Getting a few trojan alerts when i look at the forum

If you are experiencing technical problems with the forum, post them here.

Moderators: Balthagor, Legend, Empier4552, Moderators

User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Getting a few trojan alerts when i look at the forum

Post by tkobo »

You might want to check your banner.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
Balthagor
Supreme Ruler
Posts: 22083
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Post by Balthagor »

I'll have Daxon look at it first thing tomorrow.
Chris Latour
BattleGoat Studios
chris@battlegoat.com
User avatar
Feltan
General
Posts: 1151
Joined: Aug 20 2006
Location: MIDWEST USA

Post by Feltan »

"Getting a few trojan alerts when i look at the forum"

Yeah.....uhhmmmm.....I don't think Daxon is going to want to look at that too close. Today tkobo is having a trojan alert, tomorrow it might be a K-Y Jelly alert. :lol:

Regards,
Feltan
ETA Five Minutes ......
User avatar
Balthagor
Supreme Ruler
Posts: 22083
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Post by Balthagor »

|O
Chris Latour
BattleGoat Studios
chris@battlegoat.com
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

tppms45.exe ?

Seems to be one of the culprits, also something called Trojan-Downloader.JS.-something didnt catch the whole name
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
Balthagor
Supreme Ruler
Posts: 22083
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Post by Balthagor »

We're not getting any of these warnings from multiple systems. What software are you using that's giving you this warning?
Chris Latour
BattleGoat Studios
chris@battlegoat.com
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

Kaspersky picked up the trojan downloader, on my main machine.
Which i than blocked from downloading.It was a Trojan-Downloader.JS-something according to kas.

Today, I started up one of my backup machines, and brought it to the shop with me (as i wanted to do some work on it anyway) and visited the bg forum with it.
This backup machine has no protection software.Upon the very first visit to the forum,the machine downloaded and than compressed a file from the forum.
Too fast to see what it was.

Now, on this machine everytime i view a page on this forum i get a failure message telling me " tmpms45.exe has encountered a problem and needs to shutdown".
Standard exe issue message.

This makes me suspect heavily that tmpms45.exe, which is spyware,has somehow been added to your site, by means of the above trojan downloader.

Now one of the only thing all pages i can visist on the forum have in common is the banner at the top.

Im throwing some tests at the machine now, using free trial virus protections to see what they find.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

k, more confirmation.

While the first scan is running, i used search and found the file tmpms45.exe on my system in two places.Their install date is today,at almost the exact time this machine visited the forum.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

Panda's free scan found -Virus:W32/ZLFake.A.drp- which was discovered just the end of last month(like 3 weeks ago) and is a virus/trojan used to plant other viruses and allow the overwriting of files.

Kas scan in process.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

Okay, kaspoersky finds trojan-downloader.js.small.fs trying to run on every page on the forum i visit.

file:/81.29.241.70/new/counter.php?b=3

Scan still in progress, needed to update apparently :oops:
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
Balthagor
Supreme Ruler
Posts: 22083
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Post by Balthagor »

I'm downloading Panda to try, my Avast doesn't find anything. Tried getting Kas but found I couldn't get the demo (didn't get the e-mail with DL instructions the site said I would get).
Chris Latour
BattleGoat Studios
chris@battlegoat.com
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

Found a coversation related to this issue.Might help.

http://lussumo.com/community/discussion ... -xss-hole/

On kas, if you download the 30 day trial, the email isnt needed.Its just information about the trail.

Just download the trial and answer the 3 questions, and it'll activate and run fine.
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

The plot thickens .

The machine has now been attacked multiple times.

10/9/2007 12:29:08 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 220.191.233.132. Protocol/service: UDP on local port 1434. Time: 10/9/2007 12:29:08 PM
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
User avatar
Balthagor
Supreme Ruler
Posts: 22083
Joined: Jun 04 2002
Human: Yes
Location: BattleGoat Studios

Post by Balthagor »

I've asked George to look into this, we're still unable to confirm it on our side, but we'll keep looking.

Anyone else getting this?
Chris Latour
BattleGoat Studios
chris@battlegoat.com
User avatar
tkobo
Supreme Ruler
Posts: 12397
Joined: Jun 04 2002
Location: In a vast zionist plot ...RIGHT BEHIND YOU ! Oh Noes !

Post by tkobo »

"Every visit installs and operates the trojan/backdoor in your browser's temp file, allowing malware and port access to your IP address."

Found another fourm that had this issue, this is what they found out.^^

Also, it only seems to show(possibly only works ) if your using IE.

Zonealarm and Kas seem to spot it.

Aviation Adventures web site had the issue as did 190rev website.

http://community.190revolution.net/gent ... rev-2.html

http://groups.yahoo.com/group/dcpilots/message/15154
This post approved by Tkobo:Official Rabble Rouser of the United Yahoos
Chuckle TM
Post Reply

Return to “Message Board Technical Problems”