1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Received a virus warning? Post a screen shot here

Discussion in 'PriusChat Website Questions' started by TonyPSchaefer, Oct 9, 2011.

  1. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    Recently, people have reported getting virus warnings on some Priuschat pages. It's not Priuschat's intent to infect people's computer, so please help us figure this one out. To be clear, we think it's not a real virus but hopefully a "false positive" triggered by a flash something or some other behind-the-scenes element.

    I realize it's not perfect, but if you get a virus warning, please take a screen capture and attach it into this thread. Let's start with a screen shot of the virus warning. If that's not helping narrow in on the cause, we can try something else.

    Thanks for your help in making Priuschat a pleasurable experience. Failing that, at least less annoying.
     
  2. dhanson865

    dhanson865 Expert and Devil's advocate

    Joined:
    May 24, 2011
    851
    188
    0
    Location:
    TN, USA
    Vehicle:
    2005 Prius
    I didn't take a shot of the warning, but I'm posting a shot of the log which shows the partial URL of the file it considered malicious. It'll show me the full URL as a tooltip but I can't screenshot that so I'll type it in here

    http://priuschat.com/forums/gen-ii-prius-modifications/90527-cheap-shorty-antenna-works.html|>{gzip}
     

    Attached Files:

  3. wjtracy

    wjtracy Senior Member

    Joined:
    Sep 19, 2006
    11,340
    3,596
    1
    Location:
    Northern VA (NoVA)
    Vehicle:
    Other Hybrid
    Model:
    N/A
    I do not have a screeen shot, but also use the AVAST virus detector, and also got a virus warning on Prius Chat. Seems to me often times the users mentioning virus warnings from PriusChat are also using the AVAST.
     
  4. wick1ert

    wick1ert Senior Member

    Joined:
    Dec 3, 2009
    1,311
    183
    2
    Location:
    Delawhere
    Vehicle:
    2010 Prius
    Model:
    III
    I use MS Security Essentials, and just went to that page but got no warning. Not sure if that's beneficial, but figured I'd pass it along. When I visit at work, they use McAfee and I haven't come across any issues with that, either.
     
  5. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,135
    50,051
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    i don't know how to do a screen shot, but get a mcafee warning about once a week. i just close it and nothing ever happens.
     
  6. ursle

    ursle Gas miser

    Joined:
    Jun 28, 2006
    1,049
    192
    0
    Location:
    NH
    Vehicle:
    2011 Prius
    Model:
    Four

    With the warning on your screen...
    Upper right of the keyboard "Prt Sc" key, press it once and go to your desktop, open paint (microsoft paint, it's in accessories), press paste, (the paste icon) the screen shot will open in paint, save it(notice where it's saved, or put it where you want it), now open it in photo viewer or office and resize it or crop it or whatever, now post it to your photobucket account, now post it to Prius Chat.
    Actually, I'm not keen on virus threads anywhere, they spread like virii.
     
  7. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,135
    50,051
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    thank you ursle, you're very kind, but i lost you in the first sentence. interestingly, i got the warning right after posting to this thread. i get the mcafee M in the toolbar and when i click on it, it says my computer is at risk. when i click 'fix now' it takes me to their web site where they try to sell me their software for $47.99.
    funny thing is, it only happens on prius chat and then only once in a while.
     
  8. ursle

    ursle Gas miser

    Joined:
    Jun 28, 2006
    1,049
    192
    0
    Location:
    NH
    Vehicle:
    2011 Prius
    Model:
    Four
    So true
    The only time I've ever had a virus warning was Norton telling my my subscription had expired and I had to renew it to get rid of the virus, which was them...in 98', never loaded anything from Norton since.
     
  9. cwerdna

    cwerdna Senior Member

    Joined:
    Sep 4, 2005
    12,544
    2,123
    1
    Location:
    SF Bay Area, CA
    Vehicle:
    2006 Prius
    I also got no warning at that page but I doubt that problems are specific to that page. I suspect some malicious content in one of the ads being served up.

    I am using Norton Internet Security and have gotten alerts about blocked attacks in the past while a Priuschat page was loading. I'll take screenshots the next time it happens.
     
  10. wick1ert

    wick1ert Senior Member

    Joined:
    Dec 3, 2009
    1,311
    183
    2
    Location:
    Delawhere
    Vehicle:
    2010 Prius
    Model:
    III
    I figured it wasn't page specific, but with a known page that caused it for someone, I figured I'd see what happened. That said, I don't recall ever getting a warning on PC.
     
  11. dhanson865

    dhanson865 Expert and Devil's advocate

    Joined:
    May 24, 2011
    851
    188
    0
    Location:
    TN, USA
    Vehicle:
    2005 Prius
    It's not thread specific. I've gotten that sort of warning on other threads and if I go back to the same page even 5 seconds later I don't get the warning.

    Unfortunately it blocks the page from loading so I can't view source without disabling the AV. I'd rather do that on a test PC and I don't have one set up to do that with right now.
     
  12. seilerts

    seilerts Battery Curmudgeon

    Joined:
    Mar 7, 2010
    3,326
    1,513
    38
    Location:
    Santa Fe, NM
    Vehicle:
    2005 Prius
    I haven't noticed anything since Optima's banner ads started running. Before that, I had about once/week where I'd get a warning about trying to run something malicious under an older version of Java as a banner ad was loading.
     
  13. Danny

    Danny Admin/Founder
    Staff Member

    Joined:
    Nov 24, 2003
    7,094
    2,116
    1,174
    Location:
    Charlotte, NC
    Vehicle:
    2013 Prius Plug-in
    Model:
    Plug-in Base
    Just an update from behind the scenes: I enlisted our server admin to look through the entire server for any malicious code and nothing could be found. It seems to mostly be with Avast, and they will of course not respond to my requests for more information on the threat. This site will also not respond to my inquiries:

    priuschat.com Website Details

    We only run ads from Google and other reputable 3rd party companies, so I'm not sure why they would have any viruses or anything in them, but that's the only thing I can think of.
     
  14. TonyPSchaefer

    TonyPSchaefer Your Friendly Moderator
    Staff Member

    Joined:
    May 11, 2004
    14,816
    2,498
    66
    Location:
    Far-North Chicagoland
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    Wow. Someone really doesn't like you.
     
  15. Mark57

    Mark57 2021 Tesla Model 3 LR AWD

    Joined:
    Aug 14, 2009
    2,945
    2,737
    0
    Location:
    OK
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    It appears that Lightspeed Systems is the one that has categorized priuschat.com with the "security.virus" tag and it was done manually by Lori per a report from malwaresurvival.net. See the Categorization Engine restults secton, "Manually moved to security.virus by LIGHTSPEED\Lori at 9/29/2011 9:37 AM (per http://malwaresurvival.net/)"

    If you search malwaresurvival.net for Priuschat you get a ton of info priuschat | Search Results | MalwareSurvival

    Small Excerpt:
    The site called Priuschat.com (IP 67.227.135.51) is all over the map. It has quite a few redirects to Trojan and bot-net sites.
    The site also redirects tobluekai.com that is dishing out the Palevo infection. The Palevo is a very nasty infection!

    I used to have to deal with stuff like this daily on our domains. Our web and email servers would wind up on some black list and I'd have to work to get us removed. It's pretty bad when a Fortune 500 company can't receive email because some grandma reported us. I suspect one of more you your Priuschat users has reported the site as a problem with their own malware/virsus software. Many of them allow you to "alert the authorities" when their PC detects something. Those alerts go to black list sites like malwaresurvival.net.
     
  16. Mark57

    Mark57 2021 Tesla Model 3 LR AWD

    Joined:
    Aug 14, 2009
    2,945
    2,737
    0
    Location:
    OK
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    PS, don't assume the issue is only coming from your site ads. Many users have html links in their signatures. One of those could be the culprit as well.
     
  17. dhanson865

    dhanson865 Expert and Devil's advocate

    Joined:
    May 24, 2011
    851
    188
    0
    Location:
    TN, USA
    Vehicle:
    2005 Prius
    Mike James in http://priuschat.com/forums/gen-iii.../98944-winter-tire-wheels-16-17-inch-set.html says
    again it could be ads, or user signatures but I doubt its just false positives.
     
  18. 2k1Toaster

    2k1Toaster Brand New Prius Batteries

    Joined:
    Feb 14, 2010
    6,035
    3,855
    0
    Location:
    Rocky Mountains
    Vehicle:
    2006 Prius
    Model:
    Three
    If he took it to a "shop" for malware/virus problems, then he probably isn't technical. The fact that he had virus/torjans means he is already browsing unsafe content. Assuming the wife does the same or selected anti-virus protection that is really just a virus itself it is not a surprise.

    I have to constantly tell my non-technical friends that when the popup box says "you have a virus! pay me $30 for this awesome software to remove it" that is the virus. Then they download and pay for it, and it just sits in the system tray redirecting pages and sending off info making your pc a potential zombie. You can't protect users from themselves.
     
  19. dhanson865

    dhanson865 Expert and Devil's advocate

    Joined:
    May 24, 2011
    851
    188
    0
    Location:
    TN, USA
    Vehicle:
    2005 Prius
    I do know what you mean about users that aren't knowledgeable about computers. I've worked in IT the majority of my adult life.

    But that's statement above is false logic. It's like saying the fact that someone got shot at random on the freeway means they are already driving in unsafe neighborhoods. Or like saying the fact that someone got pregnant the first time they had sex means they were having sex before and were lying about being a virgin. Or saying the fact that someone won the jackpot at the lottery means they clearly were buying tickets on a regular basis. The only way you could jump to that conclusion is if you completely discount the possibility of what they say being true. At least don't be closed minded and give the possibility some respect.

    If you just said it's more likely he got infected elsewhere you might have the odds on your side and I wouldn't have bothered to write this but you'd still be whistling past the graveyard if you assume there is no chance to get a PC infected by browsing priuschat.com
     
  20. 2k1Toaster

    2k1Toaster Brand New Prius Batteries

    Joined:
    Feb 14, 2010
    6,035
    3,855
    0
    Location:
    Rocky Mountains
    Vehicle:
    2006 Prius
    Model:
    Three
    Correct you can never rule it out, but it is extremely unlikely to happen at Priuschat. Maybe if using IE5 and a bad ad got past google review. But it is highly unlikely.

    I have also done IT for quite a while. If you know what you are doing, you won't get a virus or any other malware. When you do something sketchy, something sketchy may happen...