53 replies to this topic

[Miracle]

Hello,
First of all thx for the great program CCleaner, works like a charm, but now i got some disturbing news :-(
i googled through some stuff, and one link was to this forums lo-fi version, google adwised not to enter, since it could contain Badware?
see this http://www.stopbadware.org/reports/contain...dex.php/f2.html and i though naa not true, i deside to enter anyway, and bam my kaspersky antivirus popups with an alert, Trojan-Downloader.Win32.VB.bip (file is EDITED AWAY FOR SECURITY REASON I GUESS)
this only happens on the lo-fi version of this forum? what is happening, im sure your not trying to kill my pc but??
Maybe you should fix this?

Edit:
Some additional info about the claimed trojan:
 Trojan.JPG   64.63K   25 downloads

[DennisD]

Hi Miracle, sorry I'm not qualified to answer your question, but when I changed to the lo-fi version just then, Avast immediately picked up the same thing.



I've no doubt one of the guys will be along soon. Thanks for the info.

[Andavari]

This has already been mentioned here:
http://forum.pirifor...showtopic=12142

Something tries to download from watch77.com named setup.exe, I'm going to notify MrG because the forums are probably being hacked which could explain why they're so goddamned slow all the time.

[Andavari]

I sent MrG a PM about it, it's up to him now.

Edit:
The two sites that auto load are:
liveupdatesnet.com
watch77.com

I'm going to block them on my system via the HOSTS file. I feel sorry for anyone using IE.

[Anthony A]

What exactly is the lo-fi version? I clicked on it and a file started downloading?

[Andavari]

Anthony A, on Sep 13 2007, 12:06 PM, said:

I clicked on it and a file started downloading?

Lo-Fi doesn't have images, etc. DO NOT allow that file to download it is infected with a Trojan horse.

[Andavari]

Just to let everyone know until MrG fixes this that blocking those sites in Firefox's Adblock Plus add-on and in the Windows HOSTS file will completely block those sites. I'd recommend also blocking them in Internet Explorer.

[DennisD]

Andavari, on Sep 13 2007, 06:06 PM, said:

I sent MrG a PM about it, it's up to him now.

Edit:
The two sites that auto load are:
liveupdatesnet.com
watch77.com

I'm going to block them on my system via the HOSTS file. I feel sorry for anyone using IE.

Thanks for that tip.

[Anthony A]

Well when I clicked on lo fi and the download started AVG did not detect anything.

[Andavari]

Anthony A, on Sep 13 2007, 12:31 PM, said:

Well when I clicked on lo fi and the download started AVG did not detect anything.

AVG Free on my system detected it immediately!
Edit: AVG Anti-Virus that is, not the anti-spyware.

[Anthony A]

Andavari, on Sep 13 2007, 01:35 PM, said:

AVG Free on my system detected it immediately!
Edit: AVG Anti-Virus that is, not the anti-spyware.

It detected as soon as the the download began? Not me. File downloaded and asked what I wanted to do run or save. I canceled and did neither but no warning from AVG. I am running all my malware apps now to see if I got zapped. I did not run the exe so I should be fine but we will see.

[Miracle]

Andavari, on Sep 13 2007, 07:01 PM, said:

This has already been mentioned here:
http://forum.pirifor...showtopic=12142

Something tries to download from watch77.com named setup.exe, I'm going to notify MrG because the forums are probably being hacked which could explain why they're so goddamned slow all the time.

Yea i notisched that, but it diden't mentioned any trojans , or some more details about what was making the bad call

[MrG]

Apologies for this, all fixed now!

It looks like this hack crept in at some point. I've checked the rest of the system and it's fine. All the admin and system passwords have been reset for safety.

MrG

[DennisD]

Nice one MrG.

[Andavari]

MrG, on Sep 13 2007, 03:19 PM, said:

All the admin and system passwords have been reset for safety.

Good thing resetting the passwords, someone mentioned that was required on another forum that was also hacked with a Trojan.

[Anthony A]

Still wondering why AVG didn't detect anything here? I ran every scanner I have and I am clean.

[Andavari]

Anthony A, on Sep 13 2007, 04:38 PM, said:

Still wondering why AVG didn't detect anything here? I ran every scanner I have and I am clean.

Have you updated AVG Anti-virus today? My installation had three separate updates.

[Anthony A]

Andavari, on Sep 13 2007, 05:52 PM, said:

Have you updated AVG Anti-virus today? My installation had three separate updates.

Every day it auto updates. In fact today it had a big program update as well as the definitions. Hmm this has me concerned. Let me get this straight. As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you?

[Andavari]

Anthony A, on Sep 13 2007, 05:49 PM, said:

As soon as you click the link for lo-fi you immediately get an AVG alert? Or did you download the file and try to save or run it and than AVG alerted you?

As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system.

You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system.

[Anthony A]

Andavari, on Sep 13 2007, 07:39 PM, said:

As soon as that hack attempted to automatically have setup.exe download I was presented with the Firefox download window. I hadn't downloaded the file, and before I could close the download window to cancel the download dialog AVG detected the Trojan and quarantined it into the AVG Virus Vault. I did have to delete it from the Virus Vault to get it off my system, however doing an AVG Free, SuperAntiSpyware Free Edition, and A-Squared Free scan afterwords didn't turn up anything on my system, so in my case AVG Free totally protected my system.

You're much better off and safer only testing the functionality of AVG or other antimalware on your system using the test virus (it's not a real virus) called EICAR which won't infect your system.

I clicked the link for lo-fi and a download window opened in Firefox. It downloaded in seconds before I could cancel. Than there was an option to save or cancel, can't remember if there was an option to open. I canceled and that was it. No AVG warning for me. I ran all the scan you did and many more and I am clean.

I have never tried that test file you linked. What do I do just download it and see what happens? How do I get rid of the download after? I guess my anti virus will quarantine it and I have to delete from there?