Announcement

Collapse
No announcement yet.

trojan script 473411

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • trojan script 473411

    I've got a user who when accessing albums is receiving a trojan warning from his anti-virus software. He is using 'Virgin Media Security', it reports "trojan script 473411" when acessing album pictures.

    I've asked the moderators if they notice anything - nothing reported. I don't notice anything either. - Have downloaded and scanned everything with avast and trend micro internet security - nothing found.

    running 3.8.6, and 'all albums' mod


    Has anyone come across this "trojan script 473411" or can provide any ideas?
    Last edited by 5thfoot; Mon 11th Oct '10, 12:44am.

  • #2
    Through a Google search of the term “trojan script 473411” There appears to be a few forums over the past day or two that have started discussions about this – some are foreign language but I can work out it's in Albums where their problem is too.

    Comment


    • #3
      there is a thread here:

      http://forum.belgiumdigital.com/f59/...se-333409.html

      unfortunately in Dutch and my translator is making a mess of it... can any dutch speaker confirm the conclusion that it's a false positive?


      anti-virus known to be producing this warning (so far):

      G-Data
      F-Secure
      'Virgin Media Security' which uses third party software, possibly Kaspersky ?
      BitDefender



      anti-virus not producing a awarning:

      Avast
      Trend Micro
      AVG
      Last edited by 5thfoot; Mon 11th Oct '10, 1:01am. Reason: update virus list

      Comment


      • #4
        Today a user on my forum has reported the same warning:

        Click image for larger version

Name:	user3_pic2517_1286751396.png
Views:	1
Size:	14.2 KB
ID:	3680299

        I think it's a false positive, but if anyone knows the cause of this warning, is appreciated the explanation.

        Thank
        .
        Comunidad HISPANIA

        Comment


        • #5
          To be on the safe side, you can download a fresh copy of the ZIP file from the Members Area and upload the file in question to your server, overwriting the one that's already there.
          Vote for:

          - *Admin Settable Paid Subscription Reminder Timeframe*
          -
          *PM - Add ability to reply to originator only*
          - Add Admin ability to auto-subscribe users to specific channel(s)
          - Highlight the correct navigation tab when you are on a custom page
          - "Quick Route" Interface...
          - Allow to use custom icons for individual forums

          Comment


          • #6
            Thanks for that.

            Running the .js (reported there) downloaded from my forum through VirusTotal gives the following:

            http://www.virustotal.com/file-scan/...ce4-1286796005

            Comment


            • #7
              just ran the same test on a fresh copy downloaded from the members area and the result is unfortunately the same. I don't think overwriting the files will help on this occasion, and unless the new download just got contaminated bringing it onto my local machine, then everyone running this .js will have the same problem
              Last edited by 5thfoot; Mon 11th Oct '10, 4:27am.

              Comment


              • #8
                One of the users of my forum recieves the same "
                trojan script 473411"

                What did you guys find out?
                I am also running the all albums software, and VB 3.8.3.
                Any solutions if it really is a virus?

                Both McAfee and AVG says that my domain is safe(if that has anything to say....)

                Thanks in advance.

                Kjelll

                Comment


                • #9
                  I don't know, but someone needs to do something sooner rather than later, because all operating vbulletin forums with this code are going to be blocked as dangerous by these anti-virus programs, which is not a good advertisement for vbulletin.

                  Comment


                  • #10
                    Yes I agree with you.
                    Now several members have asked me if the files are safe or not, and I am not able to find any virus on my domain.

                    Comment


                    • #11
                      Same for us, we also get the virus warning. Any suggestions?

                      I also think it's a false positive because all files from our backups over the time look the same - so there is nothing changed.

                      Comment


                      • #12
                        Trojan 473411

                        My vBulletin site also has this Trojan 473411 but only 1 section, Pictures & Albums, nothing else. Must be new, only noticed it recently and not everyones computer virus security sees it. I am currently running v Bulletin version 3.8.5. This is really weird. We all have different vb sites, different host. The only common thread is we all use vBulletin. Any ideas here?
                        Last edited by big.blue; Wed 13th Oct '10, 1:50am.

                        Comment


                        • #13
                          What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?

                          Please don't PM or VM me for support - I only help out in the threads.
                          vBulletin Manual & vBulletin 4.0 Code Documentation (API)
                          Want help modifying your vbulletin forum? Head on over to vbulletin.org
                          If I post CSS and you don't know where it goes, throw it into the additional.css template.

                          W3Schools <- awesome site for html/css help

                          Comment


                          • #14
                            Originally posted by Lynne View Post
                            What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?
                            I'm using NetNation (Hostway). I did not request access logs but they did verifie that the server my website resides on hasn't been hacked.

                            Comment


                            • #15
                              Originally posted by 5thfoot View Post
                              I don't know, but someone needs to do something sooner rather than later, because all operating vbulletin forums with this code are going to be blocked as dangerous by these anti-virus programs, which is not a good advertisement for vbulletin.
                              I turned off my Pictures & Albums till this gets fixed. Hope it does not spread. I have 3 PhotoPost galleries installed inside my vBulletin. So far they are okay.

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X