• A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 31 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 31st anniversary: Happy 31st Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $24,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $24 Million dollars
  • Sign up to get the TUG Newsletter for free!

    Tens of thousands of subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!
  • The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!

Google blocking access to TUG

Paco,

Any additional information on which virus it is (does it have a name I can google) and what all it does? My system scans are clean, but I want to make sure there's nothing hiding somewhere in my machine?

Henry
 
the only people ive seen report getting any sort of infection seem to describe the same "xp defender" fake antivirus download type.

although again, we cant find any source for it...no malicious code anywhere...and all the security scans (even 3rd party ones) show the site as clean.

Believe me its as frustrating on our end as it is yours.

Ill avoid putting more forum links in this weeks newsletter as well just in case.
 
Not sure how I missed this and failed to respond ..
emuyshondt said:
Was anything specific found and cleaned up by the TUG administrators? Have they done anything beyond contacting Google and McAfee to get off their blacklist? I would like to know if there was some virus that has been fixed, and if so, what it was, so I can try to chase the issue down on my end. If I got infected, I want to make sure I find a way to disinfect my machine.
Click to expand...
On 12/23 I found an image file that had some extraneous binary code added to it. This was an image file that is only viewed when a user is viewing a particular message in the BBS Help area, so it's not one that would have been visited much. I immediately replaced it with a clean copy of the image file. I don't know the nature of the injected code, just that it shouldn't have been there.
 
emuyshondt said:
Paco,

Any additional information on which virus it is (does it have a name I can google) and what all it does? My system scans are clean, but I want to make sure there's nothing hiding somewhere in my machine?

Henry
Click to expand...

No, unfortunately this was all the info I have.

Interestingly, today I got same from 118.219.232.216. Just got another one with 121 that disappeared before I could copy while using spell checker!

Kinda like olde days when one had electrical problem with car. Lots of diagnosing and some luck finding!

Managers are giving best shot and fortunately no one with good virus programs reporting being infested just inconvenienced!
 
My sign on tonight (just now) was the first in days (weeks?) that I didn't get the notice via Firefox. Maybe it has been fixed :whoopie:
 
FWIW, for Firefox users:

Firefox 17 apparently is not updating its internal cache of the Reported Site list properly when a site drops off the Google list. (See Mozilla bug 820283.) This is reported to be fixed in Firefox 18, due to be released the week of Jan 6.

Meanwhile, users of Firefox 17 can force Firefox to check the current list at Google every time, instead of relying on cached data, as follows:

Enter about:config in the Address/URL bar.
Press the big button to bypass the warning (if you haven't turned this off already).
Enter confirm in the Filter bar to limit display to just options containing 'confirm'.
Double-click on urlclassifier.confirm-age and change the value to 0.
 
Makai Guy said:
FWIW, for Firefox users:

Firefox 17 apparently is not updating its internal cache of the Reported Site list properly when a site drops off the Google list. (See Mozilla bug 820283.) This is reported to be fixed in Firefox 18, due to be released the week of Jan 6.

Meanwhile, users of Firefox 17 can force Firefox to check the current list at Google every time, instead of relying on cached data, as follows:

Enter about:config in the Address/URL bar.
Press the big button to bypass the warning (if you haven't turned this off already).
Enter confirm in the Filter bar to limit display to just options containing 'confirm'.
Double-click on urlclassifier.confirm-age and change the value to 0.
Click to expand...

This fix worked and was actually very easy.
Thanks.
 
I have not received any warning of any kind, ever on Tug.

Not at all tech savvy here, but I have Windows 7 Premium Home and Webroot.

I stand in awe of all who know this stuff.







-
 
Last edited:
Timeshare Von said:
My sign on tonight (just now) was the first in days (weeks?) that I didn't get the notice via Firefox. Maybe it has been fixed :whoopie:
Click to expand...

Oops - I spoke too soon (or jinxed it). This morning, the red bar warning returned :(
 
I followed those instructions posted by Makai Guy and it looks good so far - what a pain in the butt this has been! Thanks (I hope)!
 
Hadn't gotten it for a few days, but got the Firefox warning again this AM (Jan 5, 2013). Firefox 17.0.1. Haven't tried Makai's fix yet.

-Bob
 
We are still experiencing what appears to be some sort of malware or exploit impacting the TUGBBS FORUMS. It seems to only impact a small number of visitors, but still to be sure, we would suggest not browsing the TUGBBS FORUMS unless you have a current/updated active virus scanner/protection software loaded on your computer. note this does NOT impact the member only section of the site, tug2.com is unaffected by this issue.

I myself have been able to get an unprotected laptop I own infected with this virus from surfing the forum...sadly it simply appears the forum is "redirecting" random users to some other location and the virus is not actually loaded on the TUGBBS...just the exploit that redirects people.

Hopefully we can come up with a solution with our host here soon.

I sincerely apologize for any of you that have had to deal with this. I will point out that I was able to restore my laptop using the native system restore tool to the previous days restore point and suffered no ill effects from the virus. I would urge all of you to make sure that you have system restore enabled on your windows machines...its way easier than trying to clean these viruses in other ways for sure!
 
Last edited by a moderator:
Although I get the warning each time I come to the site this is only the second time my antivirus actually 'caught' something. Probably won't help but here it is.

Infection Details
URL: http://qahihahur.longmusic.com/lrf2x7zxw...
Process: C:\Program Files (x86)\Mozilla Firefox\f...
Infection: URL:Mal
 
The only way to clean the server is to build the server os from scratch and reload data onto the server. Alot of these malware just cannot be gotten rid of. I get the malware warning everyday on my laptop when I visit TUGbbs :(. No warning on the IPAD or my Droid phone. Wonder if they are now infected!
 
Crossing fingers as this is the first time I have come to TUG in days and not gotten the warning page!:)

It's back :( spoke too soon
 
Last edited:
TUGBrian said:
I myself have been able to get an unprotected laptop I own infected with this virus from surfing the forum...
Click to expand...

Which virus is it? What does it do to your system? I am asking about the virus that infected my machine, not the redirecting code you had on TUG that caused my machine to catch the bug.
 
I am still getting the warning but chanced going on the site today. What is going on?:eek:
 
I went to the other side of tug this morning on my daughter's computer and avast told me a harmful url was blocked. I don't have any details but did not come directly to the forums.
 
it was the one listed earlier that masks itself as the "security scan" downloaded to your computer.

we are going to try to reimage the server this week in the hopes that it will clear this issue, as all of our attempts to find it have failed.
 
TUGBrian said:
it was the one listed earlier that masks itself as the "security scan" downloaded to your computer.

we are going to try to reimage the server this week in the hopes that it will clear this issue, as all of our attempts to find it have failed.
Click to expand...

Wish you luck. Hope it works.
 
Still with the Google warnings...

Still getting warnings when accessing the BBS but not the TUG2.com main pages

..Mark (risking getting here by ignoring the warning, and Kasperski's not squawking about it)
...Mark


-----------------------------------------------------------------------
Safe Browsing
Diagnostic page for tugbbs.com/forums

What is the current listing status for tugbbs.com/forums?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 129 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-01-07, and the last time suspicious content was found on this site was on 2012-12-23.

Malicious software includes 1 exploit(s). Successful infection resulted in an average of 7 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including hivanopi.longmusic.com/.

This site was hosted on 1 network(s) including AS32244 (LIQUID).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, tugbbs.com/forums did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
-------------------------------------------------------------------------
 
as a stopgap I have had our host block that URL that is being reported as the malware redirect...at least until we get this sorted out I hope at least this will be an effective stopgap measure.

although what baffles me is that if tug can get "flagged" for malware just for redirecting a small %of people to a virus site, why cant they blacklist the virus site?
 
TUGBrian said:
as a stopgap I have had our host block that URL that is being reported as the malware redirect...at least until we get this sorted out I hope at least this will be an effective stopgap measure.

although what baffles me is that if tug can get "flagged" for malware just for redirecting a small %of people to a virus site, why cant they blacklist the virus site?
Click to expand...

I would have thought since their staff verified it that would have been done within seconds of there finding it.
 
clearly not if people are still being redirected there and getting infected.
 
You must log in or register to reply here.
Top