peteym5 206 Report post Posted November 1 Is there a way of backing up the data files that contain the posts, members, and forum data? Go into the server, delete and re-install everything? The forum will probably be down for awhile. But it should clear the virus. If it is within the account folder itself. Some of this Redirect Virus can be planted on the server and infect more than just one website. 1 StormSurge reacted to this Quote Share this post Link to post Share on other sites
RockyRaccoon 18 Report post Posted November 9 It seems to be fixed at least forums side, I no longer get the red warning on the forum... still do on the main website. Quote Share this post Link to post Share on other sites
CrossBow 276 Report post Posted November 9 I don't get it on the main page, but once I click on a topic I still get the red warning page on Chrome. Also...don't feel bad, it appears another of my haunts Vogons.org has been hit and I'm not able to access that site at all because my Malwarebytes software in my PC will flat out not let me due to a trojan detection on their end. When I try and bypass this, I just get an error page that the site isn't responding properly or something to that effect. So..yeah...not just atari.io Quote Share this post Link to post Share on other sites
nosweargamer 6,539 Report post Posted November 9 Using Chrome, I didn't get the warning going into the forums, but I did when I tried to go to the Alleway HSS topic. Quote Share this post Link to post Share on other sites
kamakazi20012 2,906 Report post Posted November 19 Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous." I don't see anyone dangerous on here. Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again. Some where in the main page's code is a bot that activates randomly. It's most likely some sort of link not related to anything Atari I/O. I'm going to see if I can't crack this thing in the butt. I'm going to purposely trigger that link and view the code. Maybe somewhere in there is the secret to where this thing is coming from. Quote Share this post Link to post Share on other sites
nosweargamer 6,539 Report post Posted November 20 53 minutes ago, kamakazi20012 said: Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous." I don't see anyone dangerous on here. Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again. Some where in the main page's code is a bot that activates randomly. It's most likely some sort of link not related to anything Atari I/O. I'm going to see if I can't crack this thing in the butt. I'm going to purposely trigger that link and view the code. Maybe somewhere in there is the secret to where this thing is coming from. FYI - I am still getting the warning for every thread in the High Score Squadron section. Quote Share this post Link to post Share on other sites
Scott Stilphen 423 Report post Posted November 20 Atari IO gave me Pac-Man fever. Just sayin. 1 StormSurge reacted to this Quote Share this post Link to post Share on other sites
kamakazi20012 2,906 Report post Posted November 20 Well, after viewing the code, I found a server-side error that failed to load. I'm not sure if it is related or not because it doesn't appear to be a part of anything else the site uses. And when I clicked on the link that failed it did return with a "not found" error. When researching what that link did I was surprised to find that it is a direct link to Adobe for using web fonts which are added to the site when a browser "loads" this website. From what I learned in college, we never used Adobe for web fonts because it was unreliable. We were told to use what Google offers instead. Not sure if what I found is relevant or not but I thought it might help beat a path back to the cause of this issue. On a plus note, I didn't get the dangerous alert when I came back to the forums directly. It's only happening on the main portion. Might I suggest remaking the index.html page? That might delete the malware. If you change that you might fool the malware. But I would seriously consider moving away from WordPress for a main page. Instead I would create one using HTML 5 and CSS 3 without WordPress being involved at all. There are some free hosting sites, some with ads, some without. If that is an option then let me know and I will report back with what I know. I used a few free ones before and had good results with a few of them. There's also the option of replacing the main portion with a backup that is dated before all of this stuff happened if that has been done. 1 StormSurge reacted to this Quote Share this post Link to post Share on other sites
kamakazi20012 2,906 Report post Posted November 20 (edited) I'm doing everything I can to help and I may have stumbled on to something. Somewhere in Atari I/O's main index some links are being repeated...once as a standard, non-secure link and once again as a secure link (https). No matter what, though, the typekit link keeps coming back with a 404 error. If you can't use it I would remove those links. I would also convert those http links to https links. You should only have to put an "s" at the end of the "http" portion. That should help some. Atari I/O is also trying to get fonts from a "gstatic.com". When I went to research that link guess what I discovered? Quote The Gstatic Virus is a dangerous application that works in a way very similar to an Adware program. ... The virus creates a large number of advertisements whenever you start your internet browser or load a page/tab/link while browsing. The goal of these Ads is, of course, to generate revenue for whoever created the virus. Find out where in your WordPress code (check HTML and PHP codes) that link sits and remove it from the site! It's bad news. That could very well be where your problem is. I did more research on it and discovered that "gstatic.com" is often seen mistakenly as a virus when all it's doing is using resources directly from Google. But if it is not being used I'd take it off. I'd definitely take off those links to "typekit" as they are not working. Edited November 20 by kamakazi20012 corrections 2 RadioPoultry and StormSurge reacted to this Quote Share this post Link to post Share on other sites
CrossBow 276 Report post Posted November 27 Just accessing this topic in the forums will cause google to throw the malware indication screen now. So simply with your guys posting stuff about this it causing a problem now LOL!! Most other parts of the forums are fine and yes the main page does still trigger only now I can't get past it because DNS.org comes up flagging it as blocked now. So even if I tell google to go ahead and access the unsafe site, DNS.org jumps in and says 'Oh Hell no!!!' and yeah... Quote Share this post Link to post Share on other sites
nosweargamer 6,539 Report post Posted Wednesday at 11:11 PM (edited) Not sure why, but it's gotten worse for me. Now I am seeing the warning everywhere on the forum when using Chrome on my desktop. Edited Wednesday at 11:12 PM by nosweargamer 1 StormSurge reacted to this Quote Share this post Link to post Share on other sites
StormSurge 2,374 Report post Posted Thursday at 01:49 AM Same here. It was looking good for a few weeks but not the past few days. 1 nosweargamer reacted to this Quote Share this post Link to post Share on other sites
