Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Internet Worm on Elvas Tower

  1. #1
    Join Date
    Nov 1999
    Location
    Huntsville, AL
    Posts
    4,184

    Default Internet Worm on Elvas Tower

    When ever I log on to the Elvas Tower forum Norton AV tells me it has blocked an Internet Worm WMF Code Exec traffmoney1.biz
    Charles

  2. #2
    Join Date
    Nov 1999
    Location
    Bridgeview, Illinois
    Posts
    5,230

    Default RE: Internet Worm on Elvas Tower

    I got this;
    http://img.photobucket.com/albums/v4...lvas_tower.jpg
    Also, it showed that they got Win32/Worfo worm floating around and I got this also;
    http://img.photobucket.com/albums/v4...733/Virus2.jpg
    I already notified Eric about this but I haven't gotten a reply from him yet.

    Ken Plaza ;-)
    www.muschkaactivityworks.com

  3. #3
    Join Date
    Jul 2002
    Location
    Ames, Nebraska, USA.
    Posts
    33

    Default RE: Internet Worm on Elvas Tower


    I had the same result, yesterday morning when I tried to get to the message boards. My McAfee warned me it had cleaned a Trojan from my temp file. It was Exploit-Onload. My browser shut down and I did a complete system scan. It found two more files and I had to manually remove them. I did three minor scans at various times the rest of Saturday.
    Was going to post here and see if I was the only one that met this fate. I feel better knowing that it wasn't something I did myself or was sent to me. I sent an email off to Captain Bazza after it happened, but have had no reply. I guess a good Virus checker is really a must have.

    Dennis

  4. #4
    Join Date
    Apr 2003
    Location
    Silicon Valley, CA, USA.
    Posts
    3,366

    Default RE: Internet Worm on Elvas Tower

    We're aware of it and trying to get a hold of our host to fix it (they let somebody in). As long as you've got Norton running it's blocked, but if you don't it's not a good idea to visit right now.

    [b]Dave Nelson
    SLW Route Design: The Cal-P, 1950.[b]
    http://i3.photobucket.com/albums/y51...cing_Genma.gif
    http://i3.photobucket.com/albums/y51...s/4ad3d633.jpg

  5. #5
    Join Date
    Nov 1999
    Location
    Bridgeview, Illinois
    Posts
    5,230

    Default RE: Internet Worm on Elvas Tower

    Thanks for the heads up. Let us know here when you guys are worm and virus free so we can go back.

    Ken Plaza ;-)
    www.muschkaactivityworks.com

  6. #6
    Join Date
    Nov 2004
    Location
    .
    Posts
    364

    Default RE: Internet Worm on Elvas Tower

    OK, glad to hear you are on it! Looking forward to logging in again.
    Herb Kelsey

  7. #7
    Join Date
    Nov 1999
    Location
    North-Central Connecticut, USA
    Posts
    691

    Default RE: Internet Worm on Elvas Tower

    AHA! I wondered why Norton was getting fussy every time I tried to log-on there ;) ... -Phil

  8. #8
    Join Date
    Nov 1999
    Location
    Sacramento, Ca.
    Posts
    1,071

    Default RE: Internet Worm on Elvas Tower

    Well here is the news as it stands now.
    Our host has not been able to find a problem, but they are looking deeper into things. It had been reported that the Source Code had something added, but when we looked at it we could not find anything. The code has not been changed since last year according to their access files.
    When I logged into ET I was attacked, but my Norton did not find anything or warn me of anything. I have had several non-msts people log in and they have had no problems either. The host logged in with several different systems and browsers with out any difficulties.
    We will keep you informed.


    Regards,
    Erik Pierson
    Sacramento, Ca

    http://www.elvastower.com/forums/upl...1081558332.jpg
    www.sacramentolocomotiveworks.com

  9. #9
    Join Date
    Dec 2004
    Location
    Berkeley, CA
    Posts
    570

    Default RE: Internet Worm on Elvas Tower

    I get the same thing only over here (havnt checked elvas) here.

  10. #10
    Join Date
    Nov 1999
    Location
    Sacramento, Ca.
    Posts
    1,071

    Default RE: Internet Worm on Elvas Tower

    OK here is the latest update.

    This appears in the database from the forum. I do see it in the code but not where it is coming from.

    The link "
    http://traffmoney1.biz/dl/adv606.php" is trying to open a
    wmf file is corrupt. The domain was registered on Friday. See below:

    Administrative Contact ID: 6562192-SRSPLUS
    Administrative Contact Name: Jason Coffman
    Administrative Contact Organization: Private person
    Administrative Contact Address1: 908 Alder St
    Administrative Contact City: Philadelphia
    Administrative Contact State/Province: PA
    Administrative Contact Postal Code: 19147
    Administrative Contact Country: United States
    Administrative Contact Country Code: US
    Administrative Contact Phone Number: +1.74952171179
    Domain Registration Date: Fri May 12 20:46:09 GMT 2006



    Our servers run Linux which should not allow any type of worm. I am checking more on this within the database. For now, use any non IE browser till we get this figured out. Advise your members not to use IE, or, set IE to HIGH security for now to block all third party cookies. I have tested this and it works fine in the forums.

    Here is the link from http://www.symantec.com/avcenter/att...gs/s21526.html Symantec knows about this. It only attacks IE and will not trigger in Firefox.

    We are looking into this.


    Regards,

    Daniel Dawdy
    -
    Ribbon Rail Productions - Internet Publishing & Hosting
    http://ribbonrail.com

    Regards,
    Erik Pierson
    Sacramento, Ca


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •