Virus problem on MyMpxPlayer site ?!? :?:
 

There seems to be a virus disguised as a .pdf opening when I access the Mympxplayer site. :shock:

My AVG antivirus at home is not showing any problems but when I tried to access this site from work Symantic flagged it up and quarantined as a bloodhound type with a .pdf extension. :shock:

Has anyone else noticed this? Has anyone else found that adobe reader opens up briefly each time you access this site? :?:

I will post a copy of the virus log when I can get hold of it

I don't have Adobe Reader, never will. Foxit Reader FTW.

Also, Norton is a rather poor antivirus, not to mention it's a major resource hog. I haven't experienced any problems while visiting this site, just that it's slow as always.

There must be something wrong, when I opened this website I was also offered to download/open a PDF file.

mm, not me, i am using firefox, are you lot IE??

Theres something fishy, I'm on Opera, and no Th3_uN1Qu3, I'd too wouldn't touch Norton's, I'll give Foxit a try, you're right, acrobat is a memory pig :wink:

I just happened to notice as my employer uses Norton's.

Removed Adobe, i'm on Foxit now (It's great BTW)

Now when I'm enter this site I get an offer to download/open file "pdf.pdf"
using Foxit from site "klickup.com"
.
You know, as the ancient computer saying goes "when the admin's away the spambots and virusus play". :shock:

I use FF also

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

No problem here.

Using IE6.

Opera here too, no random PDFs popping up... I'll investigate that site see what it's about.

Edit:

Looks like an advertising website... Maybe that's where all the spambots are coming from? :?

The website itself looks like this:
http://img403.imageshack.us/img403/6500/klickuphd6.png

Whatever i type in that search box will just return "no results found". Also, trying to access "http://klickup.com/pdf.pdf" results in a 404 not found. Could you tell me exactly the path that the bogus PDF file is coming from? I'd like to take a look.

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

I got it wrong, the site is called klikvp.com :oops: , it's still happening though, usually just once when I first enter the site :-

http://i203.photobucket.com/albums/a...pboard01-2.jpg

Alright, hang on while i trace it.

Edit:

I accessed the site and it is a "pay per click search engine". That is, yes, MORE ADS. But klikvp.com/pdf.pdf doesn't exist either, nor does klikvp.com/pdf_1_~1.pdf. Again, please post the full path where that PDF is coming from.

Edit: More info:
http://mtekk.weblogs.us/archives/ene...pcom-exploite/
http://www.coolsmartphone.com/news4321.html

Sounds like a spammer with bad intentions, using SQL injection. We must do something about it. Right now i'm doing more scans of the server, looking for ways to "spam the spammer".

Couldn't find the path, its seems to be coming straight from klikvp.com.

http://i203.photobucket.com/albums/a...pboard01-1.jpg

Well, that's the typical download dialog, the full path isn't shown. Strange thing is that i'm still not getting it.

One thing you could do is save it (must be Save not Open, you don't wanna open it anyway), then look at the Transfers tab. Select it with your mouse and look at the bottom, it'll display the path.

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

Got the sucker, the path is [strike:3ade9825f6]-http://klikvp.com/xxx/xxx/pdf.pdf-[/strike:3ade9825f6]
here's the contents of the .pdf just 3.17k.

I can make it popup if I reboot my router so I get a different ip address, then it "thinks" I'm another user.
(btw I reboot my router every day so maybe that's why I get it coming up more often)

I have a static IP, maybe that's why it never comes up for me.

That looks like a lame javascript exploit. Can't understand what it does really, but Foxit seems unaffected by it, it just opens a blank page and no modifications are made to the system. Tested in a virtual machine running XP SP2.

Thanks everyone for your help into looking at this.

I don't get the pop up though.
I also checked it from computers in Cambodia during my holiday and didn't see the popup to download the pdf file either.

I'm using IE 7 with Acrobat.

I'll do some searching and find out WHY it's happening....

I replaced the main index.php and portal.php files from a backup I made in October.

Can you all test the site again and see if you get the same problem about downloading the .pdf file please?

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

That seems to have fixed the problem, welcome back admin btw. :wink:
Access to the site seems a bit faster now.

Have to confirm that the site runs faster :D, don't know about the virus though since i've never gotten it.

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

Well, unfortunately the hackers got the better of MyMPxPlayer.org and managed to take down the whole server last night! :(

The server had to be rebuilt but luckily the files were also recovered as well.

The site's back up now after spending about 8-9 hours with Webair getting it sorted (and with only 2 hour sleep last night). Luckily Webair staff were awesome and rebuilt the server and got the site back up again.

I'm begging the hackers to please STOP TRYING TO HACK MyMPxPlayer.org. We are not a commerical site and this is a FREE community based site with a great bunch of members. Please don't ruin it for everyone by trying to hack the site. Please use your time for something else.

was that yesterday evening for us in the uk. be cause i went on then and all i got was a blank white page

IMHO I think the spamming, the pdf download and the hacking are all connected in some way.

Someone was trying to profit in some way from this site's success and when they got rumbled, didn't like it, hence the hack.

I think the .pdf thing was a way of measuring how many different users visit this site to see how spamworthy MyMpxplayer is. :idea:

more of a spyware then a virus then?

yep, more of a spyware, but it did seem to be causing the site to slow down and we would probably see an increase in spamming on the forum if action wasn't taken.

Anyone who has visited the "mp4users" forum recently will know how bad this can get if it gets out of hand, if fact mp4users has been completely taken over by spambots due to the admin abandoning the site.

mp4users is way out of control now, personally i never saw any of this pdf download thing

i wil never understand the mentality of some things, what is to be gained by all this, its just sad and pathetic

Money. A lot of money.

Agreed.
Saw some news article about spammers who were prosecuted by the Police for spamming and apparently they were making millions of dollars from spamming!

They just don't care who they affect though.

Hi everyone,

Is anyone experiencing any problems with the site or getting any odd looking file to download from this site?

Is the site also running any better?

Look forward to your feedback.

no problems, it's seems to be fine now.

cheers
knob

Re: Virus problem on MyMpxPlayer site ?!? :?:
 

I think the same problem is back again, I just got this .pdf thing again, only once when I first went on the site today.

http://i203.photobucket.com/albums/a...pboard01-1.jpg

Thanks knob for the update.

I checke and did find some 'dodgy' files modified again. I'm still not sure how they're getting in. I've deleted it already and going to try to restrict some file permissions to see what happens.

Please keep me updated and let me know as soon as you see it again.