B1 Infected ! - Page 3

DoG · #21 13th Nov 07, 03:54 AM

Try B1 again after clearing cookies. i cleaned redirect screen.

freezer121 · #22 13th Nov 07, 09:06 AM

I cleared my Firefox betaone cookie, restarted and brought up the site; NOD lit up again, this time with a different trojan name. I made a nonsense of capturing the screen so can't be more explicit - sorry.

Most worrying, I saw a reference to Paypal (bottom left of the screen) before I got to B1. Don't know if it was loading the Donate button or up to no good!

NOD terminated whatever was going on and asked me to submit the trojan, which I did.

Having spent most of yesterday morning scanning with Defender, Counterspy and NOD, I am confident NOD is keeping me clean - but it's quite an exciting ride to B1 these days.

Voodoo · #23 13th Nov 07, 01:37 PM

Got this again today:

It now seems to be loading even more sites than previously.

If you compare this screenshot to the previous one, you will notice that the site is different. O, and I did clear my cookies. Get the same in IE7 and in Firefox.

Cheerz
Dave

DoG · #24 13th Nov 07, 03:54 PM

It seems that there could be be multiple instances of the exploit installed on different pages on the server. Might have to go through them one by one as virus scanners don't seem to be able to detect them on the server

Voodoo · #25 14th Nov 07, 07:53 PM

Mike, did you fix this?

Much appreciated.

Cheerz
Dave

freezer121 · #26 17th Nov 07, 08:38 AM

It all seems fine now, thanks for fixing it.

KingCobra · #27 17th Nov 07, 06:18 PM

I have been surfing betaone with my wii to be safe. IS the problem really fixed now. Where did it come from.

DoG · #28 18th Nov 07, 12:53 AM

It seems to have come from another web admin on the server installing a program with a security flaw or other vulnerability. Please be assured that the server is constantly being updated and regular AntiVirus scans do take place, it's just hard for any single AV program to catch all the numerous windows exploits in circulation. The recent spate of problems stems from a a trojan that inserted a java script 'exploit' into one of the redirect pages for the B1 website. Unfortunately, once the system was cleaned of the trojan the javascript remained. The affected file was cleaned by hand and write protected to prevent any further problems. There was around a 24 hours delay before the users saw any benefit from the 'disinfection(?)' whilst local cache's were cleared etc.
All should b e fine now and i apologize for any inconvenience caused.

EDIT: @ Cactus: The index.php is fine, it's the portal redirect that isn't updated when we update the VBulletin software that was infected

A few permission changes on the server and a quick lookie see later and it's all sorted

BTW, Where the hell have you been??? Its been too long- PM me and come in from the wilderness

We miss ya bud!

Voodoo · #29 18th Nov 07, 06:28 PM

Shit, it is back again and now loads more sites than before? How can this be?

DoG, help.

Cheerz
Dave

DoG · #30 19th Nov 07, 12:32 AM

Fixed- again

Not sure what is going on but it seems that the file attributes were changed to allow the file to be written to again. I changed the security settins so it should be good now.
Clear all cookies and internet cache and try again please.