Jump to content


Welcome to DBSTalk


Sign In 

Create Account
Welcome to DBSTalk. Our community covers all aspects of video delivery solutions including: Direct Broadcast Satellite (DBS), Cable Television, and Internet Protocol Television (IPTV). We also have forums to discuss popular television programs, home theater equipment, and internet streaming service providers. Members of our community include experts who can help you solve technical problems, industry professionals, company representatives, and novices who are here to learn.

Like most online communities you must register to view or post in our community. Sign-up is a free and simple process that requires minimal information. Be a part of our community by signing in or creating an account. The Digital Bit Stream starts here!
  • Reply to existing topics or start a discussion of your own
  • Subscribe to topics and forums and get email updates
  • Send private personal messages (PM) to other forum members
  • Customize your profile page and make new friends
 
Guest Message by DevFuse

Photo

Reported Attack Site!


  • Please log in to reply
279 replies to this topic

#61 OFFLINE   Draconis

Draconis

    Hall Of Fame

  • DBSTalk Club
  • 4,403 posts
  • LocationLas Vegas, NV
Joined: Mar 16, 2007

Posted 24 December 2012 - 08:26 PM

I just happened to me using Firefox 17.0.1

...Ads Help To Support This SIte...

#62 OFFLINE   Steve

Steve

    Hall Of Fame

  • DBSTalk Club
  • 22,576 posts
Joined: Aug 22, 2006

Posted 24 December 2012 - 09:18 PM

No more warnings here in NY, ATM. Chrome 24.x here.

I spoke too soon. It's back here as well.

Edited by Steve, 24 December 2012 - 09:26 PM.

/steve

#63 OFFLINE   lwilli201

lwilli201

    Hall Of Fame

  • Registered
  • 2,988 posts
Joined: Dec 22, 2006

Posted 24 December 2012 - 09:36 PM

Mozilla Firefox. Got warning at 9.33 PM CT.
1-HR21-100, 2-HR21-700, 1 w/eSATA, all networked, unsupported MRV. AT9 Dish(110 & 119 disabled) and SWM8.

#64 OFFLINE   shaun-ohio

shaun-ohio

    Icon

  • Registered
  • 609 posts
  • Locationzanesville ohio
Joined: Aug 24, 2002

Posted 24 December 2012 - 09:37 PM

just got it again, on google chrome

#65 OFFLINE   Mark Holtz

Mark Holtz

    Day Sleeper

  • DBSTalk Club
  • 9,861 posts
  • LocationSacramento, CA
Joined: Mar 23, 2002

Posted 24 December 2012 - 09:49 PM

Same here.
"In many ways, this opera does fulfil my often quoted description of what most operas is about. The tenor is trying to sleep with the soprano, and the baritone is trying to stop them." - Sean Bianco, KXPR At The Opera
Check out my list of links.

#66 OFFLINE   FlyingDiver

FlyingDiver

    All Star/Supporter

  • Registered
  • 193 posts
  • LocationOn the road in North America...
Joined: Dec 03, 2002

Posted 24 December 2012 - 09:55 PM

Same here. Safari on OS X 10.8.

#67 OFFLINE   Nighthawk68

Nighthawk68

    Godfather

  • DBSTalk Club
  • 352 posts
  • LocationNorthern Michigan
Joined: Oct 14, 2004

Posted 24 December 2012 - 10:08 PM

Just got it on IE 9 here just a few minutes ago.

#68 OFFLINE   spartanstew

spartanstew

    Dry as a bone

  • Registered
  • 12,442 posts
  • LocationWylie, Texas
Joined: Nov 16, 2005

Posted 24 December 2012 - 10:47 PM

Had it this morning, didn't have it this afternoon, and now had it again just now (all on Chrome).

I'm sure Directv can't wait to get their hands on your unit.

 
Directv customer since 2000

#69 OFFLINE   chevyguy559

chevyguy559

    Fresno State Bulldog!

  • Registered
  • 710 posts
  • LocationFresno, CA
Joined: Sep 19, 2008

Posted 24 December 2012 - 10:52 PM

Had it this morning, didn't have it this afternoon, and now had it again just now (all on Chrome).


Same for me, using Chrome as well :(

DirecTV Subscriber Since 11/2008
Choice Ultimate - HD Extra - RZC
(2) HR22-100
(1) HR22-100 (Owned)
(1) HR21-100 (Owned)


#70 OFFLINE   fluffybear

fluffybear

    Hall Of Fame

  • DBSTalk Club
  • 7,171 posts
  • LocationPeachtree City, GA.
Joined: Jun 19, 2004

Posted 24 December 2012 - 11:16 PM

I have been seeing the warning for the better part of the day.

Chrome Version 24.0.1312.45 beta
MAC OS/X 10.8.2

Proud DirecTV customer since July, 1994

My Q3 2014 Set-Up


#71 OFFLINE   phrelin

phrelin

    Hall Of Fame

  • Registered
  • 13,414 posts
  • LocationNorthern California Redwoods
Joined: Jan 18, 2007

Posted 24 December 2012 - 11:19 PM

I'm continuing to get the warning if I shut down Firefox, restart and come back to the site. No big deal, it just hasn't been cleared through the systems yet.

"In a hundred years there'll be a whole new set of people."
"Always poke the bears. They sleep too much for their own good."

"If you're good enough, they'll talk about you." - Tom Harmon
A GEEZER who remembers watching TV in 1951 and was an Echostar customer from 1988 to 2008, now a Dish Network customer.
My AV Setup
My Slingbox Pro HD Experience
My Blog: The Redwood Guardian


#72 ONLINE   armophob

armophob

    Difficulty Concen........

  • DBSTalk Club
  • 6,939 posts
Joined: Nov 13, 2006

Posted 24 December 2012 - 11:34 PM

I'm continuing to get the warning if I shut down Firefox, restart and come back to the site. No big deal, it just hasn't been cleared through the systems yet.


Don't do all that.
check and then uncheck
"block reported attack site"
tools>options>security and then refresh

#73 ONLINE   SomeRandomIdiot

SomeRandomIdiot

    Godfather

  • Registered
  • 826 posts
Joined: Jan 06, 2009

Posted 25 December 2012 - 12:10 AM

The trojan is real and Google as well as the other Browsers are correct. The site is still sending out the trojan which is why the site has been reblocked by Chrome.

If you bypassed it, you might have a real problem on your system.

This virus is a variant of the Java/Exploit.Agent.NEB trojan. If your virus program did not detect it, time to get a better virus program such as eset and get rid of Norton and McAfee that miss stuff like this.

The trojan is coming from penetraterarest.com in Kazakhsta.

The java file is called FojZQA.jar

The exact address that dbstalk is telling your browser to download from is:

"http://penetraterarest.pro/rFR2v50SAgq0PhnF17Xcs0WuLw0utMZ0VCGd0sjOW0P6130GGLL0mEtv10X6e0TtHo17Kj901GbG05BY5/FojZQA.jar"

The Site Owners should DISABLE all Ads until this gets straightened out.

If they disable the Ads and the trojan remains, it has root on the DBStalk Server.

But again, what do I know.....I'm only SomeRandomIdiot.

Happy Holidays!

#74 ONLINE   SomeRandomIdiot

SomeRandomIdiot

    Godfather

  • Registered
  • 826 posts
Joined: Jan 06, 2009

Posted 25 December 2012 - 01:03 AM

Forgot to mention the size of the trojan that is being sent dbstalk users is 16,117 bytes.

#75 ONLINE   SomeRandomIdiot

SomeRandomIdiot

    Godfather

  • Registered
  • 826 posts
Joined: Jan 06, 2009

Posted 25 December 2012 - 01:10 AM

appears the trojan is now being distributed by 2 different sites as shown below:

Advisory provided by
Safe Browsing
Diagnostic page for dbstalk.com

What is the current listing status for dbstalk.com?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 532 pages we tested on the site over the past 90 days, 62 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-12-24, and the last time suspicious content was found on this site was on 2012-12-24.
Malicious software is hosted on 2 domain(s), including vuweather.org/, penetraterarest.pro/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including journaldugeek.com/, openx.net/.

This site was hosted on 1 network(s) including AS30496 (COLO4).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, dbstalk.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

#76 OFFLINE   Davenlr

Davenlr

    Geek til I die

  • Topic Starter
  • Registered
  • 9,090 posts
Joined: Sep 16, 2006

Posted 25 December 2012 - 01:13 AM

I just scanned my computer with MSE and Malwarebytes, and found nothing. I do run adblock on Firefox, so perhaps it blocks the offending ads in the first place.

Tivo Premier XL4, Tivo Premier, Tivo HD whole home on Xfinity HD, DirecTv Whole Home with 39" high gain KaKu dish, Roku3,SageTv 8 TB Win8 Server -> DVDO Edge-> Denon AVR, Klipsch KB15's/Panasonic 55ST60 plasma"


#77 OFFLINE   Drucifer

Drucifer

    Hall Of Fame

  • Registered
  • 7,906 posts
  • LocationNY Hudson Valley
Joined: Feb 12, 2009

Posted 25 December 2012 - 01:36 AM

Just got it again.

DREW

Do it Right, Do it Once
LR: HR34-7, Den: HR24-1, MB: HR24-5, Bsm: HR21-2, Kit: H25-5
PrimeStar '95, DirecTV  '00


#78 OFFLINE   Lord Vader

Lord Vader

    Special Member

  • DBSTalk Club
  • 8,218 posts
  • LocationGalactic Empire
Joined: Sep 20, 2004

Posted 25 December 2012 - 02:24 AM

Just got it now.

The Force is strong on this one. :mad:

FAITH: I find the lack of it disturbing.

Opinions are my own but should be those of all Americans, who would be much better off intellectually, psychologically, and emotionally if that were the case.


#79 OFFLINE   MysteryMan

MysteryMan

    Hall Of Fame

  • DBSTalk Club
  • 6,656 posts
  • LocationUSA
Joined: May 17, 2010

Posted 25 December 2012 - 03:55 AM

Same here. Google Chrome is again warning that visiting this website may harm your computer. :mad:

DirecTV customer since 1995.


#80 OFFLINE   pfred

pfred

    Mentor

  • Registered
  • 41 posts
Joined: Feb 08, 2009

Posted 25 December 2012 - 04:53 AM

The trojan is real and Google as well as the other Browsers are correct. The site is still sending out the trojan which is why the site has been reblocked by Chrome.

If you bypassed it, you might have a real problem on your system.

This virus is a variant of the Java/Exploit.Agent.NEB trojan. If your virus program did not detect it, time to get a better virus program such as eset and get rid of Norton and McAfee that miss stuff like this.

The trojan is coming from penetraterarest.com in Kazakhsta.

The java file is called FojZQA.jar

The exact address that dbstalk is telling your browser to download from is:

"http://penetraterarest.pro/rFR2v50SAgq0PhnF17Xcs0WuLw0utMZ0VCGd0sjOW0P6130GGLL0mEtv10X6e0TtHo17Kj901GbG05BY5/FojZQA.jar"

The Site Owners should DISABLE all Ads until this gets straightened out.

If they disable the Ads and the trojan remains, it has root on the DBStalk Server.

But again, what do I know.....I'm only SomeRandomIdiot.

Happy Holidays!

I got this message too, just now.
Come on dbstalk, fix this!




Protected By... spam firewall...And...