Jump to content

Why is the lo-fi version of this forum infested with a trojan program?

Miracle

By Miracle
in The Lounge

 Share

Recommended Posts

Miracle

Miracle

Posted
Posted

Hello,

First of all thx for the great program CCleaner, works like a charm, but now i got some disturbing news :-(

i googled through some stuff, and one link was to this forums lo-fi version, google adwised not to enter, since it could contain Badware?

see this http://www.stopbadware.org/reports/contain...dex.php/f2.html and i though naa not true, i deside to enter anyway, and bam my kaspersky antivirus popups with an alert, Trojan-Downloader.Win32.VB.bip (file is EDITED AWAY FOR SECURITY REASON I GUESS)

this only happens on the lo-fi version of this forum? what is happening, im sure your not trying to kill my pc but??

Maybe you should fix this?

 

Edit:

Some additional info about the claimed trojan:

post-15958-1189698552_thumb.jpg

post-15958-1189698552_thumb.jpg

Link to comment
Share on other sites
  • Moderators
DennisD

DennisD

Posted
  • Moderators
Posted

Hi Miracle, sorry I'm not qualified to answer your question, but when I changed to the lo-fi version just then, Avast immediately picked up the same thing.

 

5da7df142960.gif

 

I've no doubt one of the guys will be along soon. Thanks for the info.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted

Just to let everyone know until MrG fixes this that blocking those sites in Firefox's Adblock Plus add-on and in the Windows HOSTS file will completely block those sites. I'd recommend also blocking them in Internet Explorer.

Link to comment
Share on other sites
  • Moderators
DennisD

DennisD

Posted
  • Moderators
Posted
I sent MrG a PM about it, it's up to him now.

 

Edit:

The two sites that auto load are:

liveupdatesnet.com

watch77.com

 

I'm going to block them on my system via the HOSTS file. I feel sorry for anyone using IE.

 

Thanks for that tip.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
AVG Free on my system detected it immediately!

Edit: AVG Anti-Virus that is, not the anti-spyware.

 

 

It detected as soon as the the download began? Not me. File downloaded and asked what I wanted to do run or save. I canceled and did neither but no warning from AVG. I am running all my malware apps now to see if I got zapped. I did not run the exe so I should be fine but we will see.

Link to comment
Share on other sites
Miracle

Miracle

Posted
  • Author
Posted
This has already been mentioned here:

http://forum.piriform.com/index.php?showtopic=12142

 

Something tries to download from watch77.com named setup.exe, I'm going to notify MrG because the forums are probably being hacked which could explain why they're so goddamned slow all the time.

 

Yea i notisched that, but it diden't mentioned any trojans , or some more details about what was making the bad call :rolleyes:

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
Have you updated AVG Anti-virus today? My installation had three separate updates.

 

Every day it auto updates. In fact today it had a big program update as well as the definitions. Hmm this has me concerned. Let me get this straight. As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you?

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you?

As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system.

 

You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system.

 

You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system.

 

I clicked the link for lo-fi and a download window opened in Firefox. It downloaded in seconds before I could cancel. Than there was an option to save or cancel, can't remember if there was an option to open. I canceled and that was it. No AVG warning for me. I ran all the scan you did and many more and I am clean.

 

I have never tried that test file you linked. What do I do just download it and see what happens? How do I get rid of the download after? I guess my anti virus will quarantine it and I have to delete from there?

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
When I use Firefox or Opera I get NO alert from AVG at all. It lest me download the file with no problem. Whats going on with that?

I don't know why it would immediately detect it on my system and no yours. I'm clean out of ideals, and suggestions.

Link to comment
Share on other sites
Anthony A

Anthony A

Posted
Posted
I don't know why it would immediately detect it on my system and no yours. I'm clean out of ideals, and suggestions.

 

I'm getting no alerts at all from AVG AV when Using Firefox with that test file. It gets stranger. AVG AV will alert me when using the test file if I download with IE7, Maxthon, and Opera 8.54. When I use Firefox or Opera 9 to download I get no alerts and I can download any where I want to without any kind of intervention from AVG AV. As of now Firefox is shelved until this is figured out. I could have very easily been infected today on this forum using Firefox because I did not get any warning about that trojan from the lo-fi link. The test file confirms it for me. I am currently posting on the AVG Forums and Firefox Forum about it. Going to try the Opera forum to. Oh by the way I have confirmed this on 3 machines here.

Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
The test file confirms it for me. I am currently posting on the AVG Forums and Firefox Forum about it. Going to try the Opera forum to. Oh by the way I have confirmed this on 3 machines here.

Strange. :huh:

I don't know if my two download managers make a difference or not DownThemAll, and Orbit Downloader which are both plugged into Firefox as an extension, I don't see how they could but I don't know for sure.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept