Getting a consistant Norton warning only on this site

Discussion in 'Report Forum' started by Terryy, Mar 31, 2017.

  1. Terryy

    Terryy Almost too old for this

    Joined:
    Oct 7, 2016
    Messages:
    42
    Likes Received:
    36
    Gender:
    Male
    Location:
    Woodland Washington
    Web Attack: Exploit toolkit Website 16
    Don't see it on any of the other forums I frequent.
     
  2. MN66

    MN66 SHO Member

    Joined:
    Aug 7, 2016
    Messages:
    4
    Likes Received:
    2
    Gender:
    Male
    Location:
    Fairmont, MN
  3. rubydist

    rubydist SHO Member Staff Member

    Joined:
    Jun 25, 2007
    Messages:
    6,298
    Likes Received:
    1,999
    Location:
    Denver
    Apparently, Norton will on occasion report a banner ad as the "exploit toolkit" you mentioned. This seems to be unique to Norton. I personally think that Norton is far down the list of anti-virus software, so my first recommendation would be to get something else like Avast, McAfee or Kaspersky.
     
    StealBlueSho likes this.
  4. Mark Cintula

    Mark Cintula SHO Member

    Joined:
    Oct 17, 2015
    Messages:
    14
    Likes Received:
    6
    Gender:
    Male
    Occupation:
    IT
    Location:
    Columbus, OH
    I've been using Notron AV products for almost 20 years now and have never had an issue with them. I don't know why they get such a bad rap. And yes .. I do IT for a living. I'd rather have my security suite report false positives than let something slip by. I am getting the warning as well.
     
  5. rubydist

    rubydist SHO Member Staff Member

    Joined:
    Jun 25, 2007
    Messages:
    6,298
    Likes Received:
    1,999
    Location:
    Denver
    well, there is a trade off between resource utilization and letting stuff through. I personally think Norton is a resource hog compared to what is needed (and compared to other good av software), but I am fully aware that many others have a different opinion.
     
  6. 93markVIII

    93markVIII SHO Member

    Joined:
    Jan 5, 2011
    Messages:
    237
    Likes Received:
    123
    Location:
    MO
    symantec has been kicking me some warnings on my work computer as well.
     
  7. Mark Cintula

    Mark Cintula SHO Member

    Joined:
    Oct 17, 2015
    Messages:
    14
    Likes Received:
    6
    Gender:
    Male
    Occupation:
    IT
    Location:
    Columbus, OH
    Just to follow up on this here's what Norton says about this:

    Severity: High
    This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
    Description

    This signature detects attempts to download exploits from a malicious toolkit which may compromise a computer through various vendor vulnerabilities.

    Additional Information
    Malicious toolkits contain various exploits bundled into a single package.Victim on visiting the malicious server hosting exploit toolkit is attacked with several different exploits
    exploiting different vulnerabilities one by one.Exploits may include MDAC,PDF,HCP etc.

    Affected
    Various Browsers.

    Response
    No further action is required but you may wish to perform some of the following actions as a precautionary measure.
    • Run the Norton Power Eraser. (home users)
    • Run the Symantec Power Eraser. (business users)
    • Update your product definitions and perform a full system scan.
    • Submit suspicious files to Symantec for analysis.

    If you believe that the signature is reported erroneously, please read the following:
    • Report a potential false positive to Symantec.


    I get the warning in both Edge and Chrome with the Norton extensions. I don't get it in Firefox, mostly because I don't have the Norton extensions running there, but I do have AdBlock Pro and NoScript running and they caught and blocked the psychskins.com ref as malicious so there might be something to this. I remember about 10 years ago when I was a very active member of a Lexus IS forum something similar to his. A banner ad that the site was running had become compromised with malware and caused all kinds of havok. My Norton was doing the exact same thing, alerting me to the issue.
     
    luigisho likes this.
  8. zak

    zak SHO Member

    Joined:
    May 15, 2002
    Messages:
    1,400
    Likes Received:
    242
    Location:
    east of Hartford
    Home Page:
    My computer suddenly won't allow access, indicates site is compromised.
     
    Last edited: Apr 25, 2017
  9. Racer X

    Racer X SHO Pilot

    Joined:
    Oct 27, 2002
    Messages:
    3,447
    Likes Received:
    1,565
    Occupation:
    IT/ Telecommunications
    Location:
    Queens, NYC
    Home Page:
    I dug into this, the site is definitely compromised.

    It's a .js exploit, I'm guessing they got in via an unpatched SQL injection vulnerability that XenForo patched late last year. If you disabled JavaScript, the site is navigable, but my recommendation to everyone is to stop using the site until this is patched. And if you use your SHOForum password anywhere else on the internet, now might be a good time to change it on those other sites.

    Admin, if you're reading this, good luck sorting this all out.
     
    luigisho and SHOdded like this.
  10. zoomlater

    zoomlater SHO Member

    Joined:
    May 31, 2004
    Messages:
    666
    Likes Received:
    239
    Location:
    Seattle, WA
    My home computer get directed to a different website immediately after the Shoforum page comes up. There is a comment about the Domain has expired and go to your control panel, etc. The site works fine on my tablet and other computers.
     
    SHOdded likes this.
  11. SHOdded

    SHOdded SHO Member

    Joined:
    Dec 25, 2011
    Messages:
    5,560
    Likes Received:
    1,977
    Location:
    Maryland
    Same here since yesterday. Desktop only. I have since updated the mcafee sw and am hoping it will stop the redirect.
     
  12. rubydist

    rubydist SHO Member Staff Member

    Joined:
    Jun 25, 2007
    Messages:
    6,298
    Likes Received:
    1,999
    Location:
    Denver
    I'm still not getting any warnings or any redirects. I'm browsing with Chrome with AdBlock Plus extension enabled and have Avast free antivirus. I just scanned my machine and nothing inappropriate showed up in any of the anti-malware software I use.

    Since this is happening to some but not all users, that suggests it is one of the following:
    1. a browser-related vulnerability
    2. a anti-virus related vulnerability
    3. a snippet vulnerability where only part of the "bad" code is on the site server, and another part must be present on your computer (that you picked up elsewhere)
    4. a mirror issue (if the site has more than one host) where one of the mirrors is corrupted

    If you are getting the redirect, I suggest you visit MajorGeeks.com and go to their "how to remove malware" section, and follow the instructions explicitly to get rid of anything you have on your own computer. My experience is those guys are among the best and are on top of the crap that is out there.

    Hope this helps someone.
     
  13. jordanr

    jordanr Administrator

    Joined:
    May 24, 2014
    Messages:
    92
    Likes Received:
    116
    Location:
    Florida
    I have updated the software to see if that helps.

    Sorry for late response. I was on my honeymoon.
     
    SHOdded, luigisho and Toolman like this.
  14. sperold

    sperold Last to Know

    Joined:
    Aug 25, 2008
    Messages:
    3,109
    Likes Received:
    858
    Gender:
    Male
    Occupation:
    Mech. Tech.
    Location:
    Ontario Canada
    Boy, any excuse at all!

    Congratulations.
     
    SHOdded likes this.
  15. SHOdded

    SHOdded SHO Member

    Joined:
    Dec 25, 2011
    Messages:
    5,560
    Likes Received:
    1,977
    Location:
    Maryland
    well, we thought we were on a honeymoon too, the forum was doing so well ;) Thanks for fixing, no warnings anymore, at least on my browsers!
     
  16. zoomlater

    zoomlater SHO Member

    Joined:
    May 31, 2004
    Messages:
    666
    Likes Received:
    239
    Location:
    Seattle, WA
    On my work computer, I have consistent block notifications popping up for a couple of days now. It never did that before. Nothing on the home computer though
     
  17. jordanr

    jordanr Administrator

    Joined:
    May 24, 2014
    Messages:
    92
    Likes Received:
    116
    Location:
    Florida
    Lol...thanks.

    Hopefully anyone's warnings will go away as the security programs update that we are clean again...
     
    SHOdded likes this.

Share This Page

If you wish to help keep SHOforum running, please click the donation button below