Announcement

Collapse
No announcement yet.

trojan script 473411

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • big.blue
    replied
    Originally posted by 5thfoot View Post
    I have no idea what the last four posts are going on about.

    Anyway, for those concerned individuals that have read the thread, you will be relieved to know the errant virus definitions are updating with only two now reporting instead of six. These will no doubt drop out shortly too and we will be back to normal.

    http://www.virustotal.com/file-scan/...ce4-1286928094
    Thanks 5thfoot, you were right all the time. This whole thing was a errant virus definition. I just checked out my site, Pictures & Albums no longer give Trojan warnings now. Its seems fixed at last.

    Leave a comment:


  • Zachery
    replied
    Really depends how its getting in. If its from a third party content provider you added to your own site, thats not really something we are responsable for.

    Leave a comment:


  • smiggy
    replied
    So, this isn't a security exploit?

    Leave a comment:


  • Zachery
    replied
    Well do you have any ads on your site?

    Leave a comment:


  • Nucleus1
    replied
    I am using One.com and they also says that my website has not been hacked.

    Leave a comment:


  • dbode
    replied
    Hi Lynne,

    this is definately a false positive. Our servers have not been hacked. I checked other websites with G Data activated and every website around using vbulletin is telling me, that there is the virus when I hit the javascript.

    So there are two possibilities:

    a) Every vbulletin on the world is infected.
    b) It is a false positive.

    The problem is how to fix it - wait for the virus definitions to recognise your script as a false positive or fix it by changing the code.

    Leave a comment:


  • 5thfoot
    replied
    I have no idea what the last four posts are going on about.

    Anyway, for those concerned individuals that have read the thread, you will be relieved to know the errant virus definitions are updating with only two now reporting instead of six. These will no doubt drop out shortly too and we will be back to normal.

    http://www.virustotal.com/file-scan/...ce4-1286928094

    Leave a comment:


  • bforum
    replied
    what i did on the site of Belgiumdigital.com was checking their photo sections ,and indeed with IE
    i got a warning ,somehow i did not get the feeling it was a third party photo hosting site issue ,but more in the
    advertisments they used ,i followed the advertisment servers urls and blocked all of them ,using the host file in windows.
    i looked into Google to find a full list of advert sites i could block .
    found a nice list with about hundred of ad servers .
    copy pasted them in the host file and its working ,since that i dont have warning anymore
    perhaps luck perhaps not
    Last edited by bforum; Tue 12th Oct '10, 11:23pm.

    Leave a comment:


  • Zachery
    replied
    It sounds like you have a gifjar file, its an image with a jar (java program) inside of it, which it might be flagging.

    Leave a comment:


  • bforum
    replied
    Originally posted by 5thfoot View Post
    there is a thread here:

    http://forum.belgiumdigital.com/f59/...se-333409.html

    unfortunately in Dutch and my translator is making a mess of it... can any dutch speaker confirm the conclusion that it's a false positive?


    anti-virus known to be producing this warning (so far):

    G-Data
    F-Secure
    'Virgin Media Security' which uses third party software, possibly Kaspersky ?
    BitDefender



    anti-virus not producing a awarning:

    Avast
    Trend Micro
    AVG

    there still searching what it is ,but they think its not the forumsoftware but the site where the photos are hosted on ,since this is implemented in the forum
    they check also the adverts and the codes ,strange thing is Firefox with pop up blocker is giving no warning at al
    IE give a virus warning ,if they find the answer ill post it here ,in case if i forget (shi% load of work) do pm me ,i am more than willing to let u know ...

    Leave a comment:


  • bforum
    replied
    nvm

    Leave a comment:


  • Trevor Hannant
    replied
    Have you raised this in the Tracker?

    Leave a comment:


  • 5thfoot
    replied
    Originally posted by Lynne View Post
    What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?

    There's nothing wrong with our servers/installations. This is a false positive. this script: vbulletin_quick_edit_picturecomment.js

    is erroneously triggering a trojan alert on these anti-virus programs: BitDefender, G Data, Emsisoft, F-Secure, Ikarus, nProtect.

    There is nothing we can do.

    To fix this vBulletin need to modify that script so it does not look like a trojan to those antivirus programs,......or....... those anti-virus programs need to update their defective virus definitions.


    In the meantime all 3.8.x installations are building a data profile as trojan sources. won't be long now before they are blocked as "dangerous websites"

    Leave a comment:


  • big.blue
    replied
    Originally posted by 5thfoot View Post
    I don't know, but someone needs to do something sooner rather than later, because all operating vbulletin forums with this code are going to be blocked as dangerous by these anti-virus programs, which is not a good advertisement for vbulletin.
    I turned off my Pictures & Albums till this gets fixed. Hope it does not spread. I have 3 PhotoPost galleries installed inside my vBulletin. So far they are okay.

    Leave a comment:


  • big.blue
    replied
    Originally posted by Lynne View Post
    What host are you guys using? Are you contacting your hosts and asking for help to figure out how this happened (by looking through the access_logs)?
    I'm using NetNation (Hostway). I did not request access logs but they did verifie that the server my website resides on hasn't been hacked.

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X