# Bachmann web site



## general1861 (Jan 22, 2010)

I visited the Bachmann website today and my antivirus program stopped a threat. Does anyone know if bachmann is aware of the problem yet?. I know about a month or so ago it was discussed here.....Travis


----------



## TonyWalsham (Jan 2, 2008)

I guess we will not know until there is public acknowledgement from Bachmann that their site is/was attempting to infect the computers of visitors. 
An apology would/will be nice!!!


----------



## Garratt (Sep 15, 2012)

An apology would be an admission of fault. Most Companies would choose be in denial and say nuffin while the rest of the world knowingly talks about it. 
Go figure. Dumb as a box of rocks is being nice. 

Andrew


----------



## Dr Rivet (Jan 5, 2008)

Andrew 
PLEASE DO NOT INSULT THE ROCKS!!!


----------



## Greg Elmassian (Jan 3, 2008)

I've gone there and not found anything except Google Analytics which I have blocked. 

Some antivirus programs falsely detect threats... what AV are you using and what threat did it indicate? 

Did you email or report to Bachmann? 

Greg


----------



## grsman (Apr 24, 2012)

I keep hearing this about the Bachmann site. I think it is your AV program.
Norton does not find any problem with their site.
Tom


----------



## TonyWalsham (Jan 2, 2008)

I am using Kaspersky. Kaspersky quarantined it but, I don't know how to tell you what the problem is. But it is something to do with Java.


----------



## Greg Elmassian (Jan 3, 2008)

many companies put google analytics in their web sites. It allows them to get information like operating system, video resolution, etc. from the people who use the site. 

I have ghostery added to my firefox to block stuff like this. 

I've gone to the bachmann site several times since this stuff about their site started recently... no problems. 

I think it's a false positive. 

Greg


----------



## StanleyAmes (Jan 3, 2008)

On April 24th Bachmann posted the following on their forim in the General Discussions forum. 

Stan 

PS I have a ton of anti virus tools on my PC and have yet to get an alert from th Bachmann site which I visit daily. 

---------------------------------------- 

Dear All, 
We are aware of reports of viruses/Trojan worms/malware on the Bachmann site, but with intense investigation after each report, we fail to find anything. All of the public website scanning products fail to find any problems. We need YOUR help. If your virus scanning software reports a virus on the Bachmann site, write down the specific type of virus/Trojan/malware it finds. It must be a detailed description of where EXACTLY you are on the site. It needs to include what part of the Forum and what post or thread you were looking at, or what link did you select on the site when the notice occurred; a screenshot would also help. Please email the information to mich[email protected] (no phone calls please!). We want to address any problems and take care of them right away, but without specific details, it is like looking for a loose railroad spike in a train yard. Thanks for your help!!! 
the Bach-man


----------



## cocobear1313 (Apr 27, 2012)

Greg, I can't speak for the moment as I will not go back to the Bachman site. My computer was locked solid and I am fortunate that I back up very regularily as I had to go to a previous date to get going. That is what I call a positive positive. It was not detected by either AVG or Malwayrebytes. 

Dave


----------



## Greg Elmassian (Jan 3, 2008)

Dave not to be argumentative, but you might have had a really old version of flash or java or javascript and it could give you the same symptoms. 

After your rebooted, did you still have a problem? 

Greg


----------



## San Juan (Jan 3, 2008)

Posted By Greg Elmassian on 04 May 2013 09:46 AM 
I've gone there and not found anything except Google Analytics which I have blocked. 

Yes I totally agree with you Greg to block Google Analytics. 

I've found (using Firefox) that is slows down webpages so much if activated. And as it gains info from you I can see why some AntiVirus programs see it as a threat.


----------



## TonyWalsham (Jan 2, 2008)

This is what Kaspersky says it has quarantined: 

*Telstra-MMS-ID874633922.JPEG.exe [From:"Telstra Online" ][Subject:Telstra MMS Service - Last photoshot][Time:2013/04/17 14:31:35]//Telstra-MMS-ID019198279.zip// 17/04/2013 2:37:41 PM Backdoor.Win32.Androm.psh *

It was picked up on the Large Scale forums page as I opened the page. I go there without going through the home page.


----------



## cocobear1313 (Apr 27, 2012)

Greg, yes I am computer literate. Of course it was still locked up or it would not have been an issue.


----------



## Semper Vaporo (Jan 2, 2008)

Posted By TonyWalsham on 06 May 2013 04:15 PM 
This is what Kaspersky says it has quarantined: 

*Telstra-MMS-ID874633922.JPEG.exe [From:"Telstra Online" ][Subject:Telstra MMS Service - Last photoshot][Time:2013/04/17 14:31:35]//Telstra-MMS-ID019198279.zip// 17/04/2013 2:37:41 PM Backdoor.Win32.Androm.psh *

It was picked up on the Large Scale forums page as I opened the page. I go there without going through the home page.


I just went to the Bachmann . com site and wandered all over it and never found any problems... I run a program from Abine called DoNotTrackMe and the only things it blocked was the Google Analytics, (whereas with MyLargeScale it blocks Google Analytics and AddPlus). I use Microsoft Security Essentials, Spybot Search & Destroy and MalwareBytes AntiMalware, and they had no alerts of any sort. 
I tried several of the forums in my wandering, but maybe I should enter the forums they way you do... Could you post the exact link you use? 

From the text you show of the alert you received, it appears as though it might be something embedded in a particular graphic and I suppose it could be that the graphic only shows up when some off-site advertising is active (many websites have rotating advertisements that randomly appear in place of others). If this is so, then the problem is not specific to Bachmann, but with some advertiser that they are handling.


----------



## TonyWalsham (Jan 2, 2008)

This is the exact link I used to use: http://www.bachmanntrains.com/home-usa/board/index.php
I cannot imagine Bachmann would host web-links to any other companies.
Please understand I am definitely not understanding any of this virus/malware stuff. Never having had anything like it before. Ever.
I had just got my computer back after the IT people had disinfected 83 computer disabling infections that CA Anti Virus (Total Defence) had missed.
Kaspersky was installed and the very first time I went to the Bachmann Forums the above was quarantined.
BTW, AVG picked up the same alert.


----------



## general1861 (Jan 22, 2010)

I will check to see what my avg program quarantined. I have visited once since this happened with no problems yet.. Travis


----------



## Greg Elmassian (Jan 3, 2008)

cocobear1313: 

no insult intended. I do however have experience with pc's and viruses since 1975, and currently manage the IT department at my company as I have for the last 3 employers. 

There are indeed things such as coincidence and also when a false positive is detected, sometimes, not often, the AV program will quarantine a system file that will lock up your system. This is because, as you probably realize, many viruses "infect" system files so you cannot just delete them or your system stops working. 

The fact that the rest of the world is not experiencing this problem is a fact that you must deal with. Let's suppose this virus is really there... so why is my computer not infected? It does not make sense that the virus was detected and attacked you, but was not detected on my computer AND did NOT attack me. 

The only explanation I have right now is a false positive that quarantined a necessary system file on your computer... it's the only explanation I can come up with that fits ALL the information given. 

Regards, Greg


----------



## Semper Vaporo (Jan 2, 2008)

Posted By TonyWalsham on 07 May 2013 12:15 AM 
This is the exact link I used to use: http://www.bachmanntrains.com/home-usa/board/index.php
I cannot imagine Bachmann would host web-links to any other companies.
Please understand I am definitely not understanding any of this virus/malware stuff. Never having had anything like it before. Ever.
I had just got my computer back after the IT people had disinfected 83 computer disabling infections that CA Anti Virus (Total Defence) had missed.
Kaspersky was installed and the very first time I went to the Bachmann Forums the above was quarantined.
BTW, AVG picked up the same alert.


Thanks Tony... I just clicked that link and went to the web site and had no problems. (Not to say there is no problem, but that my system did not detect anything and things here seem to be okay at this point!) 
Just to explain some of what MIGHT be happening...

Bachmann probably does not "HOST" things for other companies. But "Host" means to store the data on their computer. What they probably do do is have links in their software that points to other companies to deliver content to visitors to their site.

This is like MLS having links in a posting to photos on "PhotoBucket" or another site. The MLS computer does not "host" the image, but merely holds a link for your computer to use to go get the photo from the actual web location of the photo... same with links to YouTube videos. The Video resides on YouTube computers, but MLS delivers the link to you and your computer goes and gets the video from YouTube to show in the web page from MLS.

Back to Bachmann... if their web site is selling advertising space for another company, then all they have on their computer is a link that is sent to each visitor and the visitor's computer uses that link to access some other web computer to get the advertisement. That advertisement can change each time someone accesses the link. Might not be an advertisement either! Might be a photo (and your error message did show a ".JPG" extension to one of the file names) or some other graphic that someone put in the forum. Just like here on MLS, if someone posts a photo from another site, MLS delivers the link and your computer goes and gets that image and it could be interpreted as malware (rightly or wrongly) and it would look to the user (you and me) as if it is a problem with MLS.

It is also possible that there are servers that are "ghosting" data for other computers... this is where the original web host is so overloaded with accesses that they put copies of everything on multiple computers so that the accesses to data are split up to the multiple computers.... and only one of the "ghost" sites is infected. Thus one person gets an "infected" file and another does not.

Another thing that might be happening is that some systems to deliver data are "regionalized" such that an advertisement space is replaced with different advertisements based on where the request is coming from... you being down-under might see things associated with your country that I, being in the U.S., would not see, because I would have little or no reason to be interested in the product or service, and conversely the advertisement I see is associated with U.S. goods or services and you would have no interest in them. Legality of the goods or services can get involved here... might be that something in one area that is legal is not legal in another area... can't advertise an illegal thing one place or the other.

Bachmann has no control over those linked items or what can get through the servers that control the import of web data into and out of various countries.

It is not quite as "simple" as it appears to us "users" of the internet.

I suppose that if enough people report the problem, someone at Bachmann MIGHT be able to pin down which link in their system is the culprit and do something about it, but that would be a massive undertaking and require a love of digging into the internet to take the time and make the effort to do so, and there is little chance of gathering enough data to do so.

Reporting the problems here is actually a good thing, but it is detrimental to Bachmann and I am sure they don't like it. Everybody needs to be wary of where they go on the internet, but sometimes we have little control over it since one site has links to another site (which can have links to yet another site, ad infinitum!).


----------



## Gary Armitstead (Jan 2, 2008)

Posted By Semper Vaporo on 07 May 2013 09:47 AM 
Posted By TonyWalsham on 07 May 2013 12:15 AM 
This is the exact link I used to use: http://www.bachmanntrains.com/home-usa/board/index.php
I cannot imagine Bachmann would host web-links to any other companies.
Please understand I am definitely not understanding any of this virus/malware stuff. Never having had anything like it before. Ever.
I had just got my computer back after the IT people had disinfected 83 computer disabling infections that CA Anti Virus (Total Defence) had missed.
Kaspersky was installed and the very first time I went to the Bachmann Forums the above was quarantined.
BTW, AVG picked up the same alert.


Thanks Tony... I just clicked that link and went to the web site and had no problems. (Not to say there is no problem, but that my system did not detect anything and things here seem to be okay at this point!) 
Just to explain some of what MIGHT be happening...

Bachmann probably does not "HOST" things for other companies. But "Host" means to store the data on their computer. What they probably do do is have links in their software that points to other companies to deliver content to visitors to their site.

This is like MLS having links in a posting to photos on "PhotoBucket" or another site. The MLS computer does not "host" the image, but merely holds a link for your computer to use to go get the photo from the actual web location of the photo... same with links to YouTube videos. The Video resides on YouTube computers, but MLS delivers the link to you and your computer goes and gets the video from YouTube to show in the web page from MLS.

Back to Bachmann... if their web site is selling advertising space for another company, then all they have on their computer is a link that is sent to each visitor and the visitor's computer uses that link to access some other web computer to get the advertisement. That advertisement can change each time someone accesses the link. Might not be an advertisement either! Might be a photo (and your error message did show a ".JPG" extension to one of the file names) or some other graphic that someone put in the forum. Just like here on MLS, if someone posts a photo from another site, MLS delivers the link and your computer goes and gets that image and it could be interpreted as malware (rightly or wrongly) and it would look to the user (you and me) as if it is a problem with MLS.

It is also possible that there are servers that are "ghosting" data for other computers... this is where the original web host is so overloaded with accesses that they put copies of everything on multiple computers so that the accesses to data are split up to the multiple computers.... and only one of the "ghost" sites is infected. Thus one person gets an "infected" file and another does not.

Another thing that might be happening is that some systems to deliver data are "regionalized" such that an advertisement space is replaced with different advertisements based on where the request is coming from... you being down-under might see things associated with your country that I, being in the U.S., would not see, because I would have little or no reason to be interested in the product or service, and conversely the advertisement I see is associated with U.S. goods or services and you would have no interest in them. Legality of the goods or services can get involved here... might be that something in one area that is legal is not legal in another area... can't advertise an illegal thing one place or the other.

Bachmann has no control over those linked items or what can get through the servers that control the import of web data into and out of various countries.

It is not quite as "simple" as it appears to us "users" of the internet.

I suppose that if enough people report the problem, someone at Bachmann MIGHT be able to pin down which link in their system is the culprit and do something about it, but that would be a massive undertaking and require a love of digging into the internet to take the time and make the effort to do so, and there is little chance of gathering enough data to do so.

Reporting the problems here is actually a good thing, but it is detrimental to Bachmann and I am sure they don't like it. Everybody needs to be wary of where they go on the internet, but sometimes we have little control over it since one site has links to another site (which can have links to yet another site, ad infinitum!).


Great information Semper. But the bottom line for me is this: IF I suspect that there might be just a VERY small threat to my computer, why would I take that risk? I'm NOT a computer "guru". I would have to spend quite a few dollars to get my computer fixed. And frankly, I don't buy Bachmann products NOW. ALL Accucraft or AMS. The risk just far out-weighs the benefits of visiting Bachmann's site. ALSO, Bachmann can't possibly be unaware of the possible problem with their site! JMHO.


----------



## Semper Vaporo (Jan 2, 2008)

Gary: The bottom line for all of us is that using the internet is a dangerous thing to do. EVERY time you log-in to some place, whether you enter credentials (like being a 1st class member at MLS) or just "visit" (like going to Bachmann) you run the risk of some idiot having penetrated their defenses and set up some malware that will infect your computer with the intent of harming you in some way... whether to steal some part of your identity (credit card number, e-mail address, etc.) or to cause your computer to become an agent in their grand scheme to take over the world or just to be mean and obnoxious to random strangers for the 5th grade mentality of the Tee-Hee factor.

We, the internet community of users just have to be vigilant to keep our defenses up with the best (?) and latest anti-malware programs and their databases. Even then, there is the fact that "new" malware might not be detected before it does some damage.

This malware scourge is a danger to all internet commerce (and beyond, since the internet is used to transfer financial information even for brick and mortar stores). It COULD be the downfall of large corporations or whole countries. Scary if you dwell on it!

For my part, I do some financial items on the internet, but I have a "spare" computer that I use ONLY for those purposes and not for general internet "surfing". Using my "usual" PC I may go to some web site and see stuff I want, but when I am ready to order, I turn that computer off and fire up the other one, Update the anti-malware databases and I have a method of making my ISP renew my URL to a different one (they are randomly assigned every time you connect to the internet, but I force a change again, just in case they did not complete the disconnect when I shut down the 1st PC)... then I go to that web site again (and ONLY to that web site) and place my order, then shut that PC down and fire up the other one to get any e-mail verification that is usually sent when an order is placed. I do the same when I access my bank account or use PayPal. I keep that second PC up-to-date with the latest anti-malware software and databases and such, and I only use it for financial purposes and not for general surfing. I have nothing in the way of financial info on my "usual" PC and never visit random web sites using my "financial" PC. That does not mean I am totally immune to problems, but it does lessen the chances of it. 

One time my credit card info was stolen. But that was right after I had given the number to a book seller (Indiana University Press) and I had not used that card for nearly a year previous to that one transaction, and a week later I got a call from a credit card monitoring company asking if I was buying $1 and $2 items in random places on the Oregon Coast... when I said "no" they immediately canceled the card and said my bank would re-issue it with a new number... I was QUITE WORRIED that the phone call had been some sort of scam, but they gave me the credit card number when they called and knew other so called Private info about it... anyway, I called my bank and they at first denied they knew anything about the "monitoring" company, but when I escalated the call to report the call as a scam, then I got someone that confirmed the company, confirmed that the card had been canceled and that two more attempts to use it had occurred. I traced the route of the user and they were moving up the Oregon coast stopping in small towns to buy very small items at convenience stores and a veterinarian (I don't understand that one!) and then turned east near the Washington border and then the trail went cold... probably because the last two attempts had been denied. Five attempts total, at a cost of less than $10 or $15 and I did not have to pay any of it. I called Indiana University Press and expressed concern and was met with a stone wall of denial that it could possibly have been them. I have no proof, but I won't order from them again. Your mileage may vary.


----------



## TonyWalsham (Jan 2, 2008)

I have justed visited the Bachmann website and Kaspersky picked up and blocked this: 
http://149.47.224.128/b247175dc56bb4c6ad0814ab524944c4/q.php (analysis using the database of malicious URLs) 

It does it on every page.


----------



## Greg Elmassian (Jan 3, 2008)

OK, the bachmann site has a link or a reference to 149.47.224.128 which is owned by Precipice, Inc. 

They have something to do with marketing and computers, but their web site is pretty bogus (precipiceinc.com) , it has all kinds of references to all kinds of services, but all the 4 different categories link to the same web page with no info. 

So who knows what they do... but maybe they make "bots" or some programs to track the web site... 

so that internet address somehow is on the Kaspersky black list of addresses

Send that info to Bachmann... 

Greg


----------



## TonyWalsham (Jan 2, 2008)

Information duly sent to Bachmann. I have not heard back from Bachmann.
Kaspersky kept detecting the malware on every page for Sat and Sunday.

Yesterday it is no longer being detected.
I guess that can mean either:
Kaspersky is no longer detecting the Malware. 
Or.
Bachmann have have fixed the problem at their website.


----------



## Greg Elmassian (Jan 3, 2008)

Yes, and a refinement of your statement: 

Can also mean that Kaspersky falsely detected malware. 

Most of these virus checkers look for a "signature" of a virus, which is just a sequence of data, depending on how long the signature it has, it could find that pattern in a legitimate program somewhere. 

Greg


----------



## TonyWalsham (Jan 2, 2008)

False positive or not, Bachmann seem to have fixed it. So far no acknowledgemnt from them.


----------



## Greg Elmassian (Jan 3, 2008)

it's also possible that a regular update of the kaspersky definitions has eliminated a false detection... 

Greg


----------



## TonyWalsham (Jan 2, 2008)

Absolutely possible of course Greg, but, isn't it just a tiny bit coincidental that less than two days after notifying Bachmann of the details picked up by Kaspersky, the problem disappeared?


----------



## Semper Vaporo (Jan 2, 2008)

It could also be that you provided the key piece of information that led to the cure. They could look at "their" code on "their" computer all day long and not see a problem, but the link to the other site was the source of the problem and once they knew where to look, they could address it and get it fixed... 

Of course it could be mere coincidence that the other site is just rotating files around and you happened to get one that was free of the code that Kaspersky was finding a problem with, and if you go back often enough you might see it again.

There is just too much randomness in all of this to make it easy to identify the cause of problems.

It does pay to keep the anti-malware databases up-to-date!


----------



## Greg Elmassian (Jan 3, 2008)

Actually it makes sense Tony, that the Kaspersky software was updated much sooner than Bachmann's site ;-) 

Greg


----------



## Scottychaos (Jan 2, 2008)

So whats the final analysis then? 
It looks to me that there never anything *actually* dangerous on the Bachmann site then.. 
just a false-positive from Kaspersky. 

I have gone to the Bachmann site dozens of times while this whole thing was going on.. 
never once had a problem..but I don't use Kaspersky. 

Im curious, did everyone who had a problem with the Bachmann site use Kaspersky? 

Scot


----------



## Ted Nordin (Feb 27, 2008)

Im curious, did everyone who had a problem with the Bachmann site use Kaspersky? 

Scot 

Scott, I have Kaspersky and used the site several times for parts orders. I never had a single warning from K. I use chriome, wonder if the problems were on other platforms. 

Ted


----------



## Greg Elmassian (Jan 3, 2008)

I personally believe it was a false positive... since I visited the site numerous times without incident. 

BUT 

Tony could be right also. 

Cannot be proved now, but the good news is that whatever appeared to be a problem has been corrected. 

Regards, Greg


----------



## Kovacjr (Jan 2, 2008)

Posted By Ted Nordin on 14 May 2013 09:37 PM 
Im curious, did everyone who had a problem with the Bachmann site use Kaspersky? 

Scot 

Scott, I have Kaspersky and used the site several times for parts orders. I never had a single warning from K. I use chriome, wonder if the problems were on other platforms. 

Ted 

No, I had Norton and it did NOT pick up the virus and I was infected on Windows 8. After days of trying to get rid of it I did and upgraded to Kaspersky. The virus was well known from HP and also Norton and Kaspersky. Norton did nothing to stop it but offer support for removing it though they do not know how to work through win 8 so they were useless. Kaspersky removed and fixed the problem. HP just wanted to charge 80.00 to remove it using free downloads from Cnet.


----------



## Naptowneng (Jun 14, 2010)

Another no.

FWIW, On Sat April 20 I went to the Bachmann site and my AV software, "Webroot Secure Anywhere" 

http://www.pcmag.com/article2/0,2817,2411616,00.asp

detected a problem with the site, warned me, and said that 87 pages were infected at the site. The particular thing it found flashed on the screen, but I did not note it and can't find it in the log. SO false or not, it claimed to see an attack and stopped it. 

Jerry


----------



## Greg Elmassian (Jan 3, 2008)

Yeah, if an AV that is watching your browsing sees something wrong, it can block access, or stop javascript, or a java applet, or an HTML attack, or code in a PDF file... etc. 

There are TONS of things to watch for. I already explained one way you get a false positive, there are a number of ways, but better safe than sorry. 

Just gets irritating sometimes, but when I get one, I just go somewhere else. Model train companies don't have the most sophisticated web sites, so I guess it's just "par" for the course. 

Greg


----------



## TonyWalsham (Jan 2, 2008)

I notified Bachmann on the 12th of the details that Kaspersky found. Two days later the Bachmann site was OK. 
Then, about 3-4 days after that Kaspersky picked up another infection and quarantined it. Since then nothing detected by Kaspersky. Seems like Bachmann have cleaned up whatever it was. 

No acknowledgement from Bachmann they had a problem and no thank you for helping them locate it.


----------



## Greg Elmassian (Jan 3, 2008)

again, this still fits the possibility that the virus definition updates changed, not the Bachmann web site. 

And since your virus definitions are normally updated daily, and reported back to Kaspersky, while it's pretty sure that Bachmann would respond more slowly, it's my professional opinion that you have false positives. 

many softwares sell based on finding "more" than the competition... very common on registry cleaners for example... 

Greg


----------

