Possible spam or virus?

[Hemjr]

I received the same.

Howard

[KyDan]

Igor,

Many users obtain their IP addresses from their ISPs on a daily basis. So, the IP address blocked today might belong to someone quite innocent tomorrow.

Best regards,

Xaver

Yes, what Xaver says is true. You may be blocking an innocent person tomorrow but

what will it hurt??

If someone from a blocked IP want's in Igor can un-block their IP at that time.

Thanks for the fast action and my complements on the GREAT job you do here.

This is after all the 1st spam message I've ever received from this site and that is a

remarkable accomplishment!!!

Have a great day!!

KyDan

Louisville, Kentucky USA

[Albert]

I'm sorry about this problem!

I just deleted this spam member account and blocked his IP address.

You did the only right thing.

Moving the mousepointer over "PLEASE HELP" gives the information that it tries to connect me to an Russian site.

The only thing I do with such messages is delete.

Until today (knock on wood!) my computer has never been infected by whatever there is (it is online 24/7).

I'm using Zonealarm Free and AVG Free (stripped). And PTE of course....!

Albert.

[lathompson]

I got mail from this *person* too, but with a twist..... It came through my regular email, not through the forum and it invited me to a site called

[ nch.invisionzone.com/index.php?act=xxxxxxxx=xxxxxxx=xxxxxx (my x's) ]

I did not click on it. I eliminated the mail as junk, then opened a new browser and visited the invisionzone.com site. It was a webpage for a what appeared to be a web hosting company. The [ nch ] portion of the link must go someplace else. I didn't go any further. I have no messages through this forum.

[Ed Overstreet]

This morning I received a personal message from the Forum. When I opened the message, it contained only the words "please help" which turned into a hand icon when I moused over it. The sender was identified as "deleted member." I did NOT click on the link.

I immediately deleted the message from my inbox. I don't know if anyone else has received such messages, but I am very suspicious.

I never open emails unless the sender is clearly identified and there is a subject header that makes sense and seems relevant, and I never click on any link in any email unless I personally know or trust the sender or had previously corresponded with the sender and had asked for a link.

If that message actually was from a legitimate member of this forum who actually wanted my help on something (why me?) try again but identify yourself and what you want help on in plain text, with no links in the message. Better yet, post a query so others on this forum (who may be better-qualified than me to help you) can see the query and reply to it.

Somehow I don't expect I'll get a reply to this.

Just thought I'd post a warning in case others get a similar "private message"

[Ed Overstreet]

Oops sorry I posted this before checking other posts on the forum, where I noticed that a whole bunch of us have been getting this. Sorry for the duplication ...

[Guest Yachtsman1]

I did the same, unfortunately the wife was looking at the computer when I opened the message, my new user name is now FASTMOUTH.

Yachtsman1

[Rickl]

The person must of got the entire member list!

Hope the link was indeed directed to the forum somewhere:

http://www.picturestoexe.com/forums/index.php?act=Msg&CODE=03&VID=in&MSID=15757

The message appeared in my email also. Took a look at the source:

Return-path: <igor1@wn.kirov.ru>

Received: from wnpgmb013fw-sp01.mts.net ([10.205.128.19]) by

mx-01mtain01.mts.net with ESMTP id

<20090408074212.DYWW9694.mx-01mtain01.mts.net@wnpgmb013fw-sp01.mts.net> for

<'my username'@mts.net>; Wed, 8 Apr 2009 02:42:13 -0500

X-SCORE: 1.0 208.67.212.38 148441322

X-IronPort-Anti-Spam-Filtered: true

X-IronPort-Anti-Spam-Result: AlsFADDy20nQQ9Qmbmdsb2JhbACWHg0HBAkIEbZfg3sG

X-IronPort-AV: E=Sophos;i="4.39,343,1235973600"; d="scan'208";a="148441322"

Received: from ips-208-67-212-38.ipslink.com (HELO server45.ipslink.com)

([208.67.212.38]) by wnpgmb013fw-sp01.mts.net with ESMTP; 08 Apr 2009 02:42:12

-0500

Received: from nobody by server45.ipslink.com with local (Exim 4.69)

(envelope-from <igor1@wn.kirov.ru>) id 1LrSQR-0002L1-2V for 'my username'@mts.net;

Wed, 08 Apr 2009 03:42:23 -0400

To: 'my username'@mts.net

Subject: You have a new personal message ( WnSoft Forums )

MIME-Version: 1.0

Date: Wed, 08 Apr 2009 02:42:23 -0500

From: "WnSoft Forums" <int.support@wnsoft.com>

X-Priority: 3

X-Mailer: IPB PHP Mailer

Content-Type: text/plain; charset="iso-8859-1"

Message-ID: <E1LrSQR-0002L1-2V@server45.ipslink.com>

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server45.ipslink.com

X-AntiAbuse: Original Domain - mts.net

X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]

X-AntiAbuse: Sender Address Domain - wn.kirov.ru

X-AntiVirus: checked (incoming) by AntiVir MailGuard (Version: 9.0.0.6; AVE: 8.2.0.138; VDF: 7.1.3.32)

R. Le Bleu,

mignulikz has sent you a new personal message titled "Hello".

You can read this personal message by following the link below:

http://www.picturestoexe.com/forums/index....&MSID=15757

Regards,

The WnSoft Forums team.

http://www.picturestoexe.com/forums/index.php

Darned hackers...

Dick

[dahol]

I also got the message, didn't open it thankfully. Time to block him.

[Conflow]

Hi All,

For those of you who opened the 'Attachment' you have now most likely become infected

with a 'Backdoor-Robot' whose action from time to time will re-direct your Search-page to

an 'illegal' Re-Director Site which will be part of a hub of similar infected PC's.

If this happen's to you ~ you need to download 2 Programs which will find this 'Robot' and

should remove it from your System. (A) CoolWebShredder ~ ( KOwBot Remover Tool.

Link (A):-

http://www.brothersoft.com/coolwebshredder-74069.html

Link (:-

http://www.bitdefender.com/VIRUS-1000001-e....A---1.3.B.html

(The latter Program is courtesy of Bit Defender.Com.)

These should help you if you experience any 'Robot Re-Director' problem.

Brian.Conflow.

[onbelaydave]

I got the same message here and from another forum from the same sender.

[Igor]

I just received a newsletter from Invision Forum developers. And I've requested them to install this patch today. Here is a part from that email:

PM Flood Control Patch for Invision Power Board 2.3.6 Released

We have received numerous reports from clients regarding spamming on the Personal Message (PM) system in IP.Board 2.3.6 and below. After consulting with reCaptcha (the provider of the captcha system in 2.3.6) we believe that humans are being used to bypass the captcha and then the newly created account is given to an automated script which sends PMs in huge quantities to your members.

The patch we have released today introduces a flood control setting to the PM system in IP.Board 2.3.6. This will limit how fast a member can send PMs thereby giving you and your moderators time to ban the offending account.

[Conflow]

Igor,

Thanks for the message ~ that confirms what I suspected, it definitely is a 'Backdoor-Robot'

being spread by unsuspecting PC Owners who are 'innocent' not knowing about these things.

Unfortunately these 'robots' are rarely detected by Anti-Virus Utilities for the reason that they

are always mutating, so it takes time for A-V Utilities to catch up with them. However once

detected they are fairly easy to remove with the correct Tool followed up with a IE Browser

cleanup. (For those interested see below.)

Brian.Conflow

Cleanup Tool:-

Apart from cleaning out Kazzaz it also cleans out other 'Robots'.

When the page opens up select 'Free Removal Tools' and then 'Backdoor KOwbot'.

http://www.bitdefender.com/VIRUS-1000001-e....A---1.3.B.html

[Igor]

Invision support has informed me that this security patch is successfully installed for forum.

[deskjet1uk]

Invision support has informed me that this security patch is successfully installed for forum.

Thank you Igor, we appreciate the attention given.

Ralph.