RootsChat.Com
General => Technical Help => Topic started by: ankerdine on Saturday 13 February 10 08:00 GMT (UK)
-
Just had an email from GR listing 4 new contacts with similar names. The link to one threw up a Threat warning wbich luckily was blocked by my security package. Should I inform GR?
Judy
-
In one word yes!
-
Ok, ta, that's what OH said. It was HIS COMPUTER! :o :o :o
j
-
I went onto Genes today. Suddenly my 'Windows security' told me I had 101 trojans and various other critical problems. It asked me to download a programme to remove them. The strange thing is my Windows security is disabled as I have McAfee.
Panic!
I did not download this programme, but immediately started up my Virus Scanner. That is on my PC, I am using my laptop at the moment. As yet, it has not found anything. I'll run a malware scan afterwards to double check.
I think, had I 'run' this programme, I might have let something in. I'll keep you posted.
Sue
-
There was a problem similar to this before and it was one of the ads on their site causing it.
I have all ads blocked by my anti-virus programme, Kaspersky and haven't had any problems on there today.
Christine
-
I too opened an e-mail from genes and this totally disabled my mcafee security.
Disguises itself as windows secuity then advises that you have a virus and someone
is taking all personal details from your computer. Whatever you do....DO NOT follow
their links to remedy the situation.
I have just spent 2hrs trying to sort this out and have had to complete a full system restore
and reactivate all security settings with my antivirus........NIGHTMARE!!!
Thanks alot Genes Reunited >:(......now blocked all GR e-mails with their dud 'matches' and as this
is not the first time this has happened my subscription will now be terminated.
Be careful fellow rootschatters Genes are out to give you a big headache!!
Alyson
-
Sounds like the GR database has been hacked. Seeing how that outfit is run, this does not surprise me.
-
Right!
I ran my McAfee virus scan and it found nothing. I am now running Adware to see if that finds anything. Thank goodness my instinct told me not to follow their links.
This didn't come from an email though. I just went to the site to check my family tree. Fortunately, I no longer have the hotmatch emails from genes, but obviously do get the ones where I have a contact wanting to link with me.
Ahhh! I will not want to open those emails now!
Sue >:(
-
AdAware found nothing either, other than a few cookies.
Looks like it was the programme that would have infected the computer.
Sue
-
I've sent GR an e-mail of complaint but am very worried to go on that site again.
I only have my Family Tree on GR nowhere else. Should I up-load it entirely, say to Family Tree Maker or something similar? Maybe not now, wait until they get the site "cleansed". ???
We've scanned both the laptop and the PC and they appear to be ok.
J
-
I too have sent an e-mail to Genes and thanked them for the
useless 'matches' and the bonus virus.
I would stay well clear of the site ankerdine until they have sorted it out, better safe than sorry.
Alyson
-
I don't think I will renew nmy sub when it falls due. I don't keep a tree on there and because I let it lapse for a while I now pay double what I did in the first place.
I have had one very good result from GR but that was for somebody else I was helping, usually the people I have contacted re my own lines have not replied.
I picked up a trojan from an earlier problem with GR adverts so to me its just not worth the bother.
Selina
-
I too opened an e-mail from genes and this totally disabled my mcafee security.
Disguises itself as windows secuity then advises that you have a virus and someone
is taking all personal details from your computer. Whatever you do....DO NOT follow
their links to remedy the situation.
I have just spent 2hrs trying to sort this out and have had to complete a full system restore
and reactivate all security settings with my antivirus........NIGHTMARE!!!
This sounds similar to something that happened to me about 18 months ago but I didn't get it from GR - it was called XP Antivirus 2008 and it disguised itself as Windows security and said that I had all these viruses but it was the XP Antivirus that was the virus and it was really difficult to get rid of. It seemed to know what I was doing and kept blocking me and in the meantime the computer was getting slower and slower. In fact I wasn't technical enough to do it and had to get a friend to sort it out.
Be really careful. I wouldn't wish it on my worst enemy.
Luzzu
-
I also had a problem when I went open my Tree yesterday, AVG warned me and blocked the virus from doing any harm to my PC.
Ambers
-
I received an email yesterday telling me that my GR subscription will shortly be due.
I have replied that since I now pay double what I used to (I let it lapse at one point); I get very little benefit from the site (people often don't reply) and they have security problems yet again - I doubt that I shall renew.
Selina
-
I have just tried to contact the Help section on GR and received another warning of Infected File :-X
Exploit Rogue Scanner (type 1027)
Ambers
-
Hi
Relief to know that it was not only my system that had this problem - I opened my GR hotmatches this morning and my windows Security System was suddenly telling me about all these Trojans/ email worms etc and wanted me to download this program. I tried getting onto here to find out what to do as I'm not very technical minded but my laptop wouldn't let me do anything. I paniced like mad but luckily did not follow its instructions and finally managed to get McAfee to run a full scan which did not detect anything. Can I assume that everything is okay and I do not have any nasty things lurking anywhere?
Only last week GR sent me their email reminder about renewing my subscription - am now thinking twice about this. I have had some good contacts from the site but certainly do not want any more hassle like this again. I was going to send them a complaint email but have had second thoughts, however, I need to get onto their site to remove my renewal details - though think I'd better wait and see if they sort this out first.
Crystal
-
I know what you mean Crystal. I keep my tree on Genes, as I find it the easiest way to update it. Then, I download the gedcom to my computer and open it in Family Tree Maker. I want to update it, but daren't go there at the moment. :'(
Sue
-
Sue - I've also got a tree on GR which I keep just for contacts etc, I have some new info to add on but that will have to wait as well. Can't remember when my actual renewal date is, just hope its not too soon and that I have a chance to do something about it :-\
Crystal
-
Read all about it here:-
http://www.xephandreema.com/2009/12/exploit-rogue-scanner-how-to.html
Basically Genes Reunited is NOT THE PROBLEM.
Exploit Rogue Scanner Type 820 sends an error through your registry, causing your Security Center to send an "alert message" that the applications you open are virus infected. THIS IS NOT TRUE. It's kind of like a fake system error.
GR is not infected.
-
Many thanks for the Link downside :)
Is type 1027 the same ?
Ambers
-
I think it is from the same family of malware, second cousin twice removed.
A genealogy joke. :)
-
Read all about it here:-
http://www.xephandreema.com/2009/12/exploit-rogue-scanner-how-to.html
Basically Genes Reunited is NOT THE PROBLEM.
Exploit Rogue Scanner Type 820 sends an error through your registry, causing your Security Center to send an "alert message" that the applications you open are virus infected. THIS IS NOT TRUE. It's kind of like a fake system error.
GR is not infected.
I really still dont understand how you can say this when GR is the common denominator for all the above coments.
I still do not understand why GR have not replied to our emails. If Ancestry and Find My Past personnel read this website then surely GR administrators do too? ???
J
-
GR may be the common denominator but I suspect at least one of the sources, as has been suggested already, will be the ads feed on the site. I encountered the same problem a couple of years ago from GR and when I pointed out to them they had a problem with the ad feed on the site they ignored my email >:(. AVG and AD-Adware scans of my laptop at the time showed no issue apart from a file in temporary internet files which had been cleaned so I just deleted it.
Exploit Rogue Scanner Type 820 sends an error through your registry, causing your Security Center to send an "alert message" that the applications you open are virus infected. THIS IS NOT TRUE. It's kind of like a fake system error.
If you do get the above, while your PC may not be infected and it could just be a false positive to get you to download the infected file (when its offering you software to clean your PC), there are occasions when the alert can be hiding other malware. I've seen this several times in recent years having to clean up malware infected PCs at work. The pop-ups themselves can be a pain to get rid of.
-
I'm pleased to have come across this thread because the exact same thing happened to me last night. I was trying to open a message on GR, luckily my virus checker picked it up. I couldn't close it down so eventually went to Task Manager and closed down everything, so that did the trick. I've been back on GR today to reply to a couple of messages and all was well.
Downside, I'm afraid all that technical stuff is above my head but I can't see how the problem isn't with GR.
-
Downside, I'm afraid all that technical stuff is above my head but I can't see how the problem isn't with GR.
The ads on the site are actually only "links" to other websites who provide the ads as a link on the GR site. Although I think GR should be paying attention to what they are linking to, its the company supplying the ads that will have the problems as it is these which contain the malicious code.
It wouldn't hurt GR though to actually respond when someone points out to them there has been a problem ....
-
I had same problem today
I did not click on any of the links on GR
all I did was check something on my tree
then close it ::)
Elaine
-
You don't need to click on the links for it to try and infect you, just accessing the GR webpage can cause the problem.
-
Well, I'm fairly confident that my security systems here are pretty good, so yesterday I paid a visit to GR - I no longer subscribe, so I could only access the public bits.
Nothing bad happened, either during or since my visit. I can only suspect that the GR site is somehow triggering malware which was there all along.
-
well, I also went on there and yes, I too got a virus message
HTML:Iframe-inf
My on-access protection also picked up the associated trojan first before I got the above infection message.
my anti-virus dealt with it but seems like GR is being hijacked or something but I don't have a problem with any other site - and didn't prior to visiting GR this morning.
I didn't hang around long enough to see if there was any advertising on the home page. Could be an inserted ad which is not controlled by GR that is causing a problem.
-
I have just been on GR and have had no such message at all
Newbe
-
It is not unusual for Genes Reunited Support people not to respond to emails from customers. If this happens it normally means they can't find anything wrong but their policy seems to be that they do not tell customers that.
I suggest that you re-run your security programs in safe mode as the implication from the link is that something is buried deep in your registry and it can only be removed when in safe mode.
-
Well,
The first time I got the message, I was using IE7 then I just tried it with Firefox... no errors at all.
Then I tried it with Advent. I got the same error twice, and the top GR banner was then blocked. So it most definitely is something to do with GR
-
So it most definitely is something to do with GR
So how come most people do not get an error? I've tried to get this error and I can't.
Let us apply some logic to this problem.
What security are you using?
It seems to be an anti-virus program that is either falsely or rightly reporting that there is an error.
If you temporarily disable your security program will you still get the message?
-
GR have just replied to my email, asking what Security I use and what type of warning I am receiving.
In the last two days, I have had Warning Messages three times while trying to use GR, but have also accessed it about five times without any Warning Messages appearing ...how odd ???
Ambers
-
So it most definitely is something to do with GR
So how come most people do not get an error? I've tried to get this error and I can't.
Let us apply some logic to this problem.
What security are you using?
It seems to be an anti-virus program that is either falsely or rightly reporting that there is an error.
If you temporarily disable your security program will you still get the message?
Are you joking? That would surely let something in , if it wanted to get in.
-
Hi all,
I had the same problem yesterday. My windows Security went mad and was telling me I had virus`s and trojans and all sorts of things going on and to click onto the link to stop someone from Launceston Tasmania from hacking into my computer. :o
I shut down my computer and restarted. It happened twice more so I shut it down again. I have had no trouble since.
I was on Facebook not GR :-[ so the problem isn`t just to do with GR.
I also ran a scan after this happened but found nothing wrong. 8)
Johngirl
-
If it is a false alarm then nothing will get in.
If it isn't a false alarm then your security program will detect and remove it when you reenable it won't it?
This is why I don't have an anti-virus program - they are more trouble than they are worth and they give people a false sense that they are being protected.
-
This is why I don't have an anti-virus program - they are more trouble than they are worth and they give people a false sense that they are being protected.
Whereas you know for sure that you are not ::)
If you Google I-frame inf you'll see that the problem is caused by malware, and the alert is triggered by the action of an innocuous script that is found on many web sites. The malware doesn't come from the web site - it was on the infected computer all along.
-
Snowy..... the virus is posing as windows security, encouraging you to click on the links so become further infected.
Anyway I am 100% sure that the problem I had, came from GR, after sending the letter of complaint yesterday they have replied this morning, denying all knowledge!!
.......and just to add insult to injury, suggest that it is my security system at fault!
Somebody, pour cold water over me quick, please!!!!
Alyson
-
Whereas you know for sure that you are not
That is correct.
If I have a cold then I feel unwell and start coughing.
If I have flu, then I weel unwell and start shivering and have aching limbs and start coughing.
-
I think people who are complaining about this web site should say which AV and Firewall software they are using, along with the browser types and versions that they are using, so a pattern may emerge. Many people (including myself) have visited the site (I tried again this morning, after trying yesterday afternoon), and I didn't notice anything out of the ordinary.
-
Latest version of Internet Explorer (8?) and AVG free edition
-
Whereas you know for sure that you are not
That is correct.
If I have a cold then I feel unwell and start coughing.
If I have flu, then I weel unwell and start shivering and have aching limbs and start coughing.
This is a common misconception about (computer) viruses - people automatically assume that if their computer is affected, then they will notice something out of the ordinary. Well, the only time that you will do that is when you acquire a virus that is designed to be activated by a trigger of some sort, which will flash a message of some sort, encouraging (or even panicking) you into buying security software from them.
There is another type of virus - it sits there on your computer, and you are completely oblivious to it, whilst in the background it can be recording everything you type and uploading it to somewhere on the other side of the world, or using your email connection to send out hundreds of junk emails. You will be completely oblivious to what's going on. Some viruses will even take pictures from your webcam and upload them, so be careful what you wear in front of your PC, because someone may be watching :o
There was a virus doing the rounds about 10 years ago that was incredibly tiny (in terms of program size) called Back Orifice (try Googling for it) - when the victim was infected with this virus, they could be found by scanning IP addresses with a program, and once they were found, the person at the other end could see a picture of their desktop, examine their entire disk drive contents, download files from their hard drive, upload files to their hard drive, rename files, delete files, see which programs they were running, take a picture with their web cam and download it, open the CD door, and make their PC reboot.
My point is - if they could do that 10 years ago, when we were all on dial-up, what can they do now, with continuous broadband connections ?
I wish I had £1 for every time I heard someone say (or read) "I'm not using a virus checker, and I don't have any problems".
My response (as always is) "What problems were you expecting ?".
-
This is a copy of an email from Genes support team sent after the attack in Feb 2008.
Thanks you for your email. Please accept my apologies if this virus alert has caused you any worry.
There was an advert on the site which was inviting people to download an application. At that point your anti-virus software picked this up and warned you of the various types of viruses that could be contained.
This advert has now been removed from the site.
Best regards,
Genes Reunited Support Team
Maybe the same thing is happening again.
Christine
-
I wish I had £1 for every time I heard someone say (or read) "I'm not using a virus checker, and I don't have any problems".
How many people say they don't have an anti-virus checker?
I would be a poor man if there are any people that say they don't.
How many times do I read about people that have anti-virus programs and yet they get infected? I wish I had a £1 every time I heard that.
and make their PC reboot.
Probably a clue there then?
Thanks for the update Christine.
-
I have Internet Explorer 8 and Norton 360 Anti virus. On both Saturday and Sunday this weekend my Norton has blocked a " Fake Antivirus Install Request " while i have been on GenesReunited. I don't think this can be a coincidence and am therefore going to stay away from the site for the time being.
-
This is the reply I have just received from GR regarding the problems we have been experiencing.~~~~~~~~-------------------
Thank you for taking the time to bring this matter to our attention.
It is not possible for the virus alert to have been originated from one of our website pages so the only possible source could be an advertisement on our website.
All advertisements displayed on (website name) are scanned for viruses but we have asked our Advertising company to thoroughly investigate this matter.
I confirm that they have now removed any relevant adverts from our website while we examine them individually.
You have my assurance that there will be a thorough investigation and that, if a virus is definitely identified, we will be sure to take action to prevent any advert of that type being displayed on our websites again.
I apologise for any concern or inconvenience caused by this incident, we do appreciate your support for Genes Reunited and your understanding in this particular matter.
-
Well Halleluiah!
Better late than never!
-
You are lucky to get a reply. I haven't but thank you for displaying your answer in full.
J
-
Just as I suspected (and said several times).
Malware sitting on computers, triggered by benign website script.
-
I wish I had £1 for every time I heard someone say (or read) "I'm not using a virus checker, and I don't have any problems".
How many people say they don't have an anti-virus checker?
I would be a poor man if there are any people that say they don't.
How many times do I read about people that have anti-virus programs and yet they get infected? I wish I had a £1 every time I heard that.
Some virus checkers are better than others (but most are better than none at all). I wish I had £1 for every time I said that too ! ;D
-
Ok then.
I ran my virus scan & Adaware scanner and it didn't find any malware., but you say it must be on my computer.
How do I find it and eradicate it?
Sue
-
Run Malwarebytes - anti-malware sofware in safe mode....
google it, its free to run a check and get rid of the nasties.
if you already have it, don't forget to do an update first.
-
Right!
I've done that and it did find something!
Now I ask, what is the point of 'paying' for a virus scanner when it does not pick thses things up?
Thanks for your tips!
Sue
-
Excuse my lack of knowledge, but does that mean that I still have something on my PC that acknowledges the benign website script ???
The first Trojan was blocked by AVG and disposed of, the next two were warnings of different things ..
I have run Spybot, Anti Malware on top of AVG and nothing is showing up
Ambers
-
I ran McAfee Internet Security and AdAware, and nothing showed except a few cookies.
Then at the suggestion here, downloaded Malwarebytes and ran that and it threw up 6 problems!! That was just the quick scan too. I am now going to do the full scan!
Sue
-
Now I ask, what is the point of 'paying' for a virus scanner when it does not pick thses things up?
Exactly.
A few years back I used to subscribe to Norton but managed to get infected a couple of times. I used the Bleeping Computer website to uninstall the trojans and it didn't cost me a penny. SInce then I haven't bothered paying for something that doesn't actually work anyway.
People should always be on their guard because a link could be a trojan. The other day I was searching for something using Google and I clicked on what I though was a respectable looking link and it was a trojan instead. That has happened a couple of times in the last couple of months. I don't go round saying Google is full of viruses and stop using it, it just means I have to be vigilant.
-
Run Malwarebytes - anti-malware sofware in safe mode....
google it, its free to run a check and get rid of the nasties.
if you already have it, don't forget to do an update first.
Thanks for the updates - I am going to run Malwarebytes but please what is 'safe mode'? my ignorance is showing! ::) want to make sure I get it right.
Thanks
Crystal
-
When you switch the power on keep tapping the F8 key and that should put you in safe mode as opposed to normal mode. Select the option at the top of the menu.
-
Many thanks
Crystal
-
Some folks might be interested in McAfee`s Site Advisor.
How It Works
With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives.
These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats (detailed below). The result is a guide to Web safety.
The SiteAdvisor technology is free, easy to install and even easier to use. And it doesn't collect any personally identifiable information.
Link.
http://www.rootschat.com/links/081m/
-
I have just run the malwarebytes anti malware and it did not detect anything, thank heavens.
Crystal
-
How do you get back to normal mode after using safe mode?
-
Some folks might be interested in McAfee`s Site Advisor.
How It Works
With SiteAdvisor software installed, your browser will look a little different than before. We add small site rating icons to your search results as well as a browser button and optional search box. Together, these alert you to potentially risky sites and help you find safer alternatives.
These site ratings are based on tests conducted by McAfee using an army of computers that look for all kinds of threats (detailed below). The result is a guide to Web safety.
The SiteAdvisor technology is free, easy to install and even easier to use. And it doesn't collect any personally identifiable information.
Link.
http://www.rootschat.com/links/081m/
Oooo uuurr! I have site advisor, but it did not warn me when I went to genes. In fact, all I did was go to the home page, then clicked on Family Tree....then all the problems!!
I didn't go anywhere near any adverts or anything else. Hope It is sorted now anyway.
Sue
-
How do you get back to normal mode after using safe mode
Just reboot your computer.
Start >> Turn Off Computer >> Restart
-
Some virus checkers are better than others (but most are better than none at all).
Anti-virus software on its own isn't enough these days. You need to ensure that whatever you are running has either an integrated anti-spyware/malware program or a separate program has been purchased. This is because malware and viruses are different and work differently so the protection against them has been developed differently over the years.
I know last time I purchased McAfee VirusScan for work it had minimum anti-malware protection, which is why they sell a separate program for this. Others intergrate it with firewall, anti-spam, etc, and sell the whole package, eg. AVG Internet Security. I think AVG free has now anti-spyware protection included.
Unfortunately its a bit of a minefield for anyone who isn't familiar with the terminology. Its OK for me, its been part of my job for years ... and from experience malware, such as the issues which appear to be affecting the ads on GR again, are more of a problem than viruses these days perhaps 'cos people are not familiar with the differences.
There is probably only a problem with a single advert, which doesn't appear each time someone accesses GR's website, hence the reason some people have not had alerts.
As for free online scanning software, if it throws up alerts that nothing else has found (and you've not had any pop-ups) and then invites you to purchase its software to fix it ... chances are they are red herrings to get you to spend your money. Buyer beware.
-
The reason why it's best to scan in Safe Mode is because in Windows it is practically impossible to delete a file that is still being run. Malware is usually loaded at Windows start - running in Safe Mode bypasses the loading of startup programs. I wouldn't get too paranoid about all of this - all this particular malware did was try to get people to buy overpriced (and maybe worthless) security software. Viruses can do a lot more damage than that.
-
I never buy Macafee or norton. not much cop if you ask me. AVG is better and Kaspersky
Recently, actually yesterday my computer went mad after going on Ancestry. Told me that I was invaded with trojans, which I did not have before.
marcie
-
Unfortunately its a bit of a minefield for anyone who isn't familiar with the terminology. Its OK for me, its been part of my job for years ...
Er ... viruses are a type of malware surely?
http://en.wikipedia.org/wiki/Malware
-
I never buy Macafee or norton. not much cop if you ask me. AVG is better and Kaspersky
Recently, actually yesterday my computer went mad after going on Ancestry. Told me that I was invaded with trojans, which I did not have before.
marcie
I agree. Norton has always been bloated and slow, and although Norton 360 is supposed to be better, I've had enough of it to last a lifetime. MacAffee had its own website hacked in October 2009, which doesn't inspire confidence. Of the others I rate Kaspersky as being very good, but for me the best is Eset Smart Security - it won't even let you miss a Windows security update without nagging, and out of them all it places the lowest demands on the processor.
-
Unfortunately its a bit of a minefield for anyone who isn't familiar with the terminology. Its OK for me, its been part of my job for years ...
Er ... viruses are a type of malware surely?
http://en.wikipedia.org/wiki/Malware
Malware is badware, and the word encompasses a lot. The sort we saw in this thread was quite low risk - and really only there to panic people into buying overpriced software. Some viruses aren't that benign - they will steal your data, and could lead to actual theft by hacking into bank accounts or credit cards.
-
Some viruses aren't that benign
My understanding is that it was a trojan, which isn't a virus is it?
Shall we just stick to calling it malware? ???
-
Er ... viruses are a type of malware surely?
http://en.wikipedia.org/wiki/Malware
Hhm, yes I agree should have picked my words a bit better.
However, I just feel its misleading to label everything as a virus since the chances are the problem with the ad on GR's site won't be a virus in the true sense of the word but some form of adware to get you to purchase their software. It tends to be spyware and other types of malware that are used to steal data rather than viruses ...
Shall we just stick to calling it malware? ???
I agree with downside, malware would be a better term to use .. particularly for those of us who remember the good old days when virus outbrakes had a tendency to absolutely kill PCs .. which is the reason why I mentioned earlier than viruses are perhaps less of a threat these days than other forms of malware. The aforementioned problem does not seem to be in that league.
-
Some viruses aren't that benign
My understanding is that it was a trojan, which isn't a virus is it?
Shall we just stick to calling it malware? ???
My comments were being made at that stage about PC protection in general, and if you want to split hairs, then I'm not going to play, because the bottom line is that whatever you call them, these are only files at the end of the day, and if your computer protection will allow one file to be dropped on your computer, then there is every chance that it will allow something more serious in too (assuming, of course, that you have some sort of protection in the first place).
-
Some viruses aren't that benign
My understanding is that it was a trojan, which isn't a virus is it?
Shall we just stick to calling it malware? ???
A virus is a trojan, and it is malware - they are all only computer files. The main difference that sets a virus apart is that it can re-infect other machines.
Saying that a virus isn't malware is like saying that an articulated lorry isn't a vehicle.
Malware = a file which is on your computer which could have some detrimental effect. However, some pretty innocuous files like tracking cookies can be classed as malware, so many are rather benign.
Trojan = a file on your computer which arrived there by stealth, and which may or may not be detrimental.
Virus = a file written to do a task in the background (usually a trojan) which replicates itself and can re-infect other PC's.
-
About an hour ago I went to GR to view my tree and check on something. I got a virus alert message from my AVG-free. I came off the site immediately and am now too scared to go back on there.
-
If there's a virus, it will be on your PC, not theirs. Boot your PC into safe mode, run Malware Bytes and your virus checker, as described earlier in this thread.
-
Thanks Nick, will do that. Cheers. :)
-
Scan, etc completed and no problems found! Phew!!
-
Scan, etc completed and no problems found! Phew!!
If there's a virus, it will be on your PC, not theirs. Boot your PC into safe mode, run Malware Bytes and your virus checker, as described earlier in this thread. "
But surely if a scan found nothing it can't be on Silas' PC.
I've just been on Genes and yet again my Norton 360 has blocked this " Fake Antivirus Install Request 4 "
-
Like the others on this thread I only had the problem on Genes. When I tried to install malware bytes my McAfee advised me not to so I didn't. However, Silas did so and found he had no problems anyway so definitely something funny going on at Genes I think. Visited the site this morning and had no problems this time but will refrain from doing so again for a while.
Annette
-
I complained to Gr and provided further details, including a link to this thread
I received the following reply
It is not possible for the virus alert to have been originated from one of our website pages so the only possible source could be an advertisement on our website.
All advertisements displayed on Genes Reunited are scanned for viruses but we have asked our Advertising company to thoroughly investigate this matter.
I confirm that they have now removed any relevant adverts from our website while we examine them individually.
You have my assurance that there will be a thorough investigation and that, if a virus is definitely identified, we will be sure to take action to prevent any advert of that type being displayed on our websites again.
-
Ok.
Not quite the same topic but attached.
Do you think that sites where you manage to pick up these trojans ought to be told and that they ought to ensure that their site is clean so that others visiting cannot become infected. kThat they should be responsible for their inhouse cleaning to ensure that trojans etc are not passed on.
marcie
-
Annette
that should also apply to Ancestry. That and Genes were the last places that I visited kbut I did not take a look at the adverts on genes, so it is either other peoples family trees or some such thing on there, or with Ancestry it must be passed on by American family trees which are public on the site.
marcie
-
if you also visit digital spy forums, there are also issues on there, just in case some have visted there THEN genes,
and thought it was that
-
I still haven't heard anything from GR. It came directly through an e-mail they sent me, giving 4 close matches, 3 of which were already in my contact list. The new contact was a Susan on which I clicked and Hey Presto = the warning came from my security site.
Interestingly since then we've received several rubbish spams which we were free of before.
J
-
The trojan won't have come from the web pages themselves, and it's not really a serious problem - it's only someone exploiting the way that some web sites display adverts on their pages. The sequence of events is this - you pick up a trojan which is not essentially a virus, so virus checkers don't pick it up. All this trojan does is sit there on your PC, until a web site script (desgned to do something else entirely) activates it, and all it does is to put a warning message on the screen. And, judging by the posts of some people here, it had the desired effect.
What I find rather ironic is that people are getting all hot and bothered over a trojan which has caused a minor amount of inconvenience, when there are bigger threats out there which don't announce themselves. The majority of spam emails come from infected computers - this is why the people behind it are rarely caught, because the emails don't originate from them, and yet some people here have openly said that they don't use virus scanners.
-
Like the others on this thread I only had the problem on Genes. When I tried to install malware bytes my McAfee advised me not to so I didn't. However, Silas did so and found he had no problems anyway so definitely something funny going on at Genes I think. Visited the site this morning and had no problems this time but will refrain from doing so again for a while.
Annette
You're obviously unaware that MacAfee are the laughing stock of the security industry, having had their own web site hacked twice during 2009 ?
-
It would be interesting to know how many of you who didn't get a trojan warning have some kind of adblocker?
I know I have it on firefox, which explains why I didn't see anything.
Nick are you running an adblocker of some description?
Before Tristan and the mods throw a fit and close this thread, I don't usually use firefox for rootschat :)
-
Before Tristan and the mods throw a fit
::) :P
-
My router has the ability to block ads, but at the moment the option is not switched on :)
-
Ankerdine
If you let your mouse hover over the link that caused this message, what does the link look like?
For instance when I hover over someone's name in my Update List is displayed like this:
http://www.genesrenuited.co.uk/contact.asp?wci=contactdetails&contact_key=4043407
over on the bottom left of the status bar, where the number at the end is a variable.
-
Downside what do you get on this link if you hover your mouse?
http://www.rootschat.com/links/0824/
-
My router has the ability to block ads, but at the moment the option is not switched on :)
Nice router....what make/model....sounds like a good one?
-
Downside what do you get on this link if you hover your mouse?
Unless this a trick question, the same as you can see.
What point are you trying to make?
-
No its not a trick question.
If you click it it`ll show a Scrubbie, a nylon pot scrubber, which I use in my Fishtank filter.
(http://i156.photobucket.com/albums/t21/stevies_photos/th_B1273719-20071129123409.jpg) (http://s156.photobucket.com/albums/t21/stevies_photos/?action=view¤t=B1273719-20071129123409.jpg)
The point is it could lead to anywhere or for that matter anything I wish to lead you... a Malicious site with a Trojan, virus or whatever. Its very easy to believe that hovering a mouse over a link will show whether a link is safe.
Short links are dangerous, I wonder how many think of that? ::)
Just an example of how dangerous the net is & just out of curiousity if I`d posted heres a link to Norton`s newest, bestest A/V would you have clicked it?
-
nearly all netgear/belkin routers have "adblocking" website blocking
-
nearly all netgear/belkin routers have "adblocking" website blocking
Are you talking about the firewall rules bit?
-
After ready other peoples remarks about GenesReunited being infected. I will not be renewing my subscription next month.
I also get very little from the site (people often don't repl).
Tiddles
-
ssssh Steve!
I only mentioned it because I thought that might be a reason why some people got the trojan messages and others didn't.
-
ssssh Steve!
I only mentioned it because I thought that might be a reason why some people got the trojan messages and others didn't.
I`m saying nowt......
;D
-
Well I've just waded through a load of techie squabbling on this thread and all I really wanted to know was whether it would cause a problem with my computer and if and when it's safe to go back in GR.
Don't care if it's a (http://smileys.on-my-web.com/repository/Animals/running2.gif) or a (http://smileys.on-my-web.com/repository/Animals/caterpillar.gif) (couldn't find a pic of a worm) or even a (http://smileys.on-my-web.com/repository/Animals/pig-baloons.gif), I just want to know when it's safe to go back in.
-
As far as I`m concerned theres no problem, like some I haven`t experienced a problem so either its a false positive & your security is at fault or its a genuine problem & your security is at fault for failing to protect you.
-
seems to be all clear now....
-
What I am saying Steve is that when people hover over a name/link on their update list then it might not contain the standard link.
I obviously need someone that has had a problem to confirm whether that is true or not.
Just to re-iterate Genes Reunited is not infected with malware.
-
I also have a polem he same as this on my laptop and here was me blaming my daughter and all he sites that she visits...I have macafee and wondered how this could be...I ran a scan and nothing showed up on he scan....I am now frighenend o turn my lapop on as this warning was coming up every 2 minutes....thanks for all the advice and I will also ell GR and erminate my membership
Lynda
-
Its NOT genes as downside has said.... its associated with the ad scripting, which might or might not be giving out false messages. It happens sometimes. Genes at least acknowledged and took it seriously enough to investigate the advertising, which appears to be all clear now.
Lynda I suggest you also run the Malware Bytes software on your laptop as mentioned way back in this thread. That way you will give yourself peace of mind!
-
My router has the ability to block ads, but at the moment the option is not switched on :)
Nice router....what make/model....sounds like a good one?
It's a Draytek 2820. Two ADSL lines in, line balancing. Unfortunately it knows a lot more about networking than I do ;D
-
Well I've just waded through a load of techie squabbling on this thread and all I really wanted to know was whether it would cause a problem with my computer and if and when it's safe to go back in GR.
Don't care if it's a (http://smileys.on-my-web.com/repository/Animals/running2.gif) or a (http://smileys.on-my-web.com/repository/Animals/caterpillar.gif) (couldn't find a pic of a worm) or even a (http://smileys.on-my-web.com/repository/Animals/pig-baloons.gif), I just want to know when it's safe to go back in.
It always has been, Roobarb, for those of us with clean computers and decent firewalling ;)
-
Well seeing as I'm not one of the techies I've obviously got a dirty computer. Must say I haven't had any probs before though. (http://smileys.on-my-web.com/repository/Computer/computer-good-vs-evil-3.gif)
-
I know everyone is saying that GR is fine and I accept that BUT...
I have virus checkers and firewalls coming out of my ears.... I got a blocked trojan message from my virus checker when all I had done was reply to a GR message. I didn't log onto the site or access an ad ro anything - I just responded to the email that said I had a message - it loaded it in GR - I replied to it and BANG - blocked Trojan....
I did, of course, scan my system afterwards and run all the malware-checking software such as MalwareBytes etc and there was nothing on my PC. I would have been staggered if there had been anything on my PC , given the way I run it.
So - what raised the Trojan message? It wasn't anything lurking on my PC and nothing else apart from GR raises the error. I'm not sure how people can be as confident as they are that there's nothing amiss on the GR site ???
Regards
Angela
-
What I am saying Steve is that when people hover over a name/link on their update list then it might not contain the standard link.
I obviously need someone that has had a problem to confirm whether that is true or not.
Just to re-iterate Genes Reunited is not infected with malware.
I see what you`re after now, but my advice re short links is still valid.
& I agree with your comment re GR.
-
It's a Draytek 2820. Two ADSL lines in, line balancing. Unfortunately it knows a lot more about networking than I do ;D
Nice, I`ll have a proper read later, have to get to work early then get to another site because there was an accident late yesterday & I`ve been asked to pop in & have a look.
-
I know everyone is saying that GR is fine and I accept that BUT...
I have virus checkers and firewalls coming out of my ears.... I got a blocked trojan message from my virus checker when all I had done was reply to a GR message. I didn't log onto the site or access an ad ro anything - I just responded to the email that said I had a message - it loaded it in GR - I replied to it and BANG - blocked Trojan....
I did, of course, scan my system afterwards and run all the malware-checking software such as MalwareBytes etc and there was nothing on my PC. I would have been staggered if there had been anything on my PC , given the way I run it.
So - what raised the Trojan message? It wasn't anything lurking on my PC and nothing else apart from GR raises the error. I'm not sure how people can be as confident as they are that there's nothing amiss on the GR site ???
Regards
Angela
Out of interest, what virus checker and firewall are you using ?
Some anti-virus programs throw up "false positives". At one time, AVG was well known for this, and MacAffee has had its moments too. The mark of a good AV program isn't limited to how effective it is at finding malware, it's also about how effective it is at ignoring false-triggers, and how much strain it puts on the computer whilst doing it.
We know that the site isn't responsible, because similar things are being seen on other unrelated sites, and since many of us (including myself) have visited the GR site and had no problems at all, and had no virus warnings, then I doubt whether the actual site is responsible. Web pages are very complex these days, with Flash, scripting and IFrames, etc, and it's quite easy for scammers and hackers to exploit these.
-
I didn't log onto the site or access an ad ro anything - I just responded to the email that said I had a message - it loaded it in GR - I replied to it and BANG - blocked Trojan....
AngelaR
That is what Ankerdine, who originated this topic, said happened to her. She had an email containing a so-called Updates and clicked on a link and then bang.
If your computer is off-line then dynamic links would have a red cross in the corner because they cannot connect to the website. In order to display some objects in an email you need to be connected to the website - so therefore you were logged-in when this happened.
-
I didn't log onto the site or access an ad ro anything - I just responded to the email that said I had a message - it loaded it in GR - I replied to it and BANG - blocked Trojan....
AngelaR
That is what Ankerdine, who originated this topic, said happened to her. She had an email containing a so-called Updates and clicked on a link and then bang.
If your computer is off-line then dynamic links would have a red cross in the corner because they cannot connect to the website. In order to display some objects in an email you need to be connected to the website - so therefore you were logged-in when this happened.
What I meant was that I didn't log in to GR directly. If you click on the link in the GR email telling you there is a message, it takes you straight to the message (presumably logging you in via some back door). In itself, that didn't cause a problem, nor did clicking on the 'reply' button, but once I'd composed a reply and clicked 'send' - that's when the warning came up.
I'm happy that my computer is not infected - just puzzled as to quite how this occurred. My AV is Kaspersky by the way....
-
I think what Steve was getting at yesterday was that email and web page links don't always take you where you think they are going to take you, and with many email packages (like Outlook), if you hover your mouse pointer over the link, it reveals where it's going to take you. You can have a link that says Google (http://www.bing.com) but when you click on it, it takes you somewhere else (try it !). I get several emails a week asking me to confirm my emails on banks and other online payment sites, and they all look quite authentic, but the links don't take you where you think they're going to.
-
Its possible it could be a false positive but if you re-read the thread you'll see that McAfee, Norton, Kaspersky and AVG have all been mentioned .... so perhaps less likely. The chances are that people who haven't experienced the problem are also using these products ....
But then as some have been people experiencing it and not others, its not really surprising since the problem is with the adverts fed to the site and these change each time you go there ... so not everyone is going to get the same adverts. And yes the same comment can be made about other sites IF people are experiencing the same issue with them ... adverts are generally fed randomly to sites.
-
That really depends on who is supplying the advertising. On RC it is Google, so if you post something with Ancestry in the message body, chances are that an Ancestry advert will appear. On GR it may be a totally different agency supplying advertising from companies that have paid specifically to be there.
-
There only seem to be 2 advertisers at the moment:
JobCentrePlus
BT
In the past they have had organusations like the RSPCA advertise on there.
They seem to be respectable organisations.
-
I know everyone is saying that GR is fine and I accept that BUT...
<snip>
So - what raised the Trojan message? It wasn't anything lurking on my PC and nothing else apart from GR raises the error. I'm not sure how people can be as confident as they are that there's nothing amiss on the GR site ???
It's refreshing to read a message from someone who seems to know what they're talking about, rather than just pontificating about something they haven't experienced and blaming users for this, rather than accepting the overwhelming evidence from those who have actually come across the problem themselves.
While it is quite correct that this piece of malware is not itself on the Genes Reunited website, it is almost certain that there is nevertheless a problem on the site which is causing people to be directed to a site which does contain some kind of malware. I have experienced this on two different computers which, like Angela's, have been thoroughly scanned and do not have any nasties on them.
This seems to have happened to so many people on (and only on) Genes Reunited that the laws of probability indicate that the problem is there rather than on individual computers. What seems to be happening is that when people click on a page, either on the site itself or in an email linking to the site, they are being misdirected to an external page containing (in my case) a rogue scanner. (Although my security software has been preventing the page from loading, it logged the IP address, which I have checked out at WHOIS.)
That it is not happening to everybody does not mean that there is not a problem, or that the problem is not originating at GR. It seems to be happening on a fairly random basis, and it may be that it only affects some browsers. It has also so far only happened to me when I have been logged in.
It's also unlikely that this is a false positive, since several different security products are detecting it as a threat. Moreover, the description from people who do not have security software blocking the page fits with that of a rogue scanner - they are being told that they have lots of nasties on their computer and need to download software to deal with it.
I have sent GR several emails about this, and like many others received their standard reply about removing adverts. However, the problem occurred again after they had supposedly removed these adverts, and although I emailed them again to point this out and describe how the problem occurred and gave them the IP address etc, it was clear that they did not read this as all I received was another copy of the standard reply. I wrote again asking them to read what I had written, but two days later am still awaiting a reply.
I have not returned to Genes Reunited since this last happened to me a couple of days ago, as I do not have any confidence that they have dealt with the problem properly and that the site is now safe.
Arthur
-
Hear, hear Arthur
I agree with everything you say. I too am staying away from Genes.
Annette
-
Ditto
-
another to look out for is a Hallmark card sent to you that contains a virus
sylvia
-
Well said Arthur!!
Sue
-
Well that settles it - I shall definitely not renew. Whatever the cause or situation there is no excuse for not dealing with its customers in a efficient way and replying properly to their emails, especially when they are attempting to assist with the problem.
It will be of very little loss to me anyway, especially since at present I am avoiding the site altogether!
Selina
-
It's refreshing to read a message from someone who seems to know what they're talking about, rather than just pontificating about something they haven't experienced and blaming users for this, rather than accepting the overwhelming evidence from those who have actually come across the problem themselves.
Arthur, has it ever occurred to you that the reason why this isn't happening to many of us is because we have taken the necessary precautions to make sure that it doesn't ?
I think it has been said several times already that this was not a virus, just a wicked piece of malware that exploits a feature of certain types of web pages, and it's so easy to let malware like this enter your computer if you let your guard down just for a minute. You would be amazed at the number of people who open emails which are from people or companies that they don't know, or these "chain" emails which are passed on from person to person.
If I stood at the side of the road with a lit cigarette, and you drove past with a leaking petrol tank, and your car burst into flames, whose fault would it be ?
-
Okay, so we all have Malware...but Genes seems to be the common link with the warnings. So SOMETHING must be on there to trigger it on our computers.
Sue
-
Arthur, has it ever occurred to you that the reason why this isn't happening to many of us is because we have taken the necessary precautions to make sure that it doesn't ?
...it's so easy to let malware like this enter your computer if you let your guard down just for a minute. You would be amazed at the number of people who open emails which are from people or companies that they don't know, or these "chain" emails which are passed on from person to person.
I wonder if you have read properly what I wrote. I have taken all necessary precautions, I don't have any malware on my computer, and I wouldn't dream of opening a suspect email, let alone clicking a link in one.
Moreover, when the problem occurred at GR, my internet security software prevented anything untoward from happening, so my computer is still clean. And as a further precaution, I keep away from websites where problems of this sort are known to be happening, until they are clearly safe again.
Arthur
-
Perhaps you can clarify one thing for me - I have always understood that opening emails was OK as long as you didn't click and open any link or attachment.
Is that not correct then?
Selina
-
Thats what I thought Selina
-
Arthur, has it ever occurred to you that the reason why this isn't happening to many of us is because we have taken the necessary precautions to make sure that it doesn't ?
...it's so easy to let malware like this enter your computer if you let your guard down just for a minute. You would be amazed at the number of people who open emails which are from people or companies that they don't know, or these "chain" emails which are passed on from person to person.
I wonder if you have read properly what I wrote. I have taken all necessary precautions, I don't have any malware on my computer, and I wouldn't dream of opening a suspect email, let alone clicking a link in one.
Moreover, when the problem occurred at GR, my internet security software prevented anything untoward from happening, so my computer is still clean. And as a further precaution, I keep away from websites where problems of this sort are known to be happening, until they are clearly safe again.
Arthur
So Arthur,
Maybe you can explain to me where this warning is coming from, since it is impossible for a website to drop a file (other than a cookie) on your computer without you OK'ing it first ?
And why does it affect you, and not me ?
-
Perhaps you can clarify one thing for me - I have always understood that opening emails was OK as long as you didn't click and open any link or attachment.
Is that not correct then?
Selina
Personally speaking, I would not risk it, and some Email programs will automatically open some types of file without asking.
-
So Arthur,
Maybe you can explain to me where this warning is coming from, since it is impossible for a website to drop a file (other than a cookie) on your computer without you OK'ing it first ?
And why does it affect you, and not me ?
The warning is coming from the link scanner and web shield elements of my internet security package. This scans webpages I am about to visit before they are downloaded on to my computer, and if it finds a problem it blocks the page from loading. On each occasion it has defined the threat as an Exploit Rogue Scanner (type 1027). But these warnings were about a threat on pages I had been about to visit - not about something already on my computer. (Incidentally, calling up the pages where the threat was located was inadvertent, as the links I was following appeared to be genuine ones on the GR site and there was nothing to indicate that they were going to take me somewhere else.)
I don't know why you aren't getting the same warning. Since the issue seems to be random, maybe you've just been lucky so far. Or maybe there's some other reason - I don't know.
I'm not going to participate in a lengthy argument about this. I've explained what the problem is and what steps I've taken to raise the matter with GR, and I know my computer is clean. If you don't accept that, that's up to you.
Arthur
-
Arthur would you let us know what security software you run that shows these things please?
Its obvious that some on here are getting these messages & some aren`t it may just be a case of trying to narrow things down a bit, a screen grab of the issue might help from those affected.
Steve
-
I'm using AVG Internet Security (the full paid-for version). I'm afraid I can't help with a screen grab, as I don't intend to go back to GR until the problem there is definitely solved.
Arthur
-
Thanks Nick for reply re emails.
I obviously had a false sense of security and will be even more careful in future.
Selina
-
I rarely, never really, hear my security mentioned on the boards.
F-Secure - I pay my ISP 50p per month for it. I have been happy with it so far.
When I bought my computer it came with Norton for a year free, it actually carried on for longer but I wasn't impressed enough to subscribe after that.
So does anybody else use F-Secure and any opinions?
Selina
-
I've not heard bad things about F-secure, and at £6 a year, it's a reasonable package (it costs £14 on Ebuyer). However (there is always a however :) ) the measure of a good AV program is not only how effective it is - it is also about how much load the program places on the computer, because it is a program, and it's running in the background all the time. Some AV programs place so much load on the PC that you can notice a big difference when you remove them - the computer becomes much more responsive. I use Eset Smart Security 4 - this isn't cheap at £39.95 a year, but I think the security of my personal data is worth that, and it does work better than other products. The package includes full firewalling, AV detection, heuristic threat detection, email scanning, and spyware detection. Eset uses "pre-compiled code" which basically means that it places a smaller load on the PC.
Eset Smart Security 4 only uses about 48MB of the computer's memory when running. In independent tests by AV-Comparatives.org (an independent Austrian research lab) Eset Smart Security and Eset NOD32 AV heuristic detection detected 68% of threats, compared to only 27% by AVG. And, in tests, Eset Smart Security and Eset NOD32 have never let an "in the wild"* virus slip through, compared to 35 by Kaspersky, 71 by MacAfee, and a whopping 745 by AVG ! :o
* An "in the wild" virus is a newly-released virus whose signature does not appear on any virus database. Virus checkers work in two ways - (1) they compare files against databases of known virus signatures (data strings), and (2) they analyse the virus to try to gauge if it is a threat - this is called heuristic checking.
-
Some techie can explain better than I about emails however I understand that most email packages enable you to turn off HTML on emails which, as I understand it, turn of all links. This means all emails will be in plain text only.
Barry
-
Yes, that's correct. Many companies automatically turn HTML emails into text to avoid threats, because it makes life easier for IT staff. Modern HTML coding doesn't just expose the recipient to the risk of following bogus links, but the HTML coding itself can also pose a threat. Having said that, it's much nicer to install a decent protection program and retain the variety offered by HTML emails, in the same way that it's much nicer to wear a seat belt than to go everywhere at 10MPH :)
-
Since following this thread, I haven't bothered to open anything from Genes.
Does anyone know whether it is now safe to do so?
Tecwyn ???
-
I have been using it for weeks without any problems ;D
Ambers
-
lol! yes it was fixed pretty quick... at least Genes acted fast in sorting it out.
-
I'm using it again without a major problem, though it does seem to be rather sluggish from time to time.
Judy
-
Many thanks for those replies.
Tecwyn :)