Jump to content
SAU Community

Recommended Posts

its the reverse placebo effect.

there used to be the problem on the board, hence this topic, but its since been fixed. however some people dont realise its been fixed, and hence are thinking its somehow still happening :(

God I hope so... I've had enough of working on SAU to last me another 6 months, and I'm still not finished. :D

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302766
Share on other sites

  • Replies 95
  • Created
  • Last Reply

Top Posters In This Topic

Fingers xed... I saw the boards down today at work, logged on later in the day no problems.

Just logged on at home (11.28pm, 3/7) and I had the exploit blocked (I'm hoping from a locally cached version of the page, but I haven't logged on from here for a week?)

Anyway, I know you'll still be monitoring it - just thought I'd let you know.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302820
Share on other sites

it will be a patching problem not entirley on the IVB side. Wait for dicrosoft to patch it properly Ie wise and Ivb to run out the kink's i bet over a few weeks . IVB the will be still very worried about it and a few features will no doubt be not functioning for saftey ! .

Microsoft let out a Doossie with one of there upgrades that found pirate copies of Xp . since then alot of people are unpatched and there are lots of conflicts.

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302830
Share on other sites

No, haven't received it before... Was only reading about the Billion boards being affected by it this morning, didn't even blink as to why the SAU boards were down (stocktake was a b!tch.)

Silly me didn't check the timestamp in the temp file before it was removed... I've reloaded the page & IE many a time anyway - hasn't reappeared.

Who knows, peculiarity of Apache or one of the various proxies I'm running through I guess...

(Edit: Ugh... bloody thing is still running, back soon.)

Edited by cooks44
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302902
Share on other sites

Got it today at work after the site had been down... and just got it now at home. Each time my McAfee seems to have caught it, although there is a HEAP of HDD activity for quite some time and the computer slows down... (and no, I wasn't running a virus scan)

So something still creepy in there guys,

M

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302952
Share on other sites

The reason this security alert comes up is because of an exploit used on IE.

This utility released by Norton (antivirus software developers) can be used to disable windows scripting... if at any time you find that you need windows scripting enabled (if one of your apps won't work) you can use the same utility to re-enable it.

http://www.symantec.com/avcenter/noscript.exe

Its recommended that you turn off scripting so that no malicious websites or people can force your browser to download and run trojans/worms.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2302981
Share on other sites

this is more an exploit being found By your Av than Trojans loading off the SAU Page slowing down your systems hard disk.

It doesn’t mean that a Trojan is loading ... It means it has vulnerable scripting and it is possible.. < this is the message to get out !

I highly doubt that anyone got infected as it was just a generic warning from the AV reading the scripting.

Prank i would try to word a statement that states it is the vulnerability that has been found, Detected by AV not a virus or Trojan.

I am Guessing a bit there because i don’t know if anyone got infected but that’s my guess in the confusion !

For someone to achieve this they would need access to private FTp to embedded the server or an identical mirror linked with the embedded server.

Most members would have this Short cutted so the mirror would not work either.

If by the slightest chance it was mirrored then its going to jag non members surfing from an engine.

Tell the whingers that it is there old Av update that is detecting the Script.

and to please be patient.

if you can Categorically state that nothing dloaded from the page and infected anyone then this will help out a lot with the complaints you may get....

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303336
Share on other sites

GET FIREFOX or OPERA instead of the IE browser.... ITS not the SAU board, its because the SAU board is Invision and Ie has a big hole in it ... the same will happen on any Invision Board using an Ie browser until Microsoft do something .

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303398
Share on other sites

Hi guys,

Just in case it helps, the offending file that McAfee pointed at was called 0day.htm

This file goes to http://196.regvista.com/0day.htm

Maybe this would help to sniff it out?

Immediately after McAfee finds it and cleans it, McAfee is disabled! And there is a c$#@load of hard drive activity for several minutes..

Cheers,

Matt.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303417
Share on other sites

yeah i got the trojan downloaded to my home machine over the weekend. i removed all the crud using adaware but my pc is now a bit fuxored unfortunately. AVG is broken so i've tried uninstalling it and installing norton but cant get through the install without it dying. :D

anyone got any advice? :P

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303473
Share on other sites

I thought it had gone, but alas, I just got another warning from my a/v (Avast pro).

Seems to identify it as WIN32 Trojano ...

My a/v catches it and terminates connection before there's any consequence.

This only happened for the first time on Friday I think.

Has never happened before, so I cant imagine, as previously mentioned by someone, that it's Invision, unless SAU has just changed their system over.

Also, had no old cache, i clean it almost daily, and IE is set to load new page everytime (no caching).

Anyways, not a big deal on my end, but perhaps might be helpful to track down the issue.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303490
Share on other sites

i am looking at all the manual ways now....

... For a try install norton in Safe mode ... Or systems restoring before hand and repeating...

Looking into this more now I see its a fairly old exploit reworked . So until more info unfolds its a bit hard.

F8 key hold down on reboot until you get Safe mode ... then run the the install. Its tricky because you have to some how get the Av to update in safe mode

My AV rips it straight out !!! Pm me if you would like to try it .

Munkyb0y Av only finds it once its been reported. the exploits can function and go on for months before this!

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303497
Share on other sites

GET FIREFOX or OPERA instead of the IE browser.... ITS not the SAU board, its because the SAU board is Invision and Ie has a big hole in it ... the same will happen on any Invision Board using an Ie browser until Microsoft do something .

This is not an option for me

cheers.

Hi guys,

Just in case it helps, the offending file that McAfee pointed at was called 0day.htm

This file goes to http://196.regvista.com/0day.htm

Maybe this would help to sniff it out?

I just got the identical thing.

I've been browsing SAU for 4 hours now (from the uber protected work PC). And the Norton box just fired up @ 10:44 with the same above ^^^

I've flushed ALL the temp files etc etc etc.

And ive just done it again.

Will report back if it get it again

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303506
Share on other sites

Hello again.. this is a test

I am using ie 6 NO AV and nothing is connecting , Downloading or Executing .

As i mentioned before to Munky these exploits are oftern not reported for months so everyone is oblivious until there is an Alert.. Then poo fly fanward forth!

this ie exploit can be used so braodly so i still think the Sau board is fine now upgraded and more the users buggy infected Pc's ,its just that this situation Alerted alot of people that they had a problem....

For all the people with Disabled AV Try this link to actualy see what state your PC is in. Not sure if the demo will clean it! My guess is it will :D

http://www.trendmicro.com/hc_intro/default.asp

Ie is Every uni students wet dream to practice code on .... Its also the most cloaked process giving people the impression that its fine because its always running . DANGEROUS

I am still working on the manual removal... It would be good to look at the old unpatched pages ???

Bac soon ish!

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/2/#findComment-2303636
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...