November 18, 2019, 09:51:40 pm
News: If your question is answered please put [RESOLVED] in the subject of the initial message.
Pages: [1]   Go Down
Author Topic: Virus...?!  (Read 3416 times)
007shahid
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1254



WWW
« on: September 06, 2009, 02:13:53 pm »

WTF?!
Logged


Jason Reed
Administrator
*

Stars: +4/-0
Offline Offline

Gender: Male
Posts: 4521


Pure Evil Administrator


WWW
« Reply #1 on: September 06, 2009, 03:20:55 pm »

Hi Shahid,

I need some information from you for me to check for this.
1. Do a CTRL + F5 to force a refresh. We had a problem and maybe it is in your cache.
2. What Theme are you using here? (if you haven't changed it then let me know).
3. Do a view source and copy this to me so that I can try to find it.

I've already checked this site and I do not see any iFrames in the Source Code so it could be some sort of false positive.
Logged

-- signature --

wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #2 on: September 07, 2009, 12:24:51 am »

JR this is the same thing I mentioned my AVG was finding. It's surely something out there! I will zip up the generated HTML and will post it to you.
Logged

wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #3 on: September 07, 2009, 12:33:04 am »

I am attaching the zip file that contains the screenshot of what I get and the source of the page in .htm format.

Check out this post and see if we have something similar?

http://3monkeyweb.com/3monkeys/2009/07/17/htmlframer-virus-alert-from-avg/
Logged

Jason Reed
Administrator
*

Stars: +4/-0
Offline Offline

Gender: Male
Posts: 4521


Pure Evil Administrator


WWW
« Reply #4 on: September 07, 2009, 04:15:20 am »

Ok I found the problem. I had missed the file that performs the redirect. We originally configured the site so that the root could be used for a portal or something, until such time it has a php file that redirects all traffic to the forums directory. This file had an iFrame attached to it.

Since I normally access the forum directory directly I didn't see this file and forgot all about it. Let me know if you see anymore virus warnings.
Logged

-- signature --

wrack
Master of TMEOotAP
*

Stars: +3/-0
Offline Offline

Posts: 11116


Don't look back. Look in the mirror to look back.


WWW
« Reply #5 on: September 07, 2009, 11:43:24 pm »

OK can't see the message anymore. Good work JR smile

Will keep you posted if anything pops up! Was iFrame doing anything nasty? Are we to change our passwords and stuff?
Logged

007shahid
Monster Poster
*

Stars: +0/-0
Offline Offline

Posts: 1254



WWW
« Reply #6 on: September 08, 2009, 08:21:24 am »

No problems with my system as well
Logged


Pages: [1]   Go Up
Print
 
Jump to: