Forum
Comments:
-
- on Fri 06 Jan 2012
- 09:16:20 PM UTC
RE: Problem
Your site hasn't been rated yet, therefor it's neither good or bad from a reputation standpoint.
Frank J http://www.techjaws.com
-
- on Fri 06 Jan 2012
- 10:33:01 PM UTC
RE: Problem
Welcome to WoT. Your site has been Rated.
--------------------- Microsoft Translator:
Bienvenue à WoT. Votre site a été classé. -
- on Sat 07 Jan 2012
- 09:38:14 AM UTC
RE: Problem
Welcome to WoT. Your site has been Rated.
--------------------- Microsoft Translator:
Bienvenue à WoT. Votre site a été classé.thanks :)
-
- on Sun 08 Jan 2012
- 10:31:03 AM UTC
RE: Pas de problem
Beau site, tres interessante et informative.
Le site a 6 cookies et j'ai pas vu d'une protection privée.
Rated ( 3x ) et jaune á Privacy pour le manque du PPRaise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sun 08 Jan 2012
- 03:12:30 PM UTC
RE: Hold it ! hold it ! There is a problem..............
@ Myxt :
I know you as a very reliable rater who knows what he's doing.
So to be sure I only did a quick scan on URLVoid, multi AV scan there, Robtex and VT.
But stupid me, I should have dug deeper.
I had a call from my security that there is something wrong ! Damm !
WATCH !
URLVoid :
Report 2012-01-06 23:42:09 (GMT 1)
Website meetonearth.org
Domain Hash 14371fa917e7c5ca6707996d70110369
IP Address 213.186.33.19 [SCAN]
IP Hostname cluster010.ovh.net
IP Country FR (France)
AS Number 16276
AS Name OVH OVH Systems
Detections 0 / 21 (0 %)
Status CLEANScanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender UNRATED
Scanning site with: DNS-BH CLEAN
Scanning site with: DShield SDL CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts UNRATED
Scanning site with: joewein.de LLC CLEAN
Scanning site with: Malc0de CLEAN
Scanning site with: Malware Domain List CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SCUMWARE CLEAN
Scanning site with: SpamhausDBL CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Trend Micro Site Safety Center CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEANRobtex : CLEAN, no blacklistings
Multi AV scan on URLVoid :
Report 2012-01-08 15:55:48 (GMT 1)
File Name meetonearth-org
File Size 25453 bytes
File Type Unknown file
MD5 Hash 09adeda46ed3317941f8ab087d4ad732
SHA1 Hash c847aac0d574bb6153867ceeac23d99b5a69eea0
Detections: 0 / 9 (0 %)
Status CLEAN
Antivirus Updated Engine Result
Avast 08/01/2012 5.0 -
AVG 08/01/2012 10.0.0.1190 -
Avira AntiVir 08/01/2012 7.11.7.12 -
ClamAV 08/01/2012 0.97 -
Comodo 08/01/2012 4.0 -
Emsisoft 08/01/2012 5.1.0.3 -
F-Prot 08/01/2012 6.3.3.4884 -
Ikarus 08/01/2012 T31001097 -
TrendMicro 08/01/2012 9.200.0.1012 -VT was unaccessable ( probably too much visitors ) so I left that.
Then I went to the site and after looking through the contents rated positive.
But here comes trouble ! ! !
Checked Sucuri and it appears that the site has malware in the javascript !
See Sucuri report :
Malware found on javascript file:
hxxp://www.meetonearth.org/404javascript.js
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/404testpage4525d2fdc
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/about-us/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/projet/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/australie-pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/bolivie-pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/cambodge-pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/canada-pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Malware found in the URL:
hxxp://www.meetonearth.org/category/pays/chili-pays/
Known javascript malware.
Details: hxxp://sucuri.net/malware/entry/MW:RKS:4Now what ?
Usually Sucuri is reliable. Should this be a false positive ?
I'm not sure ! Who knows ?Edited : Oops, didn't see that I copied direct links. SORRY ! --> Moved away from this comment to fast
Made it hxxp .... Pfew, that's better !Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Mon 09 Jan 2012
- 11:21:03 AM UTC
meetonearth.org
Incorporates Java
Rogue AV / Scanner: System Check | BleepingComputer
Rogue.FakeHDD
%user%\Application Data\Sun\Java\Deployment\cache\6.0\63\60d222ff-52c580f9
Rogue.FakeHDD
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uEwKkQfYkoLVFj.exe
PUM.Hijack.StartMenu
PUM.Hidden.Desktop
PUM.Hijack.TaskManager
Trojan.FakeAlert
C:\Documents and Settings\All Users\Application Data\bmZF4Vvp0nEScI.exeRated:
Malicious content.
meetonearth.org------- WOT Services Ltd. - gives us safety through Web of Trust. WOT Community - gives us security through unity. ∞
-
- on Mon 09 Jan 2012
- 10:29:58 PM UTC
RE: Problem
@peterbosch
Good Catch! I am always glad when people do their own checking instead of playing follow-the-leader.It appears that a genuine blog has been hacked. Initially, I too ran everything except Sucuri on it, and saw no detection by my local security - until just now when I loaded the custom 404 page by attempting to load a nonexistent page.
This bogus HTML code
<block>[+113 tab characters]<script type="text/javascript" src="/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.php"></script></block>
is inserted just before the closing </body> tag in all ~148 pages. I wonder if Sucuri only reports the first 10 detections?The owner can fix the problem by deleting the bad code from every page, and by deleting this file:
meetonearth.org/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.phpRe-rated, and re-commented.
_____________________________ Microsoft Translator
Il semble qu'un véritable blog a été piraté. Au départ, je trop couru tout sauf Sucuri sur elle et ne vu aucune détection par ma sécurité locale - jusqu'au tout à l'heure lorsque j'ai chargé la page 404 personnalisée par essayer de charger une page inexistante.
Ce code HTML faux
<block>[+113 onglet caractères]<script type="text/javascript" src="/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.php"></script></block>
est inséré juste avant la clôture </body> balise dans toutes les pages de ~148. Je me demande si Sucuri ne signale que les 10 premières détections?Le propriétaire peut résoudre le problème en supprimant le mauvais code de chaque page et en supprimant ce fichier:
meetonearth.org/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.phpRe-rated, et re-commented.
-
- on Mon 09 Jan 2012
- 10:33:50 PM UTC
RE: Problem
web site: http://www.meetonearth.org
status: Site infected with malware
web trust: Not Blacklisted
http://sitecheck.sucuri.net/scanner/?scan=www.meet... -
- on Tue 10 Jan 2012
- 06:38:00 AM UTC
RE: Problem
Hi guys,
Two days ago - immmidiately after I found the Sucuri detection - I did a ( mostly recommended ) "Quick scan" with MBAM and
a "Flash scan" with my AV ( Norton ).
NOTHING found ! Though I went through several pages on the site, searching for a PP and such.
BUT I didn't enter a country page ! !
Then the next morning I did a scan with my AV at the office ( another than Norton ) - after a short visit to the site - to make sure
that I didn't draw a wrong conclusion that the site was clean. And also NOTHING found with that AV.
After reading the post of G7W , I thought that this might not be enough and ran a FULL scan on both MBAM and Norton yesterday evening.
The machine was humming for quite some time on these two.
But again NOTHING found ! !
So I can assume I'm clean ( happy with that ), but you guys all found it. GOOD CATCH !
It seems that this is a nasty one and that it's good hidden.
I probably had a "near miss" by watching the site and not entering the country ( sub-) pages.Re- RATED and renewed my comment
BTW : This thread belongs in the "reputation discussions" , but IMO a minor problem and no more than a remark.
Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Tue 10 Jan 2012
- 05:20:26 PM UTC
RE: Problem
It appears that a genuine blog has been hacked. Initially, I too ran everything except Sucuri on it, and saw no detection by my local security - until just now when I loaded the custom 404 page by attempting to load a nonexistent page.
This bogus HTML code
<block>[+113 tab characters]<script type="text/javascript" src="/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.php"></script></block>
is inserted just before the closing </body> tag in all ~148 pages. I wonder if Sucuri only reports the first 10 detections?The owner can fix the problem by deleting the bad code from every page, and by deleting this file:
meetonearth.org/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.phpRe-rated, and re-commented.
Hello Myxt,
As you asked me (on my board) to translate the text above, I have done my best. I hope , it can help.Message destiné à @Meetonearth, destiné à l'aider à résoudre son problème.
Traduction du texte original de @Myxt
Il apparaît que le blog a été véritablement piraté. Au départ, j'ai effectué tous les tests sauf Sucuri et je n'ai vu aucune détection par mon système de sécurité locale, jusqu'au moment où j'ai chargé la page personnalisée 404 en essayant de charger une page qui n'existe pas.
Ce faux code HTML
<block>[+113 tab characters]<script type="text/javascript" src="/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.php"></script></block>
est inséré juste avant la balise de fermeture </body> dans toutes les pages de ~148.
Je me demande si Sucuri ne signale pas que les 10 premières détections ?Le propriétaire peut résoudre le problème en supprimant le mauvais code de chaque page et en supprimant ce fichier:
meetonearth.org/wp-content/themes/myjourney/images/prettyPhoto/dark_rounded/FancyZoom.phpRe-évalué, et re-commenté.
Cordialement Jicé
Location : Belgium. Native language : French. Other languages : English and Spanish. (Both approximatively) Nice song
-
- on Tue 10 Jan 2012
- 06:45:03 PM UTC
RE: Problem
@Jicé - Merci beaucoup!
-
- on Tue 10 Jan 2012
- 06:50:35 PM UTC
RE: Problem
@Jicé - Merci beaucoup!It's my pleasure!
And thank you for the great job you do here.Location : Belgium. Native language : French. Other languages : English and Spanish. (Both approximatively) Nice song
-
- on Wed 11 Jan 2012
- 07:07:24 AM UTC
RE: Problem
As you asked me (on my board) to translate the text above, I have done my best.
Wow, that is fantastic! You did a great job. I wish I were as fluent in English and French as you. Machine translation will never replace humans. Well, not for awhile yet.~~~~ lux et veritas ~~~~
-
- on Thu 19 Jan 2012
- 12:14:19 PM UTC
RE: Problem
It seems that we're faced with a nasty one
See : https://www.mywot.com/en/forum/19326-how-do-you-ge...
TAKE CARE EVERYONE !Edited : Is the member "meetonearth" in the O.P. really the siteowner ?
Or some hacker how wants to hook us up for some reason with nasty malware.
I'm getting more and more curious to know.
F.i. because he doesn't answer here at all.Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Thu 19 Jan 2012
- 06:11:32 PM UTC
RE: Problem
All I know about the OP is that "she" left a message on my personal board ( approximatively at the same time, "she" opened this thread), she asked me, in French, to check her site pretending that she feels lost because the users of her site had alerts from WOT and she didn't understand the reason why.
"She" signed : Stéphanie and left "her" email address.
I tried to contact her ( with a new alias of my email address) on her address, last week but, no answer!Location : Belgium. Native language : French. Other languages : English and Spanish. (Both approximatively) Nice song
-
- on Thu 19 Jan 2012
- 09:02:09 PM UTC
RE: Problem
All I know about the OP is that "she" left a message on my personal board ( approximatively at the same time, "she" opened this thread), she asked me, in French, to check her site pretending that she feels lost because the users of her site had alerts from WOT and she didn't understand the reason why.
"She" signed : Stéphanie and left "her" email address.
I tried to contact her ( with a new alias of my email address) on her address, last week but, no answer!
Okay, it's probably a "she"
If you didn't get a report saying "unable to deliver to the recipient" that mail must have arrived somewhere.
Let's hope for an answer and I expect you will inform us by that time.
If there isn't one coming.......Than it starts to stink more and more every day it takes longer.To all : Be careful !
Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Thu 19 Jan 2012
- 09:39:11 PM UTC
RE: Problem
If you didn't get a report saying "unable to deliver to the recipient" that mail must have arrived somewhere.
No report saying ""unable to deliver to the recipient".I expect you will inform us by that time.
Ok! I will. But one week to answer to an email is rather long although it is difficult to draw a conclusion.Location : Belgium. Native language : French. Other languages : English and Spanish. (Both approximatively) Nice song
-
- on Fri 20 Jan 2012
- 08:47:22 AM UTC
RE: Problem
If the couple who own the site are on a global odyssey, then they may be blissfully unaware.
I am surprised because I originally skipped through many pages on that site with no problem. Then after Peter's followup, I guessed the site had a custom 404 page, so I reached it by browsing to an invented page name. After that, I got several detections, but not on every page. Kaspersky kills the stuff.
-
- on Fri 20 Jan 2012
- 07:59:29 PM UTC
RE: Problem
........ Kaspersky kills the stuff.Great !
That's useful info for those who have to get rid of the malware.
-------------------------------------------------------------------------------------------Additional : I'm using Norton ( at home ) and Norman / Sandbox ( at the office ) and I'm almost certain not infected on both places.
To be honest you can never be sure what your AV does. If it works properly it blocks this malware without you seeing it and hence you have no evidence that you were attacked. So perhaps the paid AV's Norton and Norman / Sandbox do prevent this.On the other hand : If your AV doesn't block it. Yes, than you are sure, bcoz the evidence is there and causes you a lot of trouble.
I prefer being uncertain ..........
To those who are infected and need to clean up : Succes with that !Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Fri 20 Jan 2012
- 09:50:57 PM UTC
RE: Problem
"...and hence you have no evidence that you were attacked."Most, if not all, AV software can keep logs of attacks and infections, so it might be worth looking for the logs or setting your AV to record logs for any future reference.
BTW, thumbs up for using Norman, I have fond memories of their Thunderbyte AV back in Win95 days..
~Music is not just for the Masses~
-
- on Fri 20 Jan 2012
- 11:03:31 PM UTC
RE: Problem
About AV logs: it's best to check your logs rather than setting your AV to notify you by popup because you do not want it to waste any extra microseconds, talking to your monitor, which should be spent clobbering malware.
-
- on Sun 22 Jan 2012
- 06:45:06 PM UTC
RE: Problem
Most, if not all, AV software can keep logs of attacks and infections, so it might be worth looking for the logs or setting your AV to record logs for any future reference.BTW, thumbs up for using Norman, I have fond memories of their Thunderbyte AV back in Win95 days..
Yeah, I like Norman / Sandbox. Works smoothly.
I'll check the logs guys.Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sat 28 Jan 2012
- 04:35:01 PM UTC
RE: Checked my log files
I,ve checked my log files on Norton AV at home and on the date that I've visited "meetonearth.org" I'm seeing a whole list of reports
saying "uninstall exe file" and some other unusual activity ( f.i. tracking cookies and not authorised entry
attempts detected ). So it's predictable that Norton blocks the malware.
Lucky me !
In the office I've checked Norman / Sandbox too, but nothing unusual to see there.
As far as I know, I didn't visit "meetonearth"' on that computer. There I have other things to do ( work ! ).
But I can't check that anymore, bcoz I've deleted my whole history ( I'm doing that - and cleaning up cookies - on a regular basis ).Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
-
- on Sun 05 Feb 2012
- 05:54:28 PM UTC
RE: Problem
Hi all,
Bonjour à tous,Le site est à nouveau sécurisé. Plus aucun malware n'est présent.
Merci de revoir, si cela est possible, vos notes !
D'avance merci.
Alexandre, pour meetonearth.org
-------------------------------------------------------------------------------------
The site is secure again. No malware in this website now.
Alexander, for meetonearth.org
-
- on Sun 05 Feb 2012
- 11:35:46 PM UTC
RE: Problem
Alexandre,
Meetonearth.org is currently reported by:
hosts-file.net - malware - http://hosts-file.net/default.asp?s=meetonearth.or...
sitecheck.sucuri.net - clean
urlvoid.com - clean
vscan.urlvoid.com - clean
virustotal.com - Malicious site detected by TrendMicro - confirmed at http://global.sitesafety.trendmicro.com/
https://www.virustotal.com/url/8c2db53ec1b7b261ad3...You should contact
TrendMicro - http://www.trendmicro.com/
hpHosts - http://hosts-file.net/
about removing these detections.Each person is permitted to have 1 member account on WoT. If you have more than 1, choose an account which you will continue to use, and remove the remaining accounts.
Meetonearth - http://www.mywot.com/en/user/3261604
kooby - http://www.mywot.com/en/user/3379402
Others - ?
To remove an account, open its profile, scroll to the bottom, click the "Edit profile" button, scroll to the bottom, click the "Delete account" button.Please add a post to this topic after you have resolved these issues.
________________________________ Microsoft Translator
Alexandre,
Meetonearth.org est actuellement signalée par :
hosts-file.net - logiciels malveillants - http://hosts-file.net/default.asp?s=meetonearth.or...
sitecheck.sucuri.NET - nettoyer
urlvoid.com - nettoyer
vscan.urlvoid.com - nettoyer
virustotal.com - Site malveillant détecté par TrendMicro - confirmé à http://global.sitesafety.trendmicro.com/
https://www.virustotal.com/url/8c2db53ec1b7b261ad3...Vous devez contacter
TrendMicro - http://www.trendmicro.com/
hpHosts - http://hosts-file.net/
sur la suppression de ces détections.Chaque personne est autorisée à avoir 1 membre compte sur WoT. Si vous avez plus de 1, choisir un compte qui vous continuerez d'utiliser, et de supprimer les comptes restants.
Meetonearth - http://www.mywot.com/en/user/3261604
kooby - http://www.mywot.com/en/user/3379402
D'autres - ?
Pour supprimer un compte, ouvrir son profil, faites défiler vers le bas, cliquez sur le bouton "Modifier le profil", faites défiler vers le bas, cliquez sur le bouton "Supprimer le compte".Veuillez ajouter un post à ce sujet après que vous avez résolu ces problèmes.
-
- on Mon 06 Feb 2012
- 04:23:36 AM UTC
RE: Problem
It's been removed from hpHosts.
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Mon 06 Feb 2012
- 06:13:39 AM UTC
RE: Problem
@MysteryFCM - thanks.
I have removed my rating pending further developments.
-
- on Mon 06 Feb 2012
- 11:53:54 AM UTC
RE: Problem
sitecheck.sucuri.net - clean
Hello Myxt and the others,
There is something I don't understand : When I scan meetonearth.org with sucuri : http://sitecheck.sucuri.net/scanner/?scan=www.meet...
I find the same bad report than before. Site infected with malware
Is this sucuri report outdated?Location : Belgium. Native language : French. Other languages : English and Spanish. (Both approximatively) Nice song
-
- on Mon 06 Feb 2012
- 12:28:57 PM UTC
RE: Problem
There is something I don't understand : When I scan meetonearth.org with sucuri : http://sitecheck.sucuri.net/scanner/?scan=www.meet...
I find the same bad report than before. Site infected with malware
Is this sucuri report outdated?
Results were outdated.
Yes you need to rescan the website again.
I have done a scan and results were clean.Website is safe ATM.
If you believe my ratings are unfair, leave a board message to re review. You must ensure that issues are rectified which are mention in my comment. Otherwise you request would not be entertained. Keep up Good Work :)
-
- on Mon 06 Feb 2012
- 12:50:29 PM UTC
RE: Problem
I have removed my rating pending further developments.
Me too.
See what happens !Raise the dike ! ! Or the internet gets flooded and ends up as a stinking swamp. / Message from the "Flying Dutchman".
Problem
Hello,
I have a problem. WOT tell that my blog is bad.... Why? How can I change this?
I don't speak english very well, I'm french...
Thanks
http://www.meetonearth.org