Ransom.Kovter reported on ihugny.com

Post by **wayfriend** » Sun Oct 01, 2017 4:34 pm

My Norton/Semantec anti-virus is reporting that ihugny.com has the Ransom.Kovter ransomware virus. The location provided is ---http:---//ihugny.com/---RGAOMKR/---. (The ---s were added by me so no one clicks that link.)

Post by **aTOMiC** » Sun Oct 01, 2017 6:38 pm

Ihugny was blocked by my work computer beginning last Thursday

Post by **Sorus** » Mon Oct 02, 2017 12:12 am

That's not good. No wonder it's been so quiet the last few days.

Post by **Avatar** » Mon Oct 02, 2017 4:21 am

Hmmm, weird.

Ok thanks, I will mail Vain.

--A

Post by **Avatar** » Tue Oct 03, 2017 4:33 am

Ok, Vain says he notified the hosts and was told it had been resolved.

WF, please check again and see if it is reporting it as safe now, thanks.

Not sure if this will resolve TOM's issue...hope so...

--A

Post by **aTOMiC** » Tue Oct 03, 2017 11:11 am

No help for me as KW is not a work related essential site.

Post by **wayfriend** » Tue Oct 03, 2017 12:32 pm

Avatar wrote:WF, please check again and see if it is reporting it as safe now, thanks.

I'm not quite sure how... I've already clicked "proceed anyway" and I no longer get the message any more. But I will see what I can do.

Post by **Sorus** » Tue Oct 03, 2017 11:08 pm

I don't use Norton, and my security software never flagged it (which is probably not a good thing) - but https://safeweb.norton.com does still have it listed as:

Norton Safe Web has analyzed ihugny.com for safety and security problems. Below is a sample of the threats that were found.
Summary

Computer Threats: 1
Identity Threats: 0
Annoyance factors: 0
Total threats on this site: 1

It's probably easier to get put on the naughty list than it is to be removed from it.

There is a link where the site owner can report an inaccurate rating or request a re-evaluation, but it looks like something ihugny would have to do.

aTOMiC wrote:No help for me as KW is not a work related essential site.

Tell them you can't survey the Land without it.

Post by **Avatar** » Wed Oct 04, 2017 4:25 am

Yeah, looks like once you're listed, the only way off is for the domain owners to sign up for their "safe web" program.

Worst is, it's not even us, it's the top level domain.

Anyway, I've let Vain know.

TOM, any idea if it was an automatic block because your company uses Norton safe web? If so, getting off the list should resolve it, but actually getting off is probably going to be a problem.

If it was manual just because they finally picked up you were visiting it, then they're jerks.

Ask a friendly IT guy at the office? Just something like "hey, I noticed a site I checked out sometimes suddenly got blocked, what's up with that?"

--A

Post by **aTOMiC** » Wed Oct 04, 2017 11:03 am

Heh. Since I work for the City of Tampa the I T department is a monolithic organization located in a downtown skyscraper miles from our outlying location and there is no one local to appeal to.

I may well end up being a weekend poster unless I bring my laptop to work and use my phone as a Wi-Fi hotspot. I will figure it out but my presence will definitely be muted for the time being.

Post by **Avatar** » Wed Oct 04, 2017 1:37 pm

Ah well, every little bit helps. And your phone is always a fallback option.

(IP tunneller? (Uh, can you install stuff on that machine?))

--A

Post by **wayfriend** » Wed Oct 04, 2017 6:43 pm

FYI, anything blocking access isn't detecting the virus, it is subscribing to the Norton reputation feed. What needs to change for Tom, and others, is to remove the virus -and- to get Norton to stop reporting that the site is compromised. There is probably a mechanism which will induce Norton to rescan your site (like you can induce Google to index it).

Submit a website to Norton Safe Web

Of course, Norton is only one service. Tom's boss may use a different one. Maybe you can find out, Tom.

Post by **Avatar** » Thu Oct 05, 2017 4:26 am

Yeah, in order to submit a website or get it re-evaluated, looks like you have to a) be the domain owner, and b) sign up for their service.

--A

Post by **kevinswatch** » Thu Oct 05, 2017 4:29 pm

Good work! (I think)

-jay

Post by **Zarathustra** » Fri Oct 06, 2017 1:30 pm

So I guess it's fixed now? My Norton's blocked the site, too. I've been avoiding this place until Norton let me on today. I can't afford to have my devices lock up with ransomware.

Is there a plan for this in the future, somewhere we can go to let each other know there's a problem without clicking on the site and infecting our computers? There used to be a backup board, but it's not working now.

Post by **aTOMiC** » Fri Oct 06, 2017 3:54 pm

Zarathustra wrote:
Is there a plan for this in the future, somewhere we can go to let each other know there's a problem without clicking on the site and infecting our computers? There used to be a backup board, but it's not working now.

This is but one of the many uses of our Facebook page and Twitter account.

Post by **Avatar** » Mon Oct 09, 2017 4:46 am

Yeah, maybe post the links TOM, so people can follow them. Still, I like having another option too...

(Didn't know the back-up board was down either, thanks.)

Anyway, yeah, Vain mailed me to say he'd submitted a re-evaluation request...surprised it was that quick actually.

Z, problem wasn't with us, was with the top level domain, the Watch just got blocked by default.

Oh, if you worry about ransomware, hope you never need to find this link useful: https://decrypter.emsisoft.com/

--A

Kevin's Watch

Kevin's Watch

Ransom.Kovter reported on ihugny.com

Ransom.Kovter reported on ihugny.com