Virus on a major48 site

[fetishbank]

Today I was adding a site of this guy whenI got infected by a very bad virus which bypassed both my antiviurs and firewall (a special thanks to Microsoft and Avast for their great piece of software!).

That virus took control of my screen, claiming it was a police alert because I was visiting illegal sites and telling I had to pay a 100 Euro fine to unlock my computer. I had to restart in safe mode to get rid of it. It made me lose one hour of my time ! I took some screen captures of that and saved the exe as evidence.

This is cyber crime. I'm not sure if you, major48, are aware of the problem, but I'm inviting you to carefully check your site http://www.black-bbw-tube.com/ and get rid of this shit. I assume you're in good faith, but this is not a joke, this is a crime and you can be arrested for that. So, better you do something before you get the police knocking your door ! Don't even try to ignore this matter, or I'll be the one sending the police your way !

I'm waiting for an answer here, obviously in the meantime I'm dropping all your trades...

[major48]

Well i was on the site last night and everything was fine. I'm at work right now so i can't check it. I will see if i can make it home on my lunch break to check it. I'm typing this from my phone. I doubt that its coming from my site because that is a hosted tube by pimproll. I doubt if they added a virus to one of their own sites. But thanks for posting this on the forum though and making me look like a scammer. Before you verified the virus came from my site.

[fetishbank]

I already written above, I assume you're in good faith otherwise I would asked vrocks to blacklist you.

But beeing in good faith does not mean you don't have some responsability. Your site open a popunder when you click on the page, and every time it opens a different url. If you cannot control the content that is loaded on that page, this is a security issue. Technically, the virus is not dropped from your domain, but the popunder is launched from it... so...

I can't guarantee that the virus came from you but I can tell I'm 99.5% sure. I started my work adding the linkspun trades. I had three browser windows: linkspun.com (in chrome), fetishbank.net (in explorer 64) and a window of explorer 32 where I was checking the linkspun trades. Your sites were the first on my list. First I added your milf blog, then I loaded your black bbw tube. I just opened a couple of pages to make sure everything was fine when that fucking virus took control of my PC.

Not sure how it self execute, this is the kind of things that never happen using chrome or mozilla but I'm an idiot and I'm still using explorer. The virus was a .exe in the temp directory which added a link in the startup menu (command line: C:\Windows\System32\rundll32.exe C:\Users\asus\AppData\Local\Temp\hnszs0.exe,H9922) - none of my antiviruses recognize it as virus, but I sent it to them all for analisys.

I'm sorry but I not going to surf again on your site to help debugging, this is a your problem, not mine. I can tell it won't be easy to find it. I already seen stuff like that in the past, that's why now all tgp/link lists require a partner account to post. Normally this kind of virus-dropping-pages use geo targeting script (means: if your system is in english you probably won't see it) and cookies & database to store IP addresses. Once the virus is dropped, you won't see it again until you clean your cookies and get a new IP.... so good luck !

(edit: I was using explorer 9/32, so that is the browser you should use to check)

[CodeR70]

(a special thanks to Microsoft and Avast for their great piece of software!)

And I bet you are going to continue and use it right?!

Dont get me wrong, I'm not that naive to think with other software it doesnt happen. But you talk about responsibilities in this thread but did you ever consider your own?

[webmasterx]

This virus has been around for some time now, http://trojan-killer.net/metropolitan-p ... ng-remove/ Fetishbank i think u probly picked that up somewhere else and its about time u revued your av strategy, windows boxes will always be vulnerable and the av software u r using is basicaly shit!

[vrocks]

Ahem... you might want to check out what niches you sell... Babes = .05% chance of getting a virus... Anything especially kinky = 99.9% chance of getting a virus...

[deejay]

I'm not sure if you, major48, are aware of the problem, but I'm inviting you to carefully check your site http://www.black-bbw-tube.com/ and get rid of this shit.

I accessed that site yesterday without any problems. If the trojan had been resident on that domain, my anti-virus would have blocked access to the site.

You owe major48 an apology. It's one thing to give a heads up about a problem, but to label the guy a scammer, drop all your trades with him and threaten to contact the police when you can't prove conclusively that YOUR problem emanated from his site is way over the top. Get over yourself.

[major48]

I just got home and checked it out and I got nothing. I also sent a email to pimproll to check it out for me also since they supply all the ads. Its one of their hosted tube sites.

[Hincapie]

Really???

Ive had nearly exclusively especially kinky stuff on all my boxes for well over a decade, been hacked once (which the idiot used as a gateway to try and hack someone else, so he was easily tracked) - but never had any viruses ... and never actually stumbled upon particular malicious pages in my roaming around ... yeah, the odd trade partner with an insecure php script getting injected, but nothing hard to fix.

I´d actually imagine kinky stuff is less likely to be infected with anything, less random types running such sites for quick beer money and more lifestylers putting up pages cause they fancy the niche privately

Ahem... you might want to check out what niches you sell... Babes = .05% chance of getting a virus... Anything especially kinky = 99.9% chance of getting a virus...

[luxv66]

Site is clean here and being a Pimproll tube makes even more unlikely that was the culprit.
Not that PR tubes are necessarily more secure but there would be a massive shitsotrm all over if this was going on with them I'd think.

[fetishbank]

I carefully checked it again and found nothing. Also checked the other site I was setting the trade before this one and found nothing. Right now everything looks clean... so it is possible I was wrong, and in this case I can only apologize.

I will keep an eye on it to see if something changes during the day (even if I know pimproll is more than trusted, I've been working with them for years)... at the same time I'm going to check one by one the latest trades I've processed to see if I find the asshole...

[fetishbank]

Ahem... you might want to check out what niches you sell... Babes = .05% chance of getting a virus... Anything especially kinky = 99.9% chance of getting a virus...

Honestly this is the first serious issue that I see in the last five years. I remember stuff so agressive in the dialer age, when a fast connection was a 56k modem. What you say can be true if you talk about warez sites, where basically everything is illegal.

The point is that linking to a site that drop stuff like that can kill your business in a day, while it takes years to build it, that's why I'm so angry and want to find out where this shit come from !

[anexsia]

Ahem... you might want to check out what niches you sell... Babes = .05% chance of getting a virus... Anything especially kinky = 99.9% chance of getting a virus...

I've been visiting fetishbank for 8+ years now for fap material and I don't recall ever getting a virus from links on there.

This just brought me back memories of how many virus/spyware porn sites there were back in the day...I was just a surfer then and used to flip shit whenever there was dialers downloaded or TGPs that were nothing but links to trades that had a million popups you couldn't close lol. I switch off between using my windows box and my linux box nowadays and can't really remember getting a virus or spyware in the past few years.

[fetishbank]

Had another look to the site this morning. Found nothing bad but noticed that the popunder opened: http://iphoneunlockguru.com/ that I am not sure it is pimproll property (instead yesterday was a pimproll cam site). Whois data is protected so I could not check.

Will be pimproll paying a commission for sales on that site ? This is a very good question that could open a new different thread about what sponsors are doing with our traffic...

Anyway, I added the site, restored the other links and I apologize for the mess done - I just kindly ask you to have a look on your site from time to time to see what kind of ads are shown on that popunder...