Webkinz Insider - Not affiliated with Ganz or Webkinz.

Welcome to WI!


Free Webkinz Codes

Ads  Remove Ads

Become an Insider Insider Subscriber and make these ads go away!
Go Back   Webkinz Insider Forum > WebkinzInsider.Com > WI Rules & Suggestions

Welcome to the Webkinz Insider Forum forums.

You are currently viewing our boards as a guest which gives limits your access to many of our other features. By joining our FREE community you will have access to post topics, communicate privately with other members (PM), removal of some (including the "in-text") ads, respond to polls, upload content and access many other special features, such as trading, and entering contests! Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.
Closed
 
LinkBack Thread Tools Display Modes
Old 11-07-2008, 10:57 AM   #1
Webkinz :)
 
CmdrMic's Avatar
CmdrMic is on a distinguished road

Default Got bad virus from webkinz insider

NOTICE OF VIRUS GOT FROM WEBKINZ INSIDER. PLEASE READ:

I was on WI lastnight, I went to send a personal message to a friend. When I clicked on send a personal message on the users page, my system completely shut down and rebooted (running XP Pro w/IE7 with AVG7.5 and all updates). When it came back up, the system was badly infected, AVG (anti-virus software) would not function. SpyBot Search and Destroy 1.5 was also disabled. I tried to go back to a restore point, but those programs were still unavailable after selecting a restore (this virus infects the restore point. After, the system would still boot to the desktop but was littered with trogan virus types downloaders. I could not get into AVG or SB even in safe mode! I had to download new versions of AVG8.0 and SB1.6 from another system onto CDs, and then install from the CDs. Luckily, I was able to re-install these products (very slowly). Even after multiple runs of these products now, the system remained somewhat infected as they are self replicating. As mentioned, the restore point was also infected. It will probably require a full deletion of all restore points to clean it out! I have a high level of technical expertise with the Windows XP and operating systems and I believe Webkinz Insider has a serious issue here. It is possible this viral attack is Flash related (from within one of the ads), but since it came from just clicking on "Send a Personal Message" - on a users page I believe the PHP code for this site might be corrupted and or infected. It took over 5 hours of straight work, to get the system clean. Multiple runs of AVG & SB, the a full deletion of all restore points. Finally, the attack will place a file in your c:\windows\system32 directory called: KARNA.DAT. This file needs to be deleted, but you cannot. You cannot delete it in the DOS console, or even in safe mode. If you rename it, it will come back. This file is a component of the virus and must be deleted. The only way I could delete it was to use a Windows XP Pro, full installation CD. You boot from the CD and select the Recovery Console (you must know the Admin password to do this). The Recovery Console is the last true vestage of DOS. Once you are in the console you can move to that directory and delete the file.

Once again: If you are on WI, and your system all of a sudden shuts down and reboots, you have just been infected. You will also notice your anti-virus program stops functioning. Another way to check to see if you are infected is to have your system check to see if you have any incidence of KARNA.DAT on your system. If you do, you are infected.

ATTENTION WEBKINZ INSIDER MODERATORS AND STAFF: Please check the PHP documents on your server for viral infection!!!
CmdrMic is offline Male
Sponsored Links
Old 11-07-2008, 11:04 AM   #2
Desertpearl
Gifted
 
Texasmiley's Avatar
Texasmiley will become famous soon enough

Default Re: Got bad virus from webkinz insider

my norton anti-virus goes crazy every time I go on WI
Right now its like not working, it says it can't update or somthing

Last edited by Texasmiley; 11-07-2008 at 11:11 AM..
Texasmiley is offline Female
Old 11-07-2008, 11:10 AM   #3
rleong
 
Justin's Avatar
Justin has disabled reputation

Default Re: Got bad virus from webkinz insider

View Post Originally Posted by CmdrMic
NOTICE OF VIRUS GOT FROM WEBKINZ INSIDER. PLEASE READ:

I was on WI lastnight, I went to send a personal message to a friend. When I clicked on send a personal message on the users page, my system completely shut down and rebooted (running XP Pro w/IE7 with AVG7.5 and all updates). When it came back up, the system was badly infected, AVG (anti-virus software) would not function. SpyBot Search and Destroy 1.5 was also disabled. I tried to go back to a restore point, but those programs were still unavailable after selecting a restore (this virus infects the restore point. After, the system would still boot to the desktop but was littered with trogan virus types downloaders. I could not get into AVG or SB even in safe mode! I had to download new versions of AVG8.0 and SB1.6 from another system onto CDs, and then install from the CDs. Luckily, I was able to re-install these products (very slowly). Even after multiple runs of these products now, the system remained somewhat infected as they are self replicating. As mentioned, the restore point was also infected. It will probably require a full deletion of all restore points to clean it out! I have a high level of technical expertise with the Windows XP and operating systems and I believe Webkinz Insider has a serious issue here. It is possible this viral attack is Flash related (from within one of the ads), but since it came from just clicking on "Send a Personal Message" - on a users page I believe the PHP code for this site might be corrupted and or infected. It took over 5 hours of straight work, to get the system clean. Multiple runs of AVG & SB, the a full deletion of all restore points. Finally, the attack will place a file in your c:\windows\system32 directory called: KARNA.DAT. This file needs to be deleted, but you cannot. You cannot delete it in the DOS console, or even in safe mode. If you rename it, it will come back. This file is a component of the virus and must be deleted. The only way I could delete it was to use a Windows XP Pro, full installation CD. You boot from the CD and select the Recovery Console (you must know the Admin password to do this). The Recovery Console is the last true vestage of DOS. Once you are in the console you can move to that directory and delete the file.

Once again: If you are on WI, and your system all of a sudden shuts down and reboots, you have just been infected. You will also notice your anti-virus program stops functioning. Another way to check to see if you are infected is to have your system check to see if you have any incidence of KARNA.DAT on your system. If you do, you are infected.

ATTENTION WEBKINZ INSIDER MODERATORS AND STAFF: Please check the PHP documents on your server for viral infection!!!
I'm curious, how did you determine that this was definitely from WI? There is no infection in any of our PHP code, nor in any of the ad scripts.... It is possible that you were infected previously.

KARNA.DAT is related to Adware.VirtuMonde, which is an adware program that downloads and displays popup advertisements. (If you are seeing popups on WI, we don't use them, so that's a sign you're infected) It's actually a very old virus, dating back to 2003.
Justin is offline Male
Old 11-07-2008, 11:16 AM   #4
Gift Trainee
 
moomoo12's Avatar
moomoo12 will become famous soon enough

Default Re: Got bad virus from webkinz insider

wow so technical.. i can't understand! lolz
moomoo12 is offline Female
Old 11-07-2008, 11:26 AM   #5
I'M BLUE! [DamDaDo]
Gifted
 
webkinz_lover_'s Avatar
webkinz_lover_ is a name known to allwebkinz_lover_ is a name known to allwebkinz_lover_ is a name known to all

Default Re: Got bad virus from webkinz insider

Wow....my computer works fine without any issues when I go onto WI....well, sometimes it's loads slow, but I think that's just my internet.

And I barely understood any of that.....
webkinz_lover_ is offline Female
Old 11-07-2008, 11:30 AM   #6
2totalsam/2totalsam2
Gift Guru
 
2total's Avatar
2total is a jewel in the rough2total is a jewel in the rough

Default Re: Got bad virus from webkinz insider

i've been on wi for a year now and i've never had any problems with any virus or being infected from this website.....
2total is offline
Old 11-07-2008, 11:34 AM   #7
ChihuahuaGrl16
Banned
ChihuahuaGrl16 has a reputation beyond reputeChihuahuaGrl16 has a reputation beyond reputeChihuahuaGrl16 has a reputation beyond reputeChihuahuaGrl16 has a reputation beyond reputeChihuahuaGrl16 has a reputation beyond reputeChihuahuaGrl16 has a reputation beyond repute

Default Re: Got bad virus from webkinz insider

You shhould really get a "windows Washer" and everytime your finished with the internet, "wash" and you should be clear of getting stuff like that too and make sure you have NOrton Anti-Virus and that it's updated frequently...or McAfee-that works too!

I hope your computer works out okay- maybe you should call the computer company or a computer support center
ChihuahuaGrl16 is offline Female
Old 11-07-2008, 11:45 AM   #8
wants her spinny.
Gift Guru
 
Desigher's Avatar
Desigher has a reputation beyond reputeDesigher has a reputation beyond reputeDesigher has a reputation beyond reputeDesigher has a reputation beyond reputeDesigher has a reputation beyond reputeDesigher has a reputation beyond repute

Default Re: Got bad virus from webkinz insider

My computer has gotten a virus too, but I'm pretty sure it wasn't from WI. I think mine was from saving pics to my computer from graphic sites, I don't know if you use graphic sites, but be careful where you save pictures from.
Hope I helped!
Desigher is offline Female
Old 11-07-2008, 11:46 AM   #9
100% Evil.
Gift Guru
 
Mama Girl NH's Avatar
Mama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talentMama Girl NH has lots of talent

Default Re: Got bad virus from webkinz insider

Wow, sorry you got infected with a virus. That sounds like a very long and drawn out (and technical- way over my head) ordeal to fix things and get up and running again. I'm glad you had the knowledge to help fix your system. A lot of people would not have been able to do that.
I have not been on WI very long, but I have never encountered any sort of problems with infection or virus. My experience so far has been a happy and pleasant and safe one.

I think we have to remember, anytime you connect to the internet, you pose the risk of getting infected with a virus. There are people out there always trying to discover a new way to infect someone else's system. Just use caution, never open or download something that you are not sure of its origin, and use some basic common sense. Keep your anti-virus software updated and running, and hopefully most people will be able to avoid infection.

I hope you are able to completely restore and "clean" your system. Good luck to you.
Mama Girl NH is offline Female
Old 11-07-2008, 11:50 AM   #10
Webkinz :)
 
CmdrMic's Avatar
CmdrMic is on a distinguished road

Default Re: Got bad virus from webkinz insider

Hi Justin,

Thanks for replying on this thread. To answer your query:

>>I'm curious, how did you determine that this was definitely from WI? There is no infection in any of our PHP code, nor in any of the ad scripts.... It is possible that you were infected previously.<<

Well, there is always the small possibility of that. However, in this instance, the only other thing that might possibly be part of the cause could have been when I took at look at one of your advertisers - the Wonderland Ad currently running in the left pane. Other than that, there was no deviation from the WI site.

As stated, my system was/is again totally clean and up today as far as Windows XP Pro updates, IE7 updates, the latest version of Flash, as well as updates for AVG7.5. (I have since upgraded to 8.0).

Why it appears to me to be directly from WI was the behavior. All was fine, then after going to a users page, then clicking on send a message, then selecting, send a personal message. Directly after that selection, the system closed all windows and did a full restart, of course coming up badly infected. I have recently seen this type of thing on a major website hosting site, and it was tracked to a new style of attack which utilises Flash. If your PHP code is indeed clean, it might be worth looking at if this behavior repeats.

The variant of KARNA.DAT that was on my system was dated yesterday, and was extremely difficult to clean off. As I mentioned, required booting off a CD into the Recover Console to get rid of it. Sometimes these things get tinkered with and get a re-tread, so to speak, so that might be the case.

I am no viral expert, but the behavior seemed direct enough to me from your site, that I will definitely not be sending any PMs for a while!

After initial re-install of AVG, this previously clean system was reporting over 17 viral components, most of the trogan variety, as the downloader tries to get busy, right after reboot.

Thanks for your attention to this.

Sinerely,

~Mic


KARNA.DAT is related to Adware.VirtuMonde, which is an adware program that downloads and displays popup advertisements. (If you are seeing popups on WI, we don't use them, so that's a sign you're infected) It's actually a very old virus, dating back to 2003.

---------- CmdrMic added 2 Minutes and 48 Seconds later ----------

Oh, I should also mention, there were no pop-ups, and no incident of karna.dat on my system before the attack.

Last edited by CmdrMic; 11-07-2008 at 11:50 AM.. Reason: Automerged Doublepost
CmdrMic is offline Male
Closed

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On



All times are GMT -5. The time now is 08:49 PM.



Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2007-2013 Kopi Enterprises, LLC
WebkinzInsider.Com is not an official site of, sponsored by, nor affiliated with Ganz, Inc, Webkinz, Lil'Kinz, or Kinzville Newz and all character names, logos, and images are trademarks owned by Ganz, Inc.
no new posts