Jump to content
Justin

Atari I/O Malware "Security Warning" Issue

Recommended Posts

Is there a way of backing up the data files that contain the posts, members, and forum data? Go into the server, delete and re-install everything? The forum will probably be down for awhile. But it should clear the virus. If it is within the account folder itself. Some of this Redirect Virus can be planted on the server and infect more than just one website.

Share this post


Link to post
Share on other sites

I don't get it on the main page, but once I click on a topic I still get the red warning page on Chrome. Also...don't feel bad, it appears another of my haunts Vogons.org has been hit and I'm not able to access that site at all because my Malwarebytes software in my PC will flat out not let me due to a trojan detection on their end. When I try and bypass this, I just get an error page that the site isn't responding properly or something to that effect. So..yeah...not just atari.io

 

Share this post


Link to post
Share on other sites

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

Share this post


Link to post
Share on other sites
53 minutes ago, kamakazi20012 said:

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

FYI - I am still getting the warning for every thread in the High Score Squadron section.

Share this post


Link to post
Share on other sites

Well, after viewing the code, I found a server-side error that failed to load.  I'm not sure if it is related or not because it doesn't appear to be a part of anything else the site uses.  And when I clicked on the link that failed it did return with a "not found" error.  When researching what that link did I was surprised to find that it is a direct link to Adobe for using web fonts which are added to the site when a browser "loads" this website.  

From what I learned in college, we never used Adobe for web fonts because it was unreliable.  We were told to use what Google offers instead.  Not sure if what I found is relevant or not but I thought it might help beat a path back to the cause of this issue.  

On a plus note, I didn't get the dangerous alert when I came back to the forums directly.  It's only happening on the main portion.  Might I suggest remaking the index.html page?  That might delete the malware.  If you change that you might fool the malware.  But I would seriously consider moving away from WordPress for a main page.  Instead I would create one using HTML 5 and CSS 3 without WordPress being involved at all.  There are some free hosting sites, some with ads, some without.  If that is an option then let me know and I will report back with what I know.  I used a few free ones before and had good results with a few of them.

There's also the option of replacing the main portion with a backup that is dated before all of this stuff happened if that has been done.

 

Share this post


Link to post
Share on other sites

I'm doing everything I can to help and I may have stumbled on to something.

AtariIOScreenshot2.thumb.jpg.f41cdb044a8abd5417d7d8f790233e6b.jpg

Somewhere in Atari I/O's main index some links are being repeated...once as a standard, non-secure link and once again as a secure link (https).  No matter what, though, the typekit link keeps coming back with a 404 error.  If you can't use it I would remove those links.  I would also convert those http links to https links.  You should only have to put an "s" at the end of the "http" portion.  That should help some.  Atari I/O is also trying to get fonts from a "gstatic.com".  When I went to research that link guess what I discovered?

Quote

The Gstatic Virus is a dangerous application that works in a way very similar to an Adware program. ... The virus creates a large number of advertisements whenever you start your internet browser or load a page/tab/link while browsing. The goal of these Ads is, of course, to generate revenue for whoever created the virus.

Find out where in your WordPress code (check HTML and PHP codes) that link sits and remove it from the site!  It's bad news.  That could very well be where your problem is.

I did more research on it and discovered that "gstatic.com" is often seen mistakenly as a virus when all it's doing is using resources directly from Google.  But if it is not being used I'd take it off.  I'd definitely take off those links to "typekit" as they are not working.

Edited by kamakazi20012
corrections

Share this post


Link to post
Share on other sites

Just accessing this topic in the forums will cause google to throw the malware indication screen now. So simply with your guys posting stuff about this it causing a problem now LOL!!

Most other parts of the forums are fine and yes the main page does still trigger only now I can't get past it because DNS.org comes up flagging it as blocked now. So even if I tell google to go ahead and access the unsafe site, DNS.org jumps in and says 'Oh Hell no!!!' and yeah...

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...