|(1) Posted by Vladimir Tyapkin [Tuesday, Dec 15, 2009 21:22]; edited by Vladimir Tyapkin [09-12-15]|
Stay away from this site, unless you have good anti virus(ESET Nod32 caught it on my computer)
Piotr, there is an instruction in my link on how to clean it up.
|(2) Posted by Siegfried Hornecker [Wednesday, Dec 16, 2009 01:05]; edited by Siegfried Hornecker [09-12-16]|
I don't use wordpress (Nucleus CMS), but would you still do a test on my blog please?
Also do you have any idea how I can save a local backup of my blog? It's all done on server-side and I don't seem to be able to copy the files. Thinking about closing it next year or so (to make place for a more general one) but I want to offer a downloadable copy then. Internet is not anymore what it was before the capitalists entered it. They even offered me - me! - to bribe me so I put their ads up, but I rejected. Sorry for rant!
|(3) Posted by Vladimir Tyapkin [Wednesday, Dec 16, 2009 20:55]; edited by Vladimir Tyapkin [09-12-16]|
You can do it yourself. Read the link provided and do a search for the three var names mentioned there. The malicious script usually at the bottom of the page.
I still recover my computer because it was partially infected despite having the latest anti-virus updates. This is a new virus, so anti virus software may not protect your computer completely.
Also, if you have visited murdzia.com recently, check for siszyd32.exe in the startup folder(c:/Documents and Settings/<YOUR LOGIN NAME>/Start Menu/Programs/Startup) or better run the anti virus scan on the whole c: drive. You won't see it in Windows Explorer unless you clear 'hide protected operating system files' because it has a 'hidden' attribute. If you found it that means you computer is likely infected.
|(4) Posted by Siegfried Hornecker [Thursday, Dec 17, 2009 02:41]; edited by Siegfried Hornecker [09-12-17]|
I have no way to access the index.php file - or at least none I'd be aware of. Since neither the text "var" nor "Attribute" occurs in the website source text (tested on main site and an article) it's not infected. Or am I wrong?
No such exe file here and I didn't visit murdzia.com recently (and even then, I have NoScript).
|(5) Posted by Vladimir Tyapkin [Thursday, Dec 17, 2009 03:05]|
|(6) Posted by Siegfried Hornecker [Thursday, Dec 17, 2009 04:40]|
That's what I did.
|(7) Posted by Alexander Leontyev [Monday, Feb 8, 2010 10:56]; edited by Alexander Leontyev [10-02-08]|
I have made on-line checking of V. Tyapkin's link (ryan istra...) by http://online.us.drweb.com and got that it's infected. This was the first time in my practice, that such on-line checking by Dr. Web finished with such result. Also I have a question - is murdzia.com still infected? On-line Dr. Web showed OK but I am sure that such checking is not a 100% guarantee.
|(8) Posted by Mikalai Sihnevich [Monday, Feb 8, 2010 13:21]|
Recently Piotr has changed his web site, new address is:
Though the previous one (www.murdzia.com) is still available, and now it shows the same content (maybe, simple redirect).
|(9) Posted by Vladimir Tyapkin [Monday, Feb 8, 2010 19:23]; edited by Vladimir Tyapkin [10-02-08]|
I can confirm: the page I linked to in my initial post is now infected. Apparently, hackers targeted it because it provided instruction on how to clean out malicious code.
www.murdzia.com has a new look-and-feel and mostly empty now(and clean from viruses).
|(10) Posted by Piotr Murdzia [Thursday, Apr 8, 2010 21:49]|
I have created a new website www.murdzia.pl It needs some work of course, but the main thing is it works:-)
I hope now it is with no infection:-)
This is a website mostly for Polish chess society, however I believe every solver can get an useful information from there.
I am also thinking of creating an English version of it. So be patient, I need more time.
|(11) Posted by Alexander Leontyev [Monday, Apr 7, 2014 07:50]; edited by Alexander Leontyev [14-04-07]|
chessstar.com is infected! See the results of online checking - virustotal.com/ru/url/89c08b0557aa98201bdf27e0279a25c9a5d0f471b50c0374f44c75de2c23243d/analysis/1396849149/
|(12) Posted by Siegfried Hornecker [Monday, Apr 7, 2014 07:53]; edited by Siegfried Hornecker [14-04-07]|
2 of 51 hits. Could be an infection indeed with something not found yet by most scanners, or a false positive of the two scanners. Best is to not visit the site until the issue is cleared. Please keep us updated, i.e. make another check later.
No more posts