Just became member to inform admins url is infected.

Wow, Rosso subbed too!

Welcome to Ferrarichat!

 

You are doing it right sir! There are folks who have contributed less to this community in years of participation, than you have already done.

Welcome!

 

As mentioned we're aware of a possible problem. When you say "that was a quick fix", do you mean you're not seeing it on the site in general? This problem might not be site general, but thread specific. Do you remember if you were looking at a specific thread and which thread it was?

 

My filter has been going off all week, I thought it was from the click thrus or something.

My IT guy says "everythings ok, and that's a good looking girl there, on that sailboat".....LOL!

 

What filter/virus scanner do you use?

 

I use NOD32 and nothing is popping up.

RMX

 

I have no idea.. ....our server is in Kansas City and my desktop has (thinking) AVG?????

And I see MalwareBytes on my desktop also...

 

Avast, Malwarebytes, and Superantispyware all come up clean. But thank you for the warning.

 

So, apparently, it the malware was located in this thread:

http://www.ferrarichat.com/forum/showthread.php?t=302489

in the Lambo section...

Mike

 

OK, this may be a bit technical, but hopefully it will explain what we think is happening and explain what to look for.

It turns out that about 50% of the cards that DrS played up through September 2010 were infected with a JPG trojan exploit that was prevalent in the 2004-2005 time frame. This exploit was patched by Microsoft fairly quickly so only very old AND unpatched Windows XP installs would have been vulnerable. The actual scenario, an infected JPG viewed in a web browser, was apparently not actually a vulnerability as no virus scanners detected this as a problem up until August 2010.

As of August 2010, a new exploit circulated and had been identified. This is called an IFRAME exploit and it involves putting trojan code in Iframes (executable HTML scripts) embedded in JPG or GIF files. As we've been able to reconstruct it, it appears that first MSE (Microsoft Security Essentials) and now Kaspersky find the combination of JPG file and IFRAME script to match the new exploit, even though the trojan embedded in the cards was designed for the old exploit.

This scenario was first analyzed for an MSE detection seen in September 2010 and as soon as DrS was advised of the problem, he cleaned up all his cards. However, the JPG's that he posted in threads up to that point were still present. Since 1) vBulletin doesn't store attachments by filename, it seemed impossible to scrub the old threads, 2) the only alert was generated by MSE up to then, and 3) it seemed that the detection of the exploit was actually a false positive; we left it at as a problem that would expire on its own as old threads don't get bumped that often.

So, if an alert occurs as a result of trying to view an old thread/post (prior to September 2010) that contains a DrS card, then it falls into what we think is a false positive bucket. However, if an alert occurs under a scenario that doesn't match what has been described, then it may be another problem (perhaps a true Iframe exploit that got uploaded to the site). This would require further investigation and should be reported.

 

Hi gang!!

Boy, (this is an old HP running XP..)

My AVG vault was full that was part of my trouble..I found:

Trojan horses: Downloader.Generic_C.BRX
Hiloti.BY
Hiloti.CA
Generic20.YST also Generic18.AZBB and ABME and Generic2.ABZP and Generic4.AXMN
Those guys are busy....LOL!
Java/Classloader

Malwarebytes called Generic2.ABZP "Adware"

I ran both of those and killed it all....I think....am I going to live now???

 

My bright young man I have managing all my software licenses explained it's all those cute pictures people send you in email that has a lot of that stuff hidden in them.

I guess working like Dr. S cards.

Thanks.

Reading up on Trojan.Hiloti now, that sounds like a bad thing to have.....
The reason I don't do any on line banking!!

 

LOL...stop surfing the pr0n sites.

 

That's the thing......this is a work machine and I'm sure anyone that wants to can 'check in" on the traffic in Kansas City........

So I just stay here for the most part.

I read Slate for Doonesbury, check the surfcams at surfhouse1967, and the weather radar but that's about it.......