ALERT! DONT open the "You must read it immediately !!!"

rezo_s

Established member
511 1
Dont open the "You must read it immediately !!!" thread by the user named "-=max=-". He posted in my thread named "Monthly Thread: November 2003" as well. Seems like he is attaching some file that causes virus alert.
Solution before admins delete it: press on his name "-=max=-" - go to profile and add him to ignore list.

cheers
 

rezo_s

Established member
511 1
ye, I see it is removed now, but this thing is still on my PC, operantly trying to do something. I get alert messages that something was stopped...

Anyone can help me with that?
 

tokio

Newbie
6 0
Hi Rezo,

If you have virus scanning software, please run it to find out what the variant is, you should then be able to go to www.symantec.com and download a tool to remove it.

Regards
 

rezo_s

Established member
511 1
Hi fellows,

thank you for the help. I just now revisited this page, as didint want to go much onine. The reson is that my untivirus soft promptted me file named "vxdmgr32.exe". I made a search and got this page: http://vil.nai.com/vil/content/v_100477.htm#VirusInfo
It occured that this is a quote " This password stealing trojan attempts to retrive local machine information and email it to the author."

I couldnt endanger my clients accounts to be accessed by someone, so I wasnted to make sure it is all gone. I deleted all the files, cleaned the registry... the trojan was somehow recreating itself all the time untill I disabled the sys restore, removed all the files and cleaned the reg.
Untill I did all that and my virus soft stopped alerting me, I was cautious. The virus alers was poping constantly, so now I see it stopped, so I guess its ok.
If anyone can tell me : if I followed the instructions on this page http://vil.nai.com/vil/content/v_100477.htm#VirusInfo
and the virus alers stopped poping, all those files are not found when I do the search anymore...if all this is ok, do you think I got rid of it?

Thanks for being here to help,

Rezo
 

Trader333

Moderator
8,639 969
Rezo,

Did you try to open the attachment on the original message or did it infect you when you opened the thread ?


Paul
 

rezo_s

Established member
511 1
Hi Paul,
no, once I opened the thread, I got the virus alert. It looked like a big broken image...

Thanx
 

Trader333

Moderator
8,639 969
This isnt good if we can get infected just by opening a thread. I will ask Sharky if it is possible to scan attachments for viruses.



Paul
 

rezo_s

Established member
511 1
Yes indeed, it is very disturbing to know that you can open a thread you are following and get a virus just like that.
 

Sharky

Admin
5,635 415
Hi all,

Thanks to Trader333 for brining this to my attention. One of the moderators must have deleted the thread in question, so unfortunately I didn't have a chance to cast my technical mind it's way. But I can assure you it is impossible to get a virus from merely viewing a webpage - whether this is a forum thread, a homepage or any other webpage.

To the best of my knowledge the ONLY way that you could be infected by a virus is if you opened an attachment or agreed to install something via a pop-up window. IE, you need to take a positive action to get infected by a virus - you can't be infected merely by passively viewing a web page.

It's a shame I didn't see the thread in question, but hopefully the above offers some reassurance. As regards scanning attachements for viruses, technically this is rather difficult to do - and although its not impossible, feasibily its not a small-undertaking - but I shall endeavour to look into it.
 

jpwone

Well-known member
254 3
Paul

I looked at the source as soon as my firewall alerted me that the page contained an activeX object.

The source text of the post was an iframe which had a link to an external activeX object as the content of the iframe.

Easy fix is to block the use of the iframe tag in posts

HTH

John
 

rezo_s

Established member
511 1
oatman,

thank you very much for the links, Ididnt use the trendmicro - I am doinf it right now, and will as well take those likns you gave.

Thank you very much!

To Admin:

I didnt open any attachment. I just opened the thread and the alert poped up. I checked my security and Privacy set in Internet Options, and they are both set to "medium". I have an XP firewall and an MCafee antivirus. I dont know how could this happen, but this is the fact.

best,

rezo
 

Sharky

Admin
5,635 415
Thanks jpwone, that's interesting to know. We allow html code in all our posts and so linking to an external activex object from an iframe therefore becomes a possibility. Though I'd stil expect some sort of prompt to appear, but as I'm not that experienced on activex objects I'll certainly need to read up on it.

We could either turn off all html, but I'm aware that some members make use of it to format tables of information, or try to restrict certain html tags like iframes from posts, that's an option, but it would require some technical work (as there's no easy way to do this at present).

I intend to monitor the situation, whilst it's unacceptable to allow the site to be in any sort of position where it can cause harm to users - I'm also aware that this type of this is rare (in 3 years this is the first exploit that I've come across). Still if it's happened once, it can happen again. :(

Apologies to rezo for any inconvenience caused.
 
 
AdBlock Detected

We get it, advertisements are annoying!

But it's thanks to our sponsors that access to Trade2Win remains free for all. By viewing our ads you help us pay our bills, so please support the site and disable your AdBlocker.

I've Disabled AdBlock