Getting a few trojan alerts when i look at the forum
Moderators: Balthagor, Legend, Empier4552, Moderators
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
Getting a few trojan alerts when i look at the forum
You might want to check your banner.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
- Feltan
- General
- Posts: 1151
- Joined: Aug 20 2006
- Location: MIDWEST USA
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
Kaspersky picked up the trojan downloader, on my main machine.
Which i than blocked from downloading.It was a Trojan-Downloader.JS-something according to kas.
Today, I started up one of my backup machines, and brought it to the shop with me (as i wanted to do some work on it anyway) and visited the bg forum with it.
This backup machine has no protection software.Upon the very first visit to the forum,the machine downloaded and than compressed a file from the forum.
Too fast to see what it was.
Now, on this machine everytime i view a page on this forum i get a failure message telling me " tmpms45.exe has encountered a problem and needs to shutdown".
Standard exe issue message.
This makes me suspect heavily that tmpms45.exe, which is spyware,has somehow been added to your site, by means of the above trojan downloader.
Now one of the only thing all pages i can visist on the forum have in common is the banner at the top.
Im throwing some tests at the machine now, using free trial virus protections to see what they find.
Which i than blocked from downloading.It was a Trojan-Downloader.JS-something according to kas.
Today, I started up one of my backup machines, and brought it to the shop with me (as i wanted to do some work on it anyway) and visited the bg forum with it.
This backup machine has no protection software.Upon the very first visit to the forum,the machine downloaded and than compressed a file from the forum.
Too fast to see what it was.
Now, on this machine everytime i view a page on this forum i get a failure message telling me " tmpms45.exe has encountered a problem and needs to shutdown".
Standard exe issue message.
This makes me suspect heavily that tmpms45.exe, which is spyware,has somehow been added to your site, by means of the above trojan downloader.
Now one of the only thing all pages i can visist on the forum have in common is the banner at the top.
Im throwing some tests at the machine now, using free trial virus protections to see what they find.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
Panda's free scan found -Virus:W32/ZLFake.A.drp- which was discovered just the end of last month(like 3 weeks ago) and is a virus/trojan used to plant other viruses and allow the overwriting of files.
Kas scan in process.
Kas scan in process.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
Found a coversation related to this issue.Might help.
http://lussumo.com/community/discussion ... -xss-hole/
On kas, if you download the 30 day trial, the email isnt needed.Its just information about the trail.
Just download the trial and answer the 3 questions, and it'll activate and run fine.
http://lussumo.com/community/discussion ... -xss-hole/
On kas, if you download the 30 day trial, the email isnt needed.Its just information about the trail.
Just download the trial and answer the 3 questions, and it'll activate and run fine.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
The plot thickens .
The machine has now been attacked multiple times.
10/9/2007 12:29:08 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 220.191.233.132. Protocol/service: UDP on local port 1434. Time: 10/9/2007 12:29:08 PM
The machine has now been attacked multiple times.
10/9/2007 12:29:08 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 220.191.233.132. Protocol/service: UDP on local port 1434. Time: 10/9/2007 12:29:08 PM
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM
- Balthagor
- Supreme Ruler
- Posts: 22099
- Joined: Jun 04 2002
- Human: Yes
- Location: BattleGoat Studios
- tkobo
- Supreme Ruler
- Posts: 12397
- Joined: Jun 04 2002
- Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !
"Every visit installs and operates the trojan/backdoor in your browser's temp file, allowing malware and port access to your IP address."
Found another fourm that had this issue, this is what they found out.^^
Also, it only seems to show(possibly only works ) if your using IE.
Zonealarm and Kas seem to spot it.
Aviation Adventures web site had the issue as did 190rev website.
http://community.190revolution.net/gent ... rev-2.html
http://groups.yahoo.com/group/dcpilots/message/15154
Found another fourm that had this issue, this is what they found out.^^
Also, it only seems to show(possibly only works ) if your using IE.
Zonealarm and Kas seem to spot it.
Aviation Adventures web site had the issue as did 190rev website.
http://community.190revolution.net/gent ... rev-2.html
http://groups.yahoo.com/group/dcpilots/message/15154
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Chuckle TM