Announcement

Collapse
No announcement yet.

trojan script 473411

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Lynne View Post
    What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?

    There's nothing wrong with our servers/installations. This is a false positive. this script: vbulletin_quick_edit_picturecomment.js

    is erroneously triggering a trojan alert on these anti-virus programs: BitDefender, G Data, Emsisoft, F-Secure, Ikarus, nProtect.

    There is nothing we can do.

    To fix this vBulletin need to modify that script so it does not look like a trojan to those antivirus programs,......or....... those anti-virus programs need to update their defective virus definitions.


    In the meantime all 3.8.x installations are building a data profile as trojan sources. won't be long now before they are blocked as "dangerous websites"

    Comment


    • #18
      nvm

      Comment


      • #19
        Originally posted by 5thfoot View Post
        there is a thread here:

        http://forum.belgiumdigital.com/f59/...se-333409.html

        unfortunately in Dutch and my translator is making a mess of it... can any dutch speaker confirm the conclusion that it's a false positive?


        anti-virus known to be producing this warning (so far):

        G-Data
        F-Secure
        'Virgin Media Security' which uses third party software, possibly Kaspersky ?
        BitDefender



        anti-virus not producing a awarning:

        Avast
        Trend Micro
        AVG

        there still searching what it is ,but they think its not the forumsoftware but the site where the photos are hosted on ,since this is implemented in the forum
        they check also the adverts and the codes ,strange thing is Firefox with pop up blocker is giving no warning at al
        IE give a virus warning ,if they find the answer ill post it here ,in case if i forget (shi% load of work) do pm me ,i am more than willing to let u know ...

        Comment


        • #20
          It sounds like you have a gifjar file, its an image with a jar (java program) inside of it, which it might be flagging.

          Comment


          • #21
            what i did on the site of Belgiumdigital.com was checking their photo sections ,and indeed with IE
            i got a warning ,somehow i did not get the feeling it was a third party photo hosting site issue ,but more in the
            advertisments they used ,i followed the advertisment servers urls and blocked all of them ,using the host file in windows.
            i looked into Google to find a full list of advert sites i could block .
            found a nice list with about hundred of ad servers .
            copy pasted them in the host file and its working ,since that i dont have warning anymore
            perhaps luck perhaps not
            Last edited by bforum; Tue 12th Oct '10, 11:23pm.

            Comment


            • #22
              I have no idea what the last four posts are going on about.

              Anyway, for those concerned individuals that have read the thread, you will be relieved to know the errant virus definitions are updating with only two now reporting instead of six. These will no doubt drop out shortly too and we will be back to normal.

              http://www.virustotal.com/file-scan/...ce4-1286928094

              Comment


              • #23
                Hi Lynne,

                this is definately a false positive. Our servers have not been hacked. I checked other websites with G Data activated and every website around using vbulletin is telling me, that there is the virus when I hit the javascript.

                So there are two possibilities:

                a) Every vbulletin on the world is infected.
                b) It is a false positive.

                The problem is how to fix it - wait for the virus definitions to recognise your script as a false positive or fix it by changing the code.

                Comment


                • #24
                  I am using One.com and they also says that my website has not been hacked.

                  Comment


                  • #25
                    Well do you have any ads on your site?

                    Comment


                    • #26
                      So, this isn't a security exploit?

                      Comment


                      • #27
                        Really depends how its getting in. If its from a third party content provider you added to your own site, thats not really something we are responsable for.

                        Comment


                        • #28
                          Originally posted by 5thfoot View Post
                          I have no idea what the last four posts are going on about.

                          Anyway, for those concerned individuals that have read the thread, you will be relieved to know the errant virus definitions are updating with only two now reporting instead of six. These will no doubt drop out shortly too and we will be back to normal.

                          http://www.virustotal.com/file-scan/...ce4-1286928094
                          Thanks 5thfoot, you were right all the time. This whole thing was a errant virus definition. I just checked out my site, Pictures & Albums no longer give Trojan warnings now. Its seems fixed at last.

                          Comment

                          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                          Working...
                          X