# any ideas why norton says ttforum is attacking



## Gazzer (Jun 12, 2010)

﻿Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2013-01-31 20:18:01,High,An intrusion attempt by as2.autoforums.com was blocked.,Blocked,No Action Required,Web Attack: Mass Injection Website 5,No Action Required,No Action Required,"as2.autoforums.com (173.193.180.45, 80)","as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=30687567500&charset=utf-8&loc=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&referer=http://www.ttforum.co.uk/forum/viewforum.php?f=2","LAPPY (192.168.1.103, 50743)",173.193.180.45 (173.193.180.45),"TCP, www-http"
Network traffic from as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=30687567500&charset=utf-8&loc=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&referer=http://www.ttforum.co.uk/forum/viewforum.php?f=2 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.


----------



## Hoggy (May 8, 2002)

Hi Gazzer, Get rid of Norton, this Free one is better. I wouldn't use Norton if they paid me.
http://www.avast.com/en-gb/index
Hoggy.


----------



## Gazzer (Jun 12, 2010)

﻿Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2013-01-31 20:29:22,High,An intrusion attempt by as2.autoforums.com was blocked.,Blocked,No Action Required,Web Attack: Mass Injection Website 5,No Action Required,No Action Required,"as2.autoforums.com (173.193.180.45, 80)","as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=41146701917&charset=utf-8&loc=http://www.ttforum.co.uk/forum/index.php&referer=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&p=2491155","LAPPY (192.168.1.103, 52908)",173.193.180.45 (173.193.180.45),"TCP, www-http"
2013-01-31 20:29:22,High,An intrusion attempt by as2.autoforums.com was blocked.,Blocked,No Action Required,Web Attack: Mass Injection Website 5,No Action Required,No Action Required,"as2.autoforums.com (173.193.180.45, 80)","as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=41146701917&charset=utf-8&loc=http://www.ttforum.co.uk/forum/index.php&referer=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&p=2491155","LAPPY (192.168.1.103, 52908)",173.193.180.45 (173.193.180.45),"TCP, www-http"
Network traffic from as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=41146701917&charset=utf-8&loc=http://www.ttforum.co.uk/forum/index.php&referer=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&p=2491155 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me. , Network traffic from as2.autoforums.com/ads/www/delivery/ajs.php?zoneid=773&cb=41146701917&charset=utf-8&loc=http://www.ttforum.co.uk/forum/index.php&referer=http://www.ttforum.co.uk/forum/viewtopic.php?f=2&t=315309&p=2491155 matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE. To stop being notified for this type of traffic, in the Actions panel, click Stop Notifying Me.

Hoggy it has never happened before and TT forum is in the trusted list m8...........it is every minute or so at the moment from ip:173.193.180.45.80


----------



## Hoggy (May 8, 2002)

Hi Gazzer, Strange message. Disconnect internet, shut PC down, reconnect & try again.
Hoggy.


----------



## Gazzer (Jun 12, 2010)

same m8, but only this site? something isn't right me thinks(attack is called mass injection) if that helps


----------



## Gazzer (Jun 12, 2010)

just read up on it and it is a script that tries to redirect you to a site to install antivirus software.........tt forum has a malware script running by looks.


----------



## Mark Davies (Apr 10, 2007)

I'm getting it too - with every page I open here. Something is using the site to try and have a go.


----------



## conlechi (May 6, 2006)

Problems here as well , my iPad keeps shutting down when on the TTF , ok on other sites :?


----------



## barton TT (Nov 13, 2004)

Everything is working ok for me.i have AVG free anti virus. :? iPad works also.


----------



## Gazzer (Jun 12, 2010)

just rang John H and he is having same problems guy...........site is under attack by looks


----------



## Hoggy (May 8, 2002)

Hi Gazz, Not alot of help, but I have just logged on with another Laptop using Avast & no probs or virus messages.
Hoggy.


----------



## Gazzer (Jun 12, 2010)

Hoggy avast is a free software and will not have all of the virus detection or mass attack detections installed m8.....so about as much use as an ashtray on a motorbike lol


----------



## barton TT (Nov 13, 2004)

Gazzer said:


> Hoggy avast is a free software and will not have all of the virus detection or mass attack detections installed m8.....so about as much use as an ashtray on a motorbike lol


And you think Norton is any better.i think NOT.would not have that running on any of my PC'S


----------



## John-H (Jul 13, 2005)

Thanks for the heads up Gazza - I reported it to Steve and am awaiting a response. My Avast security was picking it up too on every page but it's stopped doing it now. It could be a false alarm or could have been cleaned - will find out.

Anyone else still having a problem? If so what virus checker are you running?


----------



## Torque (May 7, 2012)

AVG and McAfee on mine. McAfee showed amber warning but AVG shows nothing :?


----------



## Hoggy (May 8, 2002)

Hi, No, I use Panda on my Laptop, just used a Laptop using Avast as a test. I still wouldn't use Norton, I repair lots of PCs using Norton & it doesn't even find lots of viruses, so it can't remove them.
Hoggy.


----------



## Hoggy (May 8, 2002)

Hi, Back on my daily laptop now using Panda Anti virus & still no probs. Not much help to the Norton users though.
Hoggy.


----------



## Gazzer (Jun 12, 2010)

the attacks started at 8.44pm and finished at 9.12.44 seconds pm. well me mark john and Mark davis encountered it Hogs, so suggest if your system didn't it has a flaw somwhere bud :?


----------



## Hoggy (May 8, 2002)

Hi Gazzer, Pleased to hear all cured. 
But will stick with Panda rather than Norton. Daily experience tells me Norton/Mcafee not the best.
Hoggy.


----------



## TTFAdmin (Feb 1, 2012)

Hi everyone,

I just wanted to let you guys know as well that I got confirmation from the tech working on the site that this has been fully cleared now as we were able to detect it as well. This should no longer be an issue and no one should see any more alerts. 

Thank you all for the reports.


----------



## Gazzer (Jun 12, 2010)

TTFAdmin said:


> Hi everyone,
> 
> I just wanted to let you guys know as well that I got confirmation from the tech working on the site that this has been fully cleared now as we were able to detect it as well. This should no longer be an issue and no one should see any more alerts.
> 
> Thank you all for the reports.


WD Boss man.............see Hoggs even steve had notification!!!! ok i'll get me coat ------------> walks that way


----------



## Hoggy (May 8, 2002)

Hi Gazz, I will have to agree to disagree.  :wink: 
Hoggy.


----------



## Gazzer (Jun 12, 2010)

just started again!!!!


----------



## Hoggy (May 8, 2002)

Gazzer said:


> just started again!!!!


Hi Gazz, Oh no. :? That's the trouble with some of these Anti Virus, too much user involvement req.
What's the point of telling you of a prob, it should at least inform you that it has removed it, you are paying for something that can't remove the problem. Pointless.
I have used Panda for years without virus probs, but repaired plenty using Norton or Mcafee. 
Hoggy.


----------



## Gazzer (Jun 12, 2010)

Hoggy said:


> Gazzer said:
> 
> 
> > just started again!!!!
> ...


Hoggy it is stopping it my end np's, but if the forum has an infection then my system telling me it is being attacked is doing its job no?
ok had enough of it for tonight and flipping popup warnings so off to do cheese n pickle sarnies for bed


----------



## Hoggy (May 8, 2002)

Hi Gaz, Enjoy your sarnies. Good night, sleep tight..Just had a couple of sausage rolls & ketchup  .
Hoggy.


----------



## TT Boycie (Sep 27, 2009)

Use Avira on my pc. No problems whatsoever. Norton slows your pc down soooo much it ends up in slug mode


----------



## paulc1 (Oct 10, 2011)

Anti virus what's that says a very smug MacBook Air owner, don't have any of these issues or any anti virus as its not needed , time you gents all bought apple


----------



## sbd119 (Jan 2, 2010)

paulc1 said:


> Anti virus what's that says a very smug MacBook Air owner, don't have any of these issues or any anti virus as its not needed , time you gents all bought apple


+1


----------

