.
Regards /Ulrik
I'm not an expert on tracking viruses, this is what I have done.
Searching on the infected site gives hit on a couple of other forums, I needed to use a translator to understand the languages.
http://www.google.co.uk/search?hl=en&q=creozone+virus&meta=
The virus that the site uses is named Win32:Small-DKF [Trj] which seems to be some kind of Trojan.
http://www.google.co.uk/search?hl=en&q=Win32:Small-DKF+[Trj]&meta=
I could not find anything that connects Win32:Small-DKF [Trj] with vBulletin. My guess is that the installing software that tries to install Win32:Small-DKF [Trj] also contains a program that causes the vBulletin message thing we have seen.
I also did a reverse lockup on creozone.info and reported the abuse to the hostname company where the name was registered.
Hopefully they can remove the name from their servers.
I failed to get the name of the ISP for the server.
The server seems to be located in Singapore.
Regards /Ulrik
M
mike in co
Guest
al,
"strong" would be numbers and letters, upper and lower case.
the average password tool(code breaker) can bust a 4 digit code in seconds.
a letter only a little longer.
mike in co
D
Dennis Sorensen
Guest
For a minimum I suggest using a combination of 7 letters with 1 number and 1 symbol (as a decimal, comma, etc.)
example -> upyours2. or up.yours2 ... etc. make it something you will remember..
YUP!
As I said, mine was just 4 digits..... there's a real good chance it IS your old girlfriend! Seems she was short a few digits too, what?? Besides, haven't I seen that same password in truckstop bathrooms in 5 states? Prolly a hunnerd people using it. By now it's maybe even DEFAULT on some computers!
Mighta' been a different girl..........
al
Too long
Anything about my xgfs would result in something way too long to remember....except for number of teeth....
I turned the PMs back on.....we'll see what happens. I really don't believe the password thing was the fix and if it was changing 3 of thousands prolly didn't help. Perhaps if the senders change it will be a clue.
Y'all holler when you see it!
Anything about my xgfs would result in something way too long to remember....except for number of teeth....
I turned the PMs back on.....we'll see what happens. I really don't believe the password thing was the fix and if it was changing 3 of thousands prolly didn't help. Perhaps if the senders change it will be a clue.
Y'all holler when you see it!
K