Miracle Posted September 13, 2007 Share Posted September 13, 2007 Hello, First of all thx for the great program CCleaner, works like a charm, but now i got some disturbing news :-( i googled through some stuff, and one link was to this forums lo-fi version, google adwised not to enter, since it could contain Badware? see this http://www.stopbadware.org/reports/contain...dex.php/f2.html and i though naa not true, i deside to enter anyway, and bam my kaspersky antivirus popups with an alert, Trojan-Downloader.Win32.VB.bip (file is EDITED AWAY FOR SECURITY REASON I GUESS) this only happens on the lo-fi version of this forum? what is happening, im sure your not trying to kill my pc but?? Maybe you should fix this? Edit: Some additional info about the claimed trojan: Link to comment Share on other sites More sharing options...
Moderators DennisD Posted September 13, 2007 Moderators Share Posted September 13, 2007 Hi Miracle, sorry I'm not qualified to answer your question, but when I changed to the lo-fi version just then, Avast immediately picked up the same thing. I've no doubt one of the guys will be along soon. Thanks for the info. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 This has already been mentioned here: http://forum.piriform.com/index.php?showtopic=12142 Something tries to download from watch77.com named setup.exe, I'm going to notify MrG because the forums are probably being hacked which could explain why they're so goddamned slow all the time. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 I sent MrG a PM about it, it's up to him now. Edit: The two sites that auto load are: liveupdatesnet.com watch77.com I'm going to block them on my system via the HOSTS file. I feel sorry for anyone using IE. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 What exactly is the lo-fi version? I clicked on it and a file started downloading? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 I clicked on it and a file started downloading? Lo-Fi doesn't have images, etc. DO NOT allow that file to download it is infected with a Trojan horse. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 Just to let everyone know until MrG fixes this that blocking those sites in Firefox's Adblock Plus add-on and in the Windows HOSTS file will completely block those sites. I'd recommend also blocking them in Internet Explorer. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted September 13, 2007 Moderators Share Posted September 13, 2007 I sent MrG a PM about it, it's up to him now. Edit: The two sites that auto load are: liveupdatesnet.com watch77.com I'm going to block them on my system via the HOSTS file. I feel sorry for anyone using IE. Thanks for that tip. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 Well when I clicked on lo fi and the download started AVG did not detect anything. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 Well when I clicked on lo fi and the download started AVG did not detect anything. AVG Free on my system detected it immediately! Edit: AVG Anti-Virus that is, not the anti-spyware. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 AVG Free on my system detected it immediately!Edit: AVG Anti-Virus that is, not the anti-spyware. It detected as soon as the the download began? Not me. File downloaded and asked what I wanted to do run or save. I canceled and did neither but no warning from AVG. I am running all my malware apps now to see if I got zapped. I did not run the exe so I should be fine but we will see. Link to comment Share on other sites More sharing options...
Miracle Posted September 13, 2007 Author Share Posted September 13, 2007 This has already been mentioned here:http://forum.piriform.com/index.php?showtopic=12142 Something tries to download from watch77.com named setup.exe, I'm going to notify MrG because the forums are probably being hacked which could explain why they're so goddamned slow all the time. Yea i notisched that, but it diden't mentioned any trojans , or some more details about what was making the bad call Link to comment Share on other sites More sharing options...
Admin MrG Posted September 13, 2007 Admin Share Posted September 13, 2007 Apologies for this, all fixed now! It looks like this hack crept in at some point. I've checked the rest of the system and it's fine. All the admin and system passwords have been reset for safety. MrG Piriform.com - [CCleaner - Defraggler - Recuva - Speccy] Link to comment Share on other sites More sharing options...
Moderators DennisD Posted September 13, 2007 Moderators Share Posted September 13, 2007 Nice one MrG. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 All the admin and system passwords have been reset for safety. Good thing resetting the passwords, someone mentioned that was required on another forum that was also hacked with a Trojan. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 Still wondering why AVG didn't detect anything here? I ran every scanner I have and I am clean. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 Still wondering why AVG didn't detect anything here? I ran every scanner I have and I am clean. Have you updated AVG Anti-virus today? My installation had three separate updates. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 Have you updated AVG Anti-virus today? My installation had three separate updates. Every day it auto updates. In fact today it had a big program update as well as the definitions. Hmm this has me concerned. Let me get this straight. As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 13, 2007 Moderators Share Posted September 13, 2007 As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you? As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system. You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system. Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system. You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system. I clicked the link for lo-fi and a download window opened in Firefox. It downloaded in seconds before I could cancel. Than there was an option to save or cancel, can't remember if there was an option to open. I canceled and that was it. No AVG warning for me. I ran all the scan you did and many more and I am clean. I have never tried that test file you linked. What do I do just download it and see what happens? How do I get rid of the download after? I guess my anti virus will quarantine it and I have to delete from there? Link to comment Share on other sites More sharing options...
Anthony A Posted September 13, 2007 Share Posted September 13, 2007 Tried that test file and AVG got right away. Maybe I canceled the other before AVG could do anything? Link to comment Share on other sites More sharing options...
Anthony A Posted September 14, 2007 Share Posted September 14, 2007 Well very strange results here. When I run that test file on IE7 or Maxthon AVG alerts me immediately. When I use Firefox or Opera I get NO alert from AVG at all. It lest me download the file with no problem. Whats going on with that? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 14, 2007 Moderators Share Posted September 14, 2007 When I use Firefox or Opera I get NO alert from AVG at all. It lest me download the file with no problem. Whats going on with that? I don't know why it would immediately detect it on my system and no yours. I'm clean out of ideals, and suggestions. Link to comment Share on other sites More sharing options...
Anthony A Posted September 14, 2007 Share Posted September 14, 2007 I don't know why it would immediately detect it on my system and no yours. I'm clean out of ideals, and suggestions. I'm getting no alerts at all from AVG AV when Using Firefox with that test file. It gets stranger. AVG AV will alert me when using the test file if I download with IE7, Maxthon, and Opera 8.54. When I use Firefox or Opera 9 to download I get no alerts and I can download any where I want to without any kind of intervention from AVG AV. As of now Firefox is shelved until this is figured out. I could have very easily been infected today on this forum using Firefox because I did not get any warning about that trojan from the lo-fi link. The test file confirms it for me. I am currently posting on the AVG Forums and Firefox Forum about it. Going to try the Opera forum to. Oh by the way I have confirmed this on 3 machines here. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted September 14, 2007 Moderators Share Posted September 14, 2007 The test file confirms it for me. I am currently posting on the AVG Forums and Firefox Forum about it. Going to try the Opera forum to. Oh by the way I have confirmed this on 3 machines here. Strange. I don't know if my two download managers make a difference or not DownThemAll, and Orbit Downloader which are both plugged into Firefox as an extension, I don't see how they could but I don't know for sure. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now