Everyone,
Over the last two weeks there have been reports of errors received when submitting or editing posts, logins to the site, etc. After much head scratching I believe I've determined the probable source of the problem. It appears that around September 24 there is a spyware program that began to circulate which randomly acts when a URL redirection is detected. In the case of MCO, after the submit button is pressed when posting or editing a post in the forums, the site software redirects back to the thread of discussion. While the problem would appear randomly the spyware apparently was supposed to redirect to a URL outside of MCO. This URL no longer appears to be valid and therefore you receive some form of error. Logging into MCO exhibits a similar behavior when infected with this spyware. To check/clean/immunize your system against this problem please click HERE to download Spybot.

Once you have the program installed, open SpyBot and select Search and Destroy and "immunize" options. Also, check the box "lock hosts file read-only as protection against hijackers". This will stop the program from modifying your "hosts" file which was one of the symptons of the infection.

Hope this helps.

Mark

_________________
MINI COOPER Online.com

mferguson@northamericanmotoring.com :: Send me a PM

 

Mark,

I can't seem to find this box (I didn't read that part until after I ran the immunize part already). Is this a check box somewhere before or after the immunize sequence is run.

Thanks,
Dave

 

Just so everyone else knows, running spybot doesnt get rid of the problem for good. It seems that I pick up whatever is causing this everytime I surf the net.

 

And by the way, Mark, we're not all on PCs running Windows!

 

yea, I deleted my hosts file completely, but sometimes I still get the broken post error. When that happens, I run Spybot again and it usually finds more crap.

hmmm, somehow we have to find a way to totally filter out this issue, but I'm not an IT guy, so I dunno

 

>>And by the way, Mark, we're not all on PCs running Windows!
>>

Neither am I

Mark

 

I am experiencing similar issues (I think) however, I have checked my hosts file and there is nothing amiss and I have no spyware on my machine. Is it possible that there is another issue?

Also, I cannot get the jump to new posts feature to work. The posts show up correctly as new or not based on the last time I was here but jumping to new posts always gets me to the first post in a thread only. The only excpetion is after ideleted the MCO cookies and logged back in, then, the first time I visited, it worked, then it would not work on successive visits.

 

If you use an alternate browser to surf the net you may not have this problem. I use Opera on my laptop and haven't had any issues, but I've got IE6 on my desktop and have had this happen twice.

I've run Adaware which hasn't caught anything lately. However if the problem happens again I'll try Mark's solution.

 

>>>>
>>Mark,
>>
>>I can't seem to find this box (I didn't read that part until after I ran the immunize part already). Is this a check box somewhere before or after the immunize sequence is run.

On my Windows 98 machine I didn't find an option for this so I suspect that it was an option for one of the selected problems that was found by Spybot. Unfortunately I don't have an Windows XP box to test on (other than trying to reproduce the posting problem on a friend's machine) and so am flying a little blind on the exact details of what Spybot's UI should display.

Also, given mbabischkin mention that Opera does not exhibit the posting problem I wonder if an activeX plugin was added to IE that may be causing this problem. From what it appears there is something that when a redirect is detected by the browser that this adware/spyware then redirects to another URL. That URL no longer appears to be valid hence the error message. If any can grab the URL that your browser is redirecting to it would greatly help me in trying to find a solution to this problem. Since the server software has not changed in over a year relative to post submissions I suspect we are facing some form of new issue brought about by some form of client-based software.

Thanks for everyone's patience as we try to track down this problem.

Mark

 

I'm not an IT guy but I play one on TV.

No, but I stayed at a Holiday Inn Express last night.

The checkbox for "read-only protection against hackers" is in Spybot under the Immunize option (on the same side menu as Search & Destroy.) There will be a scroll bar on the right. Scroll down to see the check box. It's also wise to immunize against future known bad downloads. And for those using IE (I use Mozilla), you can select plug-in blocker.

Now post to you heart's content.

John

 

"Hijack This" is also a very good app to clean-up specifically this problem... brower hijacking / redirection to other site.

http://www.tomcoyote.org/hjt/

(But be careful deleting entries via this app... some of the entries will be legit!)

 

OK, I've got the Spybot and so far when I Search and Destroy it only helps for a while. This morning I got the Page Error and I Searched and Destroyed about 20 more. Just now I was editing a previous post and I got it again. I guess I'll Search and Destroy again!


There are several buttons on the right side menu. I went to the Immunize page and at the bottom there are some Recommended Misc Protections. I have all 3 of those checked!

I'm starting to enjoy killing those little buggers!!

Oh, my WeatherBug uses a link to check the temperature constantly so I didn't kill it. . . and guess what? It's name is MiniBug! Made me smile to think the only one I didn't kill was the MiniBug!!

 

OK - it just happened again and this time I copied the url it said it was trying to send me to!

https://www.northamericanmotoring.com/modules.php

I hope this helps you, Mark!

 

Any Windows IT managers out there? It appears that spyware is a much bigger problem than I had originally thought (there appears to be a huge number of programs that hijack browsers). While I can't assist everyone in determining the source of the problems they are experiencing it appears that the Hijack This tool mentioned above is quite good in removing browser hijacking spyware (but be careful in how you use it...MCO can not be held responsible for any damage to your computer by running these tools).

If anyone can provide more detailed information on immunizing your machines against this type of thing I would appreciate follow ups being posted here.

Thanks!

Mark

 

OK, although I've never had spontaneous multiple postings from a single click, I decided to run teh Search & Destroy program. After running it, NOW i get multiple postings and page could not be found and a link to modules.php that returns an error. Hmmm. Just a little more fuel for the fire I guess.

 

And to think I though this whole ridiculous situation was just my hate-monger computer...

I've the same problem mentioned above: I use the search and destroy function, but it only works for a while. Then I get the same error messages when I post.

 

I've found that "Adware" , "Spybot" , etc. are good for elimating pop-up ad type of spyware. But "Hijack this" is the only app that has worked to eliminate brower redirection type of spyware.

If someone with this problem will run "Hijack This"... Hit "Scan"... Hit "Save Log"... then cut and paste the log into a post, i can try to help.

No need to post the "running process section"... let's start then the entries below that section.

So it will look like:
[code:1:cf93f620f1]O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:winntgoogletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:winntgoogletoolbar_en_2.0.95-big.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM..Run: [POINTER] point32.exe[/code:1:cf93f620f1]

 

Mark,

just had the same posting problem again!

Time: 9:31 am central time (TX)
Posting a reply with image link to: MINI Talk

after hitting submit, got the "The page cannot be displayed" screen at the same 'redirect (??)' address given by others:
https://www.northamericanmotoring.com/modules.php

installed and ran spybot yesterday.
Have not got Hijack This, but may try to install later.
I do have a screen grab saved, but you've probably already seen this screen. Let me know if you would like the screen grab.

Markus

_________________
Celeste: 03 EB/W MCS, cold, premium, sports a la carte w. W16"V, Lapis, HK, Forge coolant tank, saddlebags, interior trim in EB, euro shelf

 

Mark,

just had the same posting problem again!

and it just happened again at 9:37 when posting the above message to the site feedback forum!

The IE title bar reads: Cannot find server - MS IE


_________________
Celeste: 03 EB/W MCS, cold, premium, sports a la carte w. W16"V, Lapis, HK, Forge coolant tank, saddlebags, interior trim in EB, euro shelf

 

just went back and edited my post (got your name wrong Mark, sorry),
and upon hitting the submit button from the post editing screen the problem did not occur.
M.

 

linux just scored me a point.

go gentoo.

 

Well, Im still having the problem and it isnt really too bothersome, but I'll see if my dad can do somethin to help (IT Management).

 

>>Well, Im still having the problem and it isnt really too bothersome, but I'll see if my dad can do somethin to help (IT Management).

as I just PM'd Mark, for the first time I've had the problem during login. Wouldn't let me log in, got the redirect. After 10 tries gave up, came back about 15 minutes later and it worked ok. I've installed spybot but not the Hijak software yet.

M.

 

well dang, it just happened again on the last reply.

Here's a screen grab of the redirect:



M.

 

and just now it happened again after I logged out and tried to log in again. This time the URL shown is different, here's the screen grab of the failed login:



when this happens during a reply to a post, the reply still gets posted. It is annoying, but can be worked around by just clicking the back button twice, and then the reload button.

During the login however that's it. You cannot log in, and cannot post.

M.