Jump to content

Strange Malware warnings!


fahim108

Recommended Posts

Something's out of place today! Google Chrome is displaying a strange malware warning everytime I am visiting Cadtutor.net (today)

 

malware_warning.png

 

It never happened before. :oops:

Link to post
Share on other sites
  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

  • Jack_O'neill

    20

  • CADTutor

    13

  • ReMark

    11

  • PotGuy

    6

Top Posters In This Topic

Posted Images

Jack_O'neill

Several times over the last couple of days, I've experienced something similar. I use Norton, and it has popped up saying that it "blocked an attack" on my computer just after logging on to CadTutor. Don't know what's up with all that. You'd think these guys would have something better to do.

Link to post
Share on other sites

I received also warnings regarding a blocked “activity” yesterday and today on a workstation that use Symantec Endpoint Protection - this happend only at first access of CADTutor; however on my home station where have Nod32 no warning was issued.

 

Regards,

Mircea

Link to post
Share on other sites
Jack_O'neill

the I.P address that is doing this to me is 184.154.65.11

 

Don't know who or where, but looking back over it, they've tried ever couple of minutes since i logged on.

Link to post
Share on other sites

The CADTutor site was hacked yesterday. All rougue files have now been removed and passwords changed. However, I remain on high alert. Please let me know if you are still receiving warnings about this site, giving as much detail as you can. It is possible that the site has been flagged as containing malware, even though it has now been removed, so the warning may only be theoretical.

Link to post
Share on other sites
Jack_O'neill

The IP address I gave you a few minutes ago has continued to attack every minute or so since I logged on to the site. The warning I'm getting is not for the CADTutor site, its for that address, but it started after I logged on here. I'm going to log off for a few minutes and see if it stops (or not) and I'll let you know.

Link to post
Share on other sites
Something's out of place today! Google Chrome is displaying a strange malware warning everytime I am visiting Cadtutor.net (today)

 

The reason for this warning is that the site is now flagged by Google Safe Browsing as "suspicious". See this link for more details: http://www.google.com/safebrowsing/diagnostic?site=http://www.cadtutor.net/

 

I don't know how long these flags last for but I assume that once the site is found to be clean, they will be removed.

Link to post
Share on other sites
Jack_O'neill

Logged off and back on, so far no more. The attacks actually stopped about 17 minutes ago, before I logged off. I thought they were still going when I made my last post, but i looked at the time stamp incorrectly. Getting sleepy I guess. Its after 1 a.m. here

Link to post
Share on other sites
The IP address I gave you a few minutes ago has continued to attack every minute or so since I logged on to the site. The warning I'm getting is not for the CADTutor site' date=' its for that address, but it started after I logged on here. I'm going to log off for a few minutes and see if it stops (or not) and I'll let you know.[/quote']

 

I recommend you do a full scan of your PC (assuming you haven't already done so).

Link to post
Share on other sites
Jack_O'neill
I recommend you do a full scan of your PC (assuming you haven't already done so).

 

it scans daily, but i started it manually. takes it about 20 minutes to do one. got lots of stuff on this machine.

Link to post
Share on other sites
The CADTutor site was hacked yesterday. All rougue files have now been removed and passwords changed. However, I remain on high alert. Please let me know if you are still receiving warnings about this site, giving as much detail as you can. It is possible that the site has been flagged as containing malware, even though it has now been removed, so the warning may only be theoretical.

 

These error mesage have been discussed over at the Swamp, do you mind if I quote this message there?

 

I don't know how long these flags last for but I assume that once the site is found to be clean, they will be removed.

 

According to one of the guys on the Swamp thread there's a procedure you need to follow to get them removed: Apparently Google emailed him.

 

dJE

Link to post
Share on other sites
According to one of the guys on the Swamp thread there's a procedure you need to follow to get them removed: Apparently Google emailed him.

 

Yep, I recieved an email from Google just after 6am GMT this morning, stating that the site was being flagged with a warning page and explaining the procedure.

 

Firefox uses the Google alert to inform its security setting.

 

Having cleaned the site, I don't see any further malicious activity but I need to continue scanning - hopefully that's an end to it.

Link to post
Share on other sites

FireFox stores Phishing and Attack site protection data in a file named urlclassifier3.sqlite, which is apparently updated with information obtained from Google. Short of turning off Attack Site blocking in FireFox's security tab, the only way I can get to Cadtutor is to delete this file, but FireFox rebuilds the file within minutes and re-blocks Cadtutor, so Google must not have removed Cadtutor from the list yet. :(

Link to post
Share on other sites
so Google must not have removed Cadtutor from the list yet. :(

 

I have requested a review of the site by Google but this is likely to take a few hours to work through the system.

Link to post
Share on other sites

As of 6:15 I was still getting the warning message on my home computer, but now at 7:00 here at work, everything seems fine. I'm not sure why the site would be flagged at home but not here at work? Unless we've been removed from the list now?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...