TRAINS Forum Computer Virus?

A virus?  I don't know, the way my lap-top's set up if there's something questionable in the site I'm visiting I get an immediate warning to exit, and I haven't seen it here.

I will say that the new (improved?) site has to navigated carefully, it seems you can't zip thru the menu selections as you did before without some problems.  I'm getting used to it. 

KP did have a problem which locked up only trains sites.  Was unable to access any but a system restore previous to the problem fixed the problem.

K.P. ( and Overmod) Strange that you should mention it...Yesterday after a session on the FORUM, and a short looksee on Drudge Report...My Computer was locked up by a screen- and a statement saying I needed to call an '800' number.  I immediately turned my machine off, and cut the power.

    When my wife sat down to use it the same screen came back...Long and short of it, she called the 800 #, and gave the Indian/Pakastani(/) who answeresd  both barrels... Made her feel good. !    She then turned it off at the switch, and we let the machine sit overnght..She turned it back on this morning..Apparently, now all is well...San Malware Bytes and Avast Virus Programs...Seems to be ok now ?

That was the first time we have had a problem like that...Sure hope it does not happen again. 

I use Avast Internet Security and those built into Windows 7, and have not had problems with any of the forums -- Model Railroader, Trains, Trains Magazine, or Garden Railways other than those caused by the 'improved' software.

Get Calm Aant Virus (clamav).  It is the best that I have found and it is FREE.  just google it and download and install the program.  They update their databases daily to keep current.i

irus

I use three layers of protection.  First is a premier AVAST, although their free version works very well.  Second is free...MalWareBytes.  Needs to be updated manually every time you activate it, but it does a good job ferreting out the nasties.

Last layer, also in a freeware version, but there is a paid subscription for the version with more bells and whistles, including auto-udate, is CryptoPrevent.  This runs in the background and prevents third party software from encrypting/suffixing any of your files.  You won't get that dreaded "FBI has locked your computer...pay us $300 and we'll send you a key."

BTW, I have had no problems on this site whatsoever.

I have seen the forum pages come up where the formatting seems to have been lost... the normal 2 columns of postings on the left, and my username (and links to "Manage Profile", "Setup", etc.) and the text box to subscribe to the free email newsletter, on the right... all appear in one long left justified column, and the individual postings are not contained in seperate shaded bounding boxes.  Embedded in it all are some of the oddball textual HTTP commands showing instead of the computer interpreting them to do the formatting.

When that happens, I refresh the page and it usually then comes back with the correct format.

I don't see that as a "Virus" doing nasty things, I see it as the internet is so bogged down with SPAM and D.O.S. attacks, as well as the number of people that are streaming videos such that data gets lost in the general buffoonery and that manifests as squirrelly displays.  I tend to blame my ISP for most of the slowness I experience and the lost data, but it could be happening almost anywhere on the "Internet" itself.

If you get a screen that trys to get you to call a phone number, then you have managed to get to a site that probably has been hacked to redirect you to a Malware site.  I fear that calling the 800 number only managed to get a BIG CHARGE added to your phone bill.  800 numbers can also be hacked to redirect you to a long distance number that you will be charged for using.  Unloading on the idiot that answers only get that person to smile as you are PAYING THEM for the priviledge of teaching them new 4-letter words.  I suspect that after you get your phone bill a couple of months from now with the $10 to $100 charge you can probably get it removed if you complain long and loudly enough to the phone company, but your refusal to pay may be reported to the credit reporting agencies and removing THAT will be the next item on your agenda.  Best of luck to you!

It is also possible that your computer may still be "infected", even though you are not seeing a problem "now"... my reasoning is that if you turned off your computer and then turned it back on and the problem was still there, then turning it off again and leaving it Off overnight does not make any difference to the computer.  Off is OFF and no amount of time being in the Off state means anything.  The problem may not be showing up because the site that you were being redirected to may have been shut down somehow (your ISP may have added it to the banned list, or the perps may have gone elsewhere).  It is also possible that your operating system or anti-malware program got an update overnight that got downloaded as part of the boot-up and that corrected the settings in your computer, but I would expect you to see a notice that your anti-malware program did something for you.

There is one other thing that might have happened to effect a cure...

My PC sometimes seems to revert to a previous setup at boot-up.  I have a program that I wrote that is an alarm clock that I can set to have dozens of alarms.  Some only go off once a year to remind me of an upcoming birthday, some go off once a month to remind me to pay certain bills, and one goes off hourly to remind me to get up off my duff and get some exercise!  All of these alarms can be "snoozed" to remind me again in a few minutes (the birthday alarms go off a week early and I repeatedly 'snooze' them for 99 minutes until I actually get around to doing something about it).  Sometimes, when I know I have deleted an alarm or created a new one, the next day the deleted alarm is back and/or the new one is gone and I don't know what program or process re-wrote the Registry to before the time that I deleted/added alarms.  BUT, I relate this to say that it is possible that whatever happened to your computer to add the malware might have been undone by whatever causes my mysterious reseting of my alarmclock settings, so you may be safe at this point.

Do update your anti-malware software often and download and sometimes run a scan using some other brand anti-mailware program just to see if some other brand might catch a problem that your present one does not.

Semper Vaporo

It is also possible that your computer may still be "infected", even though you are not seeing a problem "now"... my reasoning is that if you turned off your computer and then turned it back on and the problem was still there, then turning it off again and leaving it Off overnight does not make any difference to the computer.

I concur with much of the advice given:  you NEED to be proactive with malware scanning, and it's unlikely that just a reboot has 'cured' much of anything.

Be sure to start with a known 'restore point' in the machine -- ideally, one made at a time you had all your software and applications configured properly, but before any known malware activity.  Go into 'add and remove programs' (or whatever it's called in your version of Windows) and get rid of any toolbar or 'utility' programs you don't want or remember.  Even if it has a familiar or famous name.  It can be astounding how slow even a modern computer can become when it's processing each keystroke through 50 or more layers of software...

Go into your browser and prune out all the cookies you don't want, including anything with 'ad', 'doubleclick' or 'checkm8', or 'media' in its name.  (If you can find an online list of tracking sites -- use it as a reference!)

Then start actively 'cleaning' with the Piriform CCleaner -- note that this has two separate sections that you should run, one for files and one for the registry.  Download it directly from Piriform, not from FileHippo or some other download source.  You'll probably have to run the registry tool a number of times (make a backup each time) until no more issues are identified.

When you are done with this, find and run the Malwarebytes Anti-Malware tool.  (This may take a while to run.)

And when that is done, install the Avast! antivirus program and set it up to run.  (You do it in this order because some malware programs know to defeat antivirus installation, or direct it to a 'wrong' site for a fake install...)

There are some other tools and utilities you can use for deep-seated or special malware.  But be advised that there's a range of programs and 'services' that cause... in fact, can actually create... more problems than they help.

Overmod (10-4):

As you requested ... The composition screen and buttons for the first post:

The buttons afterward:

Obviously, one can't post efficiently with photos or insertions without the buttons for them!

Take care,

K.P.

K. P. Harrier

Obviously, one can't post efficiently with photos or insertions without the buttons for them!

KP, I think it's just our nasty little IT gremlins fouling up some more.

I still have those flat, grey, crudely-drawn mystery-meat buttons for link, image, and video in my bar (this is Firefox 32.0.3 on a Mac running 10.9.5) ... it's just that two of the three of them don't work right.

I think the failure with link insertion is related to the 'Target' dropdown, which doesn't even really need to be there when inline insertion of a clickable URL is almost certainly the principal use.

The image tool works nicely -- although I'm too lazy to figure out where the 'image description' is supposed to display...

And this is what happens when you use the 'insert/edit video' tool on a YouTube video with an 'embed' code:

And here is the image tool with the same video as above, using the share URL:

([sarc]Hear the crickets chirping instead of steam locomotives?[/sarc])

Hopefully since the IT people have done all that work for so many weeks they can re-enable the spam-in-a-can functionality that supposedly still exists in the Web site code, and fix this.  But I want them to fix the problem they've introduced with posts displaying in the wrong order first!

II have many layers of protection, the more you have tha better it is.  I have three firewalls, anti spam and anti intrusion protection, security enhanced linux an aniti spoofing program and  clam anti virus which I keep  automatically updated daily.  \

Twice, I have watched while someone tried to hack my system.  I laughed while they tried to hit their head against the perverbial "granite wall".  I back tracked them and told my ISP' security department what the real netework address was for them.  NO system is entirely secure, BUT you can make it very hard for people to get into your system. 

Overmod

Hopefully since the IT people have done all that work for so many weeks they can re-enable the spam-in-a-can functionality that supposedly still exists in the Web site code, and fix this.  But I want them to fix the problem they've introduced with posts displaying in the wrong order first!

If you suspect that your Windows system is infected, any cleanup is best performed from a standalone (self booting) rescue CD.  A good list to start with is here: https://www.raymond.cc/blog/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk/  Also look at this page under Rescue Media: http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm?page=25%252C22,2&order=title&sort=asc

As reported in another topic, I can simulate the above 'missing buttons' symptom Only when using the Internet Explorer browser.

I only have access to version 11 under Win7, so someone else may not have the exact same experience. The new forum theme does not seem quite bug free yet so IE11 might work in the future. In the meantime, Firefox works fine for my purposes.

MikeF90

As reported in another topic, I can simulate the above 'missing buttons' symptom Only when using the Internet Explorer browser.

 

I only have access to version 11 under Win7, so someone else may not have the exact same experience. The new forum theme does not seem quite bug free yet so IE11 might work in the future. In the meantime, Firefox works fine for my purposes.

 

 

@BaltACD, thanks for your report with using IE on Win 8.1. I just decided to fire up old IE 8 on WinXP for a 'laugh'. So far, just saw an error message that probably indicates some incompatibility with the forum web page. Not unexpected, since Microsoft has a shameful and notorious history of not keeping IE up to date with actual W3 standards.

UPDATE: Don't know whether to laugh, cry or curse. The Insert buttons do Not disappear when using IE 8 !!  Here's an Insert Link test:

http://cs.trains.com/trn/f/742/t/229021.aspx 

Oh well, that didn't work, just like other browsers so far.

Not sure if this tip is buried in the above advice. but I strongly recommend that you do your regular computer work logged in as a standard (limited) user, not an administrator.

Too many OEMs and computer dealers who should know better do not set up two accounts, one of each type. Windows UAC defaults seem a little too permissive but I'm not sure what to recommend here yet.

At any rate, unvetted third party 'pop up' ads should not have access to sensitive parts of the system. If you suspect that your regular account is comprimised, log in as administrator and migrate to a new 'regular' user ...... after performing the malware cleanup recommended above.

Knock wood, but I've never been hit with a virus even with Adblock turned off on legitimate sites like trains.com. 

A Magical Cure and a Vicious (But Stupid) Virus Identified!

In recent days my computer became totally useless on the Internet, with certain sites becoming inaccessible and irrational popups showing up continually.  Thus, the following was tried, and it worked!

In Windows 7:

Accessories … System Tools … System Restore.

A date was selected, and the process was activated.  My system was brought back to the condition present on the selected date.

Previously, a program named “dealster” kept showing up, so with the system now restored to the past date, using the Command Line (black screen with a prompt) “DIR DEALSTER /S /P” was typed in and ENTER pressed.  Also, “DIR DEALSTER /S /P /A:H” (for hidden attributed files) was used also.  TWO directories by that name showed up, with a file named lwkyPV3nDjLKRE.dat in both directories.  (The Iw … may have been 1w …)  They were deleted with the ERASE command (some use DEL for Delete, but both are commonly used), and thereafter the directories were deleted with RD DEALSTERS, RD being the  ‘Remove Directory’ command on the Command Line.  At both locations that was done at, and the popup problem seemed to go away for good.

My Deep Freeze program was turned on again, and nothing can now get into the computer system.  Another program by Faronics (seller of Deep Freeze) is AntiExecute, which doesn’t allow any program (like a virus) to ACTIVATE (start) except those on the list, which can be upgraded or altered anytime.  Unfortunately, Faronics did NOT sell a miracle program that could have prevented Kalmback from wrecking the forum …

It is hoped the details of my experience is of help to others.

Congrats!!!!!  

A little searching turns up a wealth of information on Dealster. It is classified as 'adware' but with the likelihood of bringing in much more destructive malware. Here are a few links regarding removal and prevention:

http://www.virusresearch.org/remove-dealster-ads-permanent-removal/

http://www.im-infected.com/adware/remove-dealster-virus-removal-guide.html

http://malware-detective.com/uninstall-dealster/

Time to double .... er, triple check your browser settings to deflect this junk. Apparently these sleazeballs consider themselves a legitimate business:

http://www.crunchbase.com/organization/dealster

@vsmith, I'm also not happy with the forum changes but, knock wood, it seems to be getting slightly more stable as time goes on. Try as I might, I can't duplicate your symptoms. In fact, the Reply window font size went from 'tiny' a few weeks ago to 'almost-too-big-KPH'  recently.

ANOTHER THOUGHT:

I haven't ever seen non-Kalmbach ad pop-ups on this site, so perhaps the default features of Firefox are suppressing them. Interestingly, the forum pages have a right hand column below the 'free email newsletter' block that looks tailor made for adverts - I just see greyed out blocks. Is anyone seeing content there?

I have had no problems.  I have three different firewalls, an anti spam, two anti intrusion programs  plus I use Clam Anit Virus to check all files that I download. I protect my system as well as I can..  While no system is totally protected the more protection you provide on yoursystem the less chance of you have being infected by a virus.,

Being one of the most computer illiterate person on here and one who doesn't post pictures, I did come across something by accident.

When going to the reply page, like others, the insert and tools button is missing.  I've found that with ActiveX filtering enabled by use of the tools function (on the upper left between "favorites" and "Help" on my tool bar) when I change the status of ActiveX using the icon found on the address line, either turning it on or off, it refreshes the page and the insert and tools buttons appear.

If I leave the reply page, without posting, and later return, the buttons are again gone until I change the ActiveX status and it refreshes the page.  It doesn't seem to matter if it's being turned on or off, just the change in status seems to do it. 

Jeff      

Careful there Jeff, you keep doing things like that and people will start to rely on you for computer help, because you will have become computer literate!

Dealster is just adware browser extension - those can be usually removed with Avast Browser Cleanup. Here are also complete instructions:

http://www.go-remove-malware.com/remove-dealster/