"deleted Member" Sent Me Message

I found a message in my inbox this morning (below) in a language /****** I did not recognize. Anyone else getting this? Looked like there was a web address in the message (unrecognizable), which I did not click on.


Hi Deleted Member Today, 06:14 AM

«1

Comments

  • Ive got the same message.I guess it was spam message but there were something wrong with encoding.

  • Ive got the same message.I guess it was spam message but there were something wrong with encoding.


    Yup I got the same message too. And immediately after that my bitdefender deleted nssutil3.dll. I were reading that message on mozilla thunderbird.


    Can I get some explanations about the event? Should I reinstall thunderbird?

  • Sm3K3R
    Sm3K3R ✭✭✭
    edited April 2009
    DO NOT CLICK THE LINK INSIDE THE MESSAGE ,DELETE THE MESSAGE!
  • alexcrist
    alexcrist
    edited April 2009
    Yup I got the same message too. And immediately after that my bitdefender deleted nssutil3.dll. I were reading that message on mozilla thunderbird.


    Can you tell me for what reason that file was deleted?


    Also, can anyone say who exactly sent those messages?

  • Yup I got the same message too. And immediately after that my bitdefender deleted nssutil3.dll. I were reading that message on mozilla thunderbird.


    Can I get some explanations about the event? Should I reinstall thunderbird?


    I just searched for nssutil3.dll on my hard drive and found it still there. Date March 29 2009. Version 3.12.2.0. Appears to be part of Mozilla "Network Security Services" . Having it deleted sounds ominous, but I have no special knowledge about this. Perhaps you should do a BitDefender scan? Or use their beta Quickscan http://forum.malwarecity.com/index.php?showforum=19

  • I don't have any messages, but for some reason BitDefender decided this morning that C:\Program Files\Mozilla Firefox\nssutil3.dll was a virus and deleted the file. Then FireFox would not start complaining that that file was missing. I downloaded a fresh version of FF and tried to reinstall. BD kept deleting nssutil3.dll saying it was trojan.generic.16017990.


    I finally used exceptions to reinstall firefox, but I'm running with an exception for that file. Hope I'm not inviting trouble. :unsure:

  • alexcrist
    alexcrist
    edited April 2009

    The problematic user has already been deleted from this forum.


    We apologize for any inconveniences and thank you for reporting this issue.


    As for detection for the Firefox component, it has already been removed and pending update. It will be available through automatic update in less than an hour. Until then, whoever has this problem, please exclude the file from scan. After detection is removed you can remove the file from exclusions.


    Cris


    EDIT: For the detection problem, please read (and post) here: http://forum.bitdefender.com/index.php?showtopic=13130

  • I got another message now.. from http://forum.bitdefender.com/index.php?showuser=23530


    It says to "click here" just for fun ;)


    The link goes to malware.

  • Hello Medic,


    I got the same thing, apparently. A private message from angelikzusa3 with a link to a **** site. I have sent reference to that website to Valentin in a private message. Do we need to report this to anyone else?


    Okay... Do we need to scan? Did we get hit by something new while our back was turned?


    Sheesh, I can't believe that I clicked that damned link.


    Tink

  • I got one from a deleted member over the weekend, and another from an undeleted member this morning. Today's spam had a link to a site in Russia. I did not click on it. Here is the message I got:


    angelikzusa has sent you a new personal message titled "Just For Fun".


    You can read this personal message by following the link below:


    http://forum.bitdefender.com/index.php?act...&MSID=35422


    Regards,


    The BitDefender Forum team.


    http://forum.bitdefender.com/index.php


    It's kinda of interesting that a forum affiliated with an anti-spam/anti-virus product can't protect itself or its members from malware.


  • miekiemoes
    edited April 2009

    It looks like everyone received this PM here. Look at the online users today :s


    This appears to be the same/similar bot/spammer that was active 2 weeks ago at SEVERAL other IPB Boards. Many users got infected then. :(


    It may be a good idea to set a PM policy here, for example, Only the ability to PM when you have at least 3 posts in the forum.

  • User angelikzusa deleted. Thank you for reporting.


    We will look into the possibility of applying more restrictions for new users. Unfortunately, not even the admins have access to users' PMs, so nobody can monitor whatever is sent this way (that's why is called Private message).


    Since miekiemoes warned that this kind of spamming is something new, the only quick thing I can do right now is to warn everybody NOT to open any suspicious links that come through PM.


    Cris.

  • rootkit
    rootkit ✭✭✭

    The solution:


    is not someone


    is a bot...


    the administrators should use the PM control release of IPB


    http://forums.invisionpower.com/topic/2829...ost__p__1794928

  • The solution:


    Yes I just got the same message just for fun but deleleted it straight away as i am very carefaul when opening pm from someone i dont know./

  • I cliqued in the link..... But i closed in 3 seconds, im infected????

  • Unetwork
    edited April 2009

    Well I agree that its very strange that trough a anti spam, virus board I am getting spam and adware!


    Great advertising.


    I suggest that when you delete a spammer you also build in the function that all PM send will also be deleted.


    Its like a medical doctor asking for a doctor...

  • Nesral Neets
    edited April 2009

    I received an objectionable email this morning from this site as follows


    Subject: You have a new personal message ( BitDefender Forum )]


    angelikzusa has sent you a new personal message titled "Just For Fun".


    You can read this personal message by following the link below:


    http://forum.bitdefender.com/index.php?act...&MSID=38588


    Regards,


    The BitDefender Forum team.


    http://forum.bitdefender.com/index.php


    The link provided on this site links to objectionable (****) material. Entirely inappropriate.


    There should be a section of the forum that allows for reporting of abuse of the forum. If there is one it's not immediately apparent or easily accessed.

  • I received an objectionable email this morning from this site as follows


    Subject: You have a new personal message ( BitDefender Forum )]


    angelikzusa has sent you a new personal message titled "Just For Fun".


    You can read this personal message by following the link below:


    http://forum.bitdefender.com/index.php?act...&MSID=38588


    Regards,


    The BitDefender Forum team.


    http://forum.bitdefender.com/index.php


    The link provided on this site links to objectionable (****) material. Entirely inappropriate.


    There should be a section of the forum that allows for reporting of abuse of the forum. If there is one it's not immediately apparent or easily accessed.


    I got the same message and I am just as ticked off. <img class=" />

  • Odd, I felt sure that I sent Valentin a message pertaining to this private message from forum user Angelik..., yet I cannot see a remnant of that sent message in my user area.


    I would appreciate someone from BitDefender heading for that rogue website to see if those of us who "like sheep" clicked that link need to do something to clean up our machines.


    The website was: i e f a dot r u (no spaces, and the dot replaced by .)


    Thanks.


    T

  • komi
    edited April 2009
    I got the same message and I am just as ticked off. <img class=" />


    I just can't believe to Admin on THIS forum alow guests to spam in private messages !


    I just receive privater mesage labeled "For Fun" with link to this site <removed> [DONT GO THERE]


    I first google this URL and - U gues !!!


    As soon as my BitDefender expire - i am going to another product!


    This is just incredible !

  • Please understand that BitDefender did NOT create the forum software. Spamming technology is changing everyday and we are trying to keep it under control. Measures will be taken in the next few days to control spamming through PM.


    However:


    - PMs can NOT be monitored by moderators/admins (as I said before). They are private and cannot be accessed, even from the Admin Control Panel


    - PMs cannot be deleted when an account is delete (only posts/topics can be deleted).


    We will look for some IPB tweaks/plugins that will allow us to better control SPAM and PM flooding.


    Cris.

  • Please understand that BitDefender did NOT create the forum software. Spamming technology is changing everyday and we are trying to keep it under control. Measures will be taken in the next few days to control spamming through PM.


    However:


    - PMs can NOT be monitored by moderators/admins (as I said before). They are private and cannot be accessed, even from the Admin Control Panel


    - PMs cannot be deleted when an account is delete (only posts/topics can be deleted).


    We will look for some IPB tweaks/plugins that will allow us to better control SPAM and PM flooding.


    Cris.


    THis is one of the very reasopns I no longer use Bit Pretender That & its constant not rtesonding software along with basicly 0 custumer suport Even Mircosoft has become fed up with the problems with this A/V software after spending over 6 hrss on my pc trying to get it uninstalled Which they finally manged to do They now consider Bit defender as a rouge A/V

  • Sm3K3R
    Sm3K3R ✭✭✭
    THis is one of the very reasopns I no longer use Bit Pretender That & its constant not rtesonding software along with basicly 0 custumer suport Even Mircosoft has become fed up with the problems with this A/V software after spending over 6 hrss on my pc trying to get it uninstalled Which they finally manged to do They now consider Bit defender as a rouge A/V


    Maybe BD should sue you for such an acusation.


    BD is not a rougue A/V mate ,wake up.


    If you came here to troll go away.


    If you have issues with BD 2009 use BD 2008 instead.


    Uninstallation takes few minutes at most while using the coresponding BD Uninstalling tool.

  • Please stop flaming this topic or it will be closed.


    Yes, we've had a couple of problems with spammers lately. But SPAM technology changes and we try to keep up with them. It's not the first time this forum is attacked by spammers, it's not the first forum which is attacked by spammers, and it most certainly won't be the last. Actions will be taken, but don't ask us the impossible.


    Thank you for your understanding...


    Cris.

  • Please stop flaming this topic or it will be closed.


    Yes, we've had a couple of problems with spammers lately. But SPAM technology changes and we try to keep up with them. It's not the first time this forum is attacked by spammers, it's not the first forum which is attacked by spammers, and it most certainly won't be the last. Actions will be taken, but don't ask us the impossible.


    Thank you for your understanding...


    Cris.


    Oh now you have problem with "flaming this topic" !


    Whats happen is CLEARLY ADMIN mistake ! No one can send private message to forum user if is now alowed in forum preferences !


    I have a question for YOU to explane to me how some spammer BOT can get access to members list and have privilege to send private messages like GUEST !


    You can talk to guys who dont know too much about forums but not to me !


    I am going to report this problem to couple antivirus web sites, just to they know whats happen here !


    Specialy this Your last topic !


    Have a great day !

  • Oh now you have problem with "flaming this topic" !


    Whats happen is CLEARLY ADMIN mistake ! No one can send private message to forum user if is now alowed in forum preferences !


    I have a question for YOU to explane to me how some spammer BOT can get access to members list and have privilege to send private messages like GUEST !


    You can talk to guys who dont know too much about forums but not to me !


    I am going to report this problem to couple antivirus web sites, just to they know whats happen here !


    Specialy this Your last topic !


    Have a great day !


    ye ive had the same message too,what idiotsfor sending that link, what do these people get out of doing things like this? are they mentally unstable or something? ive already got issues on my pc without adding to it!!!

  • Oh now you have problem with "flaming this topic" !


    Whats happen is CLEARLY ADMIN mistake ! No one can send private message to forum user if is now alowed in forum preferences !


    I have a question for YOU to explane to me how some spammer BOT can get access to members list and have privilege to send private messages like GUEST !


    You can talk to guys who dont know too much about forums but not to me !


    I am going to report this problem to couple antivirus web sites, just to they know whats happen here !


    Specialy this Your last topic !


    Have a great day !


    Well, nobody got access to anything as guest.


    Yes, the PMs appear now as sent by a guest user, but actually those PMs were sent by a registered user to this forum which was later deleted by an admin. And yes, PM-ing system cn be disabled. Do you want this to be done? Cos it's just a few clicks away... but seriously,disabling the whole PM system seems too harsh.


    Yes, I say that this topic is flamed, and a very good example is your post, komi. You use a very aggressive language in a matter that is clearly NOT our fault, and not anybody's fault. We try to keep it to a minimum, but anything can be automated and, seriously, spamming scripts can be made in a few minutes.


    IPB acknowledged this PM spamming problem (proving that BD Forum is not the only one affected) and released a patch. We will probably adopt that patch, but it will be installed once a root admin is available (so it will probably happen tomorrow). More details will be available at that time.


    Cris.

  • But i cliked in the link, im infected or no?

  • Unetwork
    edited April 2009

    Come on Cris, what you say is not the real smart thing to do!


    Believe me I am a admin on one of the largest Dutch boards and moderator on many other boards.


    When you delete a user the name can be changed into deleted because of spam, or banned do not open this PM!


    So each of your members here will know right away that the link is dangerous!


    Also there are many possibilities against spammer sending PM, just enable the function that you need at least 5 messages posted to be able to send a PM to other users..


    Shall I continue?


    Instead you are doing something about it you start barking to the wrong tree with your saying that you will close this topic!


    Come on, people here are your customers and they DO pay for YOUR service and they trust B-defender not to have some virus or trojan or what so ever coming to their PC trough your website..


    If you can't understand that people are angry and upset well I think you should find something else to do...


    If needed I will help you ;)


  • :S The website contain virus yes or no, im infected yes or no.....????? im preoccupied

  • alexcrist
    alexcrist
    edited April 2009

    Unetwork, (and this goes for everyone around here who doesn't already know) first of all, nobody around here is MY customer, nor this is MY product. I have nothing to do with BitDefender as a company as I'm not their employee. I'm just a volunteer here and have no gain from this forum, whatsoever. So maybe you're "barking at the wrong tree"? :)


    And second of all, I don't have direct access to the admin CP (because of what I said above). Again, everything I do related to administration, I do "through" someone (I talk to someone and make suggestions). Nothing more, nothing less.


    Also, I took a peek in the admin CP (I had access a few months ago) and really didn't see an option to allow PM for only certain users (based on number of posts). Maybe I didn't look hard enough, maybe it just doesn't exist in IPB (are you using the same software)? If you have exact suggestions, I doubt anyone will refuse them.


    Cris.

  • Di0g0
    edited April 2009

    .... The site is infected or no?? CRIS please RESPOND

  • Cris went to bed:p it's half past one AM.


    Regarding the link - at the time I tried to access it(a few hours ago), it was constantly redirecting to one of two locations via a russian traffic exchange site. The two locations were an online store(probably. I was unable to access the server, but other people online say it's a scam or something) and the other site is apparently probably linked to captcha breaking botnets. that's my best guess. The second one presents no risk as far as I could evaluate. I'm unable to say anything about the first one.

  • Im secure?? the site i cliked is ..... .ru i dont remember the website but terminates in .ru but i close the site in 4 seconds!!! im infected??? :S need format my computer?

  • The innaccessible site was under the .com TLD.


    I missed the important part:p The site is only used to present people with captchas collected from users and collect answers. At the time of checking there was no danger associated with the page, except helping a criminal organization break one of the toughest anti-bot techniques on the web.

  • no virus warning popped up when i accessed it? it was some site advertising ect????

  • Di0g0
    edited April 2009

    Ok no danger? i think the site terminates in .ru but i dont have certain. Sry im not english sry my bag english...


    But investigate the website please....


    I restored my system for precaution.

  • Im secure?? the site i cliked is ..... .ru i dont remember the website but terminates in .ru but i close the site in 4 seconds!!! im infected??? :S need format my computer?


    I clicked it to check it out... nssutil3.dll is essential for FF and was´nt involved, I had the browser (Opera) sandboxed and when looking at the content I can't see any pecularities...

  • csalgau
    csalgau ✭✭
    edited April 2009

    @davey: sites advertising are not always malware related.


    @Osip: Beyond me why you dragged nssutil3.dll in this.

  • I go format my computer xD, i have problems ... i cant enter in websites firefox says file cant found.

  • csalgau
    csalgau ✭✭
    edited April 2009

    Yet for some reason you are still posting this. Let's not overreact. The target of the user was to trick as many people as possible into filling in the captchas and help the botnet or whatever that was. there is no evidence to suggest there was anything malicious in the site. It serves the same content to firefox users as to any other users.


    Forgive me if I'm not here for the post count. If there is nothing serious left to talk about, please stop generating email alerts to my inbox:p

  • Ok, thanks :D

  • Sm3K3R
    Sm3K3R ✭✭✭


    Few days ago Nvidia forum had a spamm problem too.No links involved though.


    The bad guys found some weak points in forums software, that can be exploited.


    Simply ignore PM-s, set in My Controls -> Board Settings this field Do you wish to get a board notification when you get a new personal message? to NO


    Delete from Inbox any messages that come from unknow forum people.The most important thing is to not click on links if any.


    You could also use sandboxed browsers ,the best way of protecting yourself while navigating worldwide.

  • @Osip: Beyond me why you dragged nssutil3.dll in this.


    I did'nt drag it in...I replied to what was said in post 2 and 6.

  • Well, nobody got access to anything as guest.


    Yes, the PMs appear now as sent by a guest user, but actually those PMs were sent by a registered user to this forum which was later deleted by an admin. And yes, PM-ing system cn be disabled. Do you want this to be done? Cos it's just a few clicks away... but seriously,disabling the whole PM system seems too harsh.


    Yes, I say that this topic is flamed, and a very good example is your post, komi. You use a very aggressive language in a matter that is clearly NOT our fault, and not anybody's fault. We try to keep it to a minimum, but anything can be automated and, seriously, spamming scripts can be made in a few minutes.


    IPB acknowledged this PM spamming problem (proving that BD Forum is not the only one affected) and released a patch. We will probably adopt that patch, but it will be installed once a root admin is available (so it will probably happen tomorrow). More details will be available at that time.


    Cris.


    Disabling a whole PM system is not solution, even tednical support forum dont need it - problem is something else - there is no problem with PM system, there is no problem with SPAMMING BOT, there is no problem with DELETED USER, there is no problem with IB, there is problme with wrong forum config ...


    I see on the forum footer version "Powered By IP.Board © 2009 IPS, Inc." - this mean - forum is up to date and running well ... Why need for any patch ?


    I NEED TO KNOW NEXT!


    "... first of all, nobody around here is MY customer, nor this is MY product. I have nothing to do with BitDefender as a company as I'm not their employee. I'm just a volunteer here and have no gain from this forum, whatsoever. So maybe you're "barking at the wrong tree"? ... "


    WHAT ARE YOU DOING HERE - you are not alowed then to answer any question I HAVE HERE !


    IF You dont have Admin Control panel access, you cant change user level permisions, this mean - nothing is changed and unregistred visitors - aka GUESTs can still send PMs and have full access to member list ?


    I AM a BD company customer and i need answers whats goin one here ...


    And i dont want answer from YOU - i WANT answer from forum ADMIN .. WHO and WHY have access to my info stored on this forum ...


    P.S.


    One more thing ... in PM option this forum says - " Max. single upload size: 92.77MB " ... Can i expect infected files in my PM box from some GUEST ?

  • As I said, please calm down. Your aggressive tone will lead us nowhere.


    I see on the forum footer version "Powered By IP.Board © 2009 IPS, Inc." - this mean - forum is up to date and running well ... Why need for any patch ?


    And also most of you are using BitDefender 2009. Why do you need updates and upgrades?


    Because everything changes, vulnerabilities are found each day and fixed through patches. The patch I was talking about was released earlier this month, and was specifically designed for better controlling PM SPAM. It's an optional patch so only the forums having problems can install it.


    I NEED TO KNOW NEXT!


    WHAT ARE YOU DOING HERE - you are not alowed then to answer any question I HAVE HERE !


    Yes, I am. If you don't like my answers, it's your problem. But I've been on this forum since it's first week of existence more than 2 years ago and I earned my right to be a Moderator here. As I said, I also was a SuperModerator (with Admin access) here for a few months, before the forum was transformed from a User Forum to an Official Technical Support Forum and I just couldn't be a SM anymore (not being an employee and all). But why on Earth should I explain myself to you? :)


    IF You dont have Admin Control panel access, you cant change user level permisions, this mean - nothing is changed and unregistred visitors - aka GUESTs can still send PMs and have full access to member list ?


    Do you know what a GUEST is? It's a person who is not logged in.


    Just PLEASE logout of this forum and try to access someone's profile, or send a PM, or post something, or download an attachment... you CAN'T! Everything is restricted for guests. As I said, that member was registered and afterwards deleted. Yes, maybe it's name should have been changed before deletion (and thank you for the suggestion, it will be applied from now on), but still, it was registered.


    I just can't believe we're arguing on the fact that the user was/wasn't registered on this forum. Geez... don't we both have better things to do than this?


    I AM a BD company customer and i need answers whats goin one here ...


    You've got answers. If you have more questions, post them.


    Your problem is not the answers I give, it's just me. For some reason, you don't like the person who answers, not the answers themselves. And if an admin came to answer the same questions, you would get the same answers (maybe in other words, but the same answers).


    And i dont want answer from YOU - i WANT answer from forum ADMIN .. WHO and WHY have access to my info stored on this forum ...


    As I said above... :rolleyes:


    I know the person who is admin. I talk to him everyday. He told me about the patch and that it will be installed as soon as possible.


    One more thing ... in PM option this forum says - " Max. single upload size: 92.77MB " ... Can i expect infected files in my PM box from some GUEST ?


    From GUESTS, absolutely NO.


    From other members, highly unlikely, because filetypes which might contain malware (such as executables, archives, and so on) are forbidden from being attached. The attachments that are allowed are text files (txt, log, xml, rtf), documents (PDF, DOC) and jpg/jpeg images.


    Cris.

  • Cris there is a way in this board software that you can rename any one which is banned, to rename as I have suggested.


    Also there is a way to prevent a new user which never posted a message before to send PM's.


    IP Board software has those plugins, just ask the IP board group about this.


    Personal I prefer UBB Treads, but again that is my personal opinion as we have over 20,000 registered users.


    It saves me lots of time.

  • Cris there is a way in this board software that you can rename any one which is banned, to rename as I have suggested.


    Banned, yes.


    But that user was deleted. Permanently. Can you rename a deleted member?


    Also there is a way to prevent a new user which never posted a message before to send PM's.


    IP Board software has those plugins, just ask the IP board group about this.


    OK, thanks for pointing this out. I will look for something like this and suggest them.


    Cris.

  • User angelikzusa deleted. Thank you for reporting.


    We will look into the possibility of applying more restrictions for new users. Unfortunately, not even the admins have access to users' PMs, so nobody can monitor whatever is sent this way (that's why is called Private message).


    Since miekiemoes warned that this kind of spamming is something new, the only quick thing I can do right now is to warn everybody NOT to open any suspicious links that come through PM.


    Cris.


    Suggestions:


    Require users to respond to a slightly scrambled set of letters or numbers ... something I see more and more of on other interactive web sites. If scrambled clever enough, the bots will have problems.


    Another restrictive measure would be to prevent "new" users from sending out more than a few messages a day. The restriction could be lifted after some trust level of your choosing had been reached.

  • I found a message in my inbox this morning (below) in a language /****** I did not recognize. Anyone else getting this? Looked like there was a web address in the message (unrecognizable), which I did not click on.


    Hi Deleted Member Today, 06:14 AM


    Probably a spammer or a virus/trojan launcher.


    Do not click on it.


    What is puzzling ( or funny ) is to be attacked where we could consider oneself to be almost safe: on the forum of an AV-firewall producer ! that is a surprise...


    Nice evening to all.


    L..