Site Comments & Suggestions

[Merged] Trojan - Blackhole toolkit website pop up when on RFD?

  • Last Updated:
  • Jun 21st, 2011 12:49 am
Tags:
Deal Guru
User avatar
Sep 21, 2007
13044 posts
11386 upvotes
...
45ED wrote: I just did a refresh - and Norton is still nagging me.

what browser are you using? I'm using Opera 11.02 and it's fine. Back button works, and refresh. Each link I click is fine too lol.
"An essential aspect of creativity is not being afraid to fail." -- Edward Land
Deal Guru
User avatar
Mar 2, 2009
14093 posts
576 upvotes
Toronto
faken wrote: what browser are you using? I'm using Opera 11.02 and it's fine. Back button works, and refresh. Each link I click is fine too lol.
Firefox 4.0.1.

My backbutton's fine. And I've got ad Blocker in. It's just...the pop up...
Deal Addict
User avatar
Nov 7, 2002
1726 posts
24 upvotes
Toronto
If you have AdBlock, block the site. Look for "vnvbhbyta.cz.cc" and block it.

Hopefully RFD quickly removes the infected iframe code.
Deal Guru
User avatar
Mar 2, 2009
14093 posts
576 upvotes
Toronto
Firestorm ZERO wrote: If you have AdBlock, block the site. Look for "vnvbhbyta.cz.cc" and block it.

Hopefully RFD quickly removes the infected iframe code.

I have Adblock plus, and in the category of "My Ad blocking Rules" I have "||vnvbhbyta.cz.cc". It still shows.

Something I'm missing? :confused:
Banned
May 12, 2004
9756 posts
4136 upvotes
Ottawa
WTF? Is there no QA done on the ads? This is ridiculous, how are all users expected to know how to block specific sites in the firewall? FF here as well.
Deal Addict
User avatar
Feb 24, 2005
1247 posts
93 upvotes
Toronto
nothing detected by my avast, but my chrome browser is jumping to the bottom of every newly opened RFD forum page; this is not happening with IE - related?

edit: behaving normally now after putting [url]http://vnvbhbyta.cz.cc*[/url] into my block list in avast - presumably that was causing the bottom-jumping <smirk>
Deal Addict
User avatar
Nov 7, 2002
1726 posts
24 upvotes
Toronto
45ED wrote: I have Adblock plus, and in the category of "My Ad blocking Rules" I have "||vnvbhbyta.cz.cc". It still shows.

Something I'm missing? :confused:

I think it should be "||vnvbhbyta.cz.cc^". So it gets all the text after the .cc.
Deal Guru
User avatar
Sep 21, 2007
13044 posts
11386 upvotes
...
download opera browser and see if it does the same thing!
"An essential aspect of creativity is not being afraid to fail." -- Edward Land
Deal Addict
User avatar
Nov 7, 2002
1726 posts
24 upvotes
Toronto
Cas77 wrote: WTF? Is there no QA done on the ads? This is ridiculous, how are all users expected to know how to block specific sites in the firewall? FF here as well.

It not an ad. The actual template PHP code was modified and added with the infected code.

The other solution I can think of without AdBlock is to add the following to your hosts file (C:\Windows\etc\hosts)

127.0.0.1 vnvbhbyta.cz.cc

This should prevent you from connecting to the site.
Deal Guru
User avatar
Mar 2, 2009
14093 posts
576 upvotes
Toronto
Firestorm ZERO wrote: I think it should be "||vnvbhbyta.cz.cc^". So it gets all the text after the .cc.

Just inserted ^ -- and it still shows. Oy vey, this is annoying.
Jr. Member
Dec 20, 2005
148 posts
1 upvote
Toronto
Same issue here. My antivirus (McAfee) blocked it.

Using Firefox 4.0.1 with Adblockplus.
Deal Expert
User avatar
May 10, 2005
36997 posts
11419 upvotes
Ottawa
Cas77 wrote: WTF? Is there no QA done on the ads? This is ridiculous, how are all users expected to know how to block specific sites in the firewall? FF here as well.

I believe that the blackhole toolkit hit websites as opposed to ads. Methinks RFD has been hit and if you have an active updated antivirus you will be OK. Search blackhloe tool kit and it will tell you that this has been around for quite a while, hitting all sorts of websites. RFD is just one in a long list.
“Those people who think they know everything are a great annoyance to those of us who do.”
Jr. Member
User avatar
Mar 5, 2011
186 posts
3 upvotes
Toronto
So is my computer infected now? I'm running Windows 7 on Sandboxied Firefox and Avast. :confused:
Deal Addict
User avatar
Nov 7, 2002
1726 posts
24 upvotes
Toronto
Looks like the infected IFRAME code has now been removed.

Everyone should still do a scan on their computers just to be safe.
Deal Guru
User avatar
Mar 2, 2009
14093 posts
576 upvotes
Toronto
Firestorm ZERO wrote: Looks like the infected IFRAME code has now been removed.

Everyone should still do a scan on their computers just to be safe.

It would appear so -- refreshed a couple of times and Norton no longer is notifying me.
Deal Addict
Jan 13, 2007
4831 posts
361 upvotes
Yep, something wrong with the forums. I got some strange messages from my firewall, MSW and IE. I did'nt have a chance to look closer as the IE reload the page after I clicked "Abort" and all was gone for now.
Deal Fanatic
Mar 12, 2010
6112 posts
660 upvotes
SW Ontario
Guess that is why my iPhone was stalling just before finishing loading the pages.

Silly question, but do these infect mac's too? (at home). Think I popped into RFD before I left for work.
Deal Fanatic
User avatar
Feb 23, 2008
7125 posts
1801 upvotes
45ED wrote: It would appear so -- refreshed a couple of times and Norton no longer is notifying me.

If you are relying on Norton than you are putting yourself at risk.
Just get Malwarebytes, Superantispyware, and Security essentials.

In conjunction these three will offer you highly secured enviornment. :)
Nothing is true, everything is permitted - Ezio Auditore.
Deal Fanatic
Aug 31, 2010
7556 posts
6834 upvotes
Jon Lai wrote: Serious?

NOD32 didn't detect anything.

Yeah, my AVG didn't detect anything..? :confused:

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)