This is the message I keep getting when I try to come on this site as of today. I am not the only one. A lot of us are getting this warning. I ignored several virus warnings to come back on here and post this.

Is there is a Mod or Phil or anybody on here that can deal with this? Every time we try to go to this site, it blocks us and gives us a virus warning saying that malware is being transferred to people without their knowledge.

I kind of doubt I am vulnerable, but I am not sure I want to risk it and visit the site until it is fixed. And quite a few people that have been posting on here for a long time are feeling the same way.

If anything, it is extremely annoying. It would be nice if those in charge took care of this and gave everyone peace of mind so we can all visit this site and post again. Until I stop receiving this virus warning, I will likely not be visiting soonerfans.com again. I just don't feel comfortable doing so.

Feel free to lock this and sticky it. Thanks.

yeah, I thought the same thing, something aint right.

I just recently got a virus that I can rid. :mad:

Not saying it came from here.

I know there are a LOT of people camped out over at the Hideout concerned about this. None of us have admin priveledges here though, so we can't open the hood and check out what's going on with the engine. Please throw us some info here so I can let the more concerned members of the Hideout know for sure if it's safe to visit here guys.


I just recently got a virus that I can rid.

There are at least 3 people I know about who have had the same thing over the last week and they all had to jump through hoops to clean their systems as it was killing their AV software and so on.

59: Good move posting this in the Football forum as the other threads were all in the SO or the Trouble Report forum. MAybe this will be addressed quicker here with more visits from the powers that be.

I run McAfee antivirus software and get this same message but since I don't click on allowing the add on to run I can still get to this site. Would someone please address whatever the problem is though? Thanks.

Yep, I denied it once and I haven't seen the message again, but according to Google the site is still compromised and infected.

anyone got a fix??? I've sent a couple of pix from the fark board and now my wife's pc is infected as well....we both run McAfee and Trojan Remover, but still infected

Is your pc actually infected or are you just getting the warning? If it IS infected, do you know for sure it came from here?

Not trying to be a dick, but I've been sorta gathering info the last 40 hours or so trying to figure out if there's an actual threat, just the possibility of a threat, or just a false alarm and I don't have anything totally solid yet pointing to any particular possibility.

What I can say almost for sure is it's not SF doing it exactly, but some malware introduced elsewhere and infecting multiple sites...or so it appears.

I knmow I hope this shat doesn't work it's way over to the Hideout...We do have the absolute latest vbulletin software andsecurity patches, but these days what does that guarantee really?

I do know that quite a few people who are members here have had major issues pop up over the last week though, and I hope someone gets to the bottom of this soon so this place doesn't get a bad rep and go down the tubes for being the place that jacked up everyone's systems. I like it too much here to be very happy if this brings down the whole community.

It's almost certainly an advertiser that has inserted malicious javascript or something similar. Websites can't get "infected" in the same manner a computer does.

Everyone who only gets the big red screen from Google but gets no alert from their anti-virus software is running ad-block software. It's possible the problem has been fixed but not recognized by Google yet, as I only see generic "Advertise with us" ads or the Sooner Legends ad when I turn off ad-blocking, and Avast doesn't get all bothered.

Last week when I logged in twice I received the McAfee popup for "Warning - Trojan Virus and has been quaranteened" or something like that.

Last time was Monday and thought it was just me.

^ its been happening since last week. Also some message about the site wanting to run some MS data access program. Sumthin's not right. Can't hang out here w the work puter for sure.

Not blaming this site as it could have come from a number of sources -

I have been struggling with a virus all week and Norton is constantly quarantining a trojan horse. Several programs are in lock down and my programs run at start up have been severely altered. I first noticed some strange happenings last Sunday night.

im getting the Google page when viewing in Firefox. I cant get to the page at all in firefox. I can still come here in IE though

Look in the Souht oval at the thread there. It was scanned in the last 24 hours...again...and Google still reports it. Read the thread over there, but Google claims that this site and mant others have been infected due to malicious behavior from some other domain. Those dother sites have the same type of report and it all links back to a few torrent sites.

And what 518 says is mostly true. Very few people are getting any warning when entering through IE. Personally I'm on IE, and after one request from the site to allow some BS a week ago at most, which I denied, I slide in with no problem.

I'm gonna test right now logging out and back in and I'm also gonna try other browsers and see what it does for me. In any event, keep reporting what happens in this thread or the one in the South Oval, and it will help when one of the admins starts trying to figure out what is happening.

For what it's worth, now I'm on Firefox and I logged in and came here to post with no warnings at all.

I came in through IE with no problems, but with FF, I get the Google warning and all that. I am trying to figure out what's going on.

Logged out an back in with IE and still got no warning. When serching for soonerfans.com on Google I still got the warning which pointed to this:


What is the current listing status for soonerfans.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 180 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-29, and the last time suspicious content was found on this site was on 2010-01-29.

Malicious software is hosted on 1 domain(s), including bawled.in/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 4ura.us/.

This site was hosted on 1 network(s) including AS27473 (CIHOST).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, soonerfans.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

The Bawled.in link gave me this:


Safe Browsing
Diagnostic page for bawled.in

What is the current listing status for bawled.in?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-29, and the last time suspicious content was found on this site was on 2010-01-29.

This site was hosted on 1 network(s) including AS47560 (VESTEH).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, bawled.in did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 10 domain(s), including pucro.org/, ivisionhost.com/, videodivertentigratis.net/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

The 4ura.us link gave me:


Diagnostic page for 4ura.us

What is the current listing status for 4ura.us?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-29, and suspicious content was never found on this site within the past 90 days.

Malicious software includes 36 exploit(s), 34 trojan(s), 6 scripting exploit(s).

This site was hosted on 1 network(s) including AS45420 (PIRADIUS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, 4ura.us appeared to function as an intermediary for the infection of 90 site(s) including videodivertentigratis.net/, pucro.org/, korat2.go.th/.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

The AS27473 link gave me:


Safe Browsing
Diagnostic page for AS27473 (CIHOST)

What happened when Google visited sites hosted on this network?

Of the 2400 site(s) we tested on this network over the past 90 days, 45 site(s), including, for example, wbdepot.com/, localendar.com/, sunnewsonline.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tested a site on this network was on 2010-01-30, and the last time suspicious content was found was on 2010-01-29.

Has this network hosted sites acting as intermediaries for further malware distribution?

Over the past 90 days, this network has not hosted any sites that appeared to function as intermediaries for the infection of any other sites.

Has this network hosted sites that have distributed malware?

Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 1 site(s), including, for example, digitalrevolution.net/, that infected 1 other site(s), including, for example, weightedvest.com/.

Thanks Phil...I posted all the assorted links that are associated with the issue....Hopefully one of them means something to you and can send you in the right direction.

Quite a few people ahve ended up with weird trojans and so on in the last week, but so far there is nothing definitive pointing the SF way, but there is lots of circumstantial evidence that either means something...

...Or is a weird coincidence! lol

Hell, I got something, too, but I never click on anything anywhere.

Add me to the list of people that have received Trojans from somewhere over the last week; i had some sort of warning on here 1 time when i tried to access the site, but since then have had no problems; wish someone smarter than me could figure out what has happened

I definitely got some sort of virus as well. I am logging in with Google Chrome and it also gives me the pop-up warning.

FWIW, a few weeks ago, I tried to access SF.com from work and got a Websense message indicating the site was blocked because it was a 'Malicious Website'. Our company gets a feed from Websense and blocks off that. The block has since been taken off (I'm visiting SF.com from work this morning). But I'd have to imagine that other companies that use Websense were probably blocking SF.com at the same time we were. And that the block probably had something to do with the Google warning as well.

SF gave me crabs

Phil, im getting 2 trojan warnings. Using IE but the warnings are coming from a corporate version of Symantec AV.

The warnings are slipping right by Norton 360 and Windows Defender. I didn't get around to trying any others yet.

avg caught it on mine monday. it deleted the file from my temporary internet files and havent seen it since.

avast also pops up with a virus warning when going to soonerfans.com. it didn't today but has the last several times.

I think we've got it cleaned up. I have submitted it back to Google for a review to see if they will unlist us so that thing will quit coming up.

This message just started popping up for me. Man, is it annoying!!! No virus/trojans showing up on my end so far but I'm going to do a scan to make sure.

Thanks Phil for working this out so quickly. I manage a small forum and I know things like this can be a pain in the ***.

I'm in with IE, but still not with Firefox. I'm running a scan with AVG and see what that turns up, but glad I'm not the only one with this issue.

Overall, I don't see this kind of thing with really simple security measures (AVG and ZoneAlarm). But would like to know what the issue was and what SF is doing to keep themselves from this kind of situation again.

Plus, the whole Google thing about blocking what I want to surf is a little disconcerting - perhaps anti-virus companies checking with Google before allowing the response to come through - that's a little annoying - I'll have to re-check with AVG on that.

I'm in with Firefox, and all is well...carry on with your smarmy commentary and snide remarks, people, we sleep safely tonight.;) :D

It appears to be working, thanks to whoever did the work

All clear with Firefox which was the issue I was having earlier.

Good job!

I'm back. Everything going smoothly. Thanks Phil.....or whoever did it.

im no longer getting the warning either

Sincere thanks Phil for getting this resolved so quickly.

Obviously an attack from Texas :)

nah, if it was from tex it wouldve just whined alot

SF gave me crabs

Finally found someone to blame it on, huh?

That whole thing was weird, but I got it taken care of. It was in the index.html file, which is just a redirect to the boards, which is why I couldn't find it earlier. It doesn't appear that it came in through the board itself. I reset all the FTP passwords, which ought to prevent recurrence.

Let's all thank Phil.

Thanks, Phil!

I got a message from my AV, but I quarantined it and then ignored it. I also got a message at some point that Firefox was restarting because I had an extension (er, it was either an extension or plugin, can't remember which) which had been determined to be some form of malware.

Both were within the past week, and I never agree to or install anything -- but I've got kids, and sometimes the little SOBs go on my computer. Not to mention the wife. Still, I really don't think I actually installed anything lately -- so I could be another example of whatever it was that hit us.

I use Adblock plus & Noscript, so it would be very difficult for a site to hit me through the ad placements on Soonerfans. Even if they got past Adblock, they'd have to run as if from a trusted site -- or no scripting.

Thanks Phil!! I'm back in.

8:34 A.M. Sunday morning. First time in several days that I didn't get the warning when I came in.

I'm glad it's fixed. It was getting slow around here for a few days, even for football off-season.

Looks like that penicillin shot worked its magic the site is virus free

is anyone else having a problem when they use google? everytime i use a google search it redirects me to some other site, namely the yellow pages. this all started after the i had problems with this site. its called the google redirection virus. anyone else?

Not me.

Chrome is telling me that the site still has an issue.

My update: I have a virus. I can get into SF without a warning now, but my PC is infected. A buddy of mine just got the same virus last week and he has never been on this site. So, I don't know where it came from but it has taken over my IE/Firefox. I bought a 500 gig HD yesterday and will be backing up everything I want to keep tonight and frying this bad boy to get rid of this VD. This sucks.

Everyone else have the same virus? Ads popping up out of nowhere about virus software? And do you get re-directed to some media website? I haven't clicked on a damn thing and McAfee popped up a few times and I blocked everything....but I'm still infected. :mad:

YES, its called a google redirection virus... I'm taking my computer in to a friend and clearing the entire damn thing.

Two weeks back, websense blocked the site at work as a "malicious site", but then the next week it was fine...

I just got the same attack warning for koco.com, so I had to check the 7 day forecast on newsok.com. Interesting.

Downloader.Swif.C. Now everytime I visit, Norton tells me its blocked. Oh well.