Hi, Earlier today I went to Tip.it to help me figure out something in a game I play and I left with 2 viruses. How do i know it was this site? On the bottom left of my Firefox browser it tells you all of the sites that are loading as the page is loading, and one of the results was "dual-boxing.com". This is pretty normal, so I thought it was just an ad or whatever until I got virus alerts and messages that said "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251'. Google that Ip it'll link you to this sites vps, and considering the fact that tip.it was loading dual-boxing.com it has to be you guys. Though I 'cleaned' the viruses off of my computer I am still getting those "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251' messages.

I read in one of the forum posts that this site was having problems with the VPS or something and were changing locations, so it was the VPS's fault? I noticed you moved away from that '74.50.25.251' address after looking it up just now, and well I'm sorry I'm blaming this site for this as its probably Lunarpages's fault... but you could see where I'm coming from (Saw this websites name, got a virus, IP links to this site). Anyways, have you guys seen any other posts about this type of thing? I'm in the process of removing this virus completely but it's not easy. =/

NOTE: I got this virus 2 days ago, this website didn't work for me yesterday, works for me now, so I posted. I never been to this site until a day after my computer was infected, and well I trust you guys and decided to make an account here to tell you about my problem.

-Thanks

I know that I couldn't log into the site for a few days. Might be that the site had a hacker break into it and mess some shit up. Infact I'm sure thats exactly whats on the minds of the mods here. Previously I have never had an issue with viruses from this site, and I probably missed the event where which a hacker tried to infect everyone who visits this site with a virus. Everything seems fine at this time as things are running smoothly without any issue at this time, thankfully.

Thanks for the response. Crazy thing is I didn't even try to access this site before getting the virus. Never seen this site before, and this was an odd way of getting me to come to the site but yeah. The virus seemed to have been spread to me throughout an advertisement on a different site (tip.it). Anyways glad not to many people seem to be infected and it looks like it was a good decision for the site to move locations. This virus is really hard to remove... but I'm making some progress. And it looks like all the intrusion attempts 74.50.25.251 are making are being blocked so that's great.

Anyone else have thoughts or anything on this?

Do not spread random misinformation, there was no mass user infections and the majority of downtime was due to DNS propagation as the site moved to a new host. I am on this site pretty much 12 hours a day and have never had a single virus warning.

http://www.dual-boxing.com/showthread.php?t=44532
http://www.dual-boxing.com/showthread.php?t=44554

Stop playing Runescape and you won't get viruses.

Please refer to this thread for information about our recent server issues: http://www.dual-boxing.com/showthread.php?t=44554

The only time you'll see ads here is if you aren't logged in. One of the security tools I use on the site is Google's Webmaster tools. I routinely request malware reviews and nothing has shown up. We're currently marked safe from Google.

According to google's website tools, and our old VPS's traffic logs. Tip.it doesn't like to us in any way. I'm not sure how you got a virus, but I can say with quite certainty it wasn't from us.

As stated in the thread linked above, and as stated by others in this thread, the recent downtime was due to DNS propagation to our new host.

Hi, Earlier today I went to Tip.it to help me figure out something in a game I play and I left with 2 viruses. How do i know it was this site? On the bottom left of my Firefox browser it tells you all of the sites that are loading as the page is loading, and one of the results was "dual-boxing.com". This is pretty normal, so I thought it was just an ad or whatever until I got virus alerts and messages that said "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251'. Google that Ip it'll link you to this sites vps, and considering the fact that tip.it was loading dual-boxing.com it has to be you guys. Though I 'cleaned' the viruses off of my computer I am still getting those "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251' messages.

I read in one of the forum posts that this site was having problems with the VPS or something and were changing locations, so it was the VPS's fault? I noticed you moved away from that '74.50.25.251' address after looking it up just now, and well I'm sorry I'm blaming this site for this as its probably Lunarpages's fault... but you could see where I'm coming from (Saw this websites name, got a virus, IP links to this site). Anyways, have you guys seen any other posts about this type of thing? I'm in the process of removing this virus completely but it's not easy. =/

NOTE: I got this virus 2 days ago, this website didn't work for me yesterday, works for me now, so I posted. I never been to this site until a day after my computer was infected, and well I trust you guys and decided to make an account here to tell you about my problem.

-Thanks


Ummm.. ok?



Do not spread random misinformation,

+1 Agreed with Khatovar. Please do at least a very little, amt of homework before posting here


Stop playing Runescape and you won't get viruses.

+1 again.


.... Tip.it doesn't like to us in any way. I'm not sure how you got a virus, but I can say with quite certainty it wasn't from us.


So, I did your 5 seconds of homework for you.

tip.it is a file used for Runescape.
and... IP trace goes tooo...
http://i431.photobucket.com/albums/qq40/Shifthapens/really.jpg

http://wiki.lunarpages.com/Security_on_VPS

/End Trolling Appology accepted?

can i have one too?

So, I did your 5 seconds of homework for you.

tip.it is a file used for Runescape.
and... IP trace goes tooo...
http://i431.photobucket.com/albums/qq40/Shifthapens/really.jpg

http://wiki.lunarpages.com/Security_on_VPS

/End Trolling Appology accepted?

Guess I'm not understanding what you're saying here. There was absolutely no question that 74.50.25.251 was our VPS on lunar pages. Tip.it is a Runescape site @ 184.173.129.226.

Back when I used to play that god forbidden game, tip.it was known for malware.

Just sayin..

Google that Ip it'll link you to this sites vps, and considering the fact that tip.it was loading dual-boxing.com it has to be you guys.


OP stated this. I guess I was more of saying... if the OP knows who the site is, name of the file, and where it came from... why say it came from here?? I havent known Ads to operate through VPN, and definitely not a login for Lunar Pages.

Perhaps Im the one confused.

Ummm.. ok?




+1 Agreed with Khatovar. Please do at least a very little, amt of homework before posting here



+1 again.




So, I did your 5 seconds of homework for you.

tip.it is a file used for Runescape.
and... IP trace goes tooo...
http://i431.photobucket.com/albums/qq40/Shifthapens/really.jpg

http://wiki.lunarpages.com/Security_on_VPS

/End Trolling Appology accepted?

Sooo essentially +1?

+1, and proud of it.

Not the kind of responses I expected, but I am glad I got some feedback. There was a few helpful posts.

As you may be able to tell by my initial question I know just about nothing about computers, so sorry if my post didn't make much sense. Let me tell you exactly what happened from my point of view.

1. I Went to Tip.it (BTW I bot on Runescape and sell the gold and i needed some more info about something, I guess you could call that playing)
2. I saw on the bottom left hand corner a site called dual-boxing.com loading, which I assumed was just a site that was advertising there.
3. Before leaving tip.it my antivirus program popped up and detected a virus, and 'cleaned' it off my CPU.
4. Every 30 minutes or so since getting the virus I get a message that says "Web Attack: Suspicious Executable Image Download Detected" from IP address '74.50.25.251'
5. I googled that IP and on more then 1 site (whois, etc), It linked me to vps.lunarpages, which was connected to this site and 'redanchorit.com'
6. I assumed it was your guys's fault because this is the site I saw loading when I loaded tip.it, and the IP was linked to this site.

I guarantee I'm not trolling, more of me lacking knowledge of computers. So are you guys saying if you went to a site and left with a virus, and then you noticed your antivirus software is blocking intrusion attempts from an IP and you google the IP and find a website that is 'moving locations' you wouldn't be suspicious?

Anyways congratulations on all of the +1 you guys earned, you should be proud.

http://imageshack.us/photo/my-images/38/booog.png/
http://imageshack.us/photo/my-images/38/booog.png/http://imageshack.us/photo/my-images/217/boooo2u.png/

I got the virus on 6/17/2011 at 5:43 pm

Once again, never been to this site, or redanchorit.com, or lunarpages. I just went to tip.it, saw "dual-boxing.com" in the bottom left and got the warnings shown in the message above, and at the time that IP was linked to dual-boxing.com.

http://imageshack.us/photo/my-images/38/booog.png/

Trolling or not... matter of opinion now.

(Benefit of the doubt) The way I see it, there are two things you can do.


1. Connect your dots as you see it, www.dual-boxing.com (http://www.dual-boxing.com) is bad. Dont come here again, or "we'll get all your runescape gold"

2. Use your skills with the internet, and trace the virus, trace this webhost, and compare.

Regardless, above all, either of those two wont help you... get the virus off your computer.

Good luck.


Pro tip right here from Ashley

Back when I used to play that god forbidden game, tip.it was known for malware.

Just sayin..

Well there is this unknown and yet to be found script supposed to be running in the background and eating all the (old) server resources, as described here (http://www.dual-boxing.com/showthread.php?t=44554), which if I understand correctly, provoked a snowball effect (when the host complained about it) which eventually led to the recent hosting change.

Trolling or not... matter of opinion now.

(Benefit of the doubt) The way I see it, there are two things you can do.


1. Connect your dots as you see it, www.dual-boxing.com (http://www.dual-boxing.com) is bad. Dont come here again, or "we'll get all your runescape gold"

2. Use your skills with the internet, and trace the virus, trace this webhost, and compare.

Regardless, above all, either of those two wont help you... get the virus off your computer.

Good luck.


Pro tip right here from Ashley

I never said this site was bad or that it was going to try to take pixels from me, all I did was question this website because how I saw it this was the site that gave me the virus. After reading posts and stuff, I doubt that this site is at fault. But I would still like some sort of explanation on how this got on my CPU

And yes, I'm working on getting this off my CPU, its a pain but it appears like I'm cutting down on it and making progress.

And I've been to tip.it many times, and so have many other members of the runescape community. As far as I could tell tip.it is not known for viruses either, if they did I think there would be a lot more posts about the subject. So if tip.it did give me the virus why are all my accounts still okay? And why does the ip link to vps.lunarpages?

Cw79-you should contact your antivirus vendor and ask them what files to send them to determine how and why you got infected.
I can pretty well guarantee it wasn't from this site as I've been here numerous years as have many other members and none of us has gotten any malware from here-if we had we would have let others on here know for sure.
You should also try Trend Micro's house call-free "online scan" in addition to your normal anti-virus anti-malware program as NO anti-virus program is 100% in finding all problems.
The only 100% thing is to never connect to the World Wide Web. Edit:BIG ps-use Firefox for web browsing etc. and use addons for it like noscript to prevent things happening from sites you don't know.If you need more info for how to protect your computer just post on here for more info-we are a helpful community :)

Cw79-you should contact your antivirus vendor and ask them what files to send them to determine how and why you got infected.
I can pretty well guarantee it wasn't from this site as I've been here numerous years as have many other members and none of us has gotten any malware from here-if we had we would have let others on here know for sure.
You should also try Trend Micro's house call-free "online scan" in addition to your normal anti-virus anti-malware program as NO anti-virus program is 100% in finding all problems.
The only 100% thing is to never connect to the World Wide Web. Edit:BIG ps-use Firefox for web browsing etc. and use addons for it like noscript to prevent things happening from sites you don't know.If you need more info for how to protect your computer just post on here for more info-we are a helpful community :)

Thanks for the info. Yes I'll try to contact my antivirus vendor as soon as possible, hopefully I can find some more info about what happened.

And yes I am pretty security conscious usually. I do use Firefox and I normally use adblock plus, but unfortunately it was disabled at the time. And I'll look into the other things you mentioned as well. =)

Adblock is a start-but you MUST use noscript!

1. I Went to Tip.it (BTW I bot on Runescape and sell the gold and i needed some more info about something, I guess you could call that playing)

You're just asking for AIDS doing that. Everyone whos anyone in RuneScape knows the game is plagued with script kiddies sending each others keyloggers and "hacking" each other or DDoSing each other.

People still play Runescape?

You mean it still exists!?

Holy shit.

People still play Runescape?

You mean it still exists!?

Holy shit.

Apparently my red party hat on Runescape is worth $600.

Shame I don't play anymore.

Thread has reached the end of its usefulness...
tl;dr d-b is fine, quit surfing porn.