trojan/malware warning (merged threads)

Discussion in 'Website discussion' started by 92se-r, Jun 20, 2010.

  1. Lovin

    Lovin Calmer 'n you are

    Joined:
    Oct 22, 2007
    Messages:
    1,472
    Likes Received:
    1
    Trophy Points:
    0
    It's making it through my content filter at work. It does really thorough packet inspection before letting content through. I've even checked it to see if there's anything up with the site itself. Right now, STR has a bad global reputation score, and that's making Google and Firefox tell it to pound sand when I try to surf to it.


    12 most common......
     
  2. El Immigrante

    El Immigrante STR's resident Coyote.

    Joined:
    Apr 9, 2010
    Messages:
    1,058
    Likes Received:
    3
    Trophy Points:
    38
    Occupation:
    Coyote...need to get your relative across the bord
    Location:
    Tijuana- Land of pimps, drug dealers, hot women, m
    This is crap...I'm outta here. Hopefully a mass email goes out when things are resolved.

    Based on the current activity, it looks like folks are just not posting. :(
     
  3. ManInAShed

    ManInAShed New Member

    Joined:
    Feb 14, 2009
    Messages:
    1,631
    Likes Received:
    0
    Trophy Points:
    0
    Occupation:
    Destroyer of worlds.
    Location:
    Yellowknife / Windansea
    Yea, this has to be a traffic killer. Only a few new posts in any thread in the last four hours. ...on a weekday... ...over lunchtime.

    Ouch.
     
  4. LBmtb

    LBmtb good times

    Joined:
    Oct 27, 2004
    Messages:
    4,568
    Likes Received:
    12
    Trophy Points:
    38
    Occupation:
    software engineer
    Location:
    Long Beach
    Semi good news - I installed vmware fusion and windows xp on my mac so I'm now able to reproduce the infection warning. I think it may be isolated to the homepage since that's the only time I get the AVG warning about an infection. If I go straight to socaltrailriders.org/forum, I don't get the warning.

    Anyway, I have a decent lead to go off of so hopefully I'll make some progress tonight. And I'm also able to test and to reproduce the infection so I'll be able to know when it's actually clean.
     
  5. jeffj

    jeffj Bloated Mountain B'hiker

    Joined:
    Jul 15, 2007
    Messages:
    2,617
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Bloated Mountain Biker
    Location:
    Castaic, CA
    Cool.

    Still plenty-o-weird stuff going on in the Social Groups section.
     
  6. Abui

    Abui Active Member

    Joined:
    Mar 10, 2006
    Messages:
    5,378
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Bike beta tester
    Location:
    Thousand Oaks
    I'm running Windows 7 with Microsoft Security Essentials on a laptop and there were no warnings. But a scan with NOD32 turned up multiple threats (exploit,download,trojan...). Now they're in quarantine.
     
  7. gooseaholic

    gooseaholic Active Member

    Joined:
    Oct 21, 2007
    Messages:
    8,901
    Likes Received:
    14
    Trophy Points:
    38
    Occupation:
    Auto inspection
    Location:
    Orange,ca Via Seattle, WA
    No threats recognized on my machine. I just ran a full scan with kaspersky.
     
  8. LBmtb

    LBmtb good times

    Joined:
    Oct 27, 2004
    Messages:
    4,568
    Likes Received:
    12
    Trophy Points:
    38
    Occupation:
    software engineer
    Location:
    Long Beach
    I can confirm that the threat is still there. It injects a bit of javascript and an iframe to the very top of webpages and it's not isolated to just the homepage or just the forums. It seems to only show up once and then places a cookie which prevents it from showing up a second time. If you were to delete your cookies and reload the page, it'll show up again.

    As far as I can tell it's only dangerous to Internet Explorer. Very difficult to nail down since the code isn't on the files but gets dynamically injected when they're sent to users. Looks to have probably originated in China.

    I may shut the site down until it's resolved. If anybody is on Windows make sure to install antivirus software and stay away from Internet Explorer.

    BTW . . . anybody know of infections that happened on browsers other than IE?
     
  9. Chewyeti

    Chewyeti Circus Bear

    Joined:
    Jul 29, 2007
    Messages:
    8,468
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Yorba Linda
    Jorge - I was browsing with firefox, and outdated AV software. Got the fake AV software trojan and it did download lots o porn to the desktop.
     
  10. Sprockethead

    Sprockethead S.T.U.P.I.D.A.S.S. Member

    Joined:
    Dec 18, 2005
    Messages:
    2,210
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Network Admin
    Location:
    North O.C.
    George,
    I've been on the site everyday and so far, my computer is showing clean. I'm running Windows 7 Pro with MS Security Essentials and IE 8. I just ran a full scan with Malwarebytes and that showed clean too.
     
  11. dstepper

    dstepper (R.I.P.) Over the hill

    Joined:
    Feb 2, 2005
    Messages:
    12,683
    Likes Received:
    34
    Trophy Points:
    48
    Occupation:
    www.themostprogram.com owner
    Location:
    Laguna Beach
    Home Page:
    I was using Safari, WinXP with Mircosoft Essentials when the virsus tookout my computer last week. I now use NOD32.

    Dean
     
  12. bvader

    bvader Long Live The Gorn!

    Joined:
    Jan 19, 2008
    Messages:
    2,940
    Likes Received:
    0
    Trophy Points:
    36
    Occupation:
    Tech Guy
    Location:
    Huntington Beach
    As of 11:03 PM, Widows 7 Prof 64bit, IE 8 and FF 3.6.6 with Kaspersky 2010 set to maximum web scanning, which showed all the previous attacks/trojans ....as of this moment ....

    Wait...checiking clearing cookies...didn't see that post

    DANG CONFIRMED : After Clearing Cookies

    IE
    6/30/2010 11:02:41 PM Detected Trojans Exploit.JS.Agent.bav High Exact qipelu.in/x/?src=world&id=bla&o=o//qipelu Internet Explorer

    FF
    6/30/2010 11:06:04 PM Detected Trojans Exploit.JS.Agent.bav High Exact qipelu.in/x/?src=world&id=bla&o=o//qipelu Firefox
     
  13. LBmtb

    LBmtb good times

    Joined:
    Oct 27, 2004
    Messages:
    4,568
    Likes Received:
    12
    Trophy Points:
    38
    Occupation:
    software engineer
    Location:
    Long Beach
    Yeah, that's the one.
     
  14. RustyIron

    RustyIron Rob S.

    Joined:
    Feb 8, 2007
    Messages:
    1,936
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    La Habra
    Home Page:
    Hey, George. Is there anything we can do to assist? Would an upgrade to 4.x solve the problem?
     
  15. garo_b

    garo_b New Member

    Joined:
    May 17, 2008
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    the threat is real

    My lap top got infected by a Trojan virus, I was using IE 7 on Windows xp. I don't plan on coming back until this issue is fixed.
     
  16. LBmtb

    LBmtb good times

    Joined:
    Oct 27, 2004
    Messages:
    4,568
    Likes Received:
    12
    Trophy Points:
    38
    Occupation:
    software engineer
    Location:
    Long Beach
    Have the new software (vbulletin, vbseo, classifieds) on my computer now and will do some prep-work to start upgrading all of that. May even be tonight...
     
  17. CalEpic

    CalEpic member

    Joined:
    Feb 3, 2005
    Messages:
    7,721
    Likes Received:
    17
    Trophy Points:
    38
    Location:
    Laguna Niguel
    Thanks, George
     
  18. thomaswildchild

    thomaswildchild Active Member

    Joined:
    Feb 13, 2010
    Messages:
    2,389
    Likes Received:
    5
    Trophy Points:
    38
    Occupation:
    I am a Machinist
    Location:
    Fullerton CA
    Home Page:
    Thanks for all the speedy work and solutions man!
     
  19. mtnbikerfred

    mtnbikerfred Super Moderator

    Joined:
    Aug 10, 2007
    Messages:
    3,034
    Likes Received:
    3
    Trophy Points:
    38
    Occupation:
    I sell industrial power transmission and motion co
    Location:
    Fullerton (1.6mi from the courthouse)
    And here we go!!
     
  20. LBmtb

    LBmtb good times

    Joined:
    Oct 27, 2004
    Messages:
    4,568
    Likes Received:
    12
    Trophy Points:
    38
    Occupation:
    software engineer
    Location:
    Long Beach
    Just a heads up: Google's taking their time reviewing the site. Once Google, Firefox, etc review the site and consider it safe enough to remove the warnings I'll send out a mass email letting people know that the site's clean again.
     

Share This Page

Help keep STR alive, please click the donation button below