PDA

View Full Version : Virus warning



harrislover
11-11-2009, 11:59 PM
For the second time today i have logeed on this site and have been notified that a trojan has been found. luckily my virus protection has stopped it. Just thought id share it with you guys.

Dirthawking
11-12-2009, 12:47 AM
Loren, thank you for the heads up. I will make sure that Chris L. knows.

Grahame
11-12-2009, 02:20 AM
Got the same message twice. McAfee blocked it both times.

Grahame
Calgary, Alberta

Greg
11-12-2009, 06:22 AM
Got the same message twice. McAfee blocked it both times.

Grahame
Calgary, Alberta

Yes I've had the same almost every time I log on!

Chris L.
11-12-2009, 08:59 AM
Hmmm. Not sure why you are getting this. I will let the server owner know.

One question. What virus protection is everyone running that is getting this warning?

Dirthawking
11-12-2009, 09:31 AM
mcafee here, same warning

High Desert Hawker
11-12-2009, 10:31 AM
I get it too. McAfee

FredFogg
11-12-2009, 10:36 AM
I have Norton and don't get it, must be a McAfee thing!

samatney
11-12-2009, 10:44 AM
I have AVG and nothing here crazyy

Chris L.
11-12-2009, 10:51 AM
Guys, i think the problem is your virus scan.. TO be honest Mcafee sucks.

take a look here http://forums.cnet.com/5208-6132_102-0.html?threadID=94275

Mcafee is a trojan itself. It collects info on you all day long. Nasty little program.

Try updating to the most current. I am sure it doesn't like some of the code on here. My virus scan is clean and so is the servers.

Chris L.
11-12-2009, 10:53 AM
There are free virus scans even better than norton and mcafee. stop wasting your money on them..

ok I will get off my soap box

Tom Smith
11-12-2009, 11:05 AM
I get hit hard every time I get in a contended discussion in this forum. I rather think it is coming from here or some one on here. On one occasion it took me several days of scans and systems restores to get my computer back up. I'm still having some minor problems with it. I have become pretty gunshy virtually speaking.

Jack Mangum
11-12-2009, 11:32 AM
Get AVG Free Edition, and update it every time you go on line. You can stop worrying about these things.

Jack

bgibson
11-12-2009, 11:40 AM
get a mac

Chris L.
11-12-2009, 02:05 PM
I get hit hard every time I get in a contended discussion in this forum. I rather think it is coming from here or some one on here. On one occasion it took me several days of scans and systems restores to get my computer back up. I'm still having some minor problems with it. I have become pretty gunshy virtually speaking.

Tom,
I am sorry you feel that some malicious software is being placed on your CPU from NAFEX.

The only way it is coming from NAFEX is if I put it on here. I think it goes without saying that would not be in my best interest.

I can tell you it is not coming from here and to be honest, I think I have upset many more than you have and my computer is running like a top.

I hope you get your issues ironed out.

areal
11-12-2009, 02:09 PM
Mcafee is a trojan itself. It collects info on you all day long. Nasty little program.

Woooah dude, you cant say that, youre likely to get sued!

Pretty apt description I have to admit but I would be really careful describing it as a trojan, though it is a nasty little program.

Actually I refuse to remote support machines with that particular AV suite installed because it causes more trouble than it stops.


As for the alert people are getting from this site, I'm prepared to stick my neck out and say its a false positive on the part of the AV software. This site (and every other VBulletin site out there) makes extensive use of javascript in order to generate the displays we take for granted. It would not surprise me if the AV product in question kicks off over the ajax components (the bits that let you do a quick reply) or the Yahoo Ajax interface and of course the new PM notification script will often be falsely detected.

As others have said, dont change your forum, change you AV package cause there's a pretty good chance you havent even begun to discover just how much of your operating system has been broken by that particular AV package. (try generating an MD5 hash or an SSL certificate and see if mccrappy lets you do it.)

Yes its perfectly possible to SQL inject or XSS a site like this but in fairness to Chris he keeps the forum software up to date, doesnt claim to need to do updates when there are no updates available (sorry private joke!!) and asks advice on the safest way to implement things like banner adverts, before implementing them.
Its the sites still running on V3.7.2 where one can steal any user's session id in about 10 - 12 seconds that you want to worry about boxingg

PeteJ
11-12-2009, 02:20 PM
get a mac
Here, here!!LOL

Tom Smith
11-12-2009, 02:36 PM
Tom,
I am sorry you feel that some malicious software is being placed on your CPU from NAFEX.

The only way it is coming from NAFEX is if I put it on here. I think it goes without saying that would not be in my best interest.

I can tell you it is not coming from here and to be honest, I think I have upset many more than you have and my computer is running like a top.

I hope you get your issues ironed out.

Glad to hear it and I would be the last one to argue,or even comment on that, I assure you, but I will.

I feel I can maybe hold my own in a falconry related issues but computers are way out of my league even though I do a lot with mine and find it very useful. I have noticed that people that are really rather shakey with falconry are top notch with computers. So it kind of makes me wonder sometimes. Enuff said.

FredFogg
11-12-2009, 02:39 PM
I have noticed that people that are really rather shakey with falconry are top notch with computers.

Quite frankly, I take offense to your comment! toungeout My shakey falconry skills have nothing to do with my excellent computer skills! LOL :D

areal
11-12-2009, 02:48 PM
The only way it is coming from NAFEX is if I put it on here. I think it goes without saying that would not be in my best interest.

Chris, one of the sites I host has been SQL injected 3 times this year so I can assure you, the last person I would look at if I found dodgy content on here, is you, I know I didnt corrupt the database on my own site, I cant imagine any good reason why anyone would "hack" or even pretend to hack (sorry another private joke ;) ) their own site.

The sad fact is sites like this are a magnet for those seeking to compromise as many machines as possible with their malware. Basically you put the work into building up a community of regular users, they come along, hack/inject/XSS your site and before you know it your user's PC's (and Macs) are doing their bidding (saw a rootkit the other day that allows total control over the remote hardware so the new 0wn3r of that machine can open and close CD-Rom drives, mount/umount storage devices, turn the PC off, pretty much do anything they could do if sat in front of your machine, they can do remotely)

Yes its always a risk that you'll decide the last however many years work you've put into Nafex is worth blowing for the sake of compromising a few machines, but its probably the last thing I worry about when I come on here.

Chris L.
11-12-2009, 02:51 PM
Glad to hear it and I would be the last one to argue,or even comment on that, I assure you, but I will.

I feel I can maybe hold my own in a falconry related issues but computers are way out of my league even though I do a lot with mine and find it very useful. I have noticed that people that are really rather shakey with falconry are top notch with computers. So it kind of makes me wonder sometimes. Enuff said.


confusedd.. I don't see the correlation, nor have I seen it. But hey, what ever works I guess????

There are many on here that are good with computers. Maybe we can help you get your machine running better? If you have any questions don't hesitate to ask.

All the best

Chris

areal
11-12-2009, 02:59 PM
Quite frankly, I take offense to your comment! toungeout My shakey falconry skills have nothing to do with my excellent computer skills! LOL :D
Hey right now my shaky falconry skills are all down to fear. Shaking with Fear that the mad evil ferru is gonna do me next time!!! (I escaped a near nasty footing attempt earlier, had my arm been quarter inch shorter or his leg quarter inch longer, I'd have been on the way to the emergency room for sure)
I should have called him Claw cause right now he's certainly saying "I'll get you next time Gadget, Next time!!!"

At least another week of nastiness to come, Who said they grow out of the aggression after two years?

Chris L.
11-12-2009, 03:01 PM
Chris, one of the sites I host has been SQL injected 3 times this year so I can assure you, the last person I would look at if I found dodgy content on here, is you, I know I didnt corrupt the database on my own site, I cant imagine any good reason why anyone would "hack" or even pretend to hack (sorry another private joke ;) ) their own site.

The sad fact is sites like this are a magnet for those seeking to compromise as many machines as possible with their malware. Basically you put the work into building up a community of regular users, they come along, hack/inject/XSS your site and before you know it your user's PC's (and Macs) are doing their bidding (saw a rootkit the other day that allows total control over the remote hardware so the new 0wn3r of that machine can open and close CD-Rom drives, mount/umount storage devices, turn the PC off, pretty much do anything they could do if sat in front of your machine, they can do remotely)

Yes its always a risk that you'll decide the last however many years work you've put into Nafex is worth blowing for the sake of compromising a few machines, but its probably the last thing I worry about when I come on here.

Evan,
your right about the injection and hacks..It can be a huge pain in the ass dealing with it all. As you mentioned I do my best to stay up with the security patches and updates. My server host is just at meticulous as I am about his security.

Thanks for the kind words regarding the safety of NAFEX,I appreciate it. Many are scared of the boogy man and the internet is the biggest boogy man out there.

Where people need to be looking for viruses are the porn sites they are visiting and those friendly emails they are receiving ;). That's where the infection comes from.. no pun intended :D. So stop the late night porn fests and opening the email you have no idea who it is from. ( BTW this is said in jest)

areal
11-12-2009, 03:04 PM
There are many on here that are good with computers.

Dont look at me, I'm still trying to find the ANY key.


Maybe we can help you get your machine running better? If you have any questions don't hesitate to ask.
All the best
Chris
I'd offer to help, right after I find the ANY key, but as others will tell you, there's not a lot I cant do from this side of the atlantic.

areal
11-12-2009, 03:27 PM
Where people need to be looking for viruses are the porn sites they are visiting and those friendly emails they are receiving ;). That's where the infection comes from.. no pun intended :D. So stop the late night porn fests and opening the email you have no idea who it is from. ( BTW this is said in jest)

Youre still right about the "friendly emails" but for the most part legitimate porn sites these days are pretty tough on security, its the free sites and weird specialist sites you need to watch out for. They will quite happily let their users get harvested.
Unfortunately in my experience, particularly over the last year to 18 months, most malware infections are coming from far more mainstream sites.

Recruitement/job board sites have been heavily targeted (lots of people looking for jobs means lots of computers to harvest) as have social network sites like Facebook/myspace/twitter. Quite a few of the online News sites have been hit over the year, normally around the time of some major event (that plane landing in the hudson river is one example that comes to mind) And of course never forgetting the ever present malware emails.
A certain ferry company (ships people to Ireland) has been repeatedly hit this year as well as one of the low cost airlines so overall youre just as likely to catch a dose (on your PC at least) by booking a holiday or looking for a job as you are browsing porn.

Now where is that ANY Key żżż

FredFogg
11-12-2009, 03:32 PM
so overall youre just as likely to catch a dose (on your PC at least) by booking a holiday or looking for a job as you are browsing porn.


Damn, I guess I better not book that flight for that job interview for that porn company! :eek: :D

keithtsoar
11-12-2009, 03:36 PM
Damn I keep geting a id 10t error!

areal
11-12-2009, 03:50 PM
Damn, I guess I better not book that flight for that job interview for that porn company! :eek: :D
Dude you just reminded me of something I caught a bit of on telly the other night.
I was babysitting and the adverts come on. I cant watch adverts so I channel hop till my program comes back on or I find something else that interests me that I can watch till adverts come on that channel and I have to go scouting for something new to watch.
Anyway I found this channel with a program called "Porn in the Family"
Hang on this is worth watching (till an advert comes on)
It was a guy (mid to late 20's) driving in a car with this girl, and he gets a phone call from work.
Some guy in editing is on the phone and he's demanding this guy come into work because there's some major problem.
The guy in the car says to him "I'm on a date, dont blow this for me!!"
They chatter away for a bit and its decided he has to go in to work.
So he in a resigned sort of way says to her "I guess you have to find out some time what I do for a living"
Next scene the arrive at the "studio" and this guy plays the footage he's not happy with and its this guy with like 3 women.
At this point his date is looking a bit dubious and as the footage goes on her mouth just gets bigger.
Eventually she asks if she can go to the bathroom and they carry on with this footage till the guy asks what's happened to his date.
They go looking for her till the receptionist informs them the lady left in a taxi.

No jokes, I was rolling about on the floor at this point and fortunately the adverts came on and I could channel hop back to my discovery channels cause I would have ended up with some kind of laughter related injury if I'd carried on watching it for much longer.

I went looking for the channel again when the adds came on my channel but it must be a series that I'll never catch again if I dont develop some sort of reliable tele watching habits instead of using it to escape from babysitting.
Best of luck with the interview, let the ladies know which channel its screened on and I'll try not to stumble across your but while I'm channel hopping.

Tom Smith
11-12-2009, 04:00 PM
Quite frankly, I take offense to your comment! toungeout My shakey falconry skills have nothing to do with my excellent computer skills! LOL :D

Lol that cracks me up, Fred, I wasn't to refering you. Well maybe .. a little.
I talked to your buddy Leon Crumpler a little while ago on the phone. He is at Ed Pitcher's for a few days about 75 miles from my place. I was going to drive down to see him but I have been stricken with a virus a real one, very nasty. I think he said he will be heading out to Oklahoma in a few days.

FredFogg
11-12-2009, 04:10 PM
Lol that cracks me up, Fred, I wasn't to refering you. Well maybe .. a little.
I talked to your buddy Leon Crumpler a little while ago on the phone. He is at Ed Pitcher's for a few days about 75 miles from my place. I was going to drive down to see him but I have been stricken with a virus a real one, very nasty. I think he said he will be heading out to Oklahoma in a few days.

Tell Leon I said hello and ask him if he has gotten that bird in the air yet! LOL Sorry about the virus, the real one, they affect ones hawking way more than the computer ones! :D

Jeff Bertch
11-12-2009, 04:19 PM
Hey Guys , I can't even get on NAFEX anymore from my home computer . It keeps re-directing me to all these other sites, very frustrating. I'm on today from another computer. I hope a solution is discovered. Jeff

Chris L.
11-12-2009, 04:27 PM
Hey Guys , I can't even get on NAFEX anymore from my home computer . It keeps re-directing me to all these other sites, very frustrating. I'm on today from another computer. I hope a solution is discovered. Jeff

Jeff,

can you post some of the links you are being redirected to.

If the redirect is only happening on your home CPU, it is probably some spyware on your home CPU. Is it only when you log on NAFEX? If the computer your on doesnt redirect it might be worth checking your home CPU

touyang
11-12-2009, 04:33 PM
Hey Guys , I can't even get on NAFEX anymore from my home computer . It keeps re-directing me to all these other sites, very frustrating. I'm on today from another computer. I hope a solution is discovered. Jeff

I don't think that's caused by NAFEX. It sounded like your machine has been hijacked by some sort of malware, which is not a virus. If that's the case, your virus scan program won't protect you against it.

Tom Smith
11-12-2009, 05:30 PM
Tell Leon I said hello and ask him if he has gotten that bird in the air yet! LOL Sorry about the virus, the real one, they affect ones hawking way more than the computer ones! :D

Will do.

MarkT
11-12-2009, 06:29 PM
I got a notice a few times yesterday from Norton. Here is what is in the log.


Source: C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6SLD9RVU\western[1].htm
Click for more information about this threat : Trojan.Malscript!html (http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-011517-3725-99)


From the location I would guess it is a coding problem from the Western Sporting's ad.

Dirthawking
11-12-2009, 06:47 PM
I got a notice a few times yesterday from Norton. Here is what is in the log.


From the location I would guess it is a coding problem from the Western Sporting's ad.

EXACT one that I keep getting! Chris, any thoughts? I was with you on Mcafee as I was not having problems until I started using it over the other non named free one.

Chris L.
11-12-2009, 07:25 PM
I got a notice a few times yesterday from Norton. Here is what is in the log.


From the location I would guess it is a coding problem from the Western Sporting's ad.


Thanks for the post regarding the warning you are receiving.

The western ad is just a gif file that leads you to western sporting. This is direct from norton's sight

"Trojan.Malscript!html is a generic detection for HTML files infected with a java script that redirects the browser to a malicious Web site that may exploit the browser or download other malicious threats."

The only place the ad redirects you is to westerns website. confusedd. Not very malicious.

Guys just take a look at the file, you will see nothing is there.

Mcafee and Norton give out false positives and are know for this. The programs are not worth the money everyone is soaking into them.

Chris L.
11-12-2009, 07:26 PM
EXACT one that I keep getting! Chris, any thoughts?.

Sure do, Mcafee and Norton are junk frus)

Dirthawking
11-12-2009, 07:29 PM
.

Mcafee and Norton give out false positives and are know for this. The programs are not worth the money everyone is soaking into them.


Sure do, Mcafee and Norton are junk frus)


Good thing mine was free from comcast! Never have put much faith in free!

Unless it is new falconry equipment. :D

Chris L.
11-12-2009, 07:38 PM
Good thing mine was free from comcast! Never have put much faith in free!

Unless it is new falconry equipment. :D
Click here (http://www.techmixer.com/best-free-antivirus-software-download-list/)for those who want real free anti-virus protection and here
(http://freebies.about.com/od/securityfreebies/tp/best-antivirus.htm)
YOu will see 3 main ones. I use antivir on all of my machines and love it. If it is personal use it is free.

hope this helps

robhawkyyz
11-12-2009, 08:34 PM
i have norton and don't have any problems. recently though, when i access NAFEX and only nafex it does pop up a message that it's processing threats but norton seems to be doing its job. good heads up though, maybe that free antivirus may not be so fantastic if the server is protected by it.

Chris L.
11-12-2009, 08:42 PM
maybe that free antivirus may not be so fantastic if the server is protected by it.

huh?confusedd

longbow
11-12-2009, 08:52 PM
File name http://nafex.fileave.com/western.gif
Malware name HTML:Script-inf
Malware Type Virus/Worm
VPS Version 091112-0, 11/12/2009

This is the info I receive and I use avast! I get it every time I come to Nafex and I just ignore it.

robhawkyyz
11-12-2009, 09:07 PM
huh?confusedd

all i can say is, it is a recent thing, i just didn't think anything of it until now. maybe when the site was down something happenned. free virus protection, you keep on lovin' it. the last time i tried it my computer was messed up forever.

Chris L.
11-12-2009, 09:12 PM
File name http://nafex.fileave.com/western.gif
Malware name HTML:Script-inf
Malware Type Virus/Worm
VPS Version 091112-0, 11/12/2009

This is the info I receive and I use avast! I get it every time I come to Nafex and I just ignore it.

Dustin,

thanks that helps. Fileave was where i used to store the banners. They were all SWF files and I think that is why the anti's were picking it up.

I have taken them all off.

You can ignore the warning as you have done.

thank you again

longbow
11-12-2009, 09:14 PM
Warnings have stopped. Your top notch Chris.

Chris L.
11-12-2009, 09:17 PM
Warnings have stopped. Your top notch Chris.

You helped me track it down.. thank you.


thank you for the help

robhawkyyz
11-12-2009, 10:58 PM
Sure do, Mcafee and Norton are junk frus)

Hey Chris , glad you got it fixxed. it seems like it is, i hope you will look into it next time before you thrash others computer protection when they were the ones that picked it up. we want this site to be safe also and will give you the info when we can...

GregMik
11-12-2009, 11:09 PM
Hey Chris , glad you got it fixxed. it seems like it is, i hope you will look into it next time before you thrash others computer protection when they were the ones that picked it up. we want this site to be safe also and will give you the info when we can...


Rob,

It was a false positive....was in no way malicious. So it shows you how bad they really are.

McAfee and Norton are very badly written programs. The slow your puter way down, because they are memory hogs. The free ones are better at finding and cleaning, they have more of an incentive as they are trying to show how good they are to get you to buy the other services they offer.

Greg

GregMik
11-12-2009, 11:11 PM
P.S. Try to uninstall Norton once.....:eek:

Greg

robhawkyyz
11-12-2009, 11:53 PM
either way some of the people noticed something and let Chris know and he found the problem, malicious or not, due to the people on this forum with a slow computer.

Chris L.
11-13-2009, 07:43 AM
Hey Chris , glad you got it fixxed. it seems like it is, i hope you will look into it next time before you thrash others computer protection when they were the ones that picked it up. we want this site to be safe also and will give you the info when we can...

Rob,

not only did the crap anti virus I was trashing pick up the wrong files it labeled them as a virus. The software you beleive in, created a little panic that did not need to happen. It was the free anti virus that actually lead me to the right path so I could figure out what was wrong.

None of it was anything to worry about. It was a bad link to a swf. That is all. Not only did these programs create a false sense if insecurity it also lead some to beleive NAFEX was responsible for their infected computers. I do not take that lightly and I will not allow anything to trash what I work so hard to keep secure and safe.

The greatest service this thread did was show that Norton and Macfee are both junk. Your continued posts on this subject help drive that point home.

Thank you to those who posted about it. I really do appreciate it. Please PM about issues such as these. It really can create a buzz that does not need to be.