BlahBlahCafe
The Zoolook Forum

The Lounge - Forum infected?

jabenitezg - Mon Dec 06, 2010 9:55 am
Post subject: Forum infected?
I got this warning infection when accessing the search option in the forum:
my antivirus is Kaspersky Internet Security 2011
My OS is Windows 7 64bit

Kaspersky
Internet Security 2011
ACCESS DENIED
The requested URL cannot be provided

The requested object at the URL:

http://216.70.103.199/forum/search.php?
mode=results

Threat detected:

object is infected by Trojan.JS.WindowBomb.a
Message generated: 5:49:40 AM

Dr_Jones - Mon Dec 06, 2010 10:45 am

I just got the same thing here.
GeeJee - Wed Dec 08, 2010 12:42 pm

I will forward this to Nico so he can investigate it.

Thanks.

Adam - Mon Dec 20, 2010 8:08 pm

I had this happen a while back with Kaspersky.
At the time I sent the details into Kaspersky's tech support & it came back as a false positive.
I've just tried the search myself & just getting a blank white page.

GeeJee - Mon Dec 20, 2010 8:16 pm

AFAIK, Nico is looking into it.
Andy Ford - Mon Dec 20, 2010 10:00 pm

Yeah I have had it too while searching, again under Kaspersky (2010).
Adam - Tue Dec 21, 2010 1:00 am

I've forwarded the link to Kaspersky tech support,hopefully get a reply in the next few days.
I'm using Kaspersky 2011 version 11.0.2.556 & if it's a FP they'll update their databases & hopefully that should cure the problem.

EDIT:Kaspersky have got back to me & updated the virus database to exclude the false positive.
Is it working okay now for you ?

Adam - Tue Jan 18, 2011 2:10 pm

I am now getting this alert when clicking on View my posts.
Have sent a request to Kaspersky Lab & it should come back as a False Positive & be sorted in the next update.

Also i have had an email from the forum saying my account was blocked due to multiple failed login attempts,when I didn't login at the time,or did I have any failed logins,has anyone else had this ?
I have PM'd the details to GJ & changed my password.

dedskater - Tue Jan 18, 2011 4:01 pm
Post subject: forum infected ?
I also had a message saying that my account was blocked because of multiple failed

login attempts this morning. This took place while I was at work and had no access

to a computer!, could it be someone trying to hack the forum ?. My anti-virus program

( Norton 360 - latest update) has not detected any virus problems with the forum so I

do not think that it is infected with a known virus but I will also change my password

as a precaution.

Adam - Tue Jan 18, 2011 4:58 pm

I do work as an admin on another forum,which is hosted by Freeforums & we got attacked by spambots a couple of weeks back & I was banning 2 or 3 a day,now we have new security measures they cannot register,so it could be spambots trying to access peoples accounts as unlike my forum,this one has all posts & topics viewable by guests where as with mine you have to be a registered user to view posts.
These bots might be trying to guess passwords,I don't know exactly how they work.
Only that they were registering themselves & bypassing a captcha system,there is a useful site where you can check IPs/emails called stopforumspam.com.
From expereince with my own forum I'd advise anyone who does get one of these emails to change their password right away

MsMotty - Tue Jan 18, 2011 9:37 pm

I have also had this email. Have changed my password as a result.
Rubberlips - Tue Jan 18, 2011 10:15 pm

Hi everyone,

I hope you are all well. It's a while since I've been here (family and stuff) but I thought I'd log in because I also got the failed password email. Incidentally, the email was sent through to my junk mail, so I would have missed it had my wife not checking the junk for an important email she was waiting for.

Looks like the forum has definitely been hacked I'm afraid to say.

Will change password accordingly!

GeeJee - Wed Jan 19, 2011 12:20 am

I have also received this email, and I remember having so quite a while ago.

Tomorrow I will contact the fellow admin and see what we can do. I'm not really afraid it's something serious. I will keep you all informed. As for now - feat not, everything will be allright. If you want to be certain, change your password.

Kanta - Wed Jan 19, 2011 1:44 pm

I also received this email. I have changed my password.
cygnusx-1 - Wed Jan 19, 2011 4:51 pm

I've also received this email and changed my password - just in case. Seems I am not the only one ...
1906 - Thu Jan 20, 2011 11:17 am

Same here... Received two of those mails.
I want to know from which IP-address people tried to log on. Or is it a worm/bot?

cygnusx-1 - Thu Jan 20, 2011 12:26 pm

Got a second mail today, too - around the same time as yesterday.
Adam - Thu Jan 20, 2011 12:51 pm

I got another one 36 minutes ago.
The last one I had was early hours of the morning UK time.

1906 - Thu Jan 20, 2011 1:01 pm

Adam wrote:
I got another one 36 minutes ago.
The last one I had was early hours of the morning UK time.


at Thu, Jan 20, 2011 at 6:20 AM or, 5.20 AM in your case?

Adam - Thu Jan 20, 2011 1:18 pm

11:36 am today my time.
The first email was around 1am on the 18th Jan

GeeJee - Fri Jan 21, 2011 1:59 pm

As several subjects seem to have mixed up in this thread, I suggest we continue in a new topic over here.

Powered by phpBB modified by Przemo © 2003 phpBB Group