Jump to content
SAU Community

Recommended Posts

I thought it had gone, but alas, I just got another warning from my a/v (Avast pro).

Seems to identify it as WIN32 Trojano ...

My a/v catches it and terminates connection before there's any consequence.

This only happened for the first time on Friday I think.

Has never happened before, so I cant imagine, as previously mentioned by someone, that it's Invision, unless SAU has just changed their system over.

Also, had no old cache, i clean it almost daily, and IE is set to load new page everytime (no caching).

Anyways, not a big deal on my end, but perhaps might be helpful to track down the issue.

We use Avast on our server (Avast Server Edition) at work and yeah just about every trojan they find it labels it as a win32:trojano.

GET FIREFOX or OPERA instead of the IE browser.... ITS not the SAU board, its because the SAU board is Invision and Ie has a big hole in it ... the same will happen on any Invision Board using an Ie browser until Microsoft do something .

I have to stick with IE for compatability reasons and yes it appears to be SAU as other Invision Boards I've been to today, aren't affecting any of my virus scanners. The trojan doesn't appear as often as it was late last week, as I've only seen it twice in the 20 odd times I've either refreshed or been to the board today.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2303704
Share on other sites

  • Replies 95
  • Created
  • Last Reply

Top Posters In This Topic

ok .. i have found a way to trigger it on cue to dload with IE

Its intermitant depending on how you navigate your Ie browser

I think this is better closed up again (forum) because Patching is not sufficent yet until its understood how it loads and got into the code. people that dont understand things will get all nasty again.

So better closing the hole again so they cant blame...

I am no mod or admin here so i can only reco what i would do gang.

later

back in a few hours ish!

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2303914
Share on other sites

i am looking at all the manual ways now....

... For a try install norton in Safe mode ... Or systems restoring before hand and repeating...

Looking into this more now I see its a fairly old exploit reworked . So until more info unfolds its a bit hard.

F8 key hold down on reboot until you get Safe mode ... then run the the install. Its tricky because you have to some how get the Av to update in safe mode

My AV rips it straight out !!! Pm me if you would like to try it .

Munkyb0y Av only finds it once its been reported. the exploits can function and go on for months before this!

thanks mate, i will try this stuff tonight when i get home. i'm a bit noob with security, viruses etc. :nyaanyaa:

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2303989
Share on other sites

Whoa ...Well Done Prank!!!... its gone :) i cant even get it to trigger now ...

For those that did get infected and AV crashed, try that link i splashed before. It did clean it surprisingly for free!

If your anti virus couldn't get rid of it and the trojan got round it, you need to either 1)update your virus scanner a damn lot more or 2)get a decent virus scanner. If some free net thing can get rid of it and a PC based one can't you've got security problems :blink:

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2304371
Share on other sites

hey guys mines still going through that 169vista site or whatever when i bring up sau homepage. and saying trojan infected yada yada

how exactly do i make sure ive deleted all the old internet files/cache and whatever else needs to be done to get rid of it for good?????

its giving me the shits at the moment

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306121
Share on other sites

Re occur! this is what i was worried about ...

Prank. i mentioned in your PM my bigger fears of how this may be happening.

Until you find whats loading it or re Writting, it will keep coming bac unfortunatly.

Dam i would luv to be a NEt admin at the moment ... i would Argue the Mozilla and be a hero in the work place by doing nothing !

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306194
Share on other sites

no it's not R31Nismoid.... I am sitting here triggering it again like I showed Prank ...

triggered virus several times just then over the last few min's to see .

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...=124658&hl=[2]

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...=124503&hl=[2]

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...s&lastdate=[2]

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...194entry2306194[2]

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...24535&st=40[2]

detected: Trojan program Trojan-Downloader.HTML.Agent.ao Script: http://www.skylinesaustralia.com/forums/in...=124803&hl=[2]

It re writes the code which is why i think what i think in Pranks PM. i am not going to Blurt it out here !

Edited by ishh
Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306215
Share on other sites

no it's not R31Nismoid.... I am sitting here triggering it again like I showed Prank ...

triggered virus several times just then over the last few min's to see .

Yup, I afraid its still in there guys. Got it just now as I clicked to read this thread...

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306262
Share on other sites

no it's not R31Nismoid.... I am sitting here triggering it again like I showed Prank ...

Thats nice...

Still doesnt detract from the fact that it is fine for me, which... is what i initially said.

Doesnt mean its right for other people, i never said it was right for anyone else.

Im just giving more feedback on what ive already said

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306273
Share on other sites

Comes about 50% of the time. I can see IE trying to access something from http://196.regvista.com through the IFRAME and so I just hit stop and reload. Usually on the second or third attempt the page loads without the trojan.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306451
Share on other sites

Still had a major issue after you guys said it was removed, crashed my computer even after a complete cache refresh, spy wear check and removal as well as a full virus scan.

Virus would not allow to transfer documents, wouldn’t allow to run any programs in hope of finding the problem and removing it again.. Kept getting access denied, you do not have permission when trying to open Anti virus program, spy wear remover ect.

We ended up having to do a full system recover, which has seemed to fix it now. What ever happened, was worse the seconded time around.. An came from this site at some point.

Jus thought I would let you guys know.

Link to comment
https://www.sau.com.au/forums/topic/124535-trojans/page/3/#findComment-2306608
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



  • Latest Posts

    • Guys ,I had Shannon's - https://www.shannons.com.au/  insure my 400R , it was just over 2k , and to be fair my last m240i was around 1900 with NRMA.
    • There's a not inconsiderable amount of US muscle on Japanese roads if you keep your eyes/ears open. Anything from Hummer H2s to classics like C2 Corvettes. Here's three at a American diner style place called UK Wildcats cafe in Mukogawa in Amagasaki (just west of Osaka) https://maps.app.goo.gl/hUSch3fp6tPr6gpz9
    • Ducan , it basically  coverts the convert the top screen to a android tablet (not the bottom one - but you have to clink to the android auto or apple car play icon on the bottom screen to get it started ) , you can Bluetooth your phone to it and it creates a shortcut for you to switch to full android auto or apple car play if you need it , or you can add a mobile data sim to you and then you can run 4g while driving around . 
    • PB the karnt, then lost an IC clamp. Was also warned about go sideways 😂 He said he understands the track is hot and tyres let go in the heat. Called it a day 4th session, came on the throttle on Lap 2 and lost boost. No idea where the passenger side IC Bluetoothed to, and it was getting quite hot so called it quits. Waited for the other boys then we ended up at the pub for 3 hours lol. My mate in the R33 shit box managed a 59s on his first track experience at Luddenham.
×
×
  • Create New...