Announcement

Collapse
No announcement yet.

How to get rid of trojans/viruses?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to get rid of trojans/viruses?

    I just recently got a feedback from a couple of members on one of my forums, running vBulletin 3.7.1, about a "trojan attack" when posting.

    The members get warnings like these:

    rootkit-agent.c trojan
    js/downloader.agent virus
    js/psyme trojan
    dropper.agent.jss virus

    How can this happen? And does anyone know where the files are located that causes this to happen?

  • #2
    1) Malicious code can be injected into the page by users if you allow HTML in posts or signatures. Try disabling HTML:

    Admin CP -> Forums & Moderators -> Forum Manager -> Edit Forum -> Allow HTML

    Admin CP -> Usergroups -> Usergroup Manager -> Edit Usergroup -> Signature Permissions -> Allow HTML

    2) It might also be in your style. Try to reproduce it on a default style:

    Admin CP -> Styles & Templates -> Style Manager -> [Add New Style]

    Create a new style with no parent. Then click that style's name in the Style Manager to view your forum with that style. If the problem goes away on the default style then you know it's a style problem at which point you need to systematically revert your custom templates to isolate the problem.

    3) I have also seen malicious code be inserted into the various settings in your:

    Admin CP -> vBulletin Options -> Site Name / URL / Contact Details

    Comment


    • #3
      had the same problem today with js/downloader.agent virus
      see my thread at http://www.vbulletin.com/forum/showthread.php?t=288036

      it solved my problem (I think). I suspect it's a 3rd party plugin called MGC Chatbox Evo that caused the exploit
      My site
      www.coolservice.dk

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X