PDA

View Full Version : Virus alert from front page!


Gameskeeper
10-12-2006, 08:58 AM
When I loaded the front page, my virus scanner (McAfee VirusScan Enterprise version 8.0.0 updated with current virus definitions) warned about the VBS/Psyme trojan hidden on the page code. It looks like the site security has been compromised.

For more info, see for example http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100749 (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100749)

Admins, please check this security issue ASAP! Other users should also scan their own computers for possible infection, especially if you are surfing with Internet Explorer.

P1NSEEKER
10-12-2006, 09:07 AM
:eek:

Sounds dangerous, good job im on a work comp ;)

RoutineX
10-12-2006, 11:21 AM
Was this by visiting our new version of the site or the old one?

I've written every line of code in the new one, and did a comparison today to the original files and nothing has changed.

Gameskeeper
10-12-2006, 11:47 AM
Was this by visiting our new version of the site or the old one?

This was from the new and improved site. It could well have been triggered by some externally linked content. Sometimes ad exchange services have been used to spread malware, but that does not seem to be applicable here. Photobucket.com might be the culprit, but that would seem a bit strange as well.

This may well be something that you have no control over, but it's still probably worth keeping your eyes open for possible warning signs.

robpears
10-12-2006, 12:05 PM
i have been having this for months on my work pc, i just assumed it was something to do with it at work; but it is not just the new site it is this one as well

eggnog
10-12-2006, 12:11 PM
This also has been happening to me recently, but not just on the new site. NOD32 alerts me about some trojan. I'll get the exact info the next time it pops up.

Mr Arrow
10-12-2006, 02:26 PM
I PM'd Routine on this last week. Everytime I loaded the old site (within the last 3 weeks) my internet explorer would crash and then I'd get a virus alert.

I wanted to keep it off the forum (for obvious reasons and hoped it would get corrected) but that time has passed!

This is mine - http://www.symantec.com/security_res...101518-4323-99 (http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99)

RoutineX
10-12-2006, 02:41 PM
So just to be clear... This only happens on the main part of the site, not the forums?

I have a little suspicion about what it might be. The same issue that caused the front page to not show for some people. Not sure why it get listed as a virus though.

Mr Arrow
10-12-2006, 02:44 PM
Actually it was only happening when I accessed the forums - the front page was OK.

I have not had this happen for several days now - so fingers crossed.

Crash
10-12-2006, 02:52 PM
Yeah, I have had it too. Not sure if it was from the main site or the forums. I got it as I clicked the forums link. Before the forum loaded it would pop up the error and then my browser would shutdown

It comes up as an "other" virus: filename:s2.html

I use AVG AntiVirus

Blind Fool
10-12-2006, 03:48 PM
I PM'd Routine on this last week. Everytime I loaded the old site (within the last 3 weeks) my internet explorer would crash and then I'd get a virus alert.

I wanted to keep it off the forum (for obvious reasons and hoped it would get corrected) but that time has passed!

This is mine - http://www.symantec.com/security_res...101518-4323-99 (http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99) I got that same one a little while back, can't remember on what page though, but I think I had this site open as always...

Looks like there is an issue somewhere, hope it can be fixed.

CrazyCougar
10-12-2006, 03:50 PM
AVG picks up the temporary internet file as a virus as well. Seems to only happen on the main page when visiting the specific address www.x360a.org (http://www.x360a.org)

Styze
10-12-2006, 05:50 PM
I get the notice on the main page not on the forum link.

invincible rob
10-12-2006, 06:12 PM
=0 I got a virus message too, I got AVG free, and as soon as i went on the site to day it said "virus detected".

ScottieDog73
10-12-2006, 06:46 PM
Same here, although it does not happen every time but when it does it is usually on the home page of the forums. this is what zonealarm comes up with http://vic.zonelabs.com/tmpl/body/CA/virusSearch.jsp?VN=JS.CVE-2006-3730!exploit&ST=8&TY=1&SRC=2&PN=ZoneAlarm+Security+Suite&PV=6.5.737.000&LICFLAG=1&LANG=en&OEM=1025&HU100=ZLN40855020442561-1025

Note what the description says This does not necessarily mean that a virus has been found

RoutineX
10-13-2006, 12:05 AM
If I'm not mistaken that was a module on our old front page that some AV apps for some reason suddenly marked as a virus. I've completely disabled the old pages and bitcompared every script/document on the server and there shouldn't be anything wrong and the messages shouldn't appear anymore. If you're still experiencing the problem in the upcoming days, please let me know :)

Im a Manatee
10-13-2006, 01:01 AM
I get a trojan called psyme at the main page too, McAffee just says it's a trojan suceptible to unpatched internet explorers. I'm using Firefox with Adblock pro and filterset G.

This has only been happening for about a week, and it nests in

C:/FGFDSGFDHG/Documents and Settings/"My Name"/app Data/Mozilla/Firefox/Profiles.

CovertDog
10-14-2006, 03:27 AM
Ive been getting it the last month or so. I use Norton Anti-Virus and it comes up as a Downloader. I was getting it when first coming to the sites main page, but about 15 mins ago I got when leaving a thread back to the forum home.

Wanz
10-14-2006, 06:50 PM
My anti-virus has been giving me alerts about the main page for the last couple of weeks. I never noticed itwith the old site and I have gotten this at home and at work with two different kinds of Anti-virus protection. One was Norton.

ScottieDog73
10-14-2006, 07:40 PM
Sorry guys, still getting the virus alert even after you have tried to rectify the problem.

DaKing240
10-14-2006, 07:55 PM
Make sure you clear your cookies on your browser... otherwise you may still be using the old site, and getting the problem when it doesnt exist on the new site.

DaKing240
10-14-2006, 11:57 PM
I don't even have a response, all I can say is, we have been warned, lol.

DaKing240
10-15-2006, 12:14 AM
First off, yes I am part of this site

and 2nd off, your post was probably deleted because we are fixing the problem, and don't need to be threatened for no reason.

RoutineX
10-15-2006, 12:26 AM
I deleted your post because your threats won't take you anywhere and we're getting a little tired that suddenly a lot of new members are just eager to try to ruin things for us and only register to start wars or other things.

And second of all: I explained everything to you in a PM, but still you act like nothing and keep on pretending to be the innocent user just trying to figure out things.


Regarding the virus:
I got a mail from our webhost, and he confirmed that the server where we have our pages were hacked earlier. No confidenial data has been taken and the trojans that they tried to replicate doesnt have any effect since there has been issued patches years ago, but nevertheless, its annoying to get these messages and can scare people. Here's a excerpt from the mail from my host:

"This was a server based injection they added, we were unable to get rid of
it entirely. We are in the process of formatting all the affected servers (they got several.) We will be moving you to a clean server this evening (or late tonight.) "



Update:
Just got a new mail from our webhost saying that the sites on this server will be moved from now on and until its done. When its our turn to move, the site might not be available for about 5-10 minutes until we're at the new secure and clean site. We're sorry for the inconvenience, but we guarantee that no data what so ever has been accessed or stolen by the hackers.

As the problem is resolving itself now we hope you understand why we're closing this thread now. If you have any questions regarding this, please contact us via PM or the "Contact Us" link at the bottom at the site.