Ark of Truth Posted December 12, 2012 Posted December 12, 2012 "My anti-virus is saying that this site or pages on this site have malware in them, what should I do?"In the event that your anti-virus program says that this site contains a virus you will need to create a thread and provide the site staff with the following information.- The time of the virus alert- The page you encountered it on- The name of your anti virus- The name of the virus (Sometimes known as infection)- Virus type (If it is listed)After you have the relevant information please go to the General Discussion and create a new thread with the title "Virus warning" or another suitable title. Please make sure that a thread does not exist before creating a new one, if one does already exist please use that threat instead.If your anti-virus provides you with a detailed report of the event please post it in your post but inside a spoiler tag. The tag for the spoiler is as follows. copy and paste your report here "OK, So I have given you the information you need fix it already"This is not as simple as it seems. In order to catch the virus the conditions for it to appear will need to be recreated, this can take some time.After the virus or threat has been detected the site administrator will attempt to remove the threat and prevent it from reappearing again on the site. Users should be warned however that these threats may come back at a later date even though they have been remove from the site before.Please note this site only has one administrator so this may take some time."Is there anyway I can stop myself from getting a virus"Sadly no there is no 100% secure way of you not getting a computer and having access to the internet at the same time. However there are a few programs you can install to greatly reduce the chance of getting infected down to round about 1%.Install NoScript (Firefox Only)No script is a JavaScript, Java and Flash blocker all placed inside one extension. This extension stop automatic JavaScript, Java and Flash elements from being run as soon as the page loads or during.Most virus run on a "when page loads trigger" meaning at the attacks your computer after the page has loaded or during the loading process.You can download it from here.SandboxieSandboxie makes sure that anything download through your internet is contained within a isolated section of your hard disk. This means that if you download a virus it is stuck there, anti-virus can also scan files stored inside sandboxie. Without sandboxie you computer will most likely let write to any odd random free spot on your hard disk.You can download Sandboxie from here.Additionally a review of Sandboxie can be found here.In addition to the above users can add malicious domains to their host files to block them. This can be done by doing the following steps.- Open 'My Computer'- Select the drive which has Windows installed on it, this is normally drive C.- Open the folder named 'Windows'- Open the folder named 'System32'- Open the folder named 'drivers'- Open the folder named 'etc'- Left-click on the file named hosts and then right click and select properties. Make sure that read only is unchecked and select OK.- Left-click on the file named hosts again and this time right click and select open. If it asks you to choose a program open it with notepad.- The hosts file should now be open and showing the following.# Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost In order to block the domain you must add the following line:127.0.0.1 reftuer.ipq.co/You need to add this line to the bottom of the hosts file so it looks like below. DO NOT add # in-front of the line as this tells the computer to ignore that line.# Copyright © 1993-2009 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.# 127.0.0.1 localhost# ::1 localhost127.0.0.1 reftuer.ipq.co/ After doing this just save the hosts file.This line tells your computer to block all data from this domain as well as telling it to block any data trying to go to this domain from your computer."I think I have downloaded a virus, HELP!"The first thing you should do when you know you are infected is disconnect yourself from the internet, the best way of doing this is to physically pull your internet cable either out at the wall or out of the Ethernet port in the back of your computer. DO NOT go into control panel and disable your internet adapter, this is because if a virus is scripted correctly it will enable the adapter and allow even more virus to come in.After you have done all that find and delete the file which as been identified as a virus or you suspect of being a virus. After doing this run a FULL SYSTEM SCAN using your anti-virus and allow it to complete, DO NOT cancel it. If you find any threats simply get your anti-virus program to remove them, most do it automatically unless configured otherwise, after this is finished make sure to run a second scan just in case something got missed.When you feel certain that you have removed the threats restart your computer by completely shutting it down and pressing the power button to turn it back on again. DO NOT use the restart function as this does not power down the computer completely as does not flush your RAM completely either.DISCLAIMER: At the time of creation this guide uses up to date information, I hold no responsibility for damage caused if you somehow manage to damage your computer because you didn't follow the instructions or advice given.
Bunny Ral Posted December 12, 2012 Posted December 12, 2012 According to Google Chrome the rogue virus on this site is hosted on this domain. (DO NOT CLICK) ---- reftuer.ipq.co/ ---- To prevent downloading a virus one can edit their host file (if on Windows) to redirect any called traffic from this domain to your localhost, no matter the protocol. Browse to: C:/Windows/System32/drivers/etc You should see a "hosts" file. Just right click and open it in an editor. Make a new line anywhere at the page and add this line to it. 127.0.0.1 reftuer.ipq.co/ You are now effectively blocking the malicious domain.
Ark of Truth Posted December 12, 2012 Author Posted December 12, 2012 Already know about that, just need to finish spelling check and add it in.
Ark of Truth Posted December 12, 2012 Author Posted December 12, 2012 UPDATED Guide now includes how to block domains using your host file.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.