Skip to comments.Possible Orly Taitz Website Virus
Posted on 05/21/2011 3:47:27 PM PDT by matt1
I visited Orly Taitz' website yesterday to catch up on any news re the various court proceedings she is involved in and immediately a pop-up appeared asking if I wanted to run a script. I closed the browser without responding. Thereafter, everything on my desktop disappeared, the Task Manager was disabled and many important applications were wiped out. This was on my work computer and I had to get an IT guy to look at the PC. It took nearly 4 hours to restore everything. The IT guy said that if it was a personal computer, the machine would have been almost destroyed.
The most probable culprit is democrat operatives who DO NOT want the public learning about Ms. Taitz and the serious fraud allegations she is making about obama.
I just wanted to post this so that others from FR will be careful when visiting her website. Hopefully, Ms. Taitz will do the necessary to protect her site and its visitors but for now I won't be able to visit her site until a remedy is in place.
What was the name of the virus/worm/trojan/malware?
The most common attack vector today is from reputable websites. They compromise legitimate websites and infect trusting users.
If you didn’t give permission for something to run, then there is a much larger issue going on than a simple script imbeded in a web page.
I assume you are running some version of Windows...? What browser?
I just went there. No pop up and no suspicious script asking to run, at least on her homepage.
You mods have some pretty good virus/malware indicators. You got any idea of this?
I’ve heard for a long time her site was infected with all kinds of bugs. I never go there because of this, and never will.
The folks who wrote the virus for Orly’s web site are stupid.
You don’t expose yourself right away. You wait awhile, then do it. Makes it almost impossible to figure out which web site installed the virus.
Does your company have an policy regarding Internet use at work? It should, and if it does, visiting non-work related sites may be violating the policy. Be careful. Your computer usage may be logged.
Even more likely - the malware purveyors who “camp out” similar domain names (with a single letter/space/etc. out of place or altered).
Maybe the lefty IT guy is teaching you a lesson.
I heard that if you curse Google, you get a virus that makes your computer send in votes for Obama.
I’ve never been to Orly’s website.
I guess the question I should be asking is if the mods detect anything if someone posts a link to her site.
Does it ever! Frustrating to not be able to get at what you need and know to be alright because of some knucklehead with the third party service they use for blocking.
I take my personal laptop (either Mac or PC, depending on what I am working on) and an unlimited 4G device and run a better class of "anti-ware" than the company will pay for. Also works for my iPad from a long distance in the building for those meetings that can be so annoying.
the company i work for is quite liberal about internet use, as long as it’s not porn or some other inappropriate material.
the environment is well-protected with various virus protections including a Cisco agent and of course a fortified firewall. the IT guy ran a complete virus scan and was unable to locate it at first. he said it could have been masquerading as another application. we eventually located an application called something like a profile cleaner which apparently destroyed the user profile.
i KNOW it was from orly’s site because i only had the google homepage open at the time, then navigated to orly’s site and that’s when stuff started disappearing.
the IT guy was able to restore a new profile and then the PC went back to normal.
They do that as well but no legitimate website are hacked and used to take spread malware.
Its happened at Drudge, walmart and foxnews to name a few.
>The IT guy said that if it was a personal computer, the machine would have been almost destroyed. <
BS. (Not to you, but your ‘IT’ guy or whatever he called himself)
In a previous life, I was employed as a consultant for a well-known AV company in L.A. and have seen and witnessed almost every known malware known to “shut down” Mac and Windows systems. You can also catch me on the Avast forums as an ‘evangelist”. What was the name of this splendid malware because if he completely re-booted the system and cleaned out the hard drive, he’s not certified to fix stuff because there are procedures on how to neutralize the culprit without even resorting to such draconian measures. Not even once did any of our staff surrender any PC because any machine is worth saving due to the information in the hard drive.
“I just wanted to post this so that others from FR will be careful when visiting her website.”
Welcome to Free Republic.
When posting a “concern” it is best not to appear to be using “concern troll” reverse psychology giving the appearance of pushing FUD (fear, uncertainty and doubt) at FReepers who may want to go to Orly's site.
Orly's site has been under constant attack and she claims it is well protected. There has been a concerted effort to claim that her site is virus infested to discourage visits there, which has worked to a certain extent even now. You have also failed to provide any useful information which could be of help to others in assessing their own vulnerability, such as you operating system, AV program and firewall...
She has a history of not listening to people who tell her about problems with her site. So, I wouldn’t be the least bit surprised if you got whacked there. No way would I click and go there.
Visited Orly’s esteemed site..a few moments ago..no aswangs encountered.
Never attribute to unknown malefactors what can easily be explained by incompetence.
Orly Taitz IS a virus.
Nothing new. Taitz’s site has been infested with Chinese malware for the past two years.
understood. which is why i didn’t say to NOT go to orly’s site. i merely said be careful.
I did.... but I am running Linux. :)
If your machine was not a “personal computer” then what was it?
Also did it have antivirus/antimalware running, and what kind?
Also, what browser was being used?
There shouldn’t be any reason for a browser application to break outside the browser and nuke a bunch of files.
Sounds more like something was lurking in the background either waiting for you to go to the Orly website or else just the unlucky timing. Most serious corporate IT is good enough to keep browser applications from bursting out of the browser.
Me smell noob poop.
That happened to me too when I visited the site months ago. A window popped up and asked if I wanted to run a scan as my computer was infected. I clicked on the ‘x’ to close the window without answering and that was the magic password to get lots of nasty things downloaded to my computer.
I took it in to get it fixed and was told that when one of those windows pops up, just shut down the computer without closing anything because a ‘yes’, ‘cancel’, ‘no’ or just trying to close those windows can be programmed to download viruses and such on your computer.
i mean it was not a personal PC, it was a corporate PC.
as stated before the company’s network is well-protected. not sure of all the details but i know they have something called a Cisco agent. right before the desktop shortcuts disappeared, the Cisco agent popped up a message indicating the an external application was attempting to execute or some message like that and that it was prevented from doing so.
the system is windows xp and ie7.
the IT guy, despite what some of you say, is top-notch. he even was in contact with the IT supervisor. the supv said that if the virus could not be located, that they would have to clean the machine. the IT guy said that’s a drastic measure since all of my files saved on the c:\ drive would be deleted as well as non-standard applications which i use all the time.
personally, i just bought an expensive lenovo laptop which has taken me two friggin’ weeks to configure and much difficulty transferring apps and files from my old laptop. i would have been MAJORLY PISSED if my files and apps had been deleted because of a virus from orly taitz’ website. i never heard of an orly taitz website virus until after the PC was restored and i googled it to see if others had similar comments.
instead of being suspicious of someone posting a warning to that fact, i would have been grateful for the tip and would use prudence when thinking about visiting ANY website known to have a virus.
I hope it gets properly investigated. I wonder why data files you had created couldn’t be copied off of C: by mounting that disk as a second drive, perhaps even on Linux. That would lessen the pain of that kind of reformat.
Many IT experts suggest you make Firefox your default browser on Windows and leave IE7 for things that absolutely must have it, such as Windoze Update/Microshaft Update. Whether or not the Orly website is carrying a virus, that is something worth considering going into the future.
It’s possible you were the victim of a one-two punch, in which a virus sets itself up quietly in your native OS environment then waits for you to do something else specific. Once you do what it’s waiting for, all hell breaks loose. Website content can be programmed to catch an attempt to close a browser window and do something else browsery, like pop up panels or even fill your screen with browser windows, but in principle your browser should act like a sandbox with respect to disk content. The operating system, not the browser content, is designed to be in charge of the interface between disk content and the browser (like save file or upload file).
I’m also in IT. I can’t remember the last time I couldn’t defeat a rootkit, and we have some unusual operating environment challenges on top of it all. Home systems are much easier, not that that’s saying a lot.
I have been going to Orly’s sites since the beginning and NEVER had a problem. She has had problems, it never affected me. I think it is just to scare people away. In your case it’s working.
Since Mar 22, 2011
“Since Mar 22, 2011”
and your point being, mister?
are you implying that because i’m a new member, that i’m not supposed to have an opinion or don’t have the right to post???? that FR is only for the “old timers”????
i sincerely hope that’s not the case and that i’m misinterpreting your post.
>Im also in IT. I cant remember the last time I couldnt defeat a rootkit,
ME NEITHER. I am more scared of rootkits than malwares. The true malware and rootkit “technicians’ will do everything in their power to save the hard drive and the info inside WITHOUT a total re-boot of the OS.
The nastiest one I witnessed? It took out the paid version of Malwarebytes and wouldn’t allow me to download OTS and Combofix. The TLD4 rootkit. Yup, that nasty. It even manipulated the Windows settings once I was able to pop in GMER and read the logs carefully.
That’s why I laughed at this “IT” guy.
Spend a few rounds of reinstalling Windows, your programs, and you’ll understand why one will not go to her site when the same information get’s posted here.
Paid version of Malwarebytes disabled? Good night!
I had one that kept shutting down my computer if I ran Malwarebytes. Combofix would run in safe mode but wouldn’t get rid of it.
Alas, my second Windows reinstall of the year...
I never go to Orly’s site because its totally infected with virus’s.
>Paid version of Malwarebytes disabled? Good night!<
Back then, we had a loudmouth AV nerd who said MWB was ‘PERFECT’. I believed him until that very incident. Now I try to tell people about TDSSKILLER, which is far more efficient than MWB’S free version. It took out TLD 4 and 5 rootkits in one shot, unlike DDS but DDS at least corrects any “unknown” variables you deem a threat. Obviously you have to run the logs again to look at stuff manually like before. I’m not in the AV industry anymore as I;m in Hollywood doing something else.
Tell that to faucetman on post 38...
I know I’m not taking the chance.
I’m downloading TDSSkiller right now. Thanks.
That’s a really quick scan on TDSSkiller—why is that? The different type of Malware it’s looking for?
For someone only 2 months old at this site, how would you expect us to behave at your overly concerned news? I still consider myself a NOOB, compared to some of the grizzled pros in here, but I've learned enough about posting behaviour and reading between the lines to be skeptical at all times. Goes with the territory.
If you're a legit conservative newcomer, welcome to the "trial by fire" ritual that all newbies go through at one time or another. If you're an Obama-loving, socialist tax&spender troll.....pedal it somewhere else.
TDSSk is designed to search and destroy for the Alureon, Win32 and TLD-types of rootkits...the worst of the worst and known to hide and dig deep in hidden sectors of your system. They are classified as ZERO DAY malwares meaning...MWB could not detect them because they are hidden so deep in Win parameters not even a full scan will detect them.
Like the previous Freeper whom I answered originally...a rootkit is FAR, FAR destructive. But the best way to always know is to run GMER or Combofix and READ the logs. I’m MCSE certified so I read the sector logs. You can also find me on the Avast forums as an “evangelist” but I cannot tell you which name I use as the forum members might pounce on me if they knew I was a member of the rightwing forum RN.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.