1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Received a virus warning? Post a screen shot here

Discussion in 'PriusChat Website Questions' started by TonyPSchaefer, Oct 9, 2011.

  1. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    For those following this thread, but wondering what it means, here is a brief description:

    Internet browsers, such as Firefox, IE, Chrome, etc., all keep local copies of frequently used items. This cache of useful stuff is called just that: cache. Likewise most browsers also use helper programs to do things like displaying PDF files and running Java code. These helpers get installed on the local computer.

    A computer can get infected from visiting a bad website, and that infection can reside in the cache or helper code. Later, when you visit another website, such as PriusChat, that cached data or infected helper might be used. When it is used, your anti-virus program will raise a red flag. The timing of the warning makes most people assume that the infection is on the current website, when in fact it was acquired at some point in the past.

    In the case discussed on this thread, the problem is with the Java helper code. The cure was to uninstall this infected code and reinstall a good copy.

    Tom
     
  2. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    I don't buy this explanation, as the modern AV software will prevent saving malware on a disc and provide warning when that happens. And all recent warnings I got were exactly when Priuschat website was accessed.

    Why would AV allow to save malware without warning first and only alert when it's opened and why only Priuschat website would activate the supposedly previously saved malware?

    One more thing, the malware was located in the local setting/temp folder and this is not where firefox normally saves temp files.
     
  3. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    You have a lot of faith in AV software. I find them far from bullet proof.

    Tom
     
  4. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
  5. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    [​IMG]

    I just got it today as soon as I opened Priuschat. This is a 3rd warning about viruses on Priuschat in 3 days on 3 diffrenet PCs with 3 different AV products. All PCs are up to date with powerful security software in place (2 are work PCs with enterprise AVS). This screen shot is very valuable as it provides a direct sourse of the malware. How much longer the Priuschat administrators will deny the problems?
     
  6. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Never saw this before...
    Norton 360 kicked up this warning this morning as soon as I logged onto PriusChat.com:
     

    Attached Files:

  7. bedrock8x

    bedrock8x Senior Member

    Joined:
    Jul 8, 2008
    1,483
    137
    0
    Location:
    California
    Vehicle:
    Other Hybrid
    I believe this attach does not come from the PC site, it is the link from the advertisers. I think the administrators should identify the advertisers at fault and remove them.

     
  8. ny_rob

    ny_rob Senior Member

    Joined:
    Feb 28, 2012
    1,968
    813
    0
    Location:
    L.I.- NY
    Vehicle:
    Other Hybrid
    Model:
    N/A
    If you look at the ip address of the attacking site (89.187.53.244) in my screen snapshot it traces back to Republic of Moldova.
    http://whatismyipaddress.com/ip/89.187.53.244
     
  9. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    here is the screen shot from today. Clearly the malware goes through java, even though it's up to date on my PC. I use FF 11 and XP SP3. Everything is up to date.
    [​IMG]
     
  10. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    Thanks, fj.
    It looks like there are some smudges on your screen. Take it from me, you can't delete computer text with white-out. :-P
     
  11. GrumpyCabbie

    GrumpyCabbie Senior Member

    Joined:
    Dec 14, 2009
    6,722
    2,121
    45
    Location:
    North Yorkshire, UK
    Vehicle:
    2010 Prius
    Model:
    III
    I get hit with a virus whilst viewing Priuschat about once a week. It never happens on any other website I visit. Half thought it must be sent by some of Toyotas competition :)
     
  12. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    LOL, funny. I deleted that as my work user name is my last name.
    I do agree photoshoping is not my forte.
     
  13. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Nope, it's the oil industry fighting back.
     
    1 person likes this.
  14. pmike

    pmike Member

    Joined:
    Feb 29, 2012
    237
    81
    0
    Location:
    Central Florida
    Vehicle:
    2013 Prius
    Model:
    Two
    Ok, I wasn't sure it was priuschat.com until it happen for the 5th time. I run Microsoft Security Essentials on my laptop, at work we run Trend Micro Worry-Free Business Security Standard. I have never had this problem at work but it was been 4 or 5 times with my laptop.

    Attached is the notification.

    Edit: It has been 5 times. Attached are the incidents.
     

    Attached Files:

    • java.jpg
      java.jpg
      File size:
      133.3 KB
      Views:
      471
    • mse.jpg
      mse.jpg
      File size:
      79.6 KB
      Views:
      509
  15. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Yap, jar_cacheXXXXXX.tmp is exactly the infected file almost every time I go to priuschat. No other sites I visit have that issue. I would have to say priuschat is full of security holes.
     
  16. tampaite

    tampaite Member

    Joined:
    Jul 29, 2011
    231
    41
    0
    Location:
    FL
    Vehicle:
    2014 Prius
    Model:
    N/A
    Virus on PriusChat.com

    AVG is telling me I have a virus whenever I visit priuschat.com and this has become very annoying.

    Have attached a screenshot.

    WebMaster, please get rid of your viruses.

    For those without AVG, please upgrade to the newest anti-virus programs ASAP.
     

    Attached Files:

  17. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    Another one today:

    [​IMG]

    Priuschat is the only forum (or website in general) giving so many security warnings.

    Could the administrator of this forum provide an explanation to this problem???
     
  18. ES44AC

    ES44AC C.A.U.S

    Joined:
    May 7, 2012
    319
    77
    0
    Location:
    USA
    Vehicle:
    2011 Prius
    Model:
    Two
    I got the warning about a virus/script from Avast when I went to access the user CP. It happened at least 4 times today, right now I am able to access the page with no warnings.

    Next time I see it you will get a screen shot.

    Thanks!
     
  19. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,075
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
  20. Former Member 68813

    Former Member 68813 Senior Member

    Joined:
    Oct 3, 2010
    3,524
    981
    8
    Location:
    US
    Vehicle:
    Other Hybrid
    Model:
    N/A
    OK, I read some of it and it doesn't explain why Priuschat is the only website I ever encountered with this exploit.

    For the record, I have java and the whole system up to date and java cache is disabled on all my PCs.

    The same warning happened again today.