Page 1 of 1
Ransom.Kovter reported on ihugny.com
Posted: Sun Oct 01, 2017 4:34 pm
by wayfriend
My Norton/Semantec anti-virus is reporting that ihugny.com has the
Ransom.Kovter ransomware virus. The location provided is ---http:---//ihugny.com/---RGAOMKR/---. (The ---s were added by me so no one clicks that link.)
Posted: Sun Oct 01, 2017 6:38 pm
by aTOMiC
Ihugny was blocked by my work computer beginning last Thursday
Posted: Mon Oct 02, 2017 12:12 am
by Sorus
That's not good. No wonder it's been so quiet the last few days.
Posted: Mon Oct 02, 2017 4:21 am
by Avatar
Hmmm, weird.
Ok thanks, I will mail Vain.
--A
Posted: Tue Oct 03, 2017 4:33 am
by Avatar
Ok, Vain says he notified the hosts and was told it had been resolved.
WF, please check again and see if it is reporting it as safe now, thanks.
Not sure if this will resolve TOM's issue...hope so...
--A
Posted: Tue Oct 03, 2017 11:11 am
by aTOMiC
No help for me as KW is not a work related essential site.
Posted: Tue Oct 03, 2017 12:32 pm
by wayfriend
Avatar wrote:WF, please check again and see if it is reporting it as safe now, thanks.
I'm not quite sure how... I've already clicked "proceed anyway" and I no longer get the message any more. But I will see what I can do.
Posted: Tue Oct 03, 2017 11:08 pm
by Sorus
I don't use Norton, and my security software never flagged it (which is probably not a good thing) - but
https://safeweb.norton.com does still have it listed as:
Norton Safe Web has analyzed ihugny.com for safety and security problems. Below is a sample of the threats that were found.
Summary
Computer Threats: 1
Identity Threats: 0
Annoyance factors: 0
Total threats on this site: 1
It's probably easier to get put on the naughty list than it is to be removed from it.
There is a link where the site owner can report an inaccurate rating or request a re-evaluation, but it looks like something ihugny would have to do.
aTOMiC wrote:No help for me as KW is not a work related essential site.
Tell them you can't survey the Land without it.
Posted: Wed Oct 04, 2017 4:25 am
by Avatar
Yeah, looks like once you're listed, the only way off is for the domain owners to sign up for their "safe web" program.
Worst is, it's not even us, it's the top level domain.
Anyway, I've let Vain know.
TOM, any idea if it was an automatic block because your company uses Norton safe web? If so, getting off the list should resolve it, but actually getting off is probably going to be a problem.
If it was manual just because they finally picked up you were visiting it, then they're jerks.
Ask a friendly IT guy at the office? Just something like "hey, I noticed a site I checked out sometimes suddenly got blocked, what's up with that?"
--A
Posted: Wed Oct 04, 2017 11:03 am
by aTOMiC
Heh. Since I work for the City of Tampa the I T department is a monolithic organization located in a downtown skyscraper miles from our outlying location and there is no one local to appeal to.
I may well end up being a weekend poster unless I bring my laptop to work and use my phone as a Wi-Fi hotspot. I will figure it out but my presence will definitely be muted for the time being.
Posted: Wed Oct 04, 2017 1:37 pm
by Avatar
Ah well, every little bit helps. And your phone is always a fallback option.
(IP tunneller? (Uh, can you install stuff on that machine?))
--A
Posted: Wed Oct 04, 2017 6:43 pm
by wayfriend
FYI, anything blocking access isn't detecting the virus, it is subscribing to the Norton reputation feed. What needs to change for Tom, and others, is to remove the virus -and- to get Norton to stop reporting that the site is compromised. There is probably a mechanism which will induce Norton to rescan your site (like you can induce Google to index it).
Submit a website to Norton Safe Web
Of course, Norton is only one service. Tom's boss may use a different one. Maybe you can find out, Tom.
Posted: Thu Oct 05, 2017 4:26 am
by Avatar
Yeah, in order to submit a website or get it re-evaluated, looks like you have to a) be the domain owner, and b) sign up for their service.
--A
Posted: Thu Oct 05, 2017 4:29 pm
by kevinswatch
Good work! (I think)
-jay
Posted: Fri Oct 06, 2017 1:30 pm
by Zarathustra
So I guess it's fixed now? My Norton's blocked the site, too. I've been avoiding this place until Norton let me on today. I can't afford to have my devices lock up with ransomware.
Is there a plan for this in the future, somewhere we can go to let each other know there's a problem without clicking on the site and infecting our computers? There used to be a backup board, but it's not working now.
Posted: Fri Oct 06, 2017 3:54 pm
by aTOMiC
Zarathustra wrote:
Is there a plan for this in the future, somewhere we can go to let each other know there's a problem without clicking on the site and infecting our computers? There used to be a backup board, but it's not working now.
This is but one of the many uses of our Facebook page and Twitter account.
Posted: Mon Oct 09, 2017 4:46 am
by Avatar
Yeah, maybe post the links TOM, so people can follow them. Still, I like having another option too...
(Didn't know the back-up board was down either, thanks.)
Anyway, yeah, Vain mailed me to say he'd submitted a re-evaluation request...surprised it was that quick actually.
Z, problem wasn't with us, was with the top level domain, the Watch just got blocked by default.
Oh, if you worry about ransomware, hope you never need to find this link useful:
https://decrypter.emsisoft.com/
--A