RootsChat.Com
General => The Common Room => Topic started by: wayfareralone on Saturday 02 February 08 17:00 GMT (UK)
-
How many people have experienced virus infection on GR in the last few days?
I only logged on, did nothing else and security came up but the trojan was with me!
Have also seen a warning to be wary of FriendsReunited to at the moment.
-
Me too - earlier this afternoon
all I did was log on, up popped Norton -
however, it seems to have cleared it out, as it said, and I've run a clear scan since.
-
I logged on a got a virus warning - but not from my virus scanner.
I think it's a pop-up add for another virus scanner, and it "warns" you of a non-existent virus, in an attempt to make you buy it. Irritating.
meles
-
Meles - how odd
The warning I got came from Norton, and he went ahead and fixed it - doesn't need to try and persuade me to buy it - already got it! ???
-
I got nothing at all, so either its been sorted or my virus checked - AVG - checked it and dealt with it without letting me know ::)
Kerry
-
My security showed it up as definitely there and renamed it!
I have now heard of quite a few other people experiencing the same and slightly different variations.
-
How will we know, for sure, when its safe to log on again?? That is what I am wondering.
-
I got a message from my virus protection saying they had deleted a trojan from that site too. Its odd that GR would not have the same.
Jean
-
My son has AVG and says if it didn't alert you it was because it didn't have a problem, therefore it seems probable that it was those of us who logged on early that hit it and by the time later people got there GR had dealt with it
-
Lets hope they have dealt with it, think how many people must use that site who could be infected >:( >:(
-
This has been happening since Thursday >:(, i have been interupted no less than 6 times, i have emailed them along with lots more posters.........
I am not going back until i know it is safe !!!!
Jacky :)
By the way, i asked GR in my email to inform me when this has been addressed - bet they dont ???
-
:-\ I tried to log on earlier this morning from my email about hot (not) matches, same thing. I was hit with all sorts of warnings about my system running slowly, windows malware, worms and that the scanner had picked up an amount of viruses on my computer etc. before I actually was connected. ???
I thought it was some kind of marketing ploy because it did not seem to follow the same format as my usual Symantec virus protection. :-\ more like a pop up.
I shut down all the warnings that kept reappearing hopefully I haven't let anything in ::) ::) Since then I have run a full system scan with my anti virus and ad aware, nothing showed up.
When I checked the history Symantec had successfully deleted Downloader located in my local files ??? ??? so something went on ???
Ohh I do hope it wasn't in a family tree file :-\ :-\ :-\
Having not read this until now, I did revisit and all seemed ok
Crystal :D
-
Crystal - the name of the file my Norton dealt with was called Download.
Obviously something, but hopefully caught and despatched. I've also run a scan which was clear.
It seems to have been on initial log-in and very obvious, since it was picked up immediately by Norton. I wasn't told to log out of genes, or end anything - which it sometimes suggests.
-
Thanks Mum,
Yes, lets hope its nothing to worry about and caught and removed in time.
In some strange way it seems a little less worrying now I know its happened to others (not that I would want anyone to suffer it) it points to Genes Reunited rather than something I encountered on my relentless search for ancestors on all sorts of odd sites :-\
I did google Downloader and it is thought of as a low risk virus ???
Crystal :D
-
I've was about to reply to someone who says we have hot matches, and as soon as I got into GenesReunited, I got the same pop up as last time. It was a virus alert from MalWareAlert (which I don't have).
So I clicked on delete, to ignore the box, but I was taken to their site anyway. It told me it had found all sorts of dreadful things on my computer.
I closed it, checked my computer with my AVG and Zone Alarm, and all is fine.
It's deceitful and infuriating.
meles
-
Hi all,
my computer picked up a virus from GenesReunited - Download - on 16th january. It was the first time I had been to that site and will not go there again. I don't know very much about computers, so better keep it safe.
mz
-
I agree with Meles.
Same happened to me!
Kooky
-
Hi Meles,
I am pretty sure that's what I experienced and what made me doubt that it was my Anti-Virus because I don't have MalWareAlert either.
I was also redirected straight to their site, perhaps someone has sabotaged their hot match alert ??? ???
Does anyone know if it is still happening?
Crystal :D
-
So I clicked on delete, to ignore the box, but I was taken to their site anyway. It told me it had found all sorts of dreadful things on my computer.
I have clicked on those sort of boxes to close them in the past and found I have ended up on their sites so I just ignore them now. I reckon that if you touch the box anywhere it will automatically take you to the site.
I also have AVG and found that it's been very good, so long as you keep it up to date. They will warn you if something is dodgy so generally I will steer clear if I get one.
Jean
-
I've was about to reply to someone who says we have hot matches, and as soon as I got into GenesReunited, I got the same pop up as last time. It was a virus alert from MalWareAlert (which I don't have).
So I clicked on delete, to ignore the box, but I was taken to their site anyway. It told me it had found all sorts of dreadful things on my computer.
I closed it, checked my computer with my AVG and Zone Alarm, and all is fine.
It's deceitful and infuriating.
meles
Same here.
I found that if you close the browser and re-open then it doesn't happen.
I have AVG and it picks up everything, if there is someting.
Norton has a nasty habit of creating names for stuff that doesn't exist (Malware pop ups for example) and making you think that it has found a virus, when really there was nothing there.
-
I've was about to reply to someone who says we have hot matches, and as soon as I got into GenesReunited, I got the same pop up as last time. It was a virus alert from MalWareAlert (which I don't have).
I got this pop up too, telling me my PC was infected with all sort and was in a 'critical state', when I clicked the close box, I got a security warning telling me the site I was being taken to could not be verified. So I just shut the computer down, and when I re started it everything was fine.
I've been on GR since, and it was ok.
-
Strange how we've all had different experiences - mine seems to have been quite unexciting compared to some!
I wasn't told "critical state" or anything dramatic like that - just that Norton had found a problem and was fixing it.
-
i got the same as meles earlier today. i just stopped it and went back then opened gr again it worked fine from then on
perth
-
I was on GR twice in two days and got nothing - no virus alert or warning from anything. So after reading this thread, I ran a full virus check...........and came up with nothing.
Not that I'm complaining ;D ;D
Barbara
-
I've been on GR in the last week answering queries from other GRers(!) and not had any virus warnings or anything. I have ZoneAlarm and it keeps everything at bay, as far as I know, and often pops up a warning for something it doesn't recognise as being OK.
Lizzie
-
To help protect yourselves, apart from having up to date anti virus etc, ensure your pop up blockers are on and working. Both Firefox and Internet Explorer have a pop up blocker.
If using Internet Explorer 7, just click on the blue cog wheel on the tool bar (Tools) and you should see a Pop Up Blocker in the menu - ensure it is turned on.
I did have the Genes Reunited website in my allowed list for pop ups but I've just removed it! ;)
Cheers, PP
-
I have just been on GR and got a virus warning. Norton picked it up immediately and dealt with it. Don't use the site if you haven't got protection.
-
I also experienced this on Friday although i didnt connect it with GR til reading this thread, thinking back this happened when i clicked on my hot matches email alert. Up came MalWareAlert saying my computer was in a critical state, so i clicked cancel, which took me to their site regardless. Then Internet Explorer popped up with a message saying it had blocked the site from downloading anything as it was suspicious. I have AVG and it has picked up nothing so far although it did pick up a trojan the day before, dont know if they are connected though
-
Welcome to Rootschat Cezza
I am on GRU at moment seems ok,
yesterday when I got the same as Cezza has just explained I tried to connect from their email about hot matches. >:(
Today I connected through my bookmarks and nothing wrong so far ::)
Crystal :D
-
Someone has just posted this link on GR, which you may like to read.
http://msmvps.com/blogs/spywaresucks/archive/2008/02/03/1493184.aspx
Christine
-
I just tried to get on GenesReunited following a notification e-mail. I had a warning that MacAffee had removed a Trojan. Is it now safe to access? How long can this site be allowed to operate like this if everyone is having the same warning. I am a paid-up member so would like to use GR on a regular basis.
Judy
-
So far I've been lucky and haven't encountered it :) but I don't usually hang around too long! :o
Cheers, PP
-
just had it again
perth
-
I had an e mail notification fro GR this morning but didn't use it to access the site. I went in through my bookmarked page - no virus warning. Is it happening only if you access it from the e mail link?
-
After many e-mails it looks like Gr are finally doing something about it. It looks like it's a third party banner advert that's causing the problem, these are hosted on another site not Gr and they are loaded onto the GR page from another server.
GR have stopped all adverts this morning so it looks like they have finally acknowledged that something is wrong.
-
I had an e mail notification fro GR this morning but didn't use it to access the site. I went in through my bookmarked page - no virus warning. Is it happening only if you access it from the e mail link?
Hi Liverpool Lass,
Yes it seems ok if you go in via bookmarked page but comes up before you get in using email notifications
Crystal :D
-
I tired a little earlier, and there were no problems this time.
meles
-
I tired a little earlier, and there were no problems this time.
meles
Excellent news Meles, I did use it a lot yesterday through the bookmarked page and nothing has shown up on the computer this time :)
Crystal :D
-
Yes ,My firewall picked it up last Tuesday,I did get a message from my firewall and it checked the whole computor.
Sleepybarb
-
Having experienced this Trojan problem (1 Feb 2008), I contacted GR Support and notified them of the problem:
(Extract) "... For your assistance, my Antivirus reported the following:
Trojan Downloader.Gida.A trojan; FILE: GenesReunited.co.uk/image/trees/female_bg_on.jpg. ..."
On 4 Feb 2008 GR Support replied:
"Thanks you for your email. Please accept my apologies if this virus alert has caused you any worry.
There was an advert on the site which was inviting people to download an application. At that point your anti-virus software picked this up and warned you of the various types of viruses that could be contained.
This advert has now been removed from the site. "
My antivirus is NOD32 from Eset. The delay in GR's reply was due to the weekend when Support apparently is not working! Since then, I have accessed the site without further problem.
Do I believe GR's explanation? Not entirely!
Hope this helps those who had a similar problem.
-
Welcome to Rootschat Dr. Doomuch ;D ;D ;D
and thank you for sharing your experience with GR and the virus so clearly, I like yourself do not entirely believe their explanation ::) ::) ::)
but at least its something and everyone's anti-virus seems to have picked it up, one way or another and dealt with it - we hope ???
Crystal :D
-
Thanks Crystal, you are welcome.
-
everyone's anti-virus seems to have picked it up, one way or another
Everyones except GR's. :o :o
Lizzie
-
I have encountered the same problem, thought it was me until I read this thread.
Thanks for sharing.,
The delay in GR's reply was due to the weekend when Support apparently is not working!
Hmmm, nice to know they have their weekends off, don't they know thats when most people get the chance to catch up on their research.
Not to mention this was an urgent matter and they should have made sure their Support staff worked overtime. We are paying them aren't we?
Margaret
-
Hi LittleMeg,
I agree, but AT LEAST GR did reply! Perhaps now they will be more careful about the integrity of their site, and stop of lot of those annoying ads which seem to pervade most sites nowadays (I don't mean the pop-up ads, but rather those that are embedded in the site).
-
How is it that only some people had a problem and not others?. I used GR last week and over the weekend with no problems at all.
I have AVG - ran a check, nothing! but now I'm paranoid that I may have something nasty lurking in the bowels of my computor that it has not picked up.
Suey
-
Hi Suey,
I think it depended on what part of the GR site you were accessing. In my case it was Messages, I don't know where other people were on the site when the problem occurred.
It made me jump I can tell you when the screen went red and then was interrupted by my antivirus suggesting I terminate immediately.
It's not paranoia to be concerned about the security of your info on your computer - if you continue to be aware of the risks and threats of infection, you are more likely to surf safely. My message is "stay sharp".
-
Thanks Dr D :). I went in through the Home page, then into messages and trees..so I guess I'm OK.
Suey
-
Hi
How is it that only some people had a problem and not others?. I used GR last week and over the weekend with no problems at all.
I think that there are a couple of reasons, first of all many sites seem to have some variable adverts so that when you log on you don't get the same ads each time. If only one ad was affected then you only had problems if that particular ad appeared. This meant it was a bit of a hit or miss as to whether you had trouble,
Secondly, as Christine of Portugal linked in an earlier message, it depended upon your IP number.
This particular campaign (rxalopecia) is coded to NOT trigger when the victim's computer falls within various IP addresses and geographical locations, including 213.161.0.0 - 213.161.255.255.
Note that GenesReunited has an IP address of 213.161.68.203
This means that if your IP was in the range above you didn't have a problem. It also explains why GR were slow to realise. They wouldn't have been able to replicate the problem as their IP address was within the range that were exempt from the problem. I'm not too sure about the reference to geographical locations unless its that certain places such as some US states may have tough legislation and by exempting those particular States they bypass those laws.
Also, googling seems to indicate that GR and its associated sites are not the only ones to have been hit recently by this type of attack and by exempting certain IP addresses it slows down action by the sites that are hit thereby infecting more people.
Andy
-
My experience with the Trojan emanated from an e-mail from FRIENDS REUNITED on which I clicked to see what it was they were talking about. I did say GenesReunited earlier but I see them as one and the same site. Sorry! I no longer subscribe to FRIENDS REUNITED but I do to GenesReunited. After the warning message my computer anti-virus MacAffee did an unexpected scan so it seems that things are ok now.
Thanks for all your messages of support. It's encouraging to know what is happening.
Judy
-
My scan has for the last few weeks revealed a tracker cookie which it then removed. Since GR deleted their advertisements yesterday this tracker cookie has not reappeared.
David
-
Is everyone agreed that it is safe to go back onto GR now.
I only logged on previously and had trouble so how do we know what is happening there?
-
I've been on many times since, and had no problems :)
-
Is everyone agreed that it is safe to go back onto GR now.
I only logged on previously and had trouble so how do we know what is happening there?
I have used GR over the last couple of days and it all seems ok
Crystal :D