jamesriley94
New member
Well it is in off topic chat?
We cant make a new thread called 'BS that Jeremy said' can we?
We cant make a new thread called 'BS that Jeremy said' can we?
Forum virus warning!!!
- Thread starter Alexander Lee
- Start date
- Status
yassarikhan786
New member
Well it is in off topic chat?
We cant make a new thread called 'BS that Jeremy said' can we?
Yeh it is in the Off topic section but the thread title isn't forum virus warning + flame jeremy1998. Although in a way you can say he was like a virus (
VengeanceUK
New member
don't know if this helps, but after the latest incursion on here, i decided to run another virus scan.
Malwarebytes & Spybot detected nothing, but MSE detected this (i removed others from the pic that are known false positives)
just wondered if this helped with the forum incursion,
as i seem to remember an update appeared around the time of the previous attack, which looked 100% like a genuine update, but possibly is the cause of the link-jackings
sorry about the size, i will sort it in the morning as am posting this on the way to sleep
Malwarebytes & Spybot detected nothing, but MSE detected this (i removed others from the pic that are known false positives)
just wondered if this helped with the forum incursion,
as i seem to remember an update appeared around the time of the previous attack, which looked 100% like a genuine update, but possibly is the cause of the link-jackings
sorry about the size, i will sort it in the morning as am posting this on the way to sleep
jamesriley94
New member
I never get any malware through my pc while using chrome.
I'd advise using that until these threats pass
I'd advise using that until these threats pass
SPS
Moderator
update for what?
Josh Weston
New member
Methinks, until this is entirely sorted, I'll stick to viewing OC3D on my OSX partition only. Not liking the sound of getting Trojans etc.
jamesriley94
New member
I'm sticking with my laptop as I'm thinking of putting an SSD in it at some point anyway and clean installing windows if anything does happen. But my AV hasnt picked up anything yet....not that MSE ever seems to anyway...
Alexander Lee
New member
I'm going to stop using the forums on my pc until we know this is fixed... Was just clicking on a user profile when it went into very large font and chrome game me multiple java warnings asking if I wanted to run an application or not. Obviously I said no
following this it seemed to be running a number of scripts in the bottom corner of the web page (where it shows waiting for http://www......) as well as it running very slow on my iPad now
Josh Weston
New member
I'm going to stop using the forums on my pc until we know this is fixed... Was just clicking on a user profile when it went into very large font and chrome game me multiple java warnings asking if I wanted to run an application or not. Obviously I said nofollowing this it seemed to be running a number of scripts in the bottom corner of the web page (where it shows waiting for http://www......) as well as it running very slow on my iPad now
Yeah, I just got the same thing. So long, OC3D (on Windows...)
Getting plenty of spam from Eset about the malware infection.
You guys probably know just exactly what it is but here is what it comes up as JS/Iframe.EF Trojan.
I had something very similar on my company site, it would leave loads of files on the hosting which all need to be cleaned and removed. I later found out I was using an infected version of SmartFTP which used the login credentials of my FTP account to infect it each time. Every time I thought I had cleaned it up I ended up infecting it all over again. The infection pointed my users to a chinese auction site after so many seconds of them visiting, it also caused all my style sheets to not work and everything look like it was designed for the visually impaired.
Not saying any of the admin's FTP clients are infected but it is one of those possibilities.
You guys probably know just exactly what it is but here is what it comes up as JS/Iframe.EF Trojan.
I had something very similar on my company site, it would leave loads of files on the hosting which all need to be cleaned and removed. I later found out I was using an infected version of SmartFTP which used the login credentials of my FTP account to infect it each time. Every time I thought I had cleaned it up I ended up infecting it all over again. The infection pointed my users to a chinese auction site after so many seconds of them visiting, it also caused all my style sheets to not work and everything look like it was designed for the visually impaired.
Not saying any of the admin's FTP clients are infected but it is one of those possibilities.
I went through this sort of thing with my Company's website last fall. We had a redesign done from a local "reputable" design company. Unfortunately, they didn't include any security. User passwords were stored in cleartext and the database was editable by guests. There was so checking of input either so sql injection via forms and address bar was super easy. We were essentially getting hacked by bots.
I learned a great deal and fixed it myself. Added about 10,000 lines of php to his code just for security. It's been almost a year now with no issues. I had another local company perform scans on our site that gives reports about possible vulnerabilities. There were literally hundreds before I edited the site. Afterwards I got it down to 0 common vulnerabilities.
I then brought the reports and my code to the original designer to show him where he went wrong. He told me it wasn't his fault but the fault of my webhost and I was an idiot. Needless to say, we won't be dealing with him again. I looked through more websites of his and they all had the same vulnerabilities.
I learned a great deal and fixed it myself. Added about 10,000 lines of php to his code just for security. It's been almost a year now with no issues. I had another local company perform scans on our site that gives reports about possible vulnerabilities. There were literally hundreds before I edited the site. Afterwards I got it down to 0 common vulnerabilities.
I then brought the reports and my code to the original designer to show him where he went wrong. He told me it wasn't his fault but the fault of my webhost and I was an idiot. Needless to say, we won't be dealing with him again. I looked through more websites of his and they all had the same vulnerabilities.
Gothique Doll
New member
Getting random redirects to a page in French on some forum pages.
Mr Muggles
New member
Yep it's doing it again for me and i'm using chrome. First thing it says is it wants to use a java plug in.
Not coming back until admins confirms the forum is ok again via email.
Not coming back until admins confirms the forum is ok again via email.
I'm using Avast! and it gives me a "Threat has been detected" every time I even refresh this site :S
Infection Details
URL: http://kbipoaew.tk/35074075.html Process: C:\Program Files (x86)\Google\Chrome\App... Infection: URL:Mal
It stopped for a couple of loadings after I turned adblocker on for this site but then started again...
Infection Details
URL: http://kbipoaew.tk/35074075.html Process: C:\Program Files (x86)\Google\Chrome\App... Infection: URL:Mal
It stopped for a couple of loadings after I turned adblocker on for this site but then started again...
VengeanceUK
New member
i believe it was an adobe flash update, BUT and i must stress this point, it could have been entirely coincidental timing.
i have since deleted all things adobe and done fresh installs from trusted sources (aka download hive on my non-networked computer)
but i am still getting warnings, by firefox chrome, opera & safari browsers and the below screengrab is by avast
i have since deleted all things adobe and done fresh installs from trusted sources (aka download hive on my non-networked computer)
but i am still getting warnings, by firefox chrome, opera & safari browsers and the below screengrab is by avast
Brooksie
New member
Wasn't an update, we closed the forums to fix the last attack.
merrymustu
New member
The font size has increased considerably and I am getting asked by chrome to allow it to run the java plugin whenever I open the homepage...This never used to happen before, however I'm not getting any security warnings or malware alerts so I am not worried atm. But still!
- Status
