ALERT! DONT open the "You must read it immediately !!!"

[rezo_s]

Dont open the "You must read it immediately !!!" thread by the user named "-=max=-". He posted in my thread named "Monthly Thread: November 2003" as well. Seems like he is attaching some file that causes virus alert.
Solution before admins delete it: press on his name "-=max=-" - go to profile and add him to ignore list.

cheers

 

[darktone]

thanks for that rezo

 

[rezo_s]

ye, I see it is removed now, but this thing is still on my PC, operantly trying to do something. I get alert messages that something was stopped...

Anyone can help me with that?

 

[tokio]

Hi Rezo,

If you have virus scanning software, please run it to find out what the variant is, you should then be able to go to www.symantec.com and download a tool to remove it.

Regards

 

[oatman]

try this http://housecall.trendmicro.com/

 

[rezo_s]

Hi fellows,

thank you for the help. I just now revisited this page, as didint want to go much onine. The reson is that my untivirus soft promptted me file named "vxdmgr32.exe". I made a search and got this page: http://vil.nai.com/vil/content/v_100477.htm#VirusInfo
It occured that this is a quote " This password stealing trojan attempts to retrive local machine information and email it to the author."

I couldnt endanger my clients accounts to be accessed by someone, so I wasnted to make sure it is all gone. I deleted all the files, cleaned the registry... the trojan was somehow recreating itself all the time untill I disabled the sys restore, removed all the files and cleaned the reg.
Untill I did all that and my virus soft stopped alerting me, I was cautious. The virus alers was poping constantly, so now I see it stopped, so I guess its ok.
If anyone can tell me : if I followed the instructions on this page http://vil.nai.com/vil/content/v_100477.htm#VirusInfo
and the virus alers stopped poping, all those files are not found when I do the search anymore...if all this is ok, do you think I got rid of it?

Thanks for being here to help,

Rezo

 

[Trader333]

Rezo,

Did you try to open the attachment on the original message or did it infect you when you opened the thread ?


Paul

 

[rezo_s]

Hi Paul,
no, once I opened the thread, I got the virus alert. It looked like a big broken image...

Thanx

 

[Trader333]

This isnt good if we can get infected just by opening a thread. I will ask Sharky if it is possible to scan attachments for viruses.



Paul

 

[rezo_s]

Yes indeed, it is very disturbing to know that you can open a thread you are following and get a virus just like that.

 

[oatman]

rezo, have you run trendmicro? also run these http://www.bitdefender.com/scan/Msie/index.php
http://www.pandasoftware.com
These will disinfect you as well.
Also what AV are you running?

 

[Sharky]

Hi all,

Thanks to Trader333 for brining this to my attention. One of the moderators must have deleted the thread in question, so unfortunately I didn't have a chance to cast my technical mind it's way. But I can assure you it is impossible to get a virus from merely viewing a webpage - whether this is a forum thread, a homepage or any other webpage.

To the best of my knowledge the ONLY way that you could be infected by a virus is if you opened an attachment or agreed to install something via a pop-up window. IE, you need to take a positive action to get infected by a virus - you can't be infected merely by passively viewing a web page.

It's a shame I didn't see the thread in question, but hopefully the above offers some reassurance. As regards scanning attachements for viruses, technically this is rather difficult to do - and although its not impossible, feasibily its not a small-undertaking - but I shall endeavour to look into it.

 

[jpwone]

Paul

I looked at the source as soon as my firewall alerted me that the page contained an activeX object.

The source text of the post was an iframe which had a link to an external activeX object as the content of the iframe.

Easy fix is to block the use of the iframe tag in posts

HTH

John

 

[rezo_s]

oatman,

thank you very much for the links, Ididnt use the trendmicro - I am doinf it right now, and will as well take those likns you gave.

Thank you very much!

To Admin:

I didnt open any attachment. I just opened the thread and the alert poped up. I checked my security and Privacy set in Internet Options, and they are both set to "medium". I have an XP firewall and an MCafee antivirus. I dont know how could this happen, but this is the fact.

best,

rezo

 

[Sharky]

Thanks jpwone, that's interesting to know. We allow html code in all our posts and so linking to an external activex object from an iframe therefore becomes a possibility. Though I'd stil expect some sort of prompt to appear, but as I'm not that experienced on activex objects I'll certainly need to read up on it.

We could either turn off all html, but I'm aware that some members make use of it to format tables of information, or try to restrict certain html tags like iframes from posts, that's an option, but it would require some technical work (as there's no easy way to do this at present).

I intend to monitor the situation, whilst it's unacceptable to allow the site to be in any sort of position where it can cause harm to users - I'm also aware that this type of this is rare (in 3 years this is the first exploit that I've come across). Still if it's happened once, it can happen again.

Apologies to rezo for any inconvenience caused.

 

[Trader333]

Rezo,

Get this firewall FOC, it is infinitely better than what you have now.


Paul

http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp

 

[rezo_s]

Thank you very much Paul, I am already on it. Great community here! thanks all!

Sharky, no big deal; thanks for being with the community and doing the best possible to improve the board and make it even better!


All the best,

Rezo

 

[oatman]

I use Sygate http://soho.sygate.com/default.htm and AVG http://www.grisoft.com/us/us_dwnl_free.php
Both are free and take less resources than McAfee. Also try Spywareblaster which stops a load of cr*p from ever getting in

Good luck

 

[jpwone]

Paul

is the easy fix just to add iframe to the naughty word list. This way when you scan for naughty words it will pick up and munge iframe ??

John

 

[oatman]

munge sounds like a naughty word :cheesy: