Morning .
Bob.
Sorry to bother you but since yesterday evening AVG have been detecting the following virus.
Exploit Invisible Iframe Injection Type 1707.
With the path.
www.rwf-forum.co.uk/vbulletin/image/tf-ideal/red/buttons/nobits-hover.png.

this doesn't appear malicious but i wondered if you were aware of it.

the reason for my concern is that my wife's laptop had picked up something similar through ''outlook'' and as i transfer some stuff to mine i am concerned that i may have transferred this as well.

ivor

Ivor,

As far as I am aware, that particular .png isn't on the Server. Where were you when the warning came up? Was it in the gallery?

Did you see, on the right-hand of the screen an orange floating tab that said feedback? That is the png this link is pointing to.

Bob I have also been receiving warning of virus threats from AVG. It has shown when i have been browsing new posts.

Bob.
sorry i didn't see any indication. and as with jcj it comes up when viewing posts.

ivor

bob.

have just checked and it also gives the warning on the threads of v-bookie, the Gallery, which i never visit and the casino.


ivor.

Ditto to above posts.

Is it just AVG and is it the same warning message as originally reported for all

I suspect this is an AVG false alarm. Comodo AV, which has kept me out of trouble for donkey's years, gives no warnings. Neither do MBAM and SuperAntiSpyware,

John.

Spent last 2 hour plus scanning all mine (COMODO, Malwarebytes, Microsoft Security Essentials and Spybot), ALL up to-date and ALL clear (no warnings)

! have just scanned my system and nothing has come up as being a virus.

I an also getting a virus warning from AVG

Jerry

I have been running an AVG Link Scanner and other checkers but am not getting a warning. This might be, as suggested, something do with AVG. However, I have asked URLJet, our Domain hosts to investigate it and run a virus check on the Server. I am waiting for their reply

Thanks Bob.

But the last 3 times over the space of a couple of hours. when i have accessed the forum the warnings are no longer appearing.
Now, while i can not be sure, the possible source may have been a game. I download games from a site called ''My Play City Games '' and have done so for several years, with no problems. however i loaded a game the other day called '' a moment in time- Silentville'' it loaded ok but i had some suspicions re the way it run. and as the wife loaded it as well this may have been the source of her problem. I have removed the game this am.
i am sorry if there is a possibility that this problem came from me. but as i said i have never had any problems in the past.


ivor

In the past, probably because of the previous attack, our site was blacklisted by Opera/AVG. They periodically scan blacklisted sites, so we should notice that things will clear up within a week.

We have run a scan and here are the files that we cleared of malware:

File fixed (malware removed): ./404.shtml [2013-12-10]
File fixed (malware removed): ./quiz/Del.html [2013-12-10]
File fixed (malware removed): ./quiz/Gen1.html [2013-12-10 05:22:12]
File fixed (malware removed): ./quiz/Sundaysports.html [2013-12-10]
File fixed (malware removed): ./quiz/Sports150810.html [2013-12-10]
File fixed (malware removed): ./quiz/1959songs.html [2013-12-10]
File fixed (malware removed): ./quiz/PubQuiz4.html [2013-12-10]
File fixed (malware removed): ./quiz/24.html [2013-12-10]
File fixed (malware removed): ./quiz/QI.html [2013-12-10]
File fixed (malware removed): ./quiz/PubQuizNo7.html [2013-12-10]
File fixed (malware removed): ./quiz/Clocks.html [2013-12-10]
File fixed (malware removed): ./pgallery/adm-inc.php [2013-12-10] - photo gallery
File fixed (malware removed): ./pgallery/adm-index.php [2013-12-10] - photo gallery
File fixed (malware removed): ./blockgenerator.php [2013-12-10] - photo gallery
File fixed (malware removed): ./archive/index.php [2013-12-10]

In checking, vBulletin was not the issue in this but the quiz plugin seems to have been the vulnerability - therefore, we will probably have to remove this.

1. I will shortly be changing our FTP (or SSH) password.

2. Will all administrators and mods change their administrator password?

3. Now is a good time to clean up accounts, so I will review and remove any admin access that is not necessary.

4. Would all members run a virus scan on their personal desktop/laptop if you haven't already done so.

2. Will all administrators and mods change their administrator password?

I wasn't aware that there are administrator passwords, Bob. All I have is my log-in password (which I'll be happy to change).


4. Would all members run a virus scan on their personal desktop/laptop if you haven't already done so.

I run a daily scan. ''Just because you're paranoid doesn't mean they aren't after you' as Joseph Heller wrote in Catch 22.

John

I wasn't aware that there are administrator passwords, Bob. All I have is my log-in password (which I'll be happy to change).John

John, Sorry, not worded very well. Those with administrator rights need to change their passwords.

Password changed.

Password changed

Norton 360 doing a full scan as I type. Super anti spyware showing clear.

Password Changed.

PW changed.

John

Norton 360 reports all clear on a full system scan