Announcement

**Steve Machol** · Tue 14 Oct '08, 2:35pm

It is not possible for the default vB scripts to have viruses. This is either from an add-on, something on your PC, or because you allow HTML in posts or sigs.

**umc** · Tue 14 Oct '08, 4:28pm

I have a similar problem as the thread below

virus when viewing the forum - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=204283

a virus warning when user entering to my domain name ( The virus resides in the Temporary Internet files , with extension s2[1].htm ) but it'll be fine when people go to my website by domain_name/forums . it sounds to me like my domain infected the virus. is it possible the domain infected virus? i contacted my domain provider and they couldn't solve the problem.

the virus/spyware try to redirect to search.ringtones.com or something like that. i don't remember exact name.

I've read a lot of threads in here that people reported the iFrame virus attacked there websites.

my forums deosn't allowed any kind of html. i have some add-on for audio streaming for years but we just found the virus recently so i believe the virus is not coming from those ad-on

i really want to remove this virus from the from. please give me some advices

Thanks

**Floris** · Tue 14 Oct '08, 4:31pm

Their host account got exploited, or their outdated vBulletin, or an insecure unofficial addon.

**umc** · Tue 14 Oct '08, 4:43pm

Originally posted by Floris

Their host account got exploited, or their outdated vBulletin, or an insecure unofficial addon.

what's your suggestion?

**Floris** · Tue 14 Oct '08, 5:02pm

Back up everything.

Get a daily host backup restored.

Upgrade to 3.7.3 PL1

Run diagnostics to find non-vb files.

Revert templates and disable the hook system and uninstall unofficual plugins.

**umc** · Thu 16 Oct '08, 10:20am

Originally posted by Floris

Back up everything.

Get a daily host backup restored.

Upgrade to 3.7.3 PL1

Run diagnostics to find non-vb files.

Revert templates and disable the hook system and uninstall unofficual plugins.

I did and didn't see any non-vb files. i also upgraded to 3.7.3l1

i contact the webhosting they said they can't help

I'm sorry to hear that you are having problems. Because you are
responsible for the contents of your account we can not scan your files
for you. We recommend that you delete or overwrite any unknown files from
your account. The fastest way is to simply re-upload all your known good
files. If you do not have a local backup you can restore your files using
one of the backups we make. This page explains how:

**Floris** · Thu 16 Oct '08, 4:55pm

Interesting how a host takes that policy, and does not seem to matter that scripts are running that compromises that account and the risk of getting deeper into the system.

This also means that since they dont' scan the account you could probably build a warez ring and nobody would bother. I doubt that is the case and they suddenly police the content in a second ..

Anyway.

Check the products and the plugins, anything there you do not recognize? Check the content.

Go to the vboptions > hooks > active? NO

To turn it off. Additionally, to config.php add: efine('DISABLE_HOOKS', true);
below <?php

Then go check the plugins and the styles.

Find any customized templates and see if any code you didn't add to it appears.

Also go to the directory of the host, the main one, the publichtml one, the sub dirs,
and scan it for unknown files, try to identify them.

do ls -all, to display all hidden files too (or set ftp to display hidden files).

Announcement

How to remove virus?

How to remove virus?

Comment

Comment

Comment

Comment

Comment

Comment

Comment