Sat, Nov 30, 3:42 AM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 30 3:10 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Site Hacked again?Virus warning?


originalkitten ( ) posted Wed, 27 August 2008 at 3:05 PM · edited Sat, 30 November 2024 at 3:42 AM

Ok I'm receving this virus warning

Scan type:  Auto-Protect Scan
Event:  Threat Found!
Threat: Trojan.Virantix.C
File:  C:Documents and SettingsLouiseLocal SettingsTemporary Internet FilesContent.IE5WU11IO0Hinstall[1]
Location:  C:Documents and SettingsLouiseLocal SettingsTemporary Internet FilesContent.IE5WU11IO0H
Computer:  LOUISE-977B67DC
User:  Louise
Action taken:  Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: 27 August 2008  21:02:51

when I sign onto renderosity. I got in the gallerys and just now in the forums. The same trojan. It happened on IE not Firefox so far.

"I didn't lose my mind, it was mine to give away"


originalkitten ( ) posted Wed, 27 August 2008 at 3:08 PM

Meant to say... it asked me to download something which i declilned. But only in the gallerys. THis is the info from symantec below

http://www.symantec.com/security_response/writeup.jsp?docid=2008-050916-1055-99

"I didn't lose my mind, it was mine to give away"


BAR-CODE ( ) posted Wed, 27 August 2008 at 3:09 PM

The Same on RDNA and Here !!!

Its NOT FAKE !

 

IF YOU WANT TO CONTACT BAR-CODE SENT A  PM to 26FAHRENHEIT  "same person"

Chris

 


My Free Stuff



Amaranth ( ) posted Wed, 27 August 2008 at 3:09 PM
Online Now!

yup my virus scanner is going crazy too, this is very annoying because it closes my browser each time.



Amaranth3D


pjz99 ( ) posted Wed, 27 August 2008 at 3:09 PM

Yep it's back again.

DO NOT ALLOW THIS INSTALLER TO RUN, IT'S A HIJACK!

My Freebies


originalkitten ( ) posted Wed, 27 August 2008 at 3:10 PM

oh i know....what it means is...the thing it gives you to download gives you fake allerts and will get you to download other stuff in attempt to infect your machine.....

"I didn't lose my mind, it was mine to give away"


StaceyG ( ) posted Wed, 27 August 2008 at 3:17 PM

We are aware, the programmers are on it and it will be resolved very quickly


Bossie_Boots ( ) posted Wed, 27 August 2008 at 3:18 PM

And mine is it a virus!!!!!


originalkitten ( ) posted Wed, 27 August 2008 at 3:18 PM

btw

my son spotted as the trojan was trying to load....it gives this website golnanosat.com at the bottom where the website shows loading on the bottom of the webpage.

That's done by memory so it maybe a letter out here or there....but if the techs watch the screen loading that's the information it gives. Dnno if it's any use.

"I didn't lose my mind, it was mine to give away"


Kendra ( ) posted Wed, 27 August 2008 at 3:22 PM

I've been on Renderosity a lot in the last few days and had 3 virus issues that norton resolved.  And just now in the marketplace I got the pop up. 

...... Kendra


AranelStyles ( ) posted Wed, 27 August 2008 at 3:29 PM · edited Wed, 27 August 2008 at 3:30 PM

I get a message Trojans :trojan-Clicker.js.agent.h
initially on most pages, the search of the messages I do not
 


greetings Bianca


StaceyG ( ) posted Wed, 27 August 2008 at 3:37 PM

Just an FYI the member homepages will be offline for a bit as the programmers are working on this.


BAR-CODE ( ) posted Wed, 27 August 2008 at 3:50 PM

Just FYI ... the FREE AVG does NOT  !! always block or Remove the infected file.. so clean your temp Inet files  and be sure to check out the AVG reports to see what was done to infected file

If it does not say Deleted or moved to Vault ..it might say Infected..
That file is still infected AND on your HD...so YOU must remove it ASAP..

Chris

 

IF YOU WANT TO CONTACT BAR-CODE SENT A  PM to 26FAHRENHEIT  "same person"

Chris

 


My Free Stuff



Turtle ( ) posted Wed, 27 August 2008 at 4:00 PM

I just got a warning in the Poser forum that my Mc Fee blocked a virus.

Love is Grandchildren.


rebelmommy ( ) posted Wed, 27 August 2008 at 4:12 PM

Is the file locker system down too?  Because I get a parse error when trying to laod it :(  Just a heads up..

Renderosity's "problem Child"
Support Hydrocephalus research.. because a Shunt is NOT a cure!


KarenJ ( ) posted Wed, 27 August 2008 at 4:31 PM

Yes, the file lockers will be down while this is resolved.


"you are terrifying
and strange and beautiful
something not everyone knows how to love." - Warsan Shire


rebelmommy ( ) posted Wed, 27 August 2008 at 4:55 PM

Well good news then!!  The file locker is back uup which hopefully means your fixed :)  Thanks Karen!

Renderosity's "problem Child"
Support Hydrocephalus research.. because a Shunt is NOT a cure!


MyCat ( ) posted Wed, 27 August 2008 at 10:19 PM

You also might consider an official description of what happened and what you did to counter it.

I am not buying anything more from Renderosity until I feel safe.


originalkitten ( ) posted Wed, 27 August 2008 at 10:23 PM

Btw......heads up to everyone. Even thought my anti virus (NOrtons) caught it the pop ups.... I have so far during a scan 6 variations of Trojan.ByteVerify on my computer.

It's still scanning. I had to scan because my webpages kept refreshing and kept going backwards and forwards as I was trying to type...and this was on firefox.

I'm not very happy as I'm not very well atm and don't need the added stress of this.

I mean you expect this off a "bad site."... like a porn or crack site....but not here. (fyi i dont visit the bad sites......just saying....)

"I didn't lose my mind, it was mine to give away"


ThunderStone ( ) posted Thu, 28 August 2008 at 5:23 AM · edited Thu, 28 August 2008 at 5:24 AM

Shouldn't Renderosity contact the FBI, since the server is on US soil?  I did some checking on the URL that seems to be the origin of the problem (golnanosat.com) and it seems to be its own server/host.  Perhaps with this info, you could give the FBI the needed  information to stop these attack.


===========================================================

OS: Windows 11 64-bit
Poser: Poser 11.3 ...... Units: inches or meters depends on mood
Bryce: Bryce Pro 7.1.074
Image Editing: Corel Paintshop Pro
Renderer: Superfly, Firefly

9/11/2001: Never forget...

Smiles are contagious... Pass it on!

Today is the tomorrow you worried about yesterday

 


Bossie_Boots ( ) posted Thu, 28 August 2008 at 11:57 AM

Oh blimey my computer is playing up i better scan jees dont need this either !!!


JeniferC ( ) posted Thu, 28 August 2008 at 1:37 PM

Hi Everyone!

 

I want to give you all the information you need to ensure your browsing protection at Renderosity and at other websites.

 

Renderosity experienced an unauthorized file injection incident last night and one a week ago. Our technical staff cleaned off the effected areas of the site in less than an hour both times. Since then the programmers and network system administrators have been busy trying to make sure it doesn’t happen again and tracking down the perpetrator in hopes of some legal recourse.

 

We obtained at lot more valuable information this time, and we have put more safeguards in place. One of those safeguards is to block those with malicious intent, and another is a new version of our Bondware software. This new version of Bondware helps detect and prevent the file injection type of attacks. The detection message gives the warning message:

 

"Bondware Guard: Suspicious input detected and logged. Aborting ... "

 

However, it is highly possible that we have filtered out some of the Bondware software’s legitimate scripts in our enthusiasm. Please keep in mind that if you see this message, it may not really be suspicious activity. We ask that you please report this to admin@renderosity.com if you see it so we can fix the legitimate site functions. We hope you can appreciate this precautionary measure we are taking for your safety.

 

Please also note that our Bondware software does not store any credit card information, and we go above the PCI card protection requirements. We have always taken this security in order to increase the protection of your personal info.

 

As always, we strongly recommend everyone to always use anti-virus software and reject any and all unsolicited download prompts when visiting ANY website because this type of Trojan is attacking several other large, popular sites.

 

Thank you for understanding.

Jenifer

 


delbeke ( ) posted Thu, 28 August 2008 at 2:50 PM

I have a Mac and there are no Microsoft applications on my computer and didn't have any trouble or warnings. The interesting thing is also yesterday I was using my husband's computer, he has a PC and has all microsoft applications, to download some big files on Rendo and didn't get any warnings from his virus detector or had any trouble on the site. So my question is, why is it attacking some computers and not others. Could it be that it's an application that attracts the virus and not just PC with Microsoft? I know this may sound stupid and I know nothing about computers and I was just wondering why some were effected and like me, didn't have a problem either time.


Bossie_Boots ( ) posted Thu, 28 August 2008 at 4:16 PM

Well it was a good job i checked as i had four but im rid of them now and computer is clean with no apparent damage so all is good just for info this is what i cleaned off hugs lou x

Infected: Trojan-Downloader.Java.OpenStream.ac 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan-Downloader.Java.OpenConnection.ao 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan.Java.ClassLoader.au 1     C:Documents and SettingsMEApplication DataSunJavaDeploymentcache6(2).059(2)107cd1bb-1a5183f2 Infected: Trojan-Downloader.Java.Agent.a 1  


originalkitten ( ) posted Thu, 28 August 2008 at 4:20 PM

You say to make sure that your anti virus is up to date... and do not download anything.

I got warnings that the site had a trojan & and refused any download....yet I was still infected SIX times. My anti virus was up to date as it was updated last week after the last hack.

"I didn't lose my mind, it was mine to give away"


originalkitten ( ) posted Thu, 28 August 2008 at 4:20 PM

Glad your sorted Lou xox

"I didn't lose my mind, it was mine to give away"


CandeeKis ( ) posted Thu, 28 August 2008 at 11:23 PM · edited Thu, 28 August 2008 at 11:30 PM

I never experienced any of that. Im curious - are the people that are having this happen using I.E.? I use Firefox and never got any of the problems or alerts that others were reporting. Also the ones that actually got infected, what operating systems? (XP or Vista?)


HolyDiver ( ) posted Fri, 29 August 2008 at 1:08 AM

I run firefox, and XP (SP2) and am also curious if its just an "IE" problem???



ChristineG ( ) posted Fri, 29 August 2008 at 1:39 AM

i'm curious too. i haven't seen any of this either. SS i have AVG8 and it normally freaks out  when there is a problem.

Children are Angels who's wings get smaler as their legs get longere


bevans84 ( ) posted Fri, 29 August 2008 at 6:05 AM

I have Firefox 2.0.0.9, which is probably older, and Internet Exploder 7 on Vista.
First noticed the day before yesterday on the Rendo home page. IE gave me a download warning saying it was trying to download outlook.exe from the site mentioned earlier. Not seeing any earthly reason to dowload any .exe file, I declined.
Interesting thing was that it was showing as an approved Microsoft file.

I checked in Firefox also and it gave me the "Download Active X" popup, which I also declined. So, depending on your browser security settings, I wouldn't be so sure you didn't get any bad stuff just because you use Firefox.



CandeeKis ( ) posted Fri, 29 August 2008 at 6:44 AM

Maybe it is due to the older version of Firefox that you got the warnings? I ran a thorough deep scan for both virus's and malware on my system during the night and it came back clean as a whistle. I run Vista - Firefox 3 - and Windows Live One as well as AVG on my system. So at this point I AM sure that I didn't get any bad stuff. 


ChristineG ( ) posted Fri, 29 August 2008 at 8:32 AM · edited Fri, 29 August 2008 at 8:33 AM

bevans84...
well i have to accept Active x files. also i didn’t download any Microsoft files. i run virus scanner 4 times a week. Nothing.  however i did have some problems since i got service pack 3. so i had to remove it again. And since then noooo problems SS
im not sure if those things are connected somehow or ppl just being online at the "right" time and the "right" place.
maybe i just wasn’t online at the given time and just locked in after renderosity had removed, what ever was there.

Children are Angels who's wings get smaler as their legs get longere


HolyDiver ( ) posted Fri, 29 August 2008 at 3:14 PM

Well nothing shows up here. My firefox updated to 3.0 the other day. 



FutureFantasyDesign ( ) posted Sun, 31 August 2008 at 2:02 PM

I got several page Trojans from ren the other day and darned if i didn't get some malware too! Does anyone know who is doing this to the poser site stores? Because I just ran clamwin yesterday and found 3 more on current downloads from (1) here and (2) daz.  This has made me decide not to buy until I know what is up, and how to protect my puter against it.

*sigh...

 

Ariana 

Is there water in your future or is it being shipped away to be resold to you?
Water, the ultimate weapon...

www.futurefantasydesign.com


Nosiferret ( ) posted Thu, 04 September 2008 at 11:38 AM

I got this exact message when right after surfing DAZ I went to RuntimeDNA and the web page froze while it opened the main page and then I got 3 windows that opened 2 related to that "Gol" site and the 3rd was my virus protection program telling me it had detected a trojan before it landed on my system in the Java file. It wanted me to download a file and it was telling me that my system had verified it as friendly so it was "ok" to download. Which I didn't mainly because it was unusual to have that pop up when I've been a member for years and haven't seen anything like it before and my virus checker caught it.

I seem to always get this ByteVerify!exploit trojan that my checker catches, funny thing I downloaded a trial McAfee and ran it and it did not pick up the 3 trojans in the Java file. It said my system was clean and virus/trojan free. Ran my free virus checker that I get from my DSL service and it caught the trojans again. So either McAfee's was outdated even tho I was downloaded their updated free trial version, or some scanners will catch and others will not. So now it seems we need to keep 2 different versions on our systems. Can't just trust one to do the job.

Regarding the trojan, according to the virus dictionary it is an old trojan file that dates 5-10 years ago. Saying that it will become active if I were to use a web site that used the same codes and then my system could be taken over. Could it be someone is using an old program thinking it will slip under the radar or someone is infected with this and is uploading stuff in the freebies section and are unaware that they're system is infected? 

Or do you think their goal is to get free Poser content by slipping in and downloading our bought stuff from the Members page. I say this because it seems to be directed to the 3d community. Most likely the sites are known to have business transactions and therefore they install the virus to catch card numbers. I was infected back in November with this and just recently at the date this thread started. I sent RDNA an email about it and gave them all the information I had on the exact time the virus checker caught and all the info from the pop up windows. I haven't heard from them but I haven't checked their forums either to see if anyone has mentioned anything.

Keep your checker updated but during times like these when an outbreak crops up, might be a good idea to run a second checker program JUST to be on the safe side.


FutureFantasyDesign ( ) posted Thu, 04 September 2008 at 6:00 PM

Just the idea of someone piggybacking into my purchases is a frightening thing! I have thousands of $$$ tied up in ren alone! *sigh.....

This truly is icky!

Hugs

Ariana

Is there water in your future or is it being shipped away to be resold to you?
Water, the ultimate weapon...

www.futurefantasydesign.com


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.