# Possible virus or malware on Bachmann's site



## Gary Armitstead (Jan 2, 2008)

Just a heads-up here that numerous folks have visted Bachmann Trains Site and have contracted a virus or malware. One new member on MLS, went to Bachmann's site last night and was infected. This new member told me that it took his IT people 11 hours to clean-up this mess. Tony Walsham was hit today on Bachmann's site, per post on LSC. Kapersky stopped it and quarantined the virus. Just a warning!!!


----------



## vsmith (Jan 2, 2008)

Thanks for the warning. I wonder if being owned by a Chinese company may be why they were targeted.


----------



## chucka (Mar 20, 2013)

Gary,

I guess that confrims what happened to me. I was on the Bachmann site and suddenly my laptop screen flashed and then a full screen page came up saying something to the effect that the FBI has seized my computer due to illegal use and to unlock it i had to pay $300 to some place or other. My virus software did not catch it. I figured it might be the Bachmann site but i was not sure because i might have picked it up previously and it took that long to active and take over. I brought it to the guys at work and they stated it was malware and they had seen this recently, so it may have infected other sites as well. They said they could not really determine where it came from, but now i think we know. So, guys---beware.

Chuck


----------



## TonyWalsham (Jan 2, 2008)

My attack actually happened 10 days ago. Right after I had just got my computer back from being de-contaminated 10 days before that. 
The IT store here in Casino said they removed 83 viruses and the CA (now Total Defense) anti virus failed to pick them up. As I am a frequent visitor to the Bachmann site I don't doubt (but cannot prove) that is where they had all come from. 
Anyway I dumped CA and had Kaspersky fitted which instantly picked it up and quarantined the Bachmann stuff. 

I will refrain from visiting the Bachmann site until they acknowledge it publicly and guarantee it has been fixed.


----------



## Garratt (Sep 15, 2012)




----------



## Vinny D (Jan 25, 2013)

Well that explains what happened to my computer the other day also when I visited that site!


----------



## Ironton (Jan 2, 2008)

This is a well known virus called MonePac. I do not know why they list places like Walmart and Walgreens to pay at. I took it off with Norton's power eraser when my grandson's computer got it. 

Boot up in safe mode with networking. Go to Norton's site and download NPE. Save to desktop. Run. Computer will restart. Set to safe mode with networking. When finished virus is gone. 

Step by step instructions are on Norton's website. 

Hope this helps.


----------



## JackM (Jul 29, 2008)

Another good free service is AVG. (I'm not affiliated with AVG in any way.) 

JackM


----------



## TonyWalsham (Jan 2, 2008)

That isn't funny Garratt. 
We are not all computer smart. I had to pay to get it fixed. 
I paid for Anti Virus and Anti Malware protection that failed. I realise that is not the fault of Bachmann, but, if the problem did emanate from the Bachmann site perhaps Bachmann would care to reimburse me?? Surely it is their responsibility to make sure their site does not infect any users in the first place?


----------



## Garratt (Sep 15, 2012)

Come on Tony, don't be a nerd. I know it is a pain in the ass when it gets you but these bloody viruses get us all at some stage. Back-up, must back-up! 

Don't you reckon that Bachmann kid looks sinister? 
I'm using Comodo antivirus, the free version. It beats me how stuff on a website can do damage anyway. How do the Bachmann web developers let it on the webspace anyway? More cognitive dissonance!
I'll have to catch up with you at some stage, if I ever need some RC or maybe just anyway. I'm only here in Melbourne myself, up in the hills with the NA's, Garratt and soon the restored Climax steamin past like a sewing machine. Cheers!

Andrew


----------



## Greg Elmassian (Jan 3, 2008)

I think the point is that Tony is NOT a nerd, who can easily track down and rid himself of viruses. 

There's a lot of junk out there for sure, and of course anyone with NO protection is a fool, but these are things that are designed to get "around" anti-virus programs and I have to sympathize with Tony's point of view. 

There is a lot of "advertising malware" out there, and I believe this has happened to the Bachmann site before, a few years ago. Unfortunately I would submit that Bachmann is too small, and their site not "important enough" financially to them to invest in a lot of time to watch for and protect from stuff like this. 

Greg


----------



## TonyWalsham (Jan 2, 2008)

Thanks Greg. 
I have always had paid up anti virus protection and have *never* had anything like that happen before. 
Computers are just a tool to me. I can use some aspects of them just fine. I do what I am supposed to do to look after mine. Sort of like making sure my car is always roadworthy and safe for use on the road. 

I have the hard drive mirrored and regularly back up all my important work files to an external hard drive.
One thing I have learned during this experience is to have another computer that will be just for visiting websites on the net so that I will not be stranded again without my work stuff. I could not print instructions for instance.
Whilst my computer was down I could use my IPhone just fine for accessing E Mails and at a pinch, websites. However the I Phone is such a pain to use and the print so small, they are really impractical.

BTW Andrew, I was down in Melbourne this past week for a few days. Next trip down might be in November for the Great Southern steam up.


----------



## cocobear1313 (Apr 27, 2012)

I got hit and use AVG and Malwarebytes and neither would touch it. I tried abunch of other stuff in safe mode and finaly wound up restoring to a previous image. I was PO'd. At least I now know where it came from as I too had just been on there site. Hey Garratt, why don't you test the water there and report back 


Dave


----------



## Dwight Ennis (Jan 2, 2008)

I've had to manually disinfect several computers at work over time when they get stuff like this. Once you've done it once or twice, it's easier from then on as you kinda know where these things like to live on the drive. Insidious little programs really, as all one needs to do to get it is visit a web site... no 'clicking' required. As Greg says, they are designed to escape detection by AV software, and the AV software is always playing 'catch-up' anyway, so if one's virus definitions aren't up to date, well... Even that isn't a guarantee against infection. It's a dangerous cyber-world out there, and there is despicable pond scum a lot smarter (computer-wise) than we here writing this stuff in their contemptible attempt to get something for nothing, an entitlement attitude which itself is a growing cancer within societies worldwide. Many billions of dollars per year are wasted by businesses trying to ward off and contain viruses, spam, hackers, and other nasty cyber denizens created by dickwads who could put their obvious talents to far better and more constructive pursuits, freeing up those billions to better purpose. Unfortunately, I'm sure they've been 'oppressed' somewhere along the line and are therefore blameless.


----------



## Gary Armitstead (Jan 2, 2008)

Dwight,

Tony said Kaspersky caught it and quarantined it. Know anything about this program


----------



## BigRedOne (Dec 13, 2012)

So, you're saying if we free all the world's oppressed, we can safety visit the Bachmann site again?


----------



## Garratt (Sep 15, 2012)

Posted By Ironton on 29 Mar 2013 07:02 AM 
This is a well known virus called MonePac. I do not know why they list places like Walmart and Walgreens to pay at. I took it off with Norton's power eraser when my grandson's computer got it. 

Boot up in safe mode with networking. Go to Norton's site and download NPE. Save to desktop. Run. Computer will restart. Set to safe mode with networking. When finished virus is gone. 

Step by step instructions are on Norton's website. 

Hope this helps. 

It's actually called the 'MoneyPak' virus based on the Reveton trojon.


The creators of the Reveton ransomwear virus were arrested by the Spanish police. 
http://nakedsecurity.sophos.com/201...sh-police/

Andrew


----------



## Dwight Ennis (Jan 2, 2008)

Posted By Gary Armitstead on 29 Mar 2013 05:19 PM 
Dwight,

Tony said Kaspersky caught it and quarantined it. Know anything about this program









Basically, all I know is that it was created by a Russian company and it has consistently rated in the top five (often as #1) in AV software comparisons for the last several years.


----------



## Gary Armitstead (Jan 2, 2008)

Posted By Dwight Ennis on 29 Mar 2013 08:10 PM 
Posted By Gary Armitstead on 29 Mar 2013 05:19 PM 
Dwight,

Tony said Kaspersky caught it and quarantined it. Know anything about this program









Basically, all I know is that it was created by a Russian company and it has consistently rated in the top five (often as #1) in AV software comparisons for the last several years. 
Dwight,

I checked on Kaspersky a little more and they have a FREE trial version. Would it be worth trying in that mode? I have have to disable FREE AVG that I'm using now, correct?


----------



## Semper Vaporo (Jan 2, 2008)

I have always worried about Kaspersky... maybe they are so good because they have some tie to the creators of so much of the malware that comes out of Russia.

In the very early years there were accusations that McAfee was inventing virus' so his anti-virus software could find it.

For that matter, how many programs have we all loaded that has some malware buried in it that has not been triggered yet?

Of course, I wouldn't be so paranoid if everybody wasn't out to get me!


----------



## TonyWalsham (Jan 2, 2008)

I cannot tell you anything about Kaspersky except that was recommended by the IT crew that fixed the infection. It was A$45 for two years. Quite reasonable actually. They are very helpful local guys and are really the only pros in my town of 11,000 people. They came highly recommended and the only gripe I had was it took them 7 days to actually get started on the disinfection. 
They guaranteed me that if I ever get another infection whilst using Kaspersky they will fix it for free next time it gets infected.


----------



## Dwight Ennis (Jan 2, 2008)

Gary - if you intend to install Kaspersky (sort of sounds like a Russian friendly ghost eh? hehehe) most would recommend you completely uninstall any current AV software you're currently running before installing the other. The reasoning I've read is that two AV programs can fight each other for control and cause all sorts of problems, including really slowing down the system while they fight it out. So far as I remember, this holds true whether one is disabled or not (which doesn't mean it still isn't running in the background). Admittedly, most of this is from memory and is several years old, but why risk it? Especially since you're running AVG Free anyway, and you can always download and install it again. 

For whatever it's worth, both at home and at work I run AVG Internet Security. I have no complaints about it. It has a small footprint and it's fast, and it isn't nealry the resource hog of a Symantec or McAfee, and I've found it to be far more effective. I don't think any AV out there will catch 100% of everything, and AVG IS has features I like, such as pre-scanning links provided by Google and others and flagging those having known issues or malware (though it isn't flagging Bachmann's site). Several times I've had it actually block a site and prevent me from going there. It also scans for rootkits, has a reasonably good firewall, has identity protection, automatically updates itself several times a day, etc. I'm happy with it.


----------



## BarrysBigTrains (Sep 4, 2008)

I just came from Bachmann's forums, without a problem (so far). 

Barry


----------



## Michael W (Oct 10, 2012)

Hi Tony, sorry to hear that your computer got infected (and everybody else for thst matter) I run linux ubuntu as my operating system, you can install it as a secondary partitition or from a usb stick ( linux is a lot more resistant to viruses than Windows due to a different architecture and the fact that most viruses attack windows machines) ubuntu comes with a good virus killer, just boot from the ubuntu stick or the ubuntu partition and run it, that should fix the next infection. 
As you are in oz I am happy to show you a couple of easy things you can do if we ever have the chnce to catch up and run trains... 
Kind regards michael


----------



## TonyWalsham (Jan 2, 2008)

Will the Linux operate Corel Draw 7, The full Adobe suite, I Photo Plu4, I tunes for Internet tethering, Word, Mozilla Firefox and various other programs?


----------



## Michael W (Oct 10, 2012)

Linux got for most applicatioms you names equivalent programs, or can run the windows ones via wine. 
However you can continue running windows for you day to day usage, linux can be run from a live cd or a usb stick to eleminate the virus and reair damage. You could also use a linux partitition as a backup, as windows does not recognise the linux partititon of your hard disk, the virus cant get there, you just boot in linux, run the viruskiller, copy your data back and reboot in windows. there are plenty of ways of doing this, if you want I am happy to help you set some things up. 
Best thing is if you got an old computer you are not using anymore download a linux version and try it out. 
Ubuntu comes with open office as a standart, so you get the word, excel, power point programs automatccly, they work identical to the ms products and can read all current file formates. Mozilla is the standart browser for linux but you can choose several alternatives. I am not using any of the adobe products other than the reader, so i would have to look for a linux equivalent, coral draw has several alternatives under linux. I dont use i tunes tether again i need to look for an alternative but as mentioned above you can use linux to run windows sofyware. Most software under linux is freeware, hence you dont pay any money for it. The only shortcomings are computer games and high end cad software. 
Hope that helps you. 
Kind regards michael


----------



## Greg Elmassian (Jan 3, 2008)

One of my responsibilities is managing our IT department. My boss likes hands-on, so I have build the majority of our 10 Red Hat Linux servers. 

I can tell you that as an operating system, Linux is every bit a vulnerable as Windows, judging by the virtually DAILY Linux system updates from Red Hat. 

Now, it turns out that these attacks are normally targeted to servers, but it's really a matter of WHERE and HOW OFTEN these viruses and attack "programs' are on the internet. 

While Windows and Mac stuff is normally found on web sites, Linux stuff is usually directed attacks by "bots" finding a server or workstation out in the Internet and attacking it. Normally the biggest bang for the buck is a server, but mark my words, individual users will be next. It's just that servers need to leave parts of their firewalls "open" so people can use them. 

Greg


----------



## Semper Vaporo (Jan 2, 2008)

Although "Open Office" does work for most people as a substitute for Microsoft Office products (Word, Excel, etc.) I have several Excel spreadsheets that will not work in the Open Office clone of Excel. My spreadsheets contain "Visual Basic for Applications" (VBA) programs and I have never found an equivalent capability in Open Office.


----------



## Greg Elmassian (Jan 3, 2008)

Yeah, the unique properties of another Microsoft product have not been cloned yet. 

Greg


----------



## TonyWalsham (Jan 2, 2008)

Thanks for all the advice. It is way over my head, but appreciated nonetheless. 

I am certainly not a NERD. Greg can attest to my lack of understanding when it comes to computers. 

I will be obtaining a second older computer and having it set up just for browsing the Internet and leaving this one just for my business work, E Mails and making changes to my website via Firefox. 
Unfortunately I cannot do anything until at least Wed even though business stores re open tomorrow, Tuesday.


----------



## Doug C (Jan 14, 2008)

Just finished visiting Bachmann site >discussion...>large> a thread and no apparent problems, seemingly and no unwanted entities tried to jump onto my sys !!


Win7Pro OS; 
FreeAvgGriSoft build 2012.0.2240 (staying away from AVG's simulated win8 UI build as long as possible as i don't need to tackle that learning curve) ;
I also have Spybot 2.0.12.0 loaded but it runs on demand ! . . . . . chks out nothing major seen on scan !


Beyond that, i don't bother loading any trial software since it only lasts awhile, and then you'll have to pull out your cc. ! If ya don't want it, quite often uninstall does not get everything and you'll want to ferret out the hidden files as best your skillset allows .... vs trials, i've fd. it better to ferret out a few reviews on software online and known users, then making a decision to buy it if I'm still interested in it 

imho

doug c


----------



## chuck n (Jan 2, 2008)

Doug, I went over to the Bachmann Large scale site a little while ago. I used my IPad as it is an Apple product and there are usually less problems, at least I think. I was surprised that there was no mention of a potential problem with the site. I went back through several weeks of threads. if there was a mention of a problem, I think I would have seen it if it was there. I have been on a few threads there that got censored, deleted. So maybe they didn't want any negative publicity and cut out and threads asking about the malware. If they did that, I would be very disappointed. Chuck


----------



## TonyWalsham (Jan 2, 2008)

Perhaps Bachmann simply didn't know although I find that difficult to believe, as their reps are always monitoring the independent forums. 
I still haven't been there since the last time Kaspersky picked up the Malicious Malware two weeks ago. 
I have been really busy this week and not had a chance to get down to the IT store. They said they would find out what it was that came from the Bachmann site, check and see if there is still a problem and let me know what to advise Bachmann if there is still a problem.


----------



## Garratt (Sep 15, 2012)

If they did have a problem, they would be in complete and utter denial. That is how the world works these days when there is money involved. 
I now remember going to the Bachmann site a few days or so before this thread was started and my browser warned me of malware







so I did not venture forth. I'm not entirely positive but I think it was the Bachmann site. I went there today, no problems though.









There is another large scale site I got a warning from called 'family model trains' or something, can't remember now. 

Found it! and I still get a malware warning.







http://www.familygardentrains.com/








Go test it out Tony with that Russian Kaperski thingy ma jiggery









Andrew


----------



## TonyWalsham (Jan 2, 2008)

Not me old bean. Not until the IT store tells me I can and certainly not with this computer. I don't trust anything anymore as I simply cannot be without it ever again.

I am looking around for a cheap net-book for web site visitation in the future.


----------



## ThinkerT (Jan 2, 2008)

Ok...after a long time away, I decided to pop over the Bachman site today. 

My anti-virus program kicked in immediately, warning of an attack. 

When I checked, it told me it had taken a 'trojan virus' captive, which I immediately deleted. 

I use Microsoft Security Essentials. 

Yes, the virus killer did give a few more details on what the trojan virus was (a name, in fact), but I deleted it before committing the details to memory. I've had a couple of nasty encounters with viruses in the past.


----------



## Kovacjr (Jan 2, 2008)

They do or have had a problem, as I was on the site a couple weeks ago looking at the Thomas line of rolling stock for something and got a new page that directed me to a moneypak payment for some fake FBI scam. I spoke to HP eventually as the OEM antivirus did not pick it up, Ive installed Kaspersky since then and it also removed it for me using their virus removal tool. 

The virus is a new but common one and called the Moneypak virus, it is a Trojan and difficult to get around with windows 8 not having a safe mode. 

I have to say I have not and will not go back on the Bachman site!


----------



## vsmith (Jan 2, 2008)

Just curious, but has anyone actually contacted Bachmann to complain about this? Just wondering..but its been about a month and its still an issue, I cannot imaging a major company that relies so much now on the internet to advertise to ignore such a problem.


----------



## Naptowneng (Jun 14, 2010)

Still Going On! I went to Bachman last night and AVG caught a virus and deleted it. It reported that 87 (!) pages at the Bachman site were infected. I certainly don't know if BM has been contacted, but you have to go to the site to email, which this fellow is never going to do again unless it is fixed and publicized. Curious situation 

Jerry


----------



## TonyWalsham (Jan 2, 2008)

This lack of comment by Bachmann is curious indeed given that the Bachman, and others at Bachmann, monitor other forums for anything to do with the public opinion of Bachmann. 
Far be it for me to speculate but it is getting curiouser and curiouser, dontcha think? 
I will also not go there.


----------



## Kovacjr (Jan 2, 2008)

I know after the headache I went through to get rid of the virus on Win8 I will not go to the site anymore.


----------

