<p><font size="2">When I loaded the index page today, my AV popped up warnings about a downloader trojan.</font></p><p><font size="2">&nbsp;Then when the site was down earlier, I got another warning and IE seemed to be trying to download from <font face="Arial">81.95.146.133.</font></font></p><p><font face="Arial" size="2">Did this happen to anyone else or is my computer just fucked?</font></p>

i didnt notice anything different, i hope i didnt get infected

<font color="Navy"><font size="2">That happened with me too, downloading from that IP address. No Anti-virus warnings though.</font></font>

<span class=post_edited>This message was edited by HBox on 12-4-06 @ 5:34 PM</span>

I got the same error/virus message today for a while as well. That is strange.

<p>EXCELLENT.</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>Seriously, I didn't get that.&nbsp; I just got a &quot;SERVICE IS UNAVAILABLE&quot; message in my browser.</p>

<p>I didn't get that, but I did get the dreaded &quot;Service Unavailable&quot;.</p><p>Mikeyboy! Don't let this happen next time you go in studio. We need to have our cake and step on it too.</p>

hmmm... that might explain some things.&nbsp; I'll have to look at that when I get home.&nbsp; I run AVG, so I don't get those popups.

<font face="arial,helvetica,sans-serif" size="3">I got some virus warnings as well.</font>

I got a virus warning. Trying to get a &quot;Downloader Trojan.&quot;

Yup, virus warning for me. Symantec says its quarentined, whatever that means.<br />

<font face="comic sans ms,sand" size="2">Yup, it's happening to me too. It is my Spyware Sweeper that is giving me the warnings though.</font>

<p>I got the Site unavailable, and I just ran a disk cleanup and had a shitload of bugs and cookies. To the point where my whole system slowed down. </p><p>I'm also getting some weird text (HTML code?) just before the site opens, and it opens much slower than it used to, even after the cleanup. Takes a good 4 seconds to get to the main page and open some threads. &nbsp;</p>

everytime I access a topic I have been getting a popup from my antivirus telling me they caught something and to reboot to permanatly delete it.

<font face="arial,helvetica,sans-serif" size="3">I just got it again.&nbsp; </font>

<p>I noticed really quickly that it was trying to DL from that listed IP, google turns up</p><p><a href="http://www.symantec.com/security_response/writeup.jsp?docid=2006-072610-0431-99&amp;tabid=2"><font color="#0000cc">Downloader.Traus - Symantec.com</font></a></p><p>AV says that the its infecting index.htm which I suppose is being saved in my cache.&nbsp; Running full AV/Spyware check now</p><p>OMG DID WE GET HAX0RED??? OH NOEEEEEEESSSSSSS</p>

<p>Same thing here.</p><p>Fez's revenge?</p>

<p>I'm going to log off now.</p><p>Run&nbsp; NAV&nbsp;and Spysweeper.</p><p>I'll report back with what I come up with. Right now it is sluggish and I still get the occasional code at the top of the page.</p>

Anyone on suicide watch for stu and reilly? I hope they are okay after that.

some newbie could have put a virus in their sig pic

I actually had trouble accessing the site all weekend.

<strong>Marc with a c</strong> wrote:<br />Anyone on suicide watch for stu and reilly? I hope they are okay after that.<p> thanks for worring about me sweety. it was rough but i made it. i did some work and then drove home.&nbsp; i hope Reilly is ok. </p>

<span class=post_edited>This message was edited by STUGOTS1 on 12-4-06 @ 6:28 PM</span>

<strong>Marc with a c</strong> wrote:<br />Anyone on suicide watch for stu and reilly? I hope they are okay after that. <p>i managed to stick with my old habit in the meantime.&nbsp; myspace.com</p><p>&nbsp;</p><p>thanks for caring Marc!!!&nbsp; you notice Stu mentioned NOTHING about if i was ok though...lol </p>

maybe this has something to do with the crap on the top of the page

<strong>angrymissy</strong> wrote:<br />maybe this has something to do with the crap on the top of the page <p>i seen that too.&nbsp; happening since yesterday</p>

<strong>reillyluck</strong> wrote:<br /><strong>Marc with a c</strong> wrote:<br />Anyone on suicide watch for stu and reilly? I hope they are okay after that. <p>i managed to stick with my old habit in the meantime. myspace.com</p><p>&nbsp;</p><p>thanks for caring Marc!!! you notice Stu mentioned NOTHING about if i was ok though...lol </p><p>&nbsp;you sure about that?&nbsp; i would double check my facts if i was you madame. </p>

<strong>STUGOTS1</strong> wrote:<br /><strong>reillyluck</strong> wrote:<br /><strong>Marc with a c</strong> wrote:<br />Anyone on suicide watch for stu and reilly? I hope they are okay after that. <p>i managed to stick with my old habit in the meantime. myspace.com</p><p>&nbsp;</p><p>thanks for caring Marc!!! you notice Stu mentioned NOTHING about if i was ok though...lol </p><p>&nbsp;you sure about that?&nbsp; i would double check my facts if i was you madame. </p><p><img src="/messageboard/tiny_mce/plugins/emotions/images/lol.gif" border="0" width="20" height="20" />&nbsp; ahhh....how i love thee!</p><p>&nbsp;</p>

http://i5.photobucket.com/albums/y178/furie1335/pics/logo_apple.jpg

folks, those who got the message, are you on firefox or ie?

I did not get it on Firefox at home, but got it multiple times at work on IE

IE of course. The hackers love that browser.

i was on IE jon.

ok, so somehow an activex thinger is the culprit

<p><font face="comic sans ms,sand" size="3">I am running Slimbrowser and I get the test at the top and the Spysweeper popup once&nbsp; in a while but not always.</font></p>

<p>I always have to close out my browser and open it again whenever I go to the Chat Room because it causes multiple fuck ups.&nbsp; </p><p>Could it have anything to do with recent problems on the board or are they two seperate entities?&nbsp;</p>

<p>its not there anymore but for the last day or two at the top of the messageboard topics page there was a bunch of code about three lines long from left to right</p><p>it all looked like mumbo jumbo to me but it did kinda look like java scrpit of some kind</p><p>and then i got the service unavailable page</p>

I've been getting the exact same thing for the past two days, cougarjake.

yes... so i put a condom over my monitor

<strong>PhishHead</strong> wrote:<br />I did not get it on Firefox at home, but got it multiple times at work on IE <p>Multiple times at work using Ie 6 and Symantec (NAV07).&nbsp; Running IE 6 and AVS at home, so no messages.</p>

<span class=post_edited>This message was edited by MadMatt on 12-4-06 @ 8:32 PM</span>

<p>this is the message i get at the very top of the website on firefox:</p><p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 01:51:23 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Content-Language: en-US Content-Type: text/html; charset=UTF-8 <!-- whois.cfm --> <!-- includes/queries/qry_checkmemberoptions.cfm -->&nbsp;</p>

Yeah since yesterday when I load the site spysweeper has been going nuts. None of my AV apps Norton or AVG reported any viruses though.

justjon owes everyone a new computer

ok, think I got it, running a second scan to make sure.&nbsp; if you see the text on top or the popup again, let me know.

<strong>suggums</strong> wrote:<br />i didnt notice anything different, i hope i didnt get infected<p>&nbsp;The Virus is spreading, XM 202<br /> </p>

<strong>JustJon</strong> wrote:<br />ok, think I got it, running a second scan to make sure.&nbsp; if you see the text on top or the popup again, let me know. <p>http://i16.photobucket.com/albums/b9/sccrbunny16/cabbage.gifhttp://i16.photobucket.com/albums/b9/sccrbunny16/cabbage.gifhttp://i16.photobucket.com/albums/b9/sccrbunny16/cabbage.gifhttp://i16.photobucket.com/albums/b9/sccrbunny16/cabbage.gif</p><p>yeah jon. Its ya birfday....we gonna party like its ya birfday!!!</p>

<p>Still here.</p><p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 02:51:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Set-Cookie: SHOWHOWMANY=25;expires=Thu, 27-Nov-2036 02:51:48 GMT;path=/ Content-Type: text/html; charset=UTF-8 <!-- inbox.cfm --><!-- includes/header.cfm --><!-- includes/siteheader.cfm --></p>

<p>I hate this place!</p><p>I've been here for 5 years!</p><p>Nothing works here!</p><p>I hate this place!</p><p>I've been here for 5 years!</p><p>Nothing works here!</p><p>I hate this place!</p><p>I've been here for 5 years!</p><p>Nothing works here!&nbsp;</p>

<p>AHHHHHH GVAC POST # 6666</p><p><img src="http://i9.photobucket.com/albums/a63/angrymissy/Image1.gif?t=1165289873" border="0" alt="image" width="361" height="330" /></p>

<strong>Hottub</strong> wrote:<br /><p>Still here.</p><p>&nbsp;</p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 02:51:48 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Set-Cookie: SHOWHOWMANY=25;expires=Thu, 27-Nov-2036 02:51:48 GMT;path=/ Content-Type: text/html; charset=UTF-8 *-- inbox.cfm -**-- includes/header.cfm -**-- includes/siteheader.cfm -*<p>&nbsp;</p><p>&nbsp;Did you clear your cache?</p>

i sprayed lysol but no change

<strong>angrymissy</strong> wrote:<br /><p>AHHHHHH GVAC POST # 6666</p><p><img src="http://i9.photobucket.com/albums/a63/angrymissy/Image1.gif?t=1165289873" border="0" alt="image" width="361" height="330" /></p><p><img src="/messageboard/tiny_mce/plugins/emotions/images/lol.gif" border="0" width="20" height="20" /></p>

Hey guys, I am pretty sure I found the problem. Blame it on these <a href="http://www.homestarrunner.com/systemisdown.html">guys</a>...

<strong>Fez4PrezN2008</strong> wrote:<br />Hey guys, I am pretty sure I found the problem. Blame it on these <a href="http://www.homestarrunner.com/systemisdown.html">guys</a>... <p>Thats gotta be the problem!! <img src="/messageboard/tiny_mce/plugins/emotions/images/lol.gif" border="0" width="20" height="20" /></p><p>is it me or am i the only reads fez4prez's posts imagining him to sound like Triumph?&nbsp; its funny. </p>

<p>That's good reillyluck....good for me to poop on !!&nbsp; I KEED I KEED ...</p>

I got this virus warning. It got me in trouble at work!

<p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 04:47:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Set-Cookie: CFID=4177541;domain=.ronfez.net;expires=Thu, 27-Nov-2036 04:47:40 GMT;path=/ Set-Cookie: CFTOKEN=db02a36314546a90-50F04337-CAB0-3D96-C2D17C869486603E;domain=.ronfez.net;expires=Thu, 27-Nov-2036 04:47:40 GMT;path=/ Set-Cookie: SHOWHOWMANY=25;expires=Thu, 27-Nov-2036 04:47:40 GMT;path=/ Content-Language: en-US Content-Type: text/html; charset=UTF-8 </p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;Still there...clean cache and all. </p>

<span class=post_edited>This message was edited by GvacNoMore on 12-4-06 @ 11:51 PM</span>

<p>I just got this on the homepage:</p><p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 05:03:14 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Content-Language: en-US Content-Type: text/html; charset=UTF-8 <!-- includes/header.cfm --><!-- includes/siteheader.cfm --> _uacct = "UA-135237-1"; urchinTracker(); </p><p>&nbsp;</p><p>No virus warnings but the board has been running pretty slow for me the past couple of days too.&nbsp;</p>

<p>i cleared the cash and change out of my pockets but no change</p><p><img title="" alt="" src="http://www.ronfez.net/messageboard/tiny_mce/plugins/emotions/images/bye.gif" border="0" /></p><p>what a pain in the balls i am</p>

<strong>Fez4PrezN2008</strong> wrote:<br /><p>That's good reillyluck....good for me to poop on !! I KEED I KEED ...</p>Its I JOKE I JOKE I KEED I KEED.&nbsp;<p>&nbsp;</p>

<p>the site seemed to be down all night. I just got it again when I went to my prefrences on here. my virus scan caught like 5 or 6 viruses quickly and then I got this message at the top of the screen</p><p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 13:50:27 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 <!-- preferences.cfm --><!-- includes/header.cfm --><!-- includes/siteheader.cfm --></p><p>&nbsp;and it also popped up the message below</p><p>This website wants to run the following add on: Microsoft data access - remote data services dat...' if you trust the website and the add on and want to allow it to run click here...</p><p>I did not click because I dont trust it. So whats the deal?</p>

<p><font face="arial,helvetica,sans-serif" size="3">I'm still getting the warnings today.&nbsp; This is what we get when mikey hangs out in the studio with the boys.</font></p>

<p>This website wants to run the following add on: Microsoft data access - remote data services dat...' if you trust the website and the add on and want to allow it to run click here...</p><p>I did not click because I dont trust it. So whats the deal?</p><p><br /></p><p>Same here. BTW, I am running IE.</p>

<strong>Campo</strong> wrote:<br /><p>the site seemed to be down all night. I just got it again when I went to my prefrences on here. my virus scan caught like 5 or 6 viruses quickly and then I got this message at the top of the screen</p><p>HTTP/1.1 200 OK Connection: close Date: Tue, 05 Dec 2006 13:50:27 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MicrosoftOfficeWebServer: 5.0_Pub Set-Cookie: last_visit=now Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 *-- preferences.cfm -**-- includes/header.cfm -**-- includes/siteheader.cfm -*</p><p>&nbsp;and it also popped up the message below</p><p>This website wants to run the following add on: Microsoft data access - remote data services dat...' if you trust the website and the add on and want to allow it to run click here...</p><p>I did not click because I dont trust it. So whats the deal?</p><p>Yeah, I also was getting the &quot;This website wants to run the following add on: Microsoft data access - remote data services dat...' if you trust the website and the add on and want to allow it to run click here...&quot; throughout the day yesterday, luckily I did not run it.&nbsp; I got more virus warnings today as well.</p><p>&nbsp;Running IE7 and Norton AV</p>

<p>Sorry about the downtime folks.&nbsp; The best way to deal with the virus bullshit was a rebuild of the server.&nbsp; If I had done it, it would have happened tonite, but FMJeff was kind enough to offer to do it this morning and it just took longer than expected and ran thru a good portion of show time.&nbsp; But we believe the changes made during the rebuild will stop this from happening again.</p>Thanks Jeff.

So how do we find out who the leet haxor was

<p>Crap.</p><p>Norton AV just detected an intrusion attempt from 69.45.86.81 Port 5004</p>

<p>The entire site has been flipping out my work computer.</p><p>&nbsp;</p><p>&nbsp;</p>

<strong>angrymissy</strong> wrote:<br /><p>Crap.</p><p>Norton AV just detected an intrusion attempt from 69.45.86.81 Port 5004</p><p>&nbsp;quick kill it!!</p>

It blocked it.&nbsp; Does anyone know what port that is?

<p>&quot;This board is sho' goin' crazy!&quot;</p><p><img src="http://members.aol.com/otpacker/images/Dudley1.gif" border="0" width="95" height="100" /></p>

<strong>JustJon</strong> wrote:<br /><p>Sorry about the downtime folks.&nbsp; The best way to deal with the virus bullshit was a rebuild of the server.&nbsp; If I had done it, it would have happened tonite, but FMJeff was kind enough to offer to do it this morning and it just took longer than expected and ran thru a good portion of show time.&nbsp; But we believe the changes made during the rebuild will stop this from happening again.</p>Thanks Jeff. <p>Thanks Jon and Jeff!!!&nbsp; Appreciate all your efforts!</p><p>Funk</p>

<strong>JustJon</strong> wrote:<br /><p>Sorry about the downtime folks.&nbsp; The best way to deal with the virus bullshit was a rebuild of the server.&nbsp; If I had done it, it would have happened tonite, but FMJeff was kind enough to offer to do it this morning and it just took longer than expected and ran thru a good portion of show time.&nbsp; But we believe the changes made during the rebuild will stop this from happening again.</p>Thanks Jeff. <p>&nbsp;</p><div style="text-align: center"><img src="/messageboard/tiny_mce/plugins/emotions/images/clap.gif" border="0" width="170" height="172" /></div>

<p>I just had trouble logging in.&nbsp; I got a message saying there was a server problem. <br />&nbsp;</p><p>I tried again and had no problem, but the site is running slow. &nbsp;</p>

why is this website run using windows and IIS?????????????????????????????????????????

<p>The internet for me is running all wacky. By the way, can someone link me for a decent pop up/virus program that's free? </p>

<p>So, what was the final verdict? Was it in fact a harmful virus, or just some spyware being detected as such? </p><p>&nbsp;</p>

<p>Please, we all know who is responsible.</p><p>Angrymissy! She obviously brought up the problem to shift blame away from herself! I watch enough Murder She Wrote to realize your schemes missy!</p>

<strong>SatCam</strong> wrote:<br />why is this website run using windows and IIS????????????????????????????????????????? <p>It's not...anymore. </p><p>I'm not 100% sure what it was. I didn't have time to research the hack. It is most likely something written into an ini or registry entry somewhere that wasn't ready apparent for IIS. Certainly nothing in the code, that would've been a little obvious, and it was on the home page, which suggests it was in the headers perhaps. </p><p>Only a handful of people come to mind who posses the level of technical knowledge to pull something like that off, one in particular who just recently asked to come back to rf.net&nbsp;and will certainly never be welcome, ever. </p><p>&nbsp;</p>

<strong>FMJeff</strong> wrote:<br /><strong>SatCam</strong> wrote:<br />why is this website run using windows and IIS????????????????????????????????????????? <p>It's not...anymore. </p><p>I'm not 100% sure what it was. I didn't have time to research the hack. It is most likely something written into an ini or registry entry somewhere that wasn't ready apparent for IIS. Certainly nothing in the code, that would've been a little obvious, and it was on the home page, which suggests it was in the headers perhaps. </p><p>Only a handful of people come to mind who posses the level of technical knowledge to pull something like that off, one in particular who just recently asked to come back to rf.net&nbsp;and will certainly never be welcome, ever. </p><p>&nbsp;</p><p>The Jews ?</p>

<strong>mendyweiss</strong> wrote:<br /><strong>FMJeff</strong> wrote:<br /><strong>SatCam</strong> wrote:<br />why is this website run using windows and IIS????????????????????????????????????????? <p>It's not...anymore. </p><p>I'm not 100% sure what it was. I didn't have time to research the hack. It is most likely something written into an ini or registry entry somewhere that wasn't ready apparent for IIS. Certainly nothing in the code, that would've been a little obvious, and it was on the home page, which suggests it was in the headers perhaps. </p><p>Only a handful of people come to mind who posses the level of technical knowledge to pull something like that off, one in particular who just recently asked to come back to rf.net and will certainly never be welcome, ever. </p><p>&nbsp;</p><p>The Jews ?</p><p>&nbsp;without a doubt, it was reeshy.&nbsp; we all know that old people can use computers. &nbsp; </p>

Sory about this morning's downtime.&nbsp; Silly little bug where the server installed updates, rebooted itself and the brand spanking new web server wasn't configured to bring itself back up when it restarted.&nbsp; Won't happen again.

I got it too.&nbsp; I am getting scared to come here.. Like Taco Bell!

<strong>JustJon</strong> wrote:<br />Sory about this morning's downtime.&nbsp; Silly little bug where the server installed updates, rebooted itself and the brand spanking new web server wasn't configured to bring itself back up when it restarted.&nbsp; Won't happen again. <p>no prob jon. the site was the only thing to go down on me today...</p><p>beggars can't be choosers</p>

I am soooo fuckin' horny right now.