My anti-malware program detects an "infection" each time a TrainBoard window downloads and opens. This occurs with every TB window, i.e. Homepage, Forum, Thread, Railimages, etc. This began on Tuesday evening after I was unable to enter TB all day. The malware site is 209.44.108.236. Also the characteristics of the TB download and display changed following the Tuesday outage. The new characteristics have the basic page template loading immediately, but then there is a significant delay before the forum, thread, or other follow-on data is loaded and displayed. Cheers, Hank
Has there been any progress in determining what causes IP address 209.44.108.236 to be detected as malware? This address appears to be included within the code that downloads and displays the main content all TB screens other than the initial template and advertising screens that precede each detailed screen data. Following the warning from my malware detection software, the download file is scanned before it is allowed to be displayed, which requires 15-20 seconds each time. I admit that I probably am not using the correct terminology in describing where this address appears in the download sequence. If you want clarification, please contact me and I'll try to answer any questions using your terminology.
Hank- What software are you using, which is showing that IP address as a problem? There are times when software will show a site, in error. This could be one such incident. Boxcab E50
Ken, I'm using Malwarebytes' Anti-Malware 1.40. However, I don't believe that Malwarebytes is the cause, merely the detection and display of the condition. This condition started occurring when TB was restarted after not being accessible for most of the day this past Tuesday, 8/4. I assume the shutdown was for site maintenance and/or update which may have added or changed some settings within the download code from IP address 209.44.108.236. Is 209.44.108.236 the TB IP address, or is it a third party address linked from within the TB code? Because that is the address that contains the suspected malware. Unfortunately Malwarebytes does not show any details, so I can't help you there. Is there a way that I can recall and display the TB download code locally?
Hank- The IP address you've provided is Canadian. TrainBoard's IP address is US, and many long miles from Canada. So that is not ours. Checking with Spybot, Adaware, AVG nothing shows for me. All pages load problem free. Boxcab E50
Ken, Like you, I backtracked the 209.44.108.236 IP address to Netelligent Hosting Services, Inc. (H-Dsolutions.com) in Laval, Que. It appears that Netelligent is a website hosting company with a current stable of 657 sites, many of which are US companies. This site lists the companies that Netelligent provides hosting services for - http://www.ip-adress.com/reverse_ip/209.44.108.236 It's possible that TB (Charlie?) recently contracted with a new advertiser who is hosted by Metelligent. Although the visible display of a downloaded website only shows information concerning that site, the URL routing information contains the return path of all the IP addresses along the way that were required to respond to the download request, including the IP address of the website host such as Netelligent. Apparently my malware program tests every IP address in an incoming string, and flags those that might be suspect. It's possible that a website hosting company like Netelligent could set up a process similar to DoubleClick, etc. that track user Internet surfing and buying habits, then report home......dunno? At any rate, the 15-20 second flagging and scanning delay is becoming annoying, and I can't seem to find a way to tell Malwarebytes that this address is OK.
Hank- I am not aware of any recent IP move. I've checked what is available, and we still seem to show as being hosted elsewhere. There is always the potential, in any anti-virus or anti-malware software, for them to show a false positive. Also to blacklist an entire IP range, where there has been past trouble, or might seem to be at present. There is no way to guess about these possibilities from here. So, I have downloaded that program you have, and later I will trying setting it up. Perhaps that way something can be pinpointed? We shall see. Boxcab E50
Norton "SafeWeb" Review TrainBoard has a clean report in all areas and is listed as: "Site is Safe" See the full report at:http://safeweb.norton.com/report/show?url=http://www.trainboard.com/ :thumbs_up: :thumbs_up: :thumbs_up: :thumbs_up:
Sounds like the infection is on Hytec's machine and it, the infection, has chosen the trainboard log on as a place to become functional - in whatever it is doing from Hytec's box.
I uninstalled Malwarebytes from my system, and used REGEDIT to remove all vestiges of it from the Registry. Since then, I have had no problems with delays or detection of any malware. I used two other malware search and detect engines, but neither found any lurkers. What I am considering is that the malware detection notification and download delays within only TB website downloads were a marketing effort by Malwarebytes.com to convince existing and potential customers of their system's merits. First rule of Marketing 101 - "Create Perception of Problem", followed by "Offer Solution", i.e. Gotcha!
Hank- Remember last week when I tried this program? It told me about an infection. So I went into the Registry, and behold- There was no such thing there... Makes a person wonder... Boxcab E50
Ehyup..... Back in '72 when Watergate news was being dragged out by the media, Paul Harvey made the observation - When Dogs Continue to Bark after Police have arrived, one begins to Suspect the Dogs.......:tb-err:
Hytec, it’s also possible that your server maybe compromised. I was listening to Leo Laporte “The Tech Guy” on the radio once and someone had called in with a similar experience. It turned out that something on the server that he was subscribing to was redirecting things. I’m not a computer guy, but it sounds like you got the problem removed. I have often wondered if some of these programs are arbitrarily saying there is a problem when there isn’t just to keep you interested. I used to have Norton’s and it was strange that I had no problems the whole year until a month before it was going to expire. Then suddenly I had all sorts of things going on. I was the same every year until I changed programs. Imagine that. :tb-biggrin:
Train Board I too am receiving the same massage. If the people of train board wanted to fix this they would have done so. I do believe this is part of their program and don’t intend to change the problem. So with that said, I won’t be coming here any longer, until they change their policy.
Well ! That's his loss not Trainboards. Not trying to start an argument but with only two posts he appears to be rather impatient. I've found Trainboard to be very responsive to any issues raised.:we2-policeman: IMO it is the absolute best Multi Scale Forum on the Internet.smile: See ya Ron
Could be the ads Hiya, New to the board and just getting back into model railroading after 10 years. I was cruising the support on how to change my name but I digress... The Flash Ads (or one of them) on the site could be redirecting if they are infected for people that have not updated their Adobe Flash in a while. Late 2009 there was a redirect/download vulnerability found in Flash that is fixed in newer versions. There was also one early 2009 or late 2008 I believe. If you have a vulnerable Flash player you would get a redirect whereas a non-infected newer version would just carry on as if nothing happened. Some anti-malware suites/products also quietly fix/neuter this vulnerability while others prompt/warn. This would also become more seemingly random considering the Ads rotate and only one Ad might be infected. I am also not entirely sure Norton Web Safe scans Flash objects.
Could also be a toolbar doing a cross reference... should run whatever browser is having the issue in safe-mode/no-plugin mode to see if the same results occur.
