I thought I would post this here, as well in the Jett support forum....... since we have a great number of Jett engine owners that frequent this forum.


If in the past week you visited the Jettengineering.com web site, and in some way were affected by a trojan/virus/redirection type of VERY ANNOYING software..... I offer my apologies.

This predetory fecal matter was in no way intentional by myself (webmaster) or by Jett.

The web site server and host was hacked into last week, and we did not notice the problem until this past weekend when some 'hate email' started streaming in.

In most cases current virus protection and spyware protectors were able to stop it. In some cases, it made its way on through and messed up a few systems.

I spent most of the day today (June 6th, 2005) cleaning off the web site, and restoring the web site from a backup. It is currently clean, and the predatory crap is gone.

I have taken the precautions I can on my end to avoid a repeat problem.

Apparently a lot of sites have been hit lately. I guess it was just our turn.

I apprecaite your understanding.

Bob Brassell

Bob....it wasn't the W32.Wallz virus, by chance ? I got hit with it. []

Dave.

Im not 100% sure what it was. It came in as Generic.Dropper.b and Qhost.apd and some associate files. I had that and Alisa stuck on my machine here at work. AdAware got rid of some of it, took some registry edit to clear up some too.

It re-set my IE homepage to yoursearch.ws and also displayed the following "windows warning" message at the bottom of the screen (Which takes you to an anti-spyware sales site). Clearly, not windows generated.

Worst part, is even after it was cleaned, the registry entry kept re-loading it each time on start-up.

Anyone out there who can identity what this garbage was, Id be pleased to know and understand more about it.

Bob

No, Bob....it was a different bug. It keeps re-registering too. I found
out MSN has some "Blue Tooth" spyware in it, that you can't get rid of.

I wasn't implying that I got it from Jett....I didn't even go to Jett. I too
employed the Microsoft spyware this time.

See that "MSN Service....amsnmsgrs.exe" ? According to the man at
Microsoft, that ain't supposed to be there in my Microsoft Windows run
files. I can delete it, then Norton will say it blocked an intrusion attempt,
but go back to the run files....and there it is again. []

I tried to dump MSN, I don't know if it's really gone or not. MSN, like AOL
tries to take over your whole life. [X(]

Dave.

Hi Bob,

No problem at all! I knew there was some virus issues on Dub site as every time I go there, I get many of them in my system. Fortunately, my virus protection captured all of them and deleted it. I thought about sending an email to let you know, but I figure, since you are the web master, you probably already knew.

I'm glad it's all cleaned up now.

The site has not had any know problems in the past. My server has run pretty clean. The firewall has done a good job keeping folks out. This event started on May 28th from what I can tell. A handful of files were altered on the site, most notibly the home page.

My research today seems to indicate it may have been due to a HUGE security hole in a PHP bulletin board program I had loaded ages ago in 2001. Has not been utilized, and was loaded just for a test. But apparently there was a big problem, recently discovered, which allowed folks access through the BBS into some very critical host/server files and functions.

http://www.phpbb.com/phpBB/viewtopic...1dd1ec6ce6b919

May I offer some helping advice. To begin I have had to reload my windows ME 3 times and lost my wonderful windows XP due to these annoying viruses.

But after going through such a tedious ordeal I learned an incredible amount of information on how to fix these things.

Looking at what you guys have shown , this type of virus is an automatic web search service . the only way it gets on your computer is from a screen that tells you to push yes to continue. Well DON'T push yes hit ESC key instead or F4 I believe to close the window.

The best way to fix or get rid of these files is to start your computer in SAFE MODE. If you don't know how ask. Then go to your registry (startup) and un-check all of the files you see with IE. SYSTEM32 in the file name. Also look for anything that has the word search, help, or spool in it and un-check it under the system config /start up tab.

Then restart your computer in normal mode and see if you have the same problems if yes go back and look for more stuff in the start up that shouldn't be there. Safe mode only loads the files needed to run the computer so your screen may look weird but your computer will run as usual.

I know this works because I use to have to close hundreds of MSN windows when surfing and now NONE of these windows open by themselves when I am surfing or idling while on-line using AOL.

Good Luck

I have just visited the Jett site and the issue appears to still be there...

On at least this page... www.jettengineering.com/ engines/bse30.html

The Trojans still exist... Norton got them all...

I did not go further into the site and I entered originally vie a Google picture search...

Read this straight after by coincidence.

Matt

Thanks...... good catch......

What a friggin mess......

Every single html and php file was corrupted. All have now been restored. Annoying!

If you have a virus or Trojans that are replicating after your system seems to have been cleaned ( on Win XP ) ..go to properties of your computer and turn OFF system restore ... run your anti virus program ...reboot and run one more time and leave the restore off.

the little buggers hide in there and will restore after each boot... By turning off the restore windows will delete ALL restore points ...at a later date when you turn on it will rebuild a clean point ....hope this helps