chemrox
International Hazard
Posts: 2961
Registered: 18-1-2007
Location: UTM
Member Is Offline
Mood: LaGrangian
|
|
org syn website -> malware
The org syn website was listed yesterday by Google as passing malware. This is an alarming development. Does anyone know anything more?
"When you let the dumbasses vote you end up with populism followed by autocracy and getting back is a bitch." Plato (sort of)
|
|
|
solo
International Hazard
Posts: 3967
Registered: 9-12-2002
Location: Estados Unidos de La Republica Mexicana
Member Is Offline
Mood: ....getting old and drowning in a sea of knowledge
|
|
I guess it's time to download a copy of all the organic synthesis and stay away from that site.....solo
It's better to die on your feet, than live on your knees....Emiliano Zapata.
|
|
|
kclo4
National Hazard
Posts: 916
Registered: 11-12-2004
Location:
Member Is Offline
Mood: No Mood
|
|
Err.. that's really weird, why would such a wonderful site be called malware by google? When obviously Orgsyn isn't going to be malicious. Right?
|
|
|
497
National Hazard
Posts: 778
Registered: 6-10-2007
Member Is Offline
Mood: HSbF6
|
|
The little warning thing says that it could have been a third party that did it. That must be what it is. Either that or its a government conspiracy
to keep us from accessing it...
|
|
|
chemrox
International Hazard
Posts: 2961
Registered: 18-1-2007
Location: UTM
Member Is Offline
Mood: LaGrangian
|
|
The "third parties" troll for heavily used sites. Org Syn probably has no experience cleaning out such garbage and will have to learn how. I give
them a few days and try again.
"When you let the dumbasses vote you end up with populism followed by autocracy and getting back is a bitch." Plato (sort of)
|
|
|
raiden
Harmless
Posts: 38
Registered: 4-2-2008
Member Is Offline
Mood: Curious
|
|
http://www.google.com.au/interstitial?url=http://www.orgsyn....
Geez.
|
|
|
pantone159
National Hazard
Posts: 586
Registered: 27-6-2006
Location: Austin, TX, USA
Member Is Offline
Mood: desperate for shade
|
|
and perhaps some more details at:
http://www.google.com/safebrowsing/diagnostic?site=http://ww...
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
The Org Syn site passed a hijacker to this computer called JD/downloader and another called IEexploit.
My AVG resident shield caught then and sequestered thwn in Virus Vault.
There is a piece of freeware called Smithfraudfix on the net that is effective at getting rid of this. I used it and have had no further problems,
The virus files are in Temporary Internet Files folder.
Also infect Registry.
Below I post the exe file for the removal tool.
The Clean function (2) needs to be done in Safe Mode. That is, reboot, and as soon as BIOS is through hit F8, menu comes up on black screen, select
Safe Mode.
Then double click on smithfraudfix.exe and select (2) ENTER
Then follow instructions. If program stops responding just reboot into normal mode. You are finished.
This worked for me.
[Edited on 22-10-2008 by Sauron]
Attachment: SmitfraudFix.exe (1.6MB)
This file has been downloaded 820 times
Sic gorgeamus a los subjectatus nunc.
|
|
|
raiden
Harmless
Posts: 38
Registered: 4-2-2008
Member Is Offline
Mood: Curious
|
|
Apologies, I posted the wrong link.
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
The Org Syn site now appears to be operating normally. I just ran a search and got no AV warning from AVG, I downloaded a pdf, no problem.
Sic gorgeamus a los subjectatus nunc.
|
|
|
kclo4
National Hazard
Posts: 916
Registered: 11-12-2004
Location:
Member Is Offline
Mood: No Mood
|
|
Argh! Google is still viewing it as malware and my schools firewall, or whatever it is, has now completely blocked it because of this threat. 
How lame is that?
My schools firewall is a bit insane though so I shouldn't be very surprised. For instance it blocks all images from Wikipedia regardless of the
content.
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
Complain to Google.
Sic gorgeamus a los subjectatus nunc.
|
|
|
497
National Hazard
Posts: 778
Registered: 6-10-2007
Member Is Offline
Mood: HSbF6
|
|
Strange... yesterday I was able to click "ignore warning" and it would work, but now I try it and the warning page just refreshes, not allowing me in
at all. A bit aggravating..
|
|
|
sparkgap
International Hazard
Posts: 1234
Registered: 16-1-2005
Location: not where you think
Member Is Offline
Mood: chaotropic
|
|
Was there any official word on CambridgeSoft or Wiley about the matter?
sparky (~_~)
"What's UTFSE? I keep hearing about it, but I can't be arsed to search for the answer..."
|
|
|
Sauron
International Hazard
Posts: 5351
Registered: 22-12-2006
Location: Barad-Dur, Mordor
Member Is Offline
Mood: metastable
|
|
A pity that Google is being such a nanny-ninny.
Can you access orgsyn.org via Yahoo's SE? Or some other SE?
I am not having problems accessing it through my usual link from IE.
As far as I can tell, AVG stopped the hijacker malware cold. I ran the smithfraudfux.exe in safe mode just in case.
Sic gorgeamus a los subjectatus nunc.
|
|
|
not_important
International Hazard
Posts: 3873
Registered: 21-7-2006
Member Is Offline
Mood: No Mood
|
|
| Quote: | Originally posted by 497
Strange... yesterday I was able to click "ignore warning" and it would work, but now I try it and the warning page just refreshes, not allowing me in
at all. A bit aggravating.. |
I'm not even seeing a warning at Google, takes me straight to the orgsyn site. They must retest fairly frequently anf have cleared the report.
I'd used the site during the time of the infection, and got no alerts at my end. Could be because the injection used offsite sources for the malware
scripts and I'm using NoScript, or because they were IE/ActiveX specific (IEexploit is), or I'm really running OpenBSD and not XP like the browser
usually reports.
The name Smitfraudfix has no 'H' in it.
|
|
|
chemrox
International Hazard
Posts: 2961
Registered: 18-1-2007
Location: UTM
Member Is Offline
Mood: LaGrangian
|
|
Oustanding post Sauron. I will keep those files handy!
"When you let the dumbasses vote you end up with populism followed by autocracy and getting back is a bitch." Plato (sort of)
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
