Jump to content


Photo

Why Do These Security Messages Keep Coming Up


  • Please log in to reply
38 replies to this topic

#16 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 07 May 2016 - 10:55 AM

These messages are still appearing. It happens when I click on the first thread, the web site in the message is different, but it is always hosted by the mini forum. If I back up and then continue the message does not appear again.

 

Since I first reported the problem I have run Malwarebytes 4 times. This has only picked up PUP.* threats on my machine. PUPs are potentially unwanted programmes. It has not picked up any significant malware.

 

I disabled the activeX controls but this only stopped the video working on the BBC weather site and some auction house web sites that I use.

 

I have also cleared out my Internet Cache files twice and removed all cookies twice. Apart from making my internet slower whilst the cookies return it has not stopped the messages, even when I come to the Mini Forum first before visiting any other sites.

 

I have not bothered with using a different browser as the Mini Forum is the only site, of approximate 100 site visited, that this problem occurs. If other sites do not pick it up they either think the issue is not a threat, or worse they are not picking it up. 

 

This is what was contained in the message today. Where there is an * it should be an e. I did not want to post the full web address in case it caused further problems.

 

Microsoft Security Essentials blocked content on this website

utovrm*v*r*ttville.maynetronics.com

Hosted by: www.theminiforum.co.uk

Go to my home page instead

Microsoft Security Essentials blocked this site because it might contain

threats to your PC or your privacy.



#17 WPD

WPD

    Stage One Kit Fitted

  • Noobies
  • PipPipPip
  • 85 posts
  • Location: Hampshire

Posted 07 May 2016 - 11:29 AM

It could be adverts on the site, can't remember if regular members get ads or not.
Also Microsoft stopped updating security essentials virus definitions a while ago otherwise I'd still be using it. Try avira or avast as an anti virus. Keep in mind that malwarebytes does not do real time protection unless premium is purchased and it only deals with malware if I remember correctly.

#18 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 08 May 2016 - 12:46 PM

Another update. I have complete an sfc scan on my machine to correct any file errors, this has speed up my web browsing a bit and fix some other non internet related problems, but unfortunately the error message still popped up when opening the first thread. Todays message was:

 

Microsoft Security Essentials blocked content on this website

rallong*ant.christmasleds*tc.com

Hosted by: www.theminiforum.co.uk

Go to my home page instead

Microsoft Security Essentials blocked this site because it might contain

threats to your PC or your privacy.

 

I have replaced all e's with *'s.

 

I guess from the non-reply from any admin that they do not see this as a problem, or that they can not be bothered to try and fix it.



#19 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 08 May 2016 - 07:32 PM

Its actually been reported and discussed in the tmf staff reports. I will ask admins to check into it since you had some urls we can look for in the history and forum.

#20 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 10 May 2016 - 08:56 PM

Word from the IT Guru admin

 

Theres nothing server side effecting the forum, the urls given cannot be located in any files or folders within the server, and no other reports of users been effected. Also tried to replicate the issue in several versions of each browser and nothing.

 

Would appear that you may be infected or your antivirus/malware systems are blocking the forum due to something on your machine/your end.



#21 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 10 May 2016 - 08:59 PM

 

Microsoft Security Essentials blocked content on this website

rallong*ant.christmasleds*tc.com

Hosted by: www.theminiforum.co.uk

Go to my home page instead

Microsoft Security Essentials blocked this site because it might contain

threats to your PC or your privacy.

 

 

It would suggest from the Security essentials message above that somehow your security essentials as linked that URL with the forum. It may have been a previous malware which injected code into your browser (may now be removed). Not knowing security essentials in depth, you may be able to remove this association and stop the message appearing.



#22 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 11 May 2016 - 10:32 PM

 

What is the problem with the Mini Forum.

 

Every time I log on and open a page I get a message like this,

 

 

I've randomly been getting the same messages (always with a different web address) on both hear and eBay.

 

 

 

 

, and no other reports of users been effected.

 

I'm not the only one.

 

By the way no message today.

 

I did get one the last time I logged on and opened a thread though. I didn't bother making a note of the web address as it changes every time.

 

This is still the only site that this happens so I am still of the opinion that it is the site that has the problem. I have done everything possible to clear search histories, caches and cookies. I have done multiple scans for virus' and malware. I have also carried out various registry scans, file scans and clean ups, but still the problem persists.



#23 Deathrow

Deathrow

    Have you tried turning it off and on again?

  • TMF IT Specialist
  • PipPipPipPipPipPipPipPipPipPip
  • 5,734 posts
  • Name: Adam
  • Location: Manchester, UK

Posted 12 May 2016 - 08:39 AM

The next time you encounter a thread that causes you to receive this message from Microsoft Security Essentials, please copy the address as well as noting the steps you took to get there.

 

All I can do is investigate, but if I can't recreate it it suggests it's a client side issue.

Karl is also experiencing the same thing from eBay, so you can't isolate TMF.



#24 1984mini25

1984mini25

    Crazy About Mini's

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 8,781 posts
  • Location: -

Posted 12 May 2016 - 09:53 AM


Karl is also experiencing the same thing from eBay, so you can't isolate TMF.

 

All I've done it turn the popup blocker to high (bit annoying having open links in a new tab rather than clicking on them) and I haven't had one of these security messages for at least the last two weeks. And all my security scans have come back clear. Google on the other had has been a right pain in the arse with the stupid catch things popping up every 5 or so pages.



#25 1984mini25

1984mini25

    Crazy About Mini's

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 8,781 posts
  • Location: -

Posted 12 May 2016 - 10:04 AM

Spoke too soon. As soon as I finished posting the above I went to my profile, my content and opened up the topic "So How Bad Is It..." when this popped up.

 

26694033520_4d1a1fc701_c.jpg


Edited by 1984mini25, 12 May 2016 - 10:04 AM.


#26 WPD

WPD

    Stage One Kit Fitted

  • Noobies
  • PipPipPip
  • 85 posts
  • Location: Hampshire

Posted 12 May 2016 - 01:08 PM

 


 

I'm not the only one.

 

By the way no message today.

 

I did get one the last time I logged on and opened a thread though. I didn't bother making a note of the web address as it changes every time.

 

This is still the only site that this happens so I am still of the opinion that it is the site that has the problem. I have done everything possible to clear search histories, caches and cookies. I have done multiple scans for virus' and malware. I have also carried out various registry scans, file scans and clean ups, but still the problem persists.

 

 

 

Spoke too soon. As soon as I finished posting the above I went to my profile, my content and opened up the topic "So How Bad Is It..." when this popped up.

 

 

 

Try running

superantispyware http://www.superanti....com/index.html

spybot search & destroy https://www.safer-networking.org/

if that doesn't fix the problem try TDSSKiller http://usa.kaspersky...oads/TDSSKiller


Edited by WPD, 12 May 2016 - 01:09 PM.


#27 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 12 May 2016 - 11:45 PM

Also Microsoft stopped updating security essentials virus definitions a while ago otherwise I'd still be using it.

 

Incorrect. The latest update was made available on the 12th May, detail below

 

 

Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.219.1608.0)

Installation date: ‎12/‎05/‎2016 23:09

Installation status: Successful

Update type: Optional

Install this update to revise the definition files that are used to detect viruses, spyware, and other potentially unwanted software. Once you have installed this item, it cannot be removed.

More information:
http://go.microsoft..../?LinkID=154739

Help and Support:
http://go.microsoft..../?LinkID=154739

 

 

The next time you encounter a thread that causes you to receive this message from Microsoft Security Essentials, please copy the address as well as noting the steps you took to get there.

 

All I can do is investigate, but if I can't recreate it it suggests it's a client side issue.

Karl is also experiencing the same thing from eBay, so you can't isolate TMF.

 

 

The messages pop up on the first thread that I open. One popped up when I opened this thread, this was the first thread I opened. I do not get the messages when I log on or browse the forum index, only when I go to open a thread does a message pop. If I back up then re-open the thread the message does not re-appear.

 

Since yesterday I have carried out anther scan for viruses and another for malware, nothing was found. When ever I complete a scan I always delete any items that have been put into quarantined items.

 

Since opening this thread I have found 3 items that have appeared in the quarantined items in my Microsoft Security Essentials, here is a copy of the text

 

 

o All detected items

Items that were detected on your PC.

Detected item Alert level Date Action taken

Exploit:JS/Axpergle Severe 13/05/2016 00:14 Quarantined

Exploit:HTML/Axpergle.O Severe 13/05/2016 00:14 Quarantined

Exploit:JS/Axpergle.BO Severe 13/05/2016 00:14 Quarantined

Category: Exploit

Description: This program is dangerous and exploits the computer on which it is run.

Recommended action: Remove this software immediately.

 

 

Please note all three of these items were link to page two of this thread.

 

Also note that I have been on the internet for the best part of 12 hours today and visited 38 web sites and probably in excess of 500 web pages. No other site has caused items to be placed into quarantine, only the Mini Forum. 



#28 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 14 May 2016 - 06:38 PM

http://www.google.co...g9tYLVjv04c8tig

Microsoft state its a malware program which has infected your software (browser, silverlight etc).

It may only be exploiting your browser or other software as a coincidence at the time of visiting the forum.

#29 surfblue63

surfblue63

    TMF fantasy F1 winner 2012

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,539 posts
  • Location: North East
  • Local Club: MCR Newcastle & Durham

Posted 15 May 2016 - 02:48 AM

Microsoft state that it come from a malicious or hacked web site

 

https://www.microsof...ame=JS/Axpergle

 

 

 

https://www.microsof.../infection.aspx

 

 

Spam emails

Malware authors often use tricks to try to convince you to download malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a tax refund, or an invoice for a ticket. It might say you have to open the attachment to get the items delivered to you, or to get money.

If you do open the attachment, you’ll end up installing malware on your PC.

Sometimes a malicious email will be easy to spot – it could have bad spelling and grammar, or come from an email address you’ve never seen before. However, these emails can also look like they come from a legitimate business or someone you know. Some malware can hack email accounts and use them to send malicious spam to any contacts they find.

To prevent your PC from being infected it’s a good idea to consider the following:

  • If you aren’t sure who sent you the email - or something doesn’t look quite right - don’t open it

  • If an email says you have to update your details, don’t click on the link in the email

  • Don’t open an attachment to an email that you weren’t expecting, or that was sent by someone you don’t know.

You can read more about how to avoid these types of threats at the links below:

  • Infected removable drives

    Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC. Some worms can also spread by infecting PCs connected to the same network.

    There are several things you can do to avoid this type of infection:

  • Bundled with other software

    Some malware can be installed at the same time as other programs that you download. This includes software from third-party websites or files shared through peer-to-peer networks.

    Some programs will also install other applications that we detect as potentially unwanted software. This can include toolbars or programs that show you extra ads as you browse the web. Usually you can opt-out and not install these extra applications by unticking a box during the installation.

    We have also found programs used to generate software keys (keygens) often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed.

    You can avoid installing malware or potentially unwanted software this way by:

    • Always downloading software from the official vendor’s website

    • Making sure you read exactly what you are installing – don’t just click OK

  • Hacked or compromised webpages

    Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC.

    When you go to a website, it can try to use those vulnerabilities to infect your PC with malware. The website might be malicious or it could be a legitimate website that has been compromised or hacked.

    Vulnerabilities are fixed by the company that made the software. They are sent as updates that you need to install to be protected. This is why it’s extremely important to keep all your software up-to-date, and remove software you don’t use.

    If your software isn’t up to date you could also get repeated alerts about the same threat.

  • Other malware

 

 

 

Again on the first thread I opened I got one of these messages, checked my Microsoft Security Essential and the same three object appeared in the Quarantine folder, all hosted by the Mini Forum. For fear of repeating myself, The Mini Forum is the only site which causes these objects to appear in my quarantined items, thus they are coming from the site.

 

Also since my last visit I have updated to the latest versions of Java and Adobe Flash Player. I have also carried out a further Malewarebytes scan, which found nothing. Whilst writing this response I have carried out a scan using the Microsoft Safety Scanner, version 1.0.3001.0, and guess what, it did not find anything.


Edited by surfblue63, 15 May 2016 - 02:52 AM.


#30 Jordie

Jordie

    Traders Area Specialist Mod, North and Scotland Area Manager

  • TMF+ Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 13,564 posts
  • Name: Jordan
  • Location: North East

Posted 15 May 2016 - 07:39 AM

If it was website related we would have hundreds of users complaining of this. We have done server side checks and nothing showing the forum is causing issue.

To my knowledge you are the only one effected as 1984mini25 is also getting the messages on other sites.

Are you able to use a completely different pc or laptop to try? See if you get the messages on that pc/laptop?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users