• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Norton Blocked Virus message

Fasttr

TUG Review Crew
TUG Member
Joined
Jun 26, 2013
Messages
6,259
Reaction score
3,401
Points
498
Location
Connecticut
Resorts Owned
Marriott's Grande Ocean (Enrolled)
MVC Trust Points
I use Norton 360 as virus protection both at home and at work, and over the past few days, and it has happened at home and at work, when I log into the Tug/Marriott Forum, I get a Norton message that pops up saying it blocked a malicious virus. It doesn't happen all the time, but it has been fairly frequent over the past few days.

Anybody else having this issue? Just wondering if TUG has a virus issue they need to deal with.

ps... I also posted this in the Marriott forum.
 
Last edited:

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
can you forward me the details of the message?\

also, what os and browser are you using?
 

Fasttr

TUG Review Crew
TUG Member
Joined
Jun 26, 2013
Messages
6,259
Reaction score
3,401
Points
498
Location
Connecticut
Resorts Owned
Marriott's Grande Ocean (Enrolled)
MVC Trust Points
can you forward me the details of the message?\

also, what os and browser are you using?

Using Windows 7 and IE 11 at home. Also Windows 7 at work, but will have to wait until tomorrow to let you know what IE version of a browser at work.

The Norton notice said it was "Malicious Website Accessed 2" virus.

ETA: I am using IE 9 at work.
 
Last edited:

JPD

TUG Member
Joined
Aug 16, 2008
Messages
248
Reaction score
1
Points
228
Location
Jacksonville NC
I have win7 also, and IE11. No problems on my end with Norton 360. Please keep us updated.
 

Fasttr

TUG Review Crew
TUG Member
Joined
Jun 26, 2013
Messages
6,259
Reaction score
3,401
Points
498
Location
Connecticut
Resorts Owned
Marriott's Grande Ocean (Enrolled)
MVC Trust Points
can you forward me the details of the message?

More info Brian....Norton says the attacking computer is 69.64.46.68 if that helps any.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
any and all info is useful to tracking down what may be causing this.
 

DaveNV

TUG Review Crew: Expert
TUG Member
Joined
Jun 1, 2006
Messages
22,003
Reaction score
29,217
Points
1,348
Location
Mesquite, Nevada
Resorts Owned
Free Agent
Brian, I can't provide any extra information because I've already deleted everything, but yesterday afternoon when i clicked onto the Private Messages page, I was hit with spyware and a virus. I haven't had one in several years, but this one happened the instant I landed on that page. Not sure if that's any help.

Dave
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
were you on a windows7 machine also?

hopefully your antivirus caught it?
 

mjkkb2

TUG Member
Joined
May 17, 2010
Messages
316
Reaction score
36
Points
239
Location
richmond VA
virus/malware

I believe I also got something from TUG. It happened yesterday at my work computer. I had to have the IT person clean it up. Today I got the same thing- very nasty malware that writes to the windows registry, disables all antivirus commands and installs bunch of junk.
I had to go again and get it removed. Now I am still uncertain if it came from TUG. There was one other website I have visited both yesterday and today, however while searching in Google I haven't gotten any hits about virus issues like I got with tug. For those interested, search your c drive for two files:
r3a3n3a3 and As2014.

If you find those on your machine - you got infected. Take appropriate precautions to fix your computer. This thing rewrites the system registry so deleting them isn't enough. it will run again if you restart the computer.

good luck fixing it. for now I am banned from accessing tug at work:mad:
 

csxjohn

TUG Review Crew: Expert
TUG Member
Joined
Apr 25, 2012
Messages
6,551
Reaction score
134
Points
348
Location
North East Ohio
Resorts Owned
Tropic Shores Resort, Bluegreen points
I contacted a virus yesterday. When I signed into tug window started popping up with some phony clean up site. It turned out to be a scare ware virus that somehow my avast missed. Our research showed that this virus usually comes from clicking on an on line video.

We got it cleaned up and did some avast updates but am not sure if it came from TUG or not. Today avast blocked what they termed a dangerous virus as soon as I signed on to TUG. I don't have any other details at this time.

I'm on a PC and think I'm using IE7.

Yesterday I checked TUG from another computer without signing in to see if there were any new threads about a virus. There were none so I suspected that it came from somewhere else. Today I saw this thread.

I am banned from accessing TUG on the wife's computer until we find out for sure what's happening. She's the one that has to figure out what's wrong and how to fix it.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
Doug and I have been digging into this for the past few days and are coming up blank.

we are also working with our host to identify and cure the issue, but without any of us being able to trigger it...its like looking for a needle in a haystack.

I can suggest the following for those needing help to protect or clean their computers:

I personally use all of these.

1. malwarebytes antimalware:

http://downloads.malwarebytes.org/mbam-download.php


2. spybot search and destroy

http://download.cnet.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

3. trendmicro online virus scanner

http://housecall.trendmicro.com/

4. kapersky has been a suggested virus scanner from our host...they appear to have a free online scanner and removal tool here

http://www.kaspersky.com/virus-scanner
 

Fasttr

TUG Review Crew
TUG Member
Joined
Jun 26, 2013
Messages
6,259
Reaction score
3,401
Points
498
Location
Connecticut
Resorts Owned
Marriott's Grande Ocean (Enrolled)
MVC Trust Points
Doug and I have been digging into this for the past few days and are coming up blank.

we are also working with our host to identify and cure the issue, but without any of us being able to trigger it...its like looking for a needle in a haystack.

Thanks Brian. So far at work today, I have signed on a few times throughout the day and no Norton flags....so fingers crossed!!!!
 

csxjohn

TUG Review Crew: Expert
TUG Member
Joined
Apr 25, 2012
Messages
6,551
Reaction score
134
Points
348
Location
North East Ohio
Resorts Owned
Tropic Shores Resort, Bluegreen points

kalima

TUG Member
Joined
Dec 28, 2013
Messages
222
Reaction score
1
Points
16
Location
Vancouver Island BC
virus

yes I got a virus a few days ago when on the TUG site! Something popped up and I clicked 'later' instead of closing it out..I had to get our IT guy at work to get rid of it..it was one of those virus's that tells you you have a virus and you need to run a scan BUT if you do that it will get right in your system ...luckily as soon as I realized what had happened I shut my system right down.
 

DaveNV

TUG Review Crew: Expert
TUG Member
Joined
Jun 1, 2006
Messages
22,003
Reaction score
29,217
Points
1,348
Location
Mesquite, Nevada
Resorts Owned
Free Agent
were you on a windows7 machine also?

hopefully your antivirus caught it?


It is a Windows XP SP3 machine at my work. It was one of those homepage redirect viruses, that disables everything, so you can't use normal processes to fix it. I was able to get around it by doing a System Restore back to a date a week ago. Once it was clear enough to use the machine, I used the malwarebytes.org software to scan things. It found ten viruses and spyware, and kille dthem all. System is fine now.

Dave
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
I am working to try to disable all redirects (willing or not) to that myftp.org site listed in the reports ive gotten.

while it wont get rid of the problem it will hopefully at least prevent anyone from downloading anything.
 

Passepartout

TUG Review Crew: Veteran
TUG Member
Joined
Feb 10, 2007
Messages
28,462
Reaction score
17,213
Points
1,299
Location
Twin Falls, Eye-Duh-Hoe
I just ran a full AVG scan and a Malwarebytes scan. Both came up clean. Win7/FF27Beta

Jim
 

Miss Marty

TUG Member
Joined
Jun 6, 2005
Messages
3,999
Reaction score
339
Points
468
Another Trojan quarantined by Eset

1/16/2014 Went to Tug a few minutes ago and Eset found another
trojan threat and quarantined it. Using Windows XP home and IE:(

1/15/2014 5:07:22 PM HTTP filter file http:// www. tugbbs .com/class/help/defaults.php JS/Kryptik.AH trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

1/13/2014 11:29:36 AM HTTP filter file http:// www. tugbbs .com/forums JS/Kryptik.AH trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
 

Fasttr

TUG Review Crew
TUG Member
Joined
Jun 26, 2013
Messages
6,259
Reaction score
3,401
Points
498
Location
Connecticut
Resorts Owned
Marriott's Grande Ocean (Enrolled)
MVC Trust Points
Norton just stopped another one the second I hit TUG at home this evening. Using Windows 7 and IE 11.

Here is the info....

Norton IPS Alert Name: Malicious Website Accessed 2

Attacking Computer: cbclyr.myftp.biz 69.64.46.68, 80 which is the same source address as yesterday.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
that is the first error that showed the file on the server...something to look at!
 

caneil

TUG Member
Joined
Jan 2, 2013
Messages
16
Reaction score
0
Points
0
Same thing happened to me yesterday and just now with Norton blocking an attack. I think I will just wait a few days and see how it goes.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
I went ahead and hired a company that specializes in this sort of detection and cleaning...they said they can fix all this within 8 hours.

will keep you updated.
 

TUGBrian

Administrator
Joined
Mar 24, 2006
Messages
22,091
Reaction score
7,675
Points
1,099
Location
Florida
anyone still getting the message by chance?
 

Sandy VDH

TUG Review Crew: Elite
TUG Member
Joined
Jun 6, 2005
Messages
9,848
Reaction score
4,227
Points
648
Location
Houston, TX
Resorts Owned
Wynd VIP Plat GF, HGVC Elite, WM, HICV, +
I too had message a few days ago, but nothing since then.
 

richardm

TUG Member
Joined
Aug 6, 2007
Messages
1,263
Reaction score
36
Points
409
Location
Orlando
Just got the warning when I visited.

Alert classifed it as Web Attack: Malicious Website Accessed
Attacking computer: 69.64.46.68
Attacker URL: knbryjjd.myftp.org
 
Top