The Clubhouse If it doesn't fit in any other category and is about general RC stuff then post it here at the Clubhouse.

Virus Warning

Reply
Old 02-08-2014, 01:30 PM
  #1
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default Virus Warning

Today I just received a virus warning on the opening page of RCU from google chrome. Any one else? I blocks it from loading and warns that a virus/malware is inserted in the page. It warns it may compromise my personal info. I have not changed any security settings and have been using google chrome for quite some time.

Dennis
Propworn is offline  
Reply With Quote
Old 02-08-2014, 01:48 PM
  #2
RCKen
RCU Forum Manager/Admin
 
RCKen's Avatar
 
Join Date: Jul 2002
Location: Lawton, OK
Posts: 26,772
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

More than likely this isn't coming from RCU. More than likely it's coming from a third party that's loading in one of the advertising panes in your browser that you may have navigated through before you went to RCU. To be absolutely sure it's RCU you are getting it from you need to completely reboot your system and then go directly to RCU without going to any other websites and see if you get the same warnings.

I also use Chrome and I'm not getting any any warnings or indications that anything is going on with RCU. Since I work in the IT field for my real world job I have all my systems set to scan constantly because I can't afford to get a virus or spread it to my clients systems, so if there were a coming through the RCU systems I would have gotten a warning by now. However, I will pass your concerns on to our programming staff just in case.

Ken
RCKen is offline  
Reply With Quote
Old 02-08-2014, 02:19 PM
  #3
collector1231
Moderator
 
collector1231's Avatar
 
Join Date: May 2010
Location: A place in a place.
Posts: 4,095
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Novak (apparently) has "malware" on their ads. Probably a false positive.
collector1231 is offline  
Reply With Quote
Old 02-08-2014, 05:13 PM
  #4
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Quote:
Originally Posted by RCKen View Post
More than likely this isn't coming from RCU. More than likely it's coming from a third party that's loading in one of the advertising panes in your browser that you may have navigated through before you went to RCU. To be absolutely sure it's RCU you are getting it from you need to completely reboot your system and then go directly to RCU without going to any other websites and see if you get the same warnings.

I also use Chrome and I'm not getting any any warnings or indications that anything is going on with RCU. Since I work in the IT field for my real world job I have all my systems set to scan constantly because I can't afford to get a virus or spread it to my clients systems, so if there were a coming through the RCU systems I would have gotten a warning by now. However, I will pass your concerns on to our programming staff just in case.

Ken
Just did as you said cleared everything including cache, history etc., rebooted the pc and the only thing I signed on to was RCU and this is the message that came up.

Google Chrome has blocked access to this page on www.rcuniverse.com.
Content from www.rcuvideos.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss and permanent file deletion.

I work at Fords and using internet explorer at work these last few days the page refuses to load gives a warning corporate access denied due to security settings. But if I click the link in my email and bypass the first page it loads and I can log on. I think I will try that on my home pc and see what happens.

Just as an update I cleared everything again rebooted the computer opened an email then clicked on the link that took me to this thread and I was able to log on no problem. Just now with this page open and no warning I opened a new tab and opened the RCU home page and the warning came up again. It would appear the problem is when I open the home page.

Dennis

Last edited by Propworn; 02-08-2014 at 05:25 PM.
Propworn is offline  
Reply With Quote
Old 02-08-2014, 06:05 PM
  #5
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

One last thing I tried was to completely reboot again. Use the link in my email to go directly to the thread bypassing the home page. Log on. Everything was ok no warning. At the top left I clicked on the home button and sure enough the warning came up again.

Dennis
Propworn is offline  
Reply With Quote
Old 02-08-2014, 06:17 PM
  #6
RCKen
RCU Forum Manager/Admin
 
RCKen's Avatar
 
Join Date: Jul 2002
Location: Lawton, OK
Posts: 26,772
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Dennis,
I don't doubt you are having issues. But so far nobody else had reported any problems and I have been unable to duplicate the problems you are reporting. I've sent a message to our tech staff so that they can take a look at the issue, but I'm pretty sure it's not RCU and more than likely a third party that's causing the problem.

Ken
RCKen is offline  
Reply With Quote
Old 02-09-2014, 05:31 AM
  #7
OldRookie
 
Join Date: Dec 2001
Location: Prior Lake, MN
Posts: 1,380
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Sounds like a virus/malware is already in your computer, and causing the problem.

Greg
OldRookie is offline  
Reply With Quote
Old 02-09-2014, 07:50 AM
  #8
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Quote:
Originally Posted by OldRookie View Post
Sounds like a virus/malware is already in your computer, and causing the problem.

Greg
Don't think so it scans clean and its kept up to date. The home page is the only page this warning comes up at.
Propworn is offline  
Reply With Quote
Old 02-09-2014, 09:20 AM
  #9
Mike06659
 
Mike06659's Avatar
 
Join Date: Jun 2006
Location: Mercersburg, PA
Posts: 758
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Download Malwarebytes and let it do a full scan. Should catch a few things.
Mike
Mike06659 is offline  
Reply With Quote
Old 02-09-2014, 02:29 PM
  #10
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Quote:
Originally Posted by Mike06659 View Post
Download Malwarebytes and let it do a full scan. Should catch a few things.
Mike
Thanks for the suggestion but scanning my pc was the first thing I did before mentioning the possibility of a virus. It only makes sense to check yours first before getting anyone else wondering doesn't it? Like I said there is something on that home page my pc just doesn't like. If I use the link in my email notification and open the topic direct there is no warning even when navigating about the site as long as I don't open that home page. I even reduced the security settings in the browser on the off chance it might be that but as I suspected it made no difference.

Dennis
Propworn is offline  
Reply With Quote
Old 02-09-2014, 02:59 PM
  #11
VF84sluggo
 
VF84sluggo's Avatar
 
Join Date: Nov 2007
Location: Gulf Breeze, FL
Posts: 2,367
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

I'm getting the malware warning, too, when using Chrome.
VF84sluggo is offline  
Reply With Quote
Old 02-09-2014, 03:14 PM
  #12
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Quote:
Originally Posted by VF84sluggo View Post
I'm getting the malware warning, too, when using Chrome.
Try bypassing the home page by clicking on the direct link to this thread in your email then sign on see if you get the warning.

Dennis
Propworn is offline  
Reply With Quote
Old 02-09-2014, 03:27 PM
  #13
VF84sluggo
 
VF84sluggo's Avatar
 
Join Date: Nov 2007
Location: Gulf Breeze, FL
Posts: 2,367
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Ok, Chrome will open the email link to this thread with no warnings. However, if I click on the RCU globe icon at the upper left corner of this page, Chrome blocks the main/home RCU page and gives the red malware warning info.

So, something on the RCU home page is now causing Chrome to flag the page as containing malware.
VF84sluggo is offline  
Reply With Quote
Old 02-09-2014, 03:43 PM
  #14
VF84sluggo
 
VF84sluggo's Avatar
 
Join Date: Nov 2007
Location: Gulf Breeze, FL
Posts: 2,367
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Looks like it might have something to do with RCU videos. This is from clicking "Advanced" on the Chrome malware warning:

++++++++++++++++++++++++++++++++++++++++++++++++++ +

Safe Browsing


Diagnostic page for rcuvideos.com


What is the current listing status for rcuvideos.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 7 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-02-08, and the last time suspicious content was found on this site was on 2014-02-08.Malicious software includes 8 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including ads.magnify.net/, fashions4u.co.uk/, ondapoas.endofinternet.net/.
3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ads.magnify.net/, ondapoas.endofinternet.net/, namqc.servebbs.com/.
This site was hosted on 1 network(s) including AS36483 (GOSSAMERTHREADS).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, rcuvideos.com appeared to function as an intermediary for the infection of 4 site(s) including wattflyer.com/, bruchpiloten.info/, rcuniverse.com/.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
VF84sluggo is offline  
Reply With Quote
Old 02-09-2014, 04:55 PM
  #15
RCKen
RCU Forum Manager/Admin
 
RCKen's Avatar
 
Join Date: Jul 2002
Location: Lawton, OK
Posts: 26,772
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Ok guys, thanks for the additional info. I was able to reproduce the results and have passed this on to our tech staff. They should be looking at this first thing in the morning and hopefully they will be able to clear it up fairly quickly.

Ken
RCKen is offline  
Reply With Quote
Old 02-09-2014, 05:14 PM
  #16
Johnny_Zero
 
Join Date: Oct 2005
Location: Golden, CO
Posts: 695
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Stop blaming Chrome....What antivirus software are you running? I have tried RCU with Chrome on Linux, Mac, Windows...and no problems.
Johnny_Zero is offline  
Reply With Quote
Old 02-09-2014, 06:12 PM
  #17
VF84sluggo
 
VF84sluggo's Avatar
 
Join Date: Nov 2007
Location: Gulf Breeze, FL
Posts: 2,367
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

It's got nothing to do with "blaming Chrome." I can log on with no problems with Internet Explorer (other than the slow speed that is an IE trademark)...on the same computer, with the same anti-virus software (Norton), so it seemed logical that something in Chrome was not liking what it was seeing on the RCU homepage.

But Johnny, I freely admit that I am by no means at all a computer guru. So, if this malware warning has nothing to do at all with Chrome, why did Chrome have all that stuff that I posted, and reiterated below? I didn't just make this up. Can you explain why the Chrome malware warning would have this "Safe Browsing" info if it has nothing to do with Chrome? BTW, I am not implying that this is a bad thing. Far from it. It looks to me that Chrome is trying to look out for the user, and protect the user from harmful stuff...a good thing...and something on RCU has triggered the malware protections in Chrome.

Safe Browsing

Diagnostic page for rcuvideos.com


What is the current listing status for rcuvideos.com?Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?Of the 7 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-02-08, and the last time suspicious content was found on this site was on 2014-02-08.Malicious software includes 8 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine.
Malicious software is hosted on 5 domain(s), including ads.magnify.net/, fashions4u.co.uk/, ondapoas.endofinternet.net/.
3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ads.magnify.net/, ondapoas.endofinternet.net/, namqc.servebbs.com/.
This site was hosted on 1 network(s) including AS36483 (GOSSAMERTHREADS).

Has this site acted as an intermediary resulting in further distribution of malware?Over the past 90 days, rcuvideos.com appeared to function as an intermediary for the infection of 4 site(s) including wattflyer.com/, bruchpiloten.info/, rcuniverse.com/.
Has this site hosted malware?No, this site has not hosted malicious software over the past 90 days.
How did this happen?In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:


Last edited by VF84sluggo; 02-10-2014 at 04:22 AM.
VF84sluggo is offline  
Reply With Quote
Old 02-09-2014, 06:27 PM
  #18
Johnny_Zero
 
Join Date: Oct 2005
Location: Golden, CO
Posts: 695
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

You already have all the answers.
Johnny_Zero is offline  
Reply With Quote
Old 02-09-2014, 07:40 PM
  #19
RCKen
RCU Forum Manager/Admin
 
RCKen's Avatar
 
Join Date: Jul 2002
Location: Lawton, OK
Posts: 26,772
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Ok, we know where they are coming from and are working on clamping down on it.

Ken
RCKen is offline  
Reply With Quote
Old 02-09-2014, 07:55 PM
  #20
lopflyers
 
lopflyers's Avatar
 
Join Date: Jun 2010
Location: Orlando, FL
Posts: 1,520
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

I don't get any warnings on my iPad but this is the first time (11pm) all day that let's me in
lopflyers is offline  
Reply With Quote
Old 02-10-2014, 03:12 AM
  #21
Captain Terrific
 
Join Date: Jun 2010
Location: Chesapeake, VA
Posts: 138
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Ken,

Let us know what you find, thanks,

Dave
Captain Terrific is offline  
Reply With Quote
Old 02-11-2014, 06:24 AM
  #22
Propworn
Thread Starter
 
Propworn's Avatar
 
Join Date: Jul 2002
Location: Canada
Posts: 1,379
Gallery
My Gallery
Models
My Models
Ratings
My Feedback
Default

Great reaction on Ken and the staffs part thanks.

Dennis
Propworn is offline  
Reply With Quote
Reply


Thread Tools
Search this Thread
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 01:25 PM.