# SMF web seems to be infected with a virus



## tucson bbq fan (Feb 2, 2014)

Yesterday and today, on several occasions, while browsing new posts, I have had the SMF site change to a fake message saying that Microsoft Antivirus has detected unusual activity and I need to clean my PC immediately.  This is a fake message, and if you click on the link, it infects your machine.  I run Norton Antivirus (not Microsoft) and it catches it and blocks it.  The attacking computer is listed as 212.83.155.47, 80

DO NOT CLICK on the message to clean your computer!


----------



## cliffcarter (Feb 2, 2014)

Yep, we've noticed, although there is no indication that the Mod's have yet.

http://www.smokingmeatforums.com/t/...essentials-security-virus-alerts#post_1129280


----------



## dward51 (Feb 2, 2014)

I'm not seeing it here, but I'm heavily protected.

I used to run a couple of web sites and I suspect it creeped in via the code for one of the adds.  I've seen that before.  If that is the case, the problem is not with SMF forum but with the add vendor or product company code, not Jeff's.


----------



## Victor (Feb 2, 2014)

Yep,

My Norton app blocks the redirected page before it loads.


----------



## dward51 (Feb 2, 2014)

What redirected page?

Just curious, but what browser are you guys running?  I'm on firefox and not seeing any of this (but I also have a paid subscription to the site and may not be getting the adds you are seeing).


----------



## bmudd14474 (Feb 2, 2014)

We have reported this issue. Its not aSMF issue per say its with the ad's that run on the site. They hope to have it resolved soon.

Also anytime you see a issue like this if you go to www.smokingmeatforums.com/feedback you can report it so that if a mod isn't on it alerts the ones that need to know. 

Thanks


----------



## turnersdad (Feb 3, 2014)

Thank you for this update! I have also had this problem with the Micosoft  message over the last weeks.

Mike.


----------



## Victor (Feb 3, 2014)

dward51 said:


> What redirected page?
> 
> Just curious, but what browser are you guys running?  I'm on firefox and not seeing any of this (but I also have a paid subscription to the site and may not be getting the adds you are seeing).


I'm running Internet Explorer 9 with Norton Security Suite. Norton has detected this issue only while I'm on the SMF site. I have no problems anywhere else at all. Norton alerts me with the following message..."Fake App Attack: Fake Av Website 20"...The following text was extracted from a Norton forum:
[h1]"Re: Fake App Attack: Fake Av Website 20[/h1]
‎05-03-201207:59 PM

Hi ConstanceGrace,

This type of attack is commonly associated with fake antivirus scans that attempt to trick you into downloading malware that pretends to be a security or system maintenance product. Norton has blocked the loading of the page before you were able to click on anything that might lead to trouble. Even so, it is often a good idea to update your virus definitions by running LiveUpdate, and then run a scan, just to make sure that no harm was done."

**********************************************************************************

This is not a brand new game.


----------



## dls1 (Feb 3, 2014)

Tucson BBQ Fan said:


> Yesterday and today, on several occasions, while browsing new posts, I have had the SMF site change to a fake message saying that Microsoft Antivirus has detected unusual activity and I need to clean my PC immediately.  This is a fake message, and if you click on the link, it infects your machine.  I run Norton Antivirus (not Microsoft) and it catches it and blocks it.  The attacking computer is listed as *212.83.155.47*
> 
> *DO NOT CLICK on the message to clean your computer!*


Thanks for the heads up, Tuscon.

If you do click on the fake or rogue AV message you'll probably be directed to a web site where you'll need to purchase an AV program to get rid of a "virus" that probably isn't on your computer in the first place. If you chose not to purchase the program they won't go away and will hold your computer hostage until you pay the ransom. When you ultimately purchase the program, you're out the money and they have your CC info.

The IP shown is located in Lyon, France and the ISP is French telecom company Tiscali-France/Iliad Enterprises in Paris. From what I could tell with a quick check, only SMF and a couple other US based forum type web sites have been hacked recently.

Be careful.


----------



## bmudd14474 (Feb 3, 2014)

dls1 said:


> Tucson BBQ Fan said:
> 
> 
> > Yesterday and today, on several occasions, while browsing new posts, I have had the SMF site change to a fake message saying that Microsoft Antivirus has detected unusual activity and I need to clean my PC immediately.  This is a fake message, and if you click on the link, it infects your machine.  I run Norton Antivirus (not Microsoft) and it catches it and blocks it.  The attacking computer is listed as *212.83.155.47*
> ...



For the record SMF has not been hacked. Its the ad company that SMF uses but these ads don't touch our database.


----------



## cliffcarter (Feb 9, 2014)

I am getting this again today, twice in the last 15 minutes


----------



## tropics (Sep 2, 2014)

I am getting a redirect to scan my PC I never open any thing that pops up.

http://www.reimageplus dot com/

This is the only web site I am getting it on Hope it can be blocked.

Richie


----------

