Did SBR give me a virus?

robzilla · 04-09-12, 03:19 PM

Here we go again

Bill Dozer · 04-09-12, 03:22 PM

Rob,
Fire over the "more info" details they offer? Thanks

ProfaneReality · 04-09-12, 03:22 PM

just got this today

robzilla · 04-09-12, 03:28 PM

Billy, it's attempting to plant an .exe file in my Users directory.

robzilla · 04-09-12, 03:31 PM

For those posters that dont have a good anti virus, this could really be a problem and they arent even aware right now.

blackbeSSt · 04-09-12, 03:33 PM

Originally posted by robzilla

For those posters that dont have a good anti virus, this could really be a problem and they arent even aware right now.

i didn't think it was trying to install anything?

secretstash · 04-09-12, 03:48 PM

I am getting the message too from avast

Infection Details

http://rguyspornencyk.info/main.php?page

C:\Program Files (x86)\SBR Poker\sbr.exe

URL:Mal

-stash

sickler · 04-09-12, 03:49 PM

Bill, Lou et al...The virus alerts are still happening

I don't see any active threads with complaints about this. Minutes ago, see the date and clock.

I use firefox if that helps.

King Mayan · 04-09-12, 03:53 PM

Sickler, nobody cares no more.

We're all fukked.. Mayans predicted this.

Trident · 04-09-12, 03:53 PM

Really need to get rid of these Flash Banners till you guys have this fixed once and for all before someone ends up with a virus.

robzilla · 04-09-12, 03:58 PM

This trojan didnt get removed from my system right away. Could tell because it wouldnt let me exit via sys tray or alt-ctrl-del close

hhsilver · 04-09-12, 03:58 PM

I just got the same thing when I opened poker.

sickler · 04-09-12, 04:01 PM

My thread was merged here. I'm not the only one.

Jerm3462 · 04-09-12, 04:02 PM

Bill Dozer, I just gotta ask you...

What the hell are you doing?

A trojan virus? Are you kidding me?

I run ESET NOD32 Antivirus 4 ( a pretty expensive antivirus program)
Upon entering sbr today, a red message popped up.

4/9/2012 4:57:21 PM HTTP filter file connection terminated - quarantine
Threat was detected upon access to web by the application:

robmpink · 04-09-12, 04:06 PM

the saga continues

SBR Lou · 04-09-12, 04:10 PM

Thanks guys for the screenshots. We're in the process of remotely connecting with an affected user to narrow it down.

Unfortunately, you will see the alerts for the time being if you use AVG, Avant, Nortons.

Jerm3462 · 04-09-12, 04:24 PM

Looks like antivirus killed that silly banner up top.

Mr. Jones · 04-09-12, 05:21 PM

C'mon Man!

SBR Lou · 04-09-12, 05:22 PM

Any new reports since clearing cookies/cache? Screenshots appreciated.

robzilla · 04-09-12, 05:26 PM

Originally posted by SBR Lou

Any new reports since clearing cookies/cache? Screenshots appreciated.

My time is set to pinnacles time. its really 6:24pm

str · 04-09-12, 05:37 PM

Lou,

This is a virus that AVG stopped just now.

URL: rguyspornencyk.info/main.php?page=b8c7f71aa41c9ce4
Name: Blackhole Exploit Kit Detection (type 1889)

sideloaded · 04-09-12, 05:46 PM

It's obvious your ad network is ******, time to bring it down and quit infecting users

capitalist pig · 04-09-12, 05:51 PM

Same here just got attacked again, its not worth visiting here till this issue is fixed. This has been going on for almost a week now and its obvious that either you dont know how to fix it or you dont care,JMO.

later

Ian · 04-09-12, 06:05 PM

Originally posted by ProfaneReality

just got this today

I got the exact same Norton warning that ProfaneReality got. There was a Bodog banner at the top of the poker software.

The whois info on the attack site is

Jerm3462 · 04-09-12, 06:07 PM

Originally posted by capitalist pig

Same here just got attacked again, its not worth visiting here till this issue is fixed. This has been going on for almost a week now and its obvious that either you dont know how to fix it or you dont care,JMO.

later

agreed, i was just hit with the same message at 7:05PM.
Disable to damn ad's. You are exposing your users to threats.

I wonder whats happening to all the people who lacks antivirus software?

SBR Lou · 04-09-12, 06:08 PM

Originally posted by capitalist pig

Same here just got attacked again, its not worth visiting here till this issue is fixed. This has been going on for almost a week now and its obvious that either you dont know how to fix it or you dont care,JMO.

later

We're deeply sorry for these alerts, the entire team is working on this as priority number one. There are too many variables to name and things on the user side that add length to the investigative process, but from a technical end, there isn't a stone unturned at this point and one thing to add is, the alerts from your program actually mean the perceived threat(s) is being prevented. It wouldn't do any good to get into more technical detail from a security perspective, but I'd like to think you have more faith in SBR after five years of membership than your post indicated.

Roadtrip635 · 04-09-12, 06:11 PM

Just logged in and got the same warning as everyone else just now. The saga continues...business as usual.

Optional · 04-09-12, 06:14 PM

Originally posted by sideloaded

It's obvious your ad network is ******, time to bring it down and quit infecting users

If it was that obvious, or simple, we wouldn't still be hearing about it.

On a positive note, my AV was broken when this started. But I just got a clean bill of health that I have not been infected by anything from an expert.

Optional · 04-09-12, 06:18 PM

Originally posted by SBR Lou

We're deeply sorry for these alerts.

You keep making it sound like you only think you need to work out how to stop the AV programs going off. I hope you are looking into the possibility that you really have a server exploit.

New version of forum software recently makes that seem like a decent possibility I would have thought.

onlooker · 04-09-12, 06:20 PM

Originally posted by SBR Lou

Any new reports since clearing cookies/cache? Screenshots appreciated.

Just got home, and logged on. My browser is set to clear cookies when closing, and my cache is set to store 0MB.

onlooker · 04-09-12, 06:23 PM

Also. I seen on a Youtube video of what the Blackhole Exploit does to your computer, if infected. Let me tell you, if your computer got infected, you wouldn't be able to post here about the alerts on your AV. You would have to go through Safemode to get it cleared off, to even have control of your computer.

Are these alerts right? No, and SBR needs to find the reason for it. That is why I am posting screens, and trying to help notify them. Just letting you know your computer isn't getting anything on it.

I'll post a video later I seen, that shows what the Exploit does.

Iwinyourmoney · 04-09-12, 06:44 PM

Logged into poker today and it set it off.

Is it the add network??

If its the adds disable the fukin adds SBR

sideloaded · 04-09-12, 07:04 PM

Opti all this is coming from their ad network, If sbr stopped serving ads on the LIVE site until they fixed it, No one would be getting infected. I'm sorry but it is that simple. Instead SBR is leaving the ads live and potentially infecting new users.

Iwinyourmoney · 04-09-12, 07:06 PM

Originally posted by sideloaded

Opti all this is coming from their ad network, If sbr stopped serving ads on the LIVE site until they fixed it, No one would be getting infected. I'm sorry but it is that simple. Instead SBR is leaving the ads live and potentially infecting new users.

blackbeSSt · 04-09-12, 07:31 PM

onlooker, are you running adblock plus?