Printable View
Morning .
Bob.
Sorry to bother you but since yesterday evening AVG have been detecting the following virus.
Exploit Invisible Iframe Injection Type 1707.
With the path.
http://www.rwf-forum.co.uk/vbulletin...bits-hover.png.
this doesn't appear malicious but i wondered if you were aware of it.
the reason for my concern is that my wife's laptop had picked up something similar through ''outlook'' and as i transfer some stuff to mine i am concerned that i may have transferred this as well.
ivor
Ivor,
As far as I am aware, that particular .png isn't on the Server. Where were you when the warning came up? Was it in the gallery?
Did you see, on the right-hand of the screen an orange floating tab that said feedback? That is the png this link is pointing to.
Bob I have also been receiving warning of virus threats from AVG. It has shown when i have been browsing new posts.
Bob.
sorry i didn't see any indication. and as with jcj it comes up when viewing posts.
ivor
bob.
have just checked and it also gives the warning on the threads of v-bookie, the Gallery, which i never visit and the casino.
ivor.
Ditto to above posts.
Is it just AVG and is it the same warning message as originally reported for all
I suspect this is an AVG false alarm. Comodo AV, which has kept me out of trouble for donkey's years, gives no warnings. Neither do MBAM and SuperAntiSpyware,
John.
Spent last 2 hour plus scanning all mine (COMODO, Malwarebytes, Microsoft Security Essentials and Spybot), ALL up to-date and ALL clear (no warnings)
! have just scanned my system and nothing has come up as being a virus.
I an also getting a virus warning from AVG
Jerry
I have been running an AVG Link Scanner and other checkers but am not getting a warning. This might be, as suggested, something do with AVG. However, I have asked URLJet, our Domain hosts to investigate it and run a virus check on the Server. I am waiting for their reply
Thanks Bob.
But the last 3 times over the space of a couple of hours. when i have accessed the forum the warnings are no longer appearing.
Now, while i can not be sure, the possible source may have been a game. I download games from a site called ''My Play City Games '' and have done so for several years, with no problems. however i loaded a game the other day called '' a moment in time- Silentville'' it loaded ok but i had some suspicions re the way it run. and as the wife loaded it as well this may have been the source of her problem. I have removed the game this am.
i am sorry if there is a possibility that this problem came from me. but as i said i have never had any problems in the past.
ivor
In the past, probably because of the previous attack, our site was blacklisted by Opera/AVG. They periodically scan blacklisted sites, so we should notice that things will clear up within a week.
We have run a scan and here are the files that we cleared of malware:
File fixed (malware removed): ./404.shtml [2013-12-10]
File fixed (malware removed): ./quiz/Del.html [2013-12-10]
File fixed (malware removed): ./quiz/Gen1.html [2013-12-10 05:22:12]
File fixed (malware removed): ./quiz/Sundaysports.html [2013-12-10]
File fixed (malware removed): ./quiz/Sports150810.html [2013-12-10]
File fixed (malware removed): ./quiz/1959songs.html [2013-12-10]
File fixed (malware removed): ./quiz/PubQuiz4.html [2013-12-10]
File fixed (malware removed): ./quiz/24.html [2013-12-10]
File fixed (malware removed): ./quiz/QI.html [2013-12-10]
File fixed (malware removed): ./quiz/PubQuizNo7.html [2013-12-10]
File fixed (malware removed): ./quiz/Clocks.html [2013-12-10]
File fixed (malware removed): ./pgallery/adm-inc.php [2013-12-10] - photo gallery
File fixed (malware removed): ./pgallery/adm-index.php [2013-12-10] - photo gallery
File fixed (malware removed): ./blockgenerator.php [2013-12-10] - photo gallery
File fixed (malware removed): ./archive/index.php [2013-12-10]
In checking, vBulletin was not the issue in this but the quiz plugin seems to have been the vulnerability - therefore, we will probably have to remove this.
1. I will shortly be changing our FTP (or SSH) password.
2. Will all administrators and mods change their administrator password?
3. Now is a good time to clean up accounts, so I will review and remove any admin access that is not necessary.
4. Would all members run a virus scan on their personal desktop/laptop if you haven't already done so.
I wasn't aware that there are administrator passwords, Bob. All I have is my log-in password (which I'll be happy to change).Quote:
Originally Posted by Bob Bacon
I run a daily scan. ''Just because you're paranoid doesn't mean they aren't after you' as Joseph Heller wrote in Catch 22.Quote:
Originally Posted by Bob Bacon
John
John, Sorry, not worded very well. Those with administrator rights need to change their passwords.Quote:
Originally Posted by Baconwallah
Password changed.
Password changed
Norton 360 doing a full scan as I type. Super anti spyware showing clear.
Password Changed.
PW changed.
John
Norton 360 reports all clear on a full system scan