Trains.com

This Website … TRUE AND SHOCKING – Now What Are WE Supposed To Do?

4268 views
38 replies
1 rating 2 rating 3 rating 4 rating 5 rating
  • Member since
    October 2003
  • 7,968 posts
This Website … TRUE AND SHOCKING – Now What Are WE Supposed To Do?
Posted by K. P. Harrier on Monday, December 21, 2015 2:16 AM

This Website … TRUE AND SHOCKINGNow What ...

 

... Are WE Supposed To Do?

 

As some of you may know, my computer is protected with DeepFreeze.  But, I inadvertently had it off and visited the trainsmag.com website.  All types of things started happening with my computer!  The last straw was a RED screen that identified the TRAINS and a related website as dangerous and it was being reported to Microsoft!

 

Unless this website is deliberately spreading computer viruses Kalmbach may want to shut it down and clean house, making sure it is not wrecking people’s computers before proceeding further.

 

--------

 

How I restored my computer … Windows 7 has a restoring the computer to an earlier point in time function.  Using that seemed to eliminate the problems (sort of).  Then DeepFreeze was reactivated.

----------------------------------------------------------------------------------------------------------------------------------- K.P.’s absolute “theorem” from early, early childhood that he has seen over and over and over again: Those that CAUSE a problem in the first place will act the most violently if questioned or exposed.

  • Member since
    September 2007
  • From: Charlotte, NC
  • 6,099 posts
Posted by Phoebe Vet on Monday, December 21, 2015 6:06 AM

I don't know what is infecting your computer, but I don't see any indication that you got it here.  Mine doesn't do any of that stuff.

Dave

Lackawanna Route of the Phoebe Snow

  • Member since
    December 2001
  • From: Denver / La Junta
  • 10,820 posts
Posted by mudchicken on Monday, December 21, 2015 7:48 AM

Most likely it's the Kalmbach marketing cookies it does not like.

Mudchicken Nothing is worth taking the risk of losing a life over. Come home tonight in the same condition that you left home this morning in. Safety begins with ME.... cinscocom-west
  • Member since
    July 2006
  • 9,610 posts
Posted by schlimm on Monday, December 21, 2015 7:52 AM

Sounds like one of the extortion worms.   Nasty stuff.  Nothing to do with the Trains website, AFAIK.

C&NW, CA&E, MILW, CGW and IC fan

  • Member since
    November 2006
  • From: NW Pa Snow-belt.
  • 2,216 posts
Posted by ricktrains4824 on Monday, December 21, 2015 10:36 AM

I've not had that issue, or any issue on this website....

But, I always have my antivirus active. 

EDIT: And, if "restore" to prior date indeed worked, not an extortion worm.... They prevent "restore" from working....

Ricky W.

HO scale Proto-freelancer.

My Railroad rules:

1: It's my railroad, my rules.

2: It's for having fun and enjoyment.

3: Any objections, consult above rules.

  • Member since
    October 2003
  • 7,968 posts
Posted by K. P. Harrier on Monday, December 21, 2015 11:07 AM

ricktrains4824 (12-21):

 

Thanks for your thoughts.

 

I tried my antivirus program, but it NOW does not work.  That seems to suggest, according to your thoughts, a worm is on the computer.

 

The warning message last night said the file at trains.com had a “.tv” extension, if that means anything to anybody.

 

Best,

 

K.P.

----------------------------------------------------------------------------------------------------------------------------------- K.P.’s absolute “theorem” from early, early childhood that he has seen over and over and over again: Those that CAUSE a problem in the first place will act the most violently if questioned or exposed.

  • Member since
    November 2006
  • From: NW Pa Snow-belt.
  • 2,216 posts
Posted by ricktrains4824 on Monday, December 21, 2015 11:17 AM

The ".tv" doesn't mean much to me, but May to those "in the know".

And, the fact that your anti virus is now not working, does show that "restore" did not work. Worm or virus is indeed in play on your system....

Ricky W.

HO scale Proto-freelancer.

My Railroad rules:

1: It's my railroad, my rules.

2: It's for having fun and enjoyment.

3: Any objections, consult above rules.

  • Member since
    April 2007
  • From: Iowa
  • 3,293 posts
Posted by Semper Vaporo on Monday, December 21, 2015 11:43 AM

Every country has a different URL extension that identifies the country (this was invented AFTER the .com, .net, .edu, .gov. etc stuff was already in use).  The ".tv" is a small island in the South Pacific and because the letters are also the abreviation for TeleVision, the biggest boon to their ecconomy is renting out URL's using their country designation.  They don't control what web sites do with the extension but lots of advertisers like to use it to coinside with their Television advertisements.

I suspect that you got into something when your antimalware program was off-line and you may have a problem getting the malware out of your computer.  There are ways for the computer illiterate to do so, but "we" often need more professional help in doing so.  There are web sites you can go to that will run malware sweeps of your computer that might help and you can buy antimalware programs that come on USB dongles that you boot your computer to that can then run "outside" of your normal operating system to look for the bad programs so they can't interfer with the sweeps.  But this forum is a poor place to try to talk someone through it.  I'd suggest you find a guru in your area (professional or friend, or that teenager down the street) that can help you see if your computer has a problem.

Semper Vaporo

Pkgs.

  • Member since
    May 2013
  • 3,231 posts
Posted by NorthWest on Monday, December 21, 2015 12:21 PM

I had problems with this until I installed Adblock. Unfortunately this site has malicious ads but Adblock ends the redirects and error messages.

  • Member since
    July 2006
  • 9,610 posts
Posted by schlimm on Monday, December 21, 2015 12:34 PM

K. P. Harrier

ricktrains4824 (12-21):

 

Thanks for your thoughts.

 

I tried my antivirus program, but it NOW does not work.  That seems to suggest, according to your thoughts, a worm is on the computer.

 

The warning message last night said the file at trains.com had a “.tv” extension, if that means anything to anybody.

 

Best,

 

K.P.

 

 From Wikipedia, the free encyclopedia

 
 
For the TV channel, see .tv (TV channel).
.tv
 
Introduced 1996
TLD type Country code top-level domain
Status Active
Registry The .tv Corporation (a Verisigncompany)
Sponsor Government of Tuvalu
Intended use Entities connected with Tuvalu
Actual use Marketed commercially for use intelevision or video-related sites; can be registered and used for any purpose
Registration restrictions None
Structure Direct second-level registrations are allowed; some second-level domains such as gov.tv are reserved for third-level domains representing entities in Tuvalu
   

The domain name .tv is the Internet country code top-level domain (ccTLD) for Tuvalu.

Except for reserved names like com.tv, net.tv, org.tv and others, any person may register second-level domains in TV. The domain name is popular, and thus economically valuable, because it is an abbreviation of the wordtelevision. 

C&NW, CA&E, MILW, CGW and IC fan

  • Member since
    July 2006
  • 1,530 posts
Posted by NKP guy on Monday, December 21, 2015 2:52 PM

   May I recommend a site called scamadvisor.com  ?  This site will tell you who owns any site, where it's located, where the owners are located, how safe it is to use, etc.  I can't recommend it highly enough: it unmasks websites in a way I've never seen before.  

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 3:13 PM

One of my computers got hit by something last Friday.  The place reparing it says that anti virus will not protect you from it.  It just comes in when you click on something, and it disables the anti virus.  I don't know what this was, but I opened one of the sites in the search for locomotive cutaway drawings.

Then I clicked on something there and it began downloading a lot of data. Then everything quit working correctly.  It popped up all kinds of stuff including offers to fix problems.  It started a big scan process with no way to turn it off.  You can't stop it.  It took out the operating system.  The computer is not worth fixing.  

The repair place says the only way to prevent this is to never click on anything when on the Internet.  Is it true that anti-virus will not prevent this kind of attack? 

  • Member since
    June 2002
  • 20,096 posts
Posted by daveklepper on Monday, December 21, 2015 3:43 PM

computer not worth saving-    

one bit of advise:  Unless you are a real computer expert, as soon as your computer starts behaving strangely, really out of control, don't waste a second but shut it down and remove power as quickly as possible.  Then take it to a professional, and let him or her start it and analyze the problem.  

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 3:55 PM

Dave, 

That is more or less what I did.  The problem arrived the instant the download began.  I did shut it down in about 30 seconds.  Then I started it again in a couple minutes to see if the nightmare was really happening.  It was, so I shut it off again and took it to the computer hospital.  I think you are right about shutting it off ASAP.  That is what one repair place told me. That is, to not try to run it anymore. They said that, depending on the bug, some of them will continue to work, and go into your files and extract critical data such as bank accounts or SS numbers.

But the question I have is whether anti virus programs protect against this.  I have been told by experts that they do not.  

I was told that what I got is a hit that messes your computer and then offers to fix it for say $200.  If you pay the $200, they take the money and your computer never gets fixed.  And there was nothing actually wrong with until they showed up.   

  • Member since
    December 2007
  • From: Southeast Michigan
  • 2,983 posts
Posted by Norm48327 on Monday, December 21, 2015 4:02 PM

Euclid
One of my computers got hit by something last Friday.

Gotta watch those searches for "bare naked locomotives". Wink

Euclid
The place reparing it says that anti virus will not protect you from it.

A truly good up-to-date firewall MAY prevent an attack but some will get through. There is no perfect security when browsing the net.

Euclid
The repair place says the only way to prevent this is to never click on anything when on the Internet. Is it true that anti-virus will not prevent this kind of attack?

The anti virus will try to find the malware after it's in place. By then, it's too late.

Euclid
It took out the operating system. The computer is not worth fixing.

If you have a CDROM with the operating system on it you may be able to reinstall it. No guarantee.

Norm


  • Member since
    April 2007
  • From: Iowa
  • 3,293 posts
Posted by Semper Vaporo on Monday, December 21, 2015 4:02 PM

The only way for malware to get into your computer is for you to invite it... You do so by downloading things either from the internet or via CD/DVD or USB memory cards, etc.  (even "picture frames" that display slideshows have been known to contain malware that loads into your computer when you attach it to put your photos on it!

Anti-malware programs try to insert themselves into the OS such that they look at everything that comes in and before it can execute and warn you about it... but it only knows when something is malware if someone has already seen it and has been able to create a "signature" (the sequence of bits and bites that comprise the program) and put that data into the program that is looing for such signatures.  There are also "heuristic" methods that look for "similarities" to known malware and for sequences of instructions that do something to parts of the computer that normal software should not be doing.

So... if you manage to 'invite" some program in that has never been seen before then your anti-malware program cannot detect a known signature and if it cannot detect a similarity or 'intent" of the bad program then it gets in.  A "new" malware program is called a "zero-day exploit" because when it is first unleashed that is day zero of its existance and nobody knows about it.

Anti-malware companies are always looking for bad programs so they can add the signatures to their database and update your computer's copy of that database, but on day "zero", you are unprotected for the most part.

Some ISPs have anti-malware programs running that try to see what is passing through and will often block them, but again it has to be something that is known for them to see it and block it.  Some websites also try to watch for someone hacking into it and planting malware, but not everybody is paid enough to spend that much time looking to see of someone has hacked their website.

Yes, by clicking ANY link on a web page you run the risk of inviting malware into your computer... this is why you should NEVER run without some sort of anti-malware program.  (There are times when you MIGHT want to turn off your protection, but at those times you must be very careful and know (and trust) that the sites you are using are not infected somehow.)

Semper Vaporo

Pkgs.

  • Member since
    July 2009
  • From: San Francisco East Bay
  • 1,360 posts
Posted by MikeF90 on Monday, December 21, 2015 4:39 PM

First off I say: Keep A Clear Head - Don't Panic!

If you still suspect malware has installed itself on your computer, consider booting from a standalone 'rescue CD' to scan and possibly repair your system.

One such list of candidates is here: http://www.malwarehelp.org/anti-malware-bootable-rescue-cd-dvd-download.html although the list is a little dated. I would try the disks from reputable a/v companies like Panda, Kaspersky and Avira.

If you go to the trouble to hire a computer 'expert' to fix your problem, find one that can also set up your system to dual boot a Linux desktop environment for day-to-day web browsing. Linux is not invulnerable but it is a much smaller 'attack surface' than Windoze. Install a friendly web browser (say Firefox) with NoScript or Ublock Origin add-ons.

To recover from a real disaster (like ransomware encryption) be sure you Backup, Backup, Backup your personal data frequently to at least two separate repositories. Portable hard drives are cheap insurance, keep one in your safe deposit box. Cloud storage is nice but a complete backup will take a very long time to upload.

Good luck!

 

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 4:56 PM

Semper Vaporo

 

Yes, by clicking ANY link on a web page you run the risk of inviting malware into your computer... this is why you should NEVER run without some sort of anti-malware program.  

I don't understand.  If there is no way to prevent malware from coming in once you click on something with it, then what is the benefit of an anti-malware program?

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 5:03 PM

The repair place said they can recover all the files for $90 and go no further; or clean up the computer, reinstall the OS, and reinstall the recovered files for $170. Or they will sell me a used Windows 7 machine with all my files and programs installed on it for $300.  He said that computer is about 5 years old, and something like "business class" whatever that means. It is a small tower.

  • Member since
    December 2007
  • From: Southeast Michigan
  • 2,983 posts
Posted by Norm48327 on Monday, December 21, 2015 5:07 PM

Well, my computer is over eight years old and still going strong.

I would recommend the $170 option.

Norm


  • Member since
    April 2007
  • From: Iowa
  • 3,293 posts
Posted by Semper Vaporo on Monday, December 21, 2015 5:12 PM

The anti-malware program keeps out the known malware... and there is a LOT of it out there.  A good anti-malware program can also catch many new "unknown" malware programs because they are often copied and slightly modified from other malware programs (not much real creativity involved)... this is where the Heuristic testing comes in.

A good anti-malware program also looks for sequences of commands and calls to the operating systemt that do things that most programs won't do (like call routines that install drivers or access parts of the harddrive that only the OS should access or put links to itself in place of links to the OS. (links here mean internal addresses of subroutines and such, not links to the internet).

If what you click on has a new malware program and if it just doesn't "look like" malware then yes, you just invited it to run on your computer and once in, it can be difficult to eliminate.

Semper Vaporo

Pkgs.

  • Member since
    May 2003
  • From: US
  • 25,292 posts
Posted by BaltACD on Monday, December 21, 2015 5:22 PM

Euclid

The repair place said they can recover all the files for $90 and go no further; or clean up the computer, reinstall the OS, and reinstall the recovered files for $170. Or they will sell me a used Windows 7 machine with all my files and programs installed on it for $300.  He said that computer is about 5 years old, and something like "business class" whatever that means. It is a small tower.

Windows 7 is a stable OS.  Windows XP, while stable is no longer supported.  Windows Vista is the Yugo of operating systems - TRASH.  

I have upgraded my Windows 8.1 machine to Windows 10 and have no complaints with W10, which I like better than 8.1.

Your money, your choice.

Never too old to have a happy childhood!

              

  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Monday, December 21, 2015 5:27 PM

If you are using Windows 10, the combination of Windows Defender (Free) and Malwarebytes Pro (Fee) is all you need for your computer.

If you are careful about the sites you visit online, you'll have no problems.

For Malwarebytes Pro:  https://www.malwarebytes.org/

 

 

 

 

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 5:27 PM

Semper Vaporo,

Thanks for that information.  I will definitely look at putting in an anti-malware program.

Norm,

I might get it repared for $170.  I can't quite decide.  Someone else quoted $195, and maybe up to $300 depending on whether a virus was involved.  I bought the infected computer used from this same place that will sell me another 5-year old windows 7 computer for $300.  It is hard do decide.  

  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Monday, December 21, 2015 5:29 PM

I should also add that Windows 7 is a fine OS.

And if you currently have Windows 7, 8 or 8.1, Microsoft will let you upgrade to Windows 10 for free.

https://www.microsoft.com/en-us/windows/windows-10-upgrade

 

 

  • Member since
    January 2014
  • 8,221 posts
Posted by Euclid on Monday, December 21, 2015 5:36 PM

BaltACD

 

 
Euclid

The repair place said they can recover all the files for $90 and go no further; or clean up the computer, reinstall the OS, and reinstall the recovered files for $170. Or they will sell me a used Windows 7 machine with all my files and programs installed on it for $300.  He said that computer is about 5 years old, and something like "business class" whatever that means. It is a small tower.

 

Windows 7 is a stable OS.  Windows XP, while stable is no longer supported.  Windows Vista is the Yugo of operating systems - TRASH.  

I have upgraded my Windows 8.1 machine to Windows 10 and have no complaints with W10, which I like better than 8.1.

Your money, your choice.

 

Well this infected computer is a Vista computer, and I know what you mean by the Yugo of operating systems.  To me, that weighs in favor of recovering the files and scrapping it.  I have a better computer for doing mechanical design with cad programs.  That is Windows 7 and works fine.

Mike,

you mentioned backup.  I agree that that is critical and needs multiple methods. For the cad work, losing data is a disaster.  I back up to three separate remote hard drives by clickfree, and to the currently infected PC.  But I am not sure if I could ever get the data off of those remote drives if I needed to.  I spent several hours once attempting to do that, but was unable to make it happen.     

  • Member since
    April 2007
  • 4,557 posts
Posted by Convicted One on Monday, December 21, 2015 7:05 PM

K. P. Harrier
All types of things started happening with my computer! The last straw was a RED screen that identified the TRAINS and a related website as dangerous

 

FWIW, I'm not experiencing any notable threat activity.  Just an observation, but what you might have is ...overzealous settings in your protection software.  Sometimes the people who sell antivirus software set their product up  by default to be overly sensitive, to make it look as though it's doing more to protect you than a competitors product. 

 

There are viruses, there is malware, and there are PUPs (Potentially Undesireable Programs) Knowing the difference is important.   Some antivirus software vendors set their programs up to report  semi innocent PUPS as though they are malicious viruses, in hopes of making the user think they are experiencing superior detection (ie "my old antivirus never detected this problem"). PUPS are a common nuisance, but are not in the same league as worms, trojans, and rootkits.

 

I suggest that you give these instructions a try: https://malwaretips.com/blogs/malware-removal-guide-for-windows/

And see if your problem goes away.

  • Member since
    January 2003
  • From: Kenosha, WI
  • 6,567 posts
Posted by zardoz on Monday, December 21, 2015 8:47 PM

F3A

If you are careful about the sites you visit online, you'll have no problems.

 

Maybe so, but that takes away some of the fun....

  • Member since
    February 2005
  • From: Vancouver Island, BC
  • 23,330 posts
Posted by selector on Monday, December 21, 2015 11:52 PM

F3A

If you are using Windows 10, the combination of Windows Defender (Free) and Malwarebytes Pro (Fee) is all you need for your computer.

If you are careful about the sites you visit online, you'll have no problems.

For Malwarebytes Pro:  https://www.malwarebytes.org/

 

 

 

 

 

According to my repair techs, this is true.  Windows Defender is all you, anybody, using a modern PC, especially running 8 and 10, need.  It never hurts to have one or two backups.  I use malwarebytes and cyberprevent.  The first has been discussed, and the second is a system that embeds itself right into Windows and lurks, waiting for one of the crypto-locker (FBI, CIA, Interpol, RCMP...) ransomeware variants to begin to change the extensions on your files.

If you are brave enough to try, unplug your computer from the router or remove the antenna if wireless, and start it.  As soon as it begins to boot, press F8 repeatedly until you see it booting in safe mode.  Find your control panel (your mouse will still work), find 'recovery', and pick a restore point about 10 days earlier, prior to any major updates you are aware of.  Pick that point and direct your machine to do a system restore.  Walk away and come back in about 30 minutes.  If your log-in screen is showing, and you can log in to show your normal desktop, and it loads without a flag saying it didn't restore properly, you are probably back in business.  Go to windows updates in a search, and update to any now-missing windows updates.

Don't forget to run your internet security and antivirus.  Then run an updated malwarebytes.

  • Member since
    October 2003
  • 7,968 posts
Posted by K. P. Harrier on Tuesday, December 22, 2015 12:35 PM

Very Good News!!!!

A thorough search was made through the partition that the operating system is in and a few directories and files stood out like a sore thumb.  Since they obviously weren’t operating system related, they were erased (deleted). I restarted the computer, and re-searched through the OS, and another related file was now present, so it was erased.  Needless to say, the sore thumb files have not been back.  And, the computer is now running fairly good again, even for the TRAINS website!

----------------------------------------------------------------------------------------------------------------------------------- K.P.’s absolute “theorem” from early, early childhood that he has seen over and over and over again: Those that CAUSE a problem in the first place will act the most violently if questioned or exposed.

Join our Community!

Our community is FREE to join. To participate you must either login or register for an account.

Search the Community

Newsletter Sign-Up

By signing up you may also receive occasional reader surveys and special offers from Trains magazine.Please view our privacy policy