Strange Malware warnings!

[fahim108]

Something's out of place today! Google Chrome is displaying a strange malware warning everytime I am visiting Cadtutor.net (today)

 

 

It never happened before.

[Jack_O'neill]

Several times over the last couple of days, I've experienced something similar. I use Norton, and it has popped up saying that it "blocked an attack" on my computer just after logging on to CadTutor. Don't know what's up with all that. You'd think these guys would have something better to do.

[MSasu]

I received also warnings regarding a blocked “activity” yesterday and today on a workstation that use Symantec Endpoint Protection - this happend only at first access of CADTutor; however on my home station where have Nod32 no warning was issued.

 

Regards,

Mircea

[Jack_O'neill]

the I.P address that is doing this to me is 184.154.65.11

 

Don't know who or where, but looking back over it, they've tried ever couple of minutes since i logged on.

[CADTutor]

The CADTutor site was hacked yesterday. All rougue files have now been removed and passwords changed. However, I remain on high alert. Please let me know if you are still receiving warnings about this site, giving as much detail as you can. It is possible that the site has been flagged as containing malware, even though it has now been removed, so the warning may only be theoretical.

[Jack_O'neill]

The IP address I gave you a few minutes ago has continued to attack every minute or so since I logged on to the site. The warning I'm getting is not for the CADTutor site, its for that address, but it started after I logged on here. I'm going to log off for a few minutes and see if it stops (or not) and I'll let you know.

[CADTutor]

Something's out of place today! Google Chrome is displaying a strange malware warning everytime I am visiting Cadtutor.net (today)

 

The reason for this warning is that the site is now flagged by Google Safe Browsing as "suspicious". See this link for more details: http://www.google.com/safebrowsing/diagnostic?site=http://www.cadtutor.net/

 

I don't know how long these flags last for but I assume that once the site is found to be clean, they will be removed.

[Jack_O'neill]

Logged off and back on, so far no more. The attacks actually stopped about 17 minutes ago, before I logged off. I thought they were still going when I made my last post, but i looked at the time stamp incorrectly. Getting sleepy I guess. Its after 1 a.m. here

[CADTutor]

The IP address I gave you a few minutes ago has continued to attack every minute or so since I logged on to the site. The warning I'm getting is not for the CADTutor site' date=' its for that address, but it started after I logged on here. I'm going to log off for a few minutes and see if it stops (or not) and I'll let you know.[/quote']

 

I recommend you do a full scan of your PC (assuming you haven't already done so).

[Jack_O'neill]

I recommend you do a full scan of your PC (assuming you haven't already done so).

 

it scans daily, but i started it manually. takes it about 20 minutes to do one. got lots of stuff on this machine.

[Tyke]

I had the same problem when I logged on this morning. I'm using Firefox and Sophos.

[Tiger]

Firefox is flagging the site here too.

[danellis]

The CADTutor site was hacked yesterday. All rougue files have now been removed and passwords changed. However, I remain on high alert. Please let me know if you are still receiving warnings about this site, giving as much detail as you can. It is possible that the site has been flagged as containing malware, even though it has now been removed, so the warning may only be theoretical.

 

These error mesage have been discussed over at the Swamp, do you mind if I quote this message there?

 

I don't know how long these flags last for but I assume that once the site is found to be clean, they will be removed.

 

According to one of the guys on the Swamp thread there's a procedure you need to follow to get them removed: Apparently Google emailed him.

 

dJE

[dbroada]

I can now only get a low graphic version of this site unless I turn off Firefox' security.

[CADTutor]

According to one of the guys on the Swamp thread there's a procedure you need to follow to get them removed: Apparently Google emailed him.

 

Yep, I recieved an email from Google just after 6am GMT this morning, stating that the site was being flagged with a warning page and explaining the procedure.

 

Firefox uses the Google alert to inform its security setting.

 

Having cleaned the site, I don't see any further malicious activity but I need to continue scanning - hopefully that's an end to it.

[nestly]

FireFox stores Phishing and Attack site protection data in a file named urlclassifier3.sqlite, which is apparently updated with information obtained from Google. Short of turning off Attack Site blocking in FireFox's security tab, the only way I can get to Cadtutor is to delete this file, but FireFox rebuilds the file within minutes and re-blocks Cadtutor, so Google must not have removed Cadtutor from the list yet.

[nestly]

Here are the offending objects as reported by Google

[CADTutor]

so Google must not have removed Cadtutor from the list yet.

 

I have requested a review of the site by Google but this is likely to take a few hours to work through the system.

[Jack_O'neill]

That "secursinchroz.tk" in Nestly's post has shown up a couple times in the list of blocked intruders on my machine too.

[Cad64]

As of 6:15 I was still getting the warning message on my home computer, but now at 7:00 here at work, everything seems fine. I'm not sure why the site would be flagged at home but not here at work? Unless we've been removed from the list now?